locked
Outlook not connecting POP3/IMAP clients SSL/TLS RRS feed

  • Question

  • Dear Team,

    Recently i have applied SSL on my exchange infra and assigned to service iis,pop,imap and smtp. 
    But am unable to get connected Outlook client POP3/IMAP clients  on SSL/TLS only connecting none option. 

    How can i resolve this issue  


    Faris

    Monday, February 11, 2019 6:11 PM

Answers

  • Exchange should accept connection now if certificate was assigned correctly.

    Anyway. try this as well:-

    Set-ReceiveConnector -identity "Ex1\Client front end ex1" -requiretls:$true

    Replace connector identity with your connector identity which you can get by running get-receiveconnector.



    Thanks,

    Ashish

    MCITP, MCT, MCSE

    “Tell me and I forget, teach me and I may remember, involve me and I learn.”

    Note:- Please remember to vote and mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    • Proposed as answer by Steve Fan Friday, February 22, 2019 9:52 AM
    • Marked as answer by Farispv Friday, February 22, 2019 8:06 PM
    Wednesday, February 20, 2019 5:28 PM
  • Hi Faris,

    Any update here? Is the issue fixed now? Please don't hesitate to post back if further assistance is needed here.

    Regards,
    Steve Fan


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Farispv Friday, February 22, 2019 8:06 PM
    Friday, February 22, 2019 9:52 AM

All replies

  • Hi Faris,

    May I know how did you configure Outlook to connect via POP3 or IMAP? Please provide the specific settings you used here so that we can check whether there is any misconfiguration.

    What error did you get when it failed to connect to the mail server?

    Please check whether you have started the Microsoft Exchange POP3 service and the Microsoft Exchange POP3 Backend service. By default, these services are not started.

    Regards,
    Steve Fan


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by Steve Fan Wednesday, February 13, 2019 9:33 AM
    Tuesday, February 12, 2019 6:15 AM
  • Hi Faris,

    Any update here? Please don't hesitate to post back if you need further assistance here.

    Regards,
    Steve Fan


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, February 13, 2019 9:34 AM
  • Outlook Test with NONE and port 995/587

    OUTLOOKERROSSL 995/587OutlookSSL995/587 eroorOutlookError995/587

    The above are the error am getting while attempting connect by using SSL/TLS with port 587 SMTP and POP3 995, the same happens for IMAP as well. If make 'None' the outlook getting connected without any issue. 

    The outlook POP3&IMAP service are running, i have already outlook POP3/IMPA which are are connected exchange server with NONE option. 
    Recently i have applied SSL on my exchange and applied to IIS,POP/IMAP/SMTP. 

    When i search, i noticed that some article states the SCP/SRV records to be created for autodiscover, as of now i dont have such records in my local DNS and public. I have only autodiscover A records which poiting to email server. 

    I would expect your best advise to get it done. !!

    Thank you in advance for your valuable time. 


    Faris

    Wednesday, February 13, 2019 8:25 PM
  • Hi Faris,

    Thank you for your reply.

    According to the screenshots you provided, I understand that Outlook clients could access with Exchange server and it failed in sending test messages.

    After enabling and configuring POP3/IMAP4 on the Exchange server, you need to configure the authenticated SMTP settings for POP3/IMAP4 clients so they can send email messages. The brief steps are like below:

    1. Configure the FQDN on the "Client Frontend <Server name>" Receive connector.
    2. Specify the certificate that's used to encrypt authenticated SMTP client connections.
    3. Configure Outlook on the web (formerly known as Outlook Web App) to display the SMTP settings for authenticated SMTP clients at Settings > Options > Mail > Accounts > POP and IMAP.

    More details please review the link below:

    Configure authenticated SMTP settings for POP3 and IMAP4 clients in Exchange Server
    https://docs.microsoft.com/en-us/exchange/clients/pop3-and-imap4/configure-authenticated-smtp?view=exchserver-2019#step-1-configure-the-fqdn-on-the-client-frontend-server-name-receive-connector

    Service connection point (SCP) AD object is created when an Exchange Client Access Server installed. The SCP object is used by domain joined clients to locate the Autodiscover service. Generally, the Exchange external Autodiscover DNS entity is configured as a regular A record. In your environment, it doesn’t need additional SRV record to instead. 

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Edited by Manu Meng Friday, February 15, 2019 8:37 AM
    Friday, February 15, 2019 8:32 AM
  • Hi, 

    I have gone through your article, now am able to connect Outlook POP3/IMAP TLS with in Local network, but SMTP SSL not getting same error.
    in the same time, am unable to get connected on both SSL/TLS from outside network. where all the ports are SSL/TLS are open in my internal firewall. 

    In OWA, i can see the POP/IMAP server setting details. 

    POP3 Settings 

    Server name: mail.mydomain.com
    Port: 995
    Encryption method: SSL

    IMAP Settings 

    Server name: mail.mydomain.com
    Port: 993
    Encryption method: SSL

    SMTP Settings 

    Server name: mail.mydomain.com
    Port: 587
    Encryption method: TLS

    Could you please advise where i mistaken. 


    Faris

    Sunday, February 17, 2019 5:50 PM
  • Hi Faris,

    >>I have gone through your article, now am able to connect Outlook POP3/IMAP TLS with in Local network, but SMTP SSL not getting same error.

    Do you mean you can successfully connect to Exchange via POP3/IMAP TLS now? What does "but SMTP SSL not getting same error" actually refer to?

    >>in the same time, am unable to get connected on both SSL/TLS from outside network. where all the ports are SSL/TLS are open in my internal firewall. 

    Please use the Exchange Server > POP Email test or IMAP Email test in the Microsoft Remote Connectivity Analyzer to test POP3/IMAP client connectivity to the Exchange server. Please post back with the testing result.

    Regards,
    Steve Fan


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, February 19, 2019 6:53 AM
  • HI, 

    I mean being able to connect Outlook POP3/IMAP by using TLS in Local network but not connecting SSL in POP3/IMPA. 

    and am unable to connect POP3/IMAP over the internet on both SSL/TLS. 

    Below is the result of the connectivity test. 

    Connectivity Test Successful with Warnings
     
    Test Details
    <input class=" __ecpStyleButton" id="testSelectWizard___CustomNav3_buttonStartOver" name="testSelectWizard$__CustomNav3$buttonStartOver" style="background-background-repeat:no-repeat;padding:8px 8px 8px 29px;text-align:left;border-style:none;cursor:pointer;background-image:url("/Images/ButtonsPanelStartOver16.png");" type="submit" value="Start Over" /><input class=" __ecpStyleButton" id="testSelectWizard___CustomNav3_buttonRunAgain" name="testSelectWizard$__CustomNav3$buttonRunAgain" style="background-background-repeat:no-repeat;padding:8px 8px 8px 29px;text-align:left;border-style:none none none solid;cursor:pointer;background-image:url("/Images/ButtonsPanelBack16.gif");border-left-width:1px;border-left-color:#cccccc;" type="submit" value="Run Test Again" />
    <input class=" __ecpStyleButton" id="testSelectWizard_ctl12_btnExpandAll" name="testSelectWizard$ctl12$btnExpandAll" style="background-background-repeat:no-repeat;padding:8px 8px 8px 29px;text-align:left;border-style:none solid none none;cursor:pointer;background-image:url("/Images/expand.gif");border-right-width:1px;border-right-color:#cccccc;" type="submit" value="Expand All" /><input class="ecpStyleButtonImageOnly __ecpStyleButton" id="testSelectWizard_ctl12_btnSaveXml" name="testSelectWizard$ctl12$btnSaveXml" style="background-background-repeat:no-repeat;padding-padding-bottom:6px;padding-text-align:left;border-style:none;cursor:pointer;background-image:url("/Images/xml.png");" title="Save as XML" type="submit" value="" /><input class="ecpStyleButtonImageOnly __ecpStyleButton" id="testSelectWizard_ctl12_btnSaveHtml" name="testSelectWizard$ctl12$btnSaveHtml" style="background-background-repeat:no-repeat;padding-padding-bottom:6px;padding-text-align:left;border-style:none;cursor:pointer;background-image:url("/Images/html.png");" title="Save as HTML" type="submit" value="" />
    Testing POP for userDOMAIN \test1 on host  mail.domain.com :995<g class="gr_ gr_442 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Style replaceWithoutSep" data-gr-id="442" id="442">:SSL</g>.   
      POP was tested successfully.
     
    Additional Details
      Elapsed Time: 3480 ms. mail.domain.com 
     
    Test Steps
     
    Attempting to resolve the host name  mail.domain.com  in DNS.
      The host name resolved successfully.
     
    Additional Details
    Testing TCP port 995 on host  mail.domain.com to ensure it's listening and open.
      The port was opened successfully.
     
    Additional Details
    Testing the SSL certificate to make sure it's valid.
      The certificate passed all validation requirements.
     
    Additional Details
      Elapsed Time: 636 ms.
     
    Test Steps
     
    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mail.domain.com on port 995.
      The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
     
    Additional Details
    Validating the certificate name.
      The certificate name was validated successfully.
     
    Additional Details
    Certificate trust is being validated.
      The certificate is trusted and all certificates are present in the chain.
     
    Test Steps
     
    The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.domain.com, OU=Domain Control Validated.
      One or more certificate chains were constructed successfully.
     
    Additional Details
    Analyzing the certificate chains for compatibility problems with versions of Windows.
      Potential compatibility problems were identified with some versions of Windows.
     
    Additional Details
     
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
    Elapsed Time: 0 ms.
    Testing the certificate date to confirm the certificate is valid.
      Date validation passed. The certificate hasn't expired.
     
    Additional Details
    The POP service is being tested.
      The POP service was tested successfully.
     
    Additional Details
     
    Successfully tested the POP3 service
    Secured: CN= <g class="gr_ gr_488 gr-alert gr_gramm gr_inline_cards gr_run_anim Style multiReplace" data-gr-id="488" id="488">mail.domain.com </g><g class="gr_ gr_488 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Style multiReplace" data-gr-id="488" id="488">,</g> OU=Domain Control Validated
    S: +OK The Microsoft Exchange POP3 service is ready.
    C: CAPA
    S: +OK
    TOP
    UIDL
    SASL PLAIN
    USER
    .
    C: USER test1
    S: +OK
    C: PASS <password>
    S: +OK User successfully logged on.
    C: STAT
    S: +OK 22 239726
    C: QUIT
    S: +OK Microsoft Exchange Server 2016 POP3 server signing off.
    Elapsed Time: 2178 ms.


    Faris


    • Edited by Farispv Tuesday, February 19, 2019 6:27 PM
    Tuesday, February 19, 2019 6:26 PM
  • IMAP Test Result.

    mail.domain.com

    Connectivity Test Successful
     
    Test Details
    <input class=" __ecpStyleButton" id="testSelectWizard___CustomNav3_buttonStartOver" name="testSelectWizard$__CustomNav3$buttonStartOver" style="background-background-repeat:no-repeat;padding:8px 8px 8px 29px;text-align:left;border-style:none;cursor:pointer;background-image:url("/Images/ButtonsPanelStartOver16.png");" type="submit" value="Start Over" /><input class=" __ecpStyleButton" id="testSelectWizard___CustomNav3_buttonRunAgain" name="testSelectWizard$__CustomNav3$buttonRunAgain" style="background-background-repeat:no-repeat;padding:8px 8px 8px 29px;text-align:left;border-style:none none none solid;cursor:pointer;background-image:url("/Images/ButtonsPanelBack16.gif");border-left-width:1px;border-left-color:#cccccc;" type="submit" value="Run Test Again" />
    <input class=" __ecpStyleButton" id="testSelectWizard_ctl12_btnExpandAll" name="testSelectWizard$ctl12$btnExpandAll" style="background-background-repeat:no-repeat;padding:8px 8px 8px 29px;text-align:left;border-style:none solid none none;cursor:pointer;background-image:url("/Images/expand.gif");border-right-width:1px;border-right-color:#cccccc;" type="submit" value="Expand All" /><input class="ecpStyleButtonImageOnly __ecpStyleButton" id="testSelectWizard_ctl12_btnSaveXml" name="testSelectWizard$ctl12$btnSaveXml" style="background-background-repeat:no-repeat;padding-padding-bottom:6px;padding-text-align:left;border-style:none;cursor:pointer;background-image:url("/Images/xml.png");" title="Save as XML" type="submit" value="" /><input class="ecpStyleButtonImageOnly __ecpStyleButton" id="testSelectWizard_ctl12_btnSaveHtml" name="testSelectWizard$ctl12$btnSaveHtml" style="background-background-repeat:no-repeat;padding-padding-bottom:6px;padding-text-align:left;border-style:none;cursor:pointer;background-image:url("/Images/html.png");" title="Save as HTML" type="submit" value="" />
    Testing POP for user DOMAIN\test1 on host mail.domain.com:110:TLS.
      POP was tested successfully.
     
    Additional Details
      Elapsed Time: 2784 ms.
     
    Test Steps
     
    Attempting to resolve the host name mail.domain.com in DNS.
      The host name resolved successfully.
     
    Additional Details
     
    IP addresses returned: 1.1.1.1
    Elapsed Time: 10 ms.
    Testing TCP port 110 on host mail.domain.com to ensure it's listening and open.
      The port was opened successfully.
     
    Additional Details
      Elapsed Time: 198 ms.
    The POP service is being tested.
      The POP service was tested successfully.
     
    Additional Details
     
    Successfully tested the POP3 service
    S: +OK The Microsoft Exchange POP3 service is ready.
    C: CAPA
    S: +OK
    TOP
    UIDL
    STLS
    .
    C: STLS
    S: +OK Begin TLS negotiation.
    Secured: CN=mail.domain.com, OU=Domain Control Validated
    C: CAPA
    S: +OK
    TOP
    UIDL
    SASL PLAIN
    USER
    .
    C: USER test1
    S: +OK
    C: PASS <password>
    S: +OK User successfully logged on.
    C: STAT
    S: +OK 22 239726
    C: QUIT
    S: +OK Microsoft Exchange Server 2016 POP3 server signing off.
    Elapsed Time: 2575 ms.


    Faris

    Tuesday, February 19, 2019 6:29 PM
  • While configuring outlook for IMAP or POP go to more settings and under advanced setting make sure outgoing server (SMTP) have port 25 selected and encrypted connection is none.

    For incoming use secure (993 for imap and 995 for POP).


    Thanks,

    Ashish

    MCITP, MCT, MCSE

    “Tell me and I forget, teach me and I may remember, involve me and I learn.”

    Note:- Please remember to vote and mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Tuesday, February 19, 2019 6:45 PM
  • Thanks for your reply. 

    If I choose the POP 995 and IMAP 993 for incoming connection and secure communication for outgoing is None. the outlook get connected, but may case i would choose to have TLS/SSL in outgoing connection- While choosing this option we are getting SMTP test error.

    As per my knowledge should able to connect both SSL/TLS/None. selecting none option its allowing the clients to connect server using encrypted connection. Please correct me if am wrong.


    Faris

    Tuesday, February 19, 2019 9:30 PM
  • Hi,

    Did you followed below for secure SMTP.

    https://docs.microsoft.com/en-us/exchange/clients/pop3-and-imap4/configure-authenticated-smtp?view=exchserver-2019


    Thanks,

    Ashish

    MCITP, MCT, MCSE

    “Tell me and I forget, teach me and I may remember, involve me and I learn.”

    Note:- Please remember to vote and mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Tuesday, February 19, 2019 10:18 PM
  • I went through the article, i shared my output here, as below. 

    


    Faris

    Tuesday, February 19, 2019 10:27 PM
  • Hi,

    Did you tried enabling anonymous users on client frontend receive connector security setting?

    After that select TLS and put 587 in outgoing smtp setting.



    Thanks,

    Ashish

    MCITP, MCT, MCSE

    “Tell me and I forget, teach me and I may remember, involve me and I learn.”

    Note:- Please remember to vote and mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Tuesday, February 19, 2019 10:57 PM
  • Client Forntend Settings as per below. its seems already enabled 

    


    Faris

    Wednesday, February 20, 2019 3:52 PM
  • It should work then.

    Do one thing while configuring outlook profile select server name in outgoing SMTP connection and select TLS with port 587. Let me result. Make sure no other authentication method is selected in advanced setting.

    Also do a telnet from client to exchange server over port 587.

    e.g. telnet ex1 587


    Thanks,

    Ashish

    MCITP, MCT, MCSE

    “Tell me and I forget, teach me and I may remember, involve me and I learn.”

    Note:- Please remember to vote and mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Wednesday, February 20, 2019 4:05 PM
  • i tried this way. am right ?
    telnet response. 
    220 mail.domain.com Microsoft ESMTP MAIL Service ready at Wed, 20 Feb 2019 19:58:28 +0300


    Faris

    Wednesday, February 20, 2019 5:04 PM
  • Exchange should accept connection now if certificate was assigned correctly.

    Anyway. try this as well:-

    Set-ReceiveConnector -identity "Ex1\Client front end ex1" -requiretls:$true

    Replace connector identity with your connector identity which you can get by running get-receiveconnector.



    Thanks,

    Ashish

    MCITP, MCT, MCSE

    “Tell me and I forget, teach me and I may remember, involve me and I learn.”

    Note:- Please remember to vote and mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    • Proposed as answer by Steve Fan Friday, February 22, 2019 9:52 AM
    • Marked as answer by Farispv Friday, February 22, 2019 8:06 PM
    Wednesday, February 20, 2019 5:28 PM
  • Hi Faris,

    Any update here? Is the issue fixed now? Please don't hesitate to post back if further assistance is needed here.

    Regards,
    Steve Fan


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Farispv Friday, February 22, 2019 8:06 PM
    Friday, February 22, 2019 9:52 AM
  • its not resolved yet, am searching the solvency. 

    Faris

    Friday, February 22, 2019 4:47 PM
  • I tried this but still not connecting. on TLS.  

    Set-ReceiveConnector -identity "Ex1\Client front end ex1" -requiretls:$true


    Faris

    Friday, February 22, 2019 5:03 PM
  • Hi,

    Can you please put server name (Ex1) instead of mail.domain.com and under user name put complete email address test1@domain.com?

    After that test it.


    Thanks,

    Ashish

    MCITP, MCT, MCSE

    “Tell me and I forget, teach me and I may remember, involve me and I learn.”

    Note:- Please remember to vote and mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Friday, February 22, 2019 5:12 PM
  • I did Same. with my server name . 


    Glad to inform your,its finally worked, i have rearranged my firewall-rules. now its connecting on TLS. 
    but not connecting on SSL

    Faris

    Friday, February 22, 2019 5:21 PM
  • Sounds Great....If you were able to do telnet then port should be open.

    SSL is obsolute so use TLS only.

    Also when Exchange install, it create all required firewall rules and enable those, so seems that either those were modified or somehow required rule was disabled.


    Thanks,

    Ashish

    MCITP, MCT, MCSE

    “Tell me and I forget, teach me and I may remember, involve me and I learn.”

    Note:- Please remember to vote and mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Friday, February 22, 2019 5:30 PM
  • Thank you very much for all of your support, may God Bless you.

    The issue was my internal firewall rules priority. 


    Faris

    Friday, February 22, 2019 8:05 PM