|
|
|
date: Fri, 18 Jul 2008 18:22:05 -0700,
group: microsoft.public.exchange.admin
back
Re: Urgent Help!
Sorry about missing info and another post.
We have exchange 2003 SP2 with one frontend server and two clustered backend
servers. According to the
http://msexchangeteam.com/archive/2006/10/04/429090.aspx and I did create
another secure SMTP virtual server , Select Requires TLS encryption in the
Authentication tab, and assign trusted OWA certificate on it, selected
require secure channel and require 128 bit encryption; created one secured
SMTP connector which use one created secure SMTP virtual server as local
bridgeheads and use our partner xyz.com's ip addresses of bridgetheads as
fowarding all mail through this connector to the following smart hosts and
address space is xyz.com.
After this configure, I can receive emails from partner doamin xyz.com.
But, I can not send emails to xyz.com. I got NDR as folows:
> > The following recipient(s) cannot be reached:
> >
> > Partner email address on 7/18/2008 6:38 PM
> > The recipient could not be processed because it would violate
> > the security policy in force
> > <exchangebackendserver.local #5.7.0 smtp;530 5.7.0 Must issue a
> > STARTTLS command first>
____________________________________
If I uncheked require secure channel and require 128-bit encryption, I can
send emails to xyz.com but xyz.com can not send emails to me.
I check the link again and find note:
Note: Under the Access tab on the Secure SMTP VS properties, Communication
button, there is additional level of security that can be enabled, "Require
Secure channel", this will require TLS communication between any and all SMTP
communication to or from the Secure SMTP VS even between SMTP Virtual Servers
on the same Exchange server, and would require a certificate be installed on
the Default SMTP VS, as well as any other SMTP Virtual Servers within the
same Exchange 200x Organization.
________________________________________________
I did import OWA certificate from the frontend server to the backend server
and still got the same NDR.
What else should I configure on the backend servers?
> Do you have anything configured in the smart host setting in your SMTP
> virtual servers?
> --
No on default SMTP virtual server.
Sorry for this long post and thank you for the help.
"Ed Crowley [MVP]" wrote:
> You'll receive more timely help when you include important information like
> the version and service pack of your Exchange server.
>
> Do you have anything configured in the smart host setting in your SMTP
> virtual servers?
> --
> Ed Crowley MVP
> "There are seldom good technological solutions to behavioral problems."
> ..
>
> "John" wrote in message
> news:53684C93-7320-4033-A668-E5051E093326@microsoft.com...
> > Hi all,
> > by following this http://msexchangeteam.com/archive/2006/10/04/429090.aspx
> > I can receive email from partner. But, I can not send it to them and it
> > needs the backend exchange server to issue starttls first. I only
> > configure
> > the frontend server. the messAGE is as:
> >
> >
> >
> > Do I have to configure something on the backend servers?
> >
> > Thank you.
> >
> >
>
>
>
date: Sat, 19 Jul 2008 06:35:01 -0700
author: John
Re: Urgent Help!
Does the host name on the certificate match the host name of the sending
SMTP server?
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"John" wrote in message
news:CEDAF6CA-45B6-4681-9D98-59F2FB887732@microsoft.com...
> Sorry about missing info and another post.
>
> We have exchange 2003 SP2 with one frontend server and two clustered
> backend
> servers. According to the
> http://msexchangeteam.com/archive/2006/10/04/429090.aspx and I did create
> another secure SMTP virtual server , Select Requires TLS encryption in the
> Authentication tab, and assign trusted OWA certificate on it, selected
> require secure channel and require 128 bit encryption; created one secured
> SMTP connector which use one created secure SMTP virtual server as local
> bridgeheads and use our partner xyz.com's ip addresses of bridgetheads as
> fowarding all mail through this connector to the following smart hosts and
> address space is xyz.com.
>
> After this configure, I can receive emails from partner doamin xyz.com.
> But, I can not send emails to xyz.com. I got NDR as folows:
>
>> > The following recipient(s) cannot be reached:
>> >
>> > Partner email address on 7/18/2008 6:38 PM
>> > The recipient could not be processed because it would
>> > violate
>> > the security policy in force
>> > <exchangebackendserver.local #5.7.0 smtp;530 5.7.0 Must
>> > issue a
>> > STARTTLS command first>
> ____________________________________
>
> If I uncheked require secure channel and require 128-bit encryption, I can
> send emails to xyz.com but xyz.com can not send emails to me.
>
> I check the link again and find note:
>
> Note: Under the Access tab on the Secure SMTP VS properties, Communication
> button, there is additional level of security that can be enabled,
> "Require
> Secure channel", this will require TLS communication between any and all
> SMTP
> communication to or from the Secure SMTP VS even between SMTP Virtual
> Servers
> on the same Exchange server, and would require a certificate be installed
> on
> the Default SMTP VS, as well as any other SMTP Virtual Servers within the
> same Exchange 200x Organization.
> ________________________________________________
> I did import OWA certificate from the frontend server to the backend
> server
> and still got the same NDR.
>
> What else should I configure on the backend servers?
>
>> Do you have anything configured in the smart host setting in your SMTP
>> virtual servers?
>> --
> No on default SMTP virtual server.
>
> Sorry for this long post and thank you for the help.
>
>
>
>
> "Ed Crowley [MVP]" wrote:
>
>> You'll receive more timely help when you include important information
>> like
>> the version and service pack of your Exchange server.
>>
>> Do you have anything configured in the smart host setting in your SMTP
>> virtual servers?
>> --
>> Ed Crowley MVP
>> "There are seldom good technological solutions to behavioral problems."
>> ..
>>
>> "John" wrote in message
>> news:53684C93-7320-4033-A668-E5051E093326@microsoft.com...
>> > Hi all,
>> > by following this
>> > http://msexchangeteam.com/archive/2006/10/04/429090.aspx
>> > I can receive email from partner. But, I can not send it to them and
>> > it
>> > needs the backend exchange server to issue starttls first. I only
>> > configure
>> > the frontend server. the messAGE is as:
>> >
>> >
>> >
>> > Do I have to configure something on the backend servers?
>> >
>> > Thank you.
>> >
>> >
>>
>>
>>
date: Sat, 19 Jul 2008 16:40:05 -0700
author: Ed Crowley [MVP]
Re: Urgent Help!
> Does the host name on the certificate match the host name of the sending
> SMTP server?
> --
Yes for the frontend server.
Just wonder why I got NDR about my backend server needs to issue a STARTTLS
command first?
"Ed Crowley [MVP]" wrote:
> Does the host name on the certificate match the host name of the sending
> SMTP server?
> --
> Ed Crowley MVP
> "There are seldom good technological solutions to behavioral problems."
> ..
>
> "John" wrote in message
> news:CEDAF6CA-45B6-4681-9D98-59F2FB887732@microsoft.com...
> > Sorry about missing info and another post.
> >
> > We have exchange 2003 SP2 with one frontend server and two clustered
> > backend
> > servers. According to the
> > http://msexchangeteam.com/archive/2006/10/04/429090.aspx and I did create
> > another secure SMTP virtual server , Select Requires TLS encryption in the
> > Authentication tab, and assign trusted OWA certificate on it, selected
> > require secure channel and require 128 bit encryption; created one secured
> > SMTP connector which use one created secure SMTP virtual server as local
> > bridgeheads and use our partner xyz.com's ip addresses of bridgetheads as
> > fowarding all mail through this connector to the following smart hosts and
> > address space is xyz.com.
> >
> > After this configure, I can receive emails from partner doamin xyz.com.
> > But, I can not send emails to xyz.com. I got NDR as folows:
> >
> >> > The following recipient(s) cannot be reached:
> >> >
> >> > Partner email address on 7/18/2008 6:38 PM
> >> > The recipient could not be processed because it would
> >> > violate
> >> > the security policy in force
> >> > <exchangebackendserver.local #5.7.0 smtp;530 5.7.0 Must
> >> > issue a
> >> > STARTTLS command first>
> > ____________________________________
> >
> > If I uncheked require secure channel and require 128-bit encryption, I can
> > send emails to xyz.com but xyz.com can not send emails to me.
> >
> > I check the link again and find note:
> >
> > Note: Under the Access tab on the Secure SMTP VS properties, Communication
> > button, there is additional level of security that can be enabled,
> > "Require
> > Secure channel", this will require TLS communication between any and all
> > SMTP
> > communication to or from the Secure SMTP VS even between SMTP Virtual
> > Servers
> > on the same Exchange server, and would require a certificate be installed
> > on
> > the Default SMTP VS, as well as any other SMTP Virtual Servers within the
> > same Exchange 200x Organization.
> > ________________________________________________
> > I did import OWA certificate from the frontend server to the backend
> > server
> > and still got the same NDR.
> >
> > What else should I configure on the backend servers?
> >
> >> Do you have anything configured in the smart host setting in your SMTP
> >> virtual servers?
> >> --
> > No on default SMTP virtual server.
> >
> > Sorry for this long post and thank you for the help.
> >
> >
> >
> >
> > "Ed Crowley [MVP]" wrote:
> >
> >> You'll receive more timely help when you include important information
> >> like
> >> the version and service pack of your Exchange server.
> >>
> >> Do you have anything configured in the smart host setting in your SMTP
> >> virtual servers?
> >> --
> >> Ed Crowley MVP
> >> "There are seldom good technological solutions to behavioral problems."
> >> ..
> >>
> >> "John" wrote in message
> >> news:53684C93-7320-4033-A668-E5051E093326@microsoft.com...
> >> > Hi all,
> >> > by following this
> >> > http://msexchangeteam.com/archive/2006/10/04/429090.aspx
> >> > I can receive email from partner. But, I can not send it to them and
> >> > it
> >> > needs the backend exchange server to issue starttls first. I only
> >> > configure
> >> > the frontend server. the messAGE is as:
> >> >
> >> >
> >> >
> >> > Do I have to configure something on the backend servers?
> >> >
> >> > Thank you.
> >> >
> >> >
> >>
> >>
> >>
>
>
>
date: Sun, 20 Jul 2008 06:10:01 -0700
author: John
Re: Urgent Help!
That would indicate to me that the back-end wants to talk TLS to the
front-end server, but the front-end server doesn't have a certificate
installed in its SMTP virtual server.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"John" wrote in message
news:A6485BAA-FB2B-4800-9E1F-4FDCE8F3ECD1@microsoft.com...
>> Does the host name on the certificate match the host name of the sending
>> SMTP server?
>> --
> Yes for the frontend server.
>
> Just wonder why I got NDR about my backend server needs to issue a
> STARTTLS
> command first?
>
> "Ed Crowley [MVP]" wrote:
>
>> Does the host name on the certificate match the host name of the sending
>> SMTP server?
>> --
>> Ed Crowley MVP
>> "There are seldom good technological solutions to behavioral problems."
>> ..
>>
>> "John" wrote in message
>> news:CEDAF6CA-45B6-4681-9D98-59F2FB887732@microsoft.com...
>> > Sorry about missing info and another post.
>> >
>> > We have exchange 2003 SP2 with one frontend server and two clustered
>> > backend
>> > servers. According to the
>> > http://msexchangeteam.com/archive/2006/10/04/429090.aspx and I did
>> > create
>> > another secure SMTP virtual server , Select Requires TLS encryption in
>> > the
>> > Authentication tab, and assign trusted OWA certificate on it, selected
>> > require secure channel and require 128 bit encryption; created one
>> > secured
>> > SMTP connector which use one created secure SMTP virtual server as
>> > local
>> > bridgeheads and use our partner xyz.com's ip addresses of bridgetheads
>> > as
>> > fowarding all mail through this connector to the following smart hosts
>> > and
>> > address space is xyz.com.
>> >
>> > After this configure, I can receive emails from partner doamin xyz.com.
>> > But, I can not send emails to xyz.com. I got NDR as folows:
>> >
>> >> > The following recipient(s) cannot be reached:
>> >> >
>> >> > Partner email address on 7/18/2008 6:38 PM
>> >> > The recipient could not be processed because it would
>> >> > violate
>> >> > the security policy in force
>> >> > <exchangebackendserver.local #5.7.0 smtp;530 5.7.0 Must
>> >> > issue a
>> >> > STARTTLS command first>
>> > ____________________________________
>> >
>> > If I uncheked require secure channel and require 128-bit encryption, I
>> > can
>> > send emails to xyz.com but xyz.com can not send emails to me.
>> >
>> > I check the link again and find note:
>> >
>> > Note: Under the Access tab on the Secure SMTP VS properties,
>> > Communication
>> > button, there is additional level of security that can be enabled,
>> > "Require
>> > Secure channel", this will require TLS communication between any and
>> > all
>> > SMTP
>> > communication to or from the Secure SMTP VS even between SMTP Virtual
>> > Servers
>> > on the same Exchange server, and would require a certificate be
>> > installed
>> > on
>> > the Default SMTP VS, as well as any other SMTP Virtual Servers within
>> > the
>> > same Exchange 200x Organization.
>> > ________________________________________________
>> > I did import OWA certificate from the frontend server to the backend
>> > server
>> > and still got the same NDR.
>> >
>> > What else should I configure on the backend servers?
>> >
>> >> Do you have anything configured in the smart host setting in your SMTP
>> >> virtual servers?
>> >> --
>> > No on default SMTP virtual server.
>> >
>> > Sorry for this long post and thank you for the help.
>> >
>> >
>> >
>> >
>> > "Ed Crowley [MVP]" wrote:
>> >
>> >> You'll receive more timely help when you include important information
>> >> like
>> >> the version and service pack of your Exchange server.
>> >>
>> >> Do you have anything configured in the smart host setting in your SMTP
>> >> virtual servers?
>> >> --
>> >> Ed Crowley MVP
>> >> "There are seldom good technological solutions to behavioral
>> >> problems."
>> >> ..
>> >>
>> >> "John" wrote in message
>> >> news:53684C93-7320-4033-A668-E5051E093326@microsoft.com...
>> >> > Hi all,
>> >> > by following this
>> >> > http://msexchangeteam.com/archive/2006/10/04/429090.aspx
>> >> > I can receive email from partner. But, I can not send it to them
>> >> > and
>> >> > it
>> >> > needs the backend exchange server to issue starttls first. I only
>> >> > configure
>> >> > the frontend server. the messAGE is as:
>> >> >
>> >> >
>> >> >
>> >> > Do I have to configure something on the backend servers?
>> >> >
>> >> > Thank you.
>> >> >
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>
date: Tue, 29 Jul 2008 19:43:05 -0400
author: Ed Crowley [MVP]
|
|
