5

Out of the blue suddenly all outgoing email messages are delayed since yesterday. Exchange generates a warning email stating that delevery is delayed. Troubleshooting the Exchange message queue unearths that the error is 'server does not support secure connections' I did not touch any settings recently, the server's third party certificate is valid through 2013.

What is happening?

EDIT: I checked the Certicicate using Get-ExchangeCertificate | fl. I found a few self-issued certificates that were valid, but my comercially issued certificate is qualified as invalid (I removerd the SN en the thumbprint:

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {www.fk27.com, fk27.com} 
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=EssentialSSL CA, O=COMODO CA Limited, L=Salford, S=Grea
                     ter Manchester, C=GB 
NotAfter           : 20-9-2013 1:59:59 
NotBefore          : 19-9-2008 2:00:00 
PublicKeySize      : 1024 
RootCAType         : Unknown 
SerialNumber       : (removed) 
Services           : IIS, SMTP 
**Status             : Invalid** 
Subject            : CN=www.fk27.com, OU=EssentialSSL, OU=Domain Control Valida
                     ted 
Thumbprint         : (removed)

So, what do I do now?

Ben Pilbrow
  • 11,995
  • 5
  • 35
  • 57
Dabblernl
  • 219
  • 2
  • 10
  • Does outgoing email go direct to recipients mail servers, or via a smarthost type setup, where it goes to an external server first, which then delivers it on? – Paul Oct 04 '11 at 22:57
  • Check the details of your exchange certificate with the following Exchange Console command `Get-ExchangeCertificate | fl`. Also check to make sure you have the most updated Service pack installed for Exchange. That sounds really familiar. – Nixphoe Oct 05 '11 at 03:58
  • @ Paul: I redirect to mailhop, from Dyn. – Dabblernl Oct 05 '11 at 06:05
  • 1
    Are all the intermediate certificates OK? One wasn't signed by DigiNotar by any chance was it? An update may have been installed somewhere, removing the trust for their CA and causing things to come to a grinding halt. – Ben Pilbrow Oct 05 '11 at 12:14
  • Is the time set correctly on the server? – devicenull Oct 06 '11 at 23:56

1 Answers1

1

While the Get-ExchangeCertificate | fl command still shows that the Essential SSL certificate is invalid, the sending of email has resumed without errors without my doing anything about it...

Dabblernl
  • 219
  • 2
  • 10