Share via

Exchange 2019 TLS negotiation failed with error InvalidToken

Dmitry Dubok 1 Reputation point
2022-04-25T13:04:36.373+00:00

I have exchange 2019 on place with mail role.
Certificate generate on local centre.
Smarthost (cisco) in also domain.
Send connector for internet configured next way:

AddressSpaces : {SMTP:*;1}
AuthenticationCredential :
CloudServicesMailEnabled : False
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
ConnectorType : Default
DNSRoutingEnabled : False
DomainSecureEnabled : False
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn : ..*
FrontendProxyEnabled : False
HomeMTA : Microsoft MTA
HomeMtaServerId : XCH-31
Identity : relay
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
MaxMessageSize : 35 MB (36,700,160 bytes)
Name : relay
Port : 25
ProtocolLoggingLevel : Verbose
Region : NotSpecified
RequireOorg : False
RequireTLS : True
SmartHostAuthMechanism : None
SmartHosts : {SmartHosts...}
SmartHostsString : SmartHosts...
SmtpMaxMessagesPerConnection : 20
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {XCH-31}
TlsAuthLevel :
TlsCertificateName :
TlsDomain :
UseExternalDNSServersEnabled : True

When exchange cnnectivity with smarthost not be creat TLS connect.
Attached logs:

2022-04-25T12:28:16.819Z,relay,08DA26B51A8D9154,0,,exchnage:25,,SendRoutingHeaders,Set Session Permissions
2022-04-25T12:28:16.819Z,relay,08DA26B51A8D9154,1,,exchnage:25,,,attempting to connect
2022-04-25T12:28:16.820Z,relay,08DA26B51A8D9154,2,SmartHosts:8794,exchnage:25,+,,
2022-04-25T12:28:16.825Z,relay,08DA26B51A8D9154,3,SmartHosts:8794,exchnage:25,<,220 SmartHosts.domain.doamin ESMTP,
2022-04-25T12:28:16.825Z,relay,08DA26B51A8D9154,4,SmartHosts:8794,exchnage:25,>,EHLO mail.domain.doamin,
2022-04-25T12:28:16.827Z,relay,08DA26B51A8D9154,5,SmartHosts:8794,exchnage:25,<,250 SmartHosts.domain.doamin 8BITMIME SIZE 50000000 STARTTLS,
2022-04-25T12:28:16.827Z,relay,08DA26B51A8D9154,6,SmartHosts:8794,exchnage:25,>,STARTTLS,
2022-04-25T12:28:16.827Z,relay,08DA26B51A8D9154,7,SmartHosts:8794,exchnage:25,<,220 Go ahead with TLS,
2022-04-25T12:28:16.827Z,relay,08DA26B51A8D9154,8,SmartHosts:8794,exchnage:25,," OU=IT, O="company", L=City, S=City, C=Region CN=ADCA-G2, DC=domain, DC=domain 5F00001024902997A2AE8B498C000100001024 9D6D16DC39840C10099BD6FB28CEDB59EACFAAE9 2022-04-19T14:15:14.000Z 2024-04-19T14:25:14.000Z AutoDiscover.domain.doamin;XCH-31;domain.doamin;mail.domain.doamin;xch-32.domain.doamin;xch-31.domain.doamin;XCH-32",Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2022-04-25T12:28:16.833Z,relay,08DA26B51A8D9154,9,SmartHosts:8794,exchnage:25,,,TLS negotiation failed with error InvalidToken
2022-04-25T12:28:16.833Z,relay,08DA26B51A8D9154,10,SmartHosts:8794,exchnage:25,-,,Local

I checked sertificate.
I turn off tls on cisco and use smtp without tls - it's all ok, mail sended to world, but security officer want i connocted to Smarthost (cisco) with tls.

What the problem? May be you have a ideas?

Exchange | Exchange Server | Management

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2022-04-26T12:08:52.863+00:00

    What sort of certificate is this? I suspect the Cisco doesnt understand the Cipher or something similar...

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.