none
SSL & TLS errors

    Question

  • Hi

    We have exchange hybrid with 3 CAS and 3 Mailbox Servers . We can see the following errors is  generated from 'system' section of windows category logs.

    In two cas servers

    The error is

    A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.

    and third server error is

    An error occurred while using SSL configuration for endpoint 0.0.0.0:443.  The error status code is contained within the returned data.

    What may be the issue.

    I request your advice to resolve this issue.

    All services are working fine .

    Regards

    Ashraf


    Ashraf

    Tuesday, May 16, 2017 7:49 AM

All replies

  • When citing an entry in the event logs, please post the entire event log entry.  You are welcome to use the handy-dandy "copy to clipboard" button in the event log detail window to assist you with this.

    From this reference, it appears that a connection presented an invalid certificate. If you're not reporting any errors receiving or sending mail, then I wouldn't worry about it.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, May 17, 2017 5:08 AM
    Moderator
  • Well, you may try the solution in this similar thread

    https://social.technet.microsoft.com/Forums/en-US/e262fca9-da70-482b-85b6-c39a0ea087e2/schannel-fatal-alert-46?forum=exchangesvrsecuremessaging

    Here’s an example of using the correct syntax for TlsCertificateName. First, determine the thumbnail value for the certificate you want to use. This example is going to use wildcard certificate, which is already enabled for SMTP.

    [PS] C:\>Get-ExchangeCertificate
     
    Thumbprint                                Services   Subject
    ----------                                --------   -------
    4A4B66E94A9195FA3344E34E01E6698C44C0A639  .......    O=Microsoft, OU=Microsoft Monitoring Agent, CN={5B5FCD1B-5085-4...
    D8C33B1E0FDFE180920C5CEED0612B95269FA1E7  IP.WS..    CN=EX2016SRV2
    31E5D6D7E6BD77FC20FA4F490983C6945631CB6C  .......    CN=WMSvc-EX2016SRV2
    DE67EC3C8D679AA35D17678FEC51907272B1BAE2  ...WS..    CN=*.exchangeserverpro.net, OU=IT, O=LockLAN Systems Pty Ltd, L...
    A49E18338DB7B07E75D46DBF843D919A014F9A63  ....SF.    CN=Federation
    436C266B30409B25C13A7EC17CBD4E9F5D8DAD79  ....S..    CN=Federation

    Next, capture the certificate as a variable.

    [PS] C:\>$cert = Get-ExchangeCertificate -Thumbprint DE67EC3C8D679AA35D17678FEC51907272B1BAE2

    Now, declare a new variable for the certificate issuer and subject values.

    [PS] C:\>$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"

    Now we can set the receive connector's TlsCertificateName property without having to type out a long string containing the issuer and subject values.

    [PS] C:\>Set-ReceiveConnector "ServerName\Client Frontend ServerName" -TlsCertificateName $tlscertificatename

    Repeat that for every server and connector that will be handling the authenticated SMTP connections.

    Refer to this blog for more information about SSL/TLS Alert:

    https://blogs.msdn.microsoft.com/kaushal/2012/10/05/ssltls-alert-protocol-the-alert-codes/


    Best Regards,

    Lynn-Li
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 17, 2017 8:54 AM
    Moderator
  • Hello there, first of all, thank you for the reply. I am getting the following error when I use the following (mentioned above) commands.

    Cannot process argument transformation on parameter 'TlsCertificateName'. Cannot convert value "<i>$<[Subject]
      CN=mysolutions.com, OU=Domain Control Validated
    [Issuer]
      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.",
    L=Scottsdale, S=Arizona, C=US
    [Serial Number]

    please help me on this


    GR

    Sunday, March 3, 2019 6:28 PM
  • Hello there, first of all, thank you for the reply. I am getting the following error when I use the following (mentioned above) commands.

    Cannot process argument transformation on parameter 'TlsCertificateName'. Cannot convert value "<i>$<[Subject]
      CN=mysolutions.com, OU=Domain Control Validated
    [Issuer]
      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.",
    L=Scottsdale, S=Arizona, C=US
    [Serial Number]

    please help me on this


    GR

    See your other thread:

    https://social.technet.microsoft.com/Forums/en-US/ad411f0f-7c86-4ab8-aa14-2f9d68b60ea1/receive-connector-tls-certificate-name-error?forum=Exch2016MFSM

    Sunday, March 3, 2019 7:41 PM