• Article for your preferred language does not exist. Below is international version of the article.

Article ID: 116047, created on May 7, 2013, last review on May 11, 2014

  • Applies to:
  • Operations Automation

Symptoms


A customer is trying to configure Outlook to work with their Exchange mailbox via POP or IMAP protocol with SSL/TLS encryption. Outlook's verification tests fail with the following error message:
Send test e-mail: Your server does not support the connection encryption type specified. Try changing the encryption method. Contact the administrator of the mail server or Internet service provider for further assistance.
Checking the Event Viewer on Exchange hub transport server, you can see the following messages when Outlook is trying to connect:
Microsoft Exchange could not find a certificate that contains the domain name <domain.tld> in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Client EXHUB01 with a FQDN parameter of <domain.tld>. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

Cause


The customer configured server with the hostname domain.tld to be their SMTP server (the exact hostname is mentioned in the provided above error message in the Event Viewer), and there is no certificate for domain.tld installed on the Exchange hub transport servers.

Resolution


You have to install the appropriate certificate on Exchange hub servers.

If you have the certificate available, you can use the 'Import-ExchangeCertificate' and 'Enable-ExchangeCertificate' cmdlets in the Exchange Management Shell.

If you have no ready to use certificate on hands, you can use the 'New-ExchangeCertificate' cmdlet to either generate a new self-signed certificate or create a certificate request that you can use to get a certificate from a certification authority.

Refer to the Microsoft Exchange security cmdlets documentation for more details: http://technet.microsoft.com/en-us/library/dd351246%28v=exchg.150%29.aspx
 

caea8340e2d186a540518d08602aa065 5356b422f65bdad1c3e9edca5d74a1ae e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF