Exchange 2007 Certificates for SMTP and IMAP, POP3 RRS feed

  • Question


    Help me please - we can't progress with deploying Exchange 2007 as it is not supporting all the services that Exchange 2003 was handling.

    We have an E2k7 Win2008 "ServerMX5" that is CAS and HT. OWA is accessed from this server from webmail.corp.com.au and all SMTP traffic in and out of the organization goes through this server - it all works.

    We have an E2k3 Win2003 "ServerMX2" that has IMAP and POP3 enabled. All our mailboxes are on this server

    Currently, internal UNIX servers connect to "ServerMX5" under the internal CNAME "smtp01.domain.local" and this all appears to work fine.

    We are migrating the few IMAP clients from connecting to "ServerMX2" to "smtp01.domain.local", but after they establish a connection, no matter what they enter, their login is refused;

    Code Snippet

    Telnet smtp01 143

    . login username password

    . NO LOGIN failed.

    Also, when I try the following, it is also refused (as are all other permutations as per http://support.microsoft.com/kb/189326/en-us)

    Code Snippet

    telnet smtp01.domain.local 143

    1 login domain/username password

    1 NO LOGIN failed.

    On the server "ServerMX5" I used to get a lot of these errors;

    Code Snippet
    Log Name:      Application
    Source:        MSExchangeTransport
    Event ID:      12014
    Task Category: TransportService
    Computer:      ServerMX5.domain.local
    Microsoft Exchange couldn't find a certificate that contains the domain name ServerMX5.domain.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Outbound with a FQDN parameter of ServerMX5.domain.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
    Code Snippet
    Log Name:      Application
    Source:        MSExchangeIMAP4
    Event ID:      2007
    Task Category: (1)
    Computer:      ServerMX5.domain.local
    A certificate for the hostname "ServerMX5" could not be found.  SSL or TLS encryption cannot be made to the IMAP service.
    But, after realising that I needed to start the Exchange Management Shell as Administrator, I managed to do a Get-ExchangeCertificate and then Enable-ExchangeCertificate -services SMTP,IMAP,POP
    The certificate is now installed.
    But, I still cannot log in to the Exchange 2007 server on Windows 2008 to access the mailboxes that are on Exchange 2003 on Windows 2003.
    Can anyone help?
    Thursday, December 4, 2008 4:40 AM


  • I solved the problem myself;


    The Exchange 2003 server only allows connections from specified IP addresses for IMAP.

    I had to allow the Exchange 2007 server permission to access IMAP on the E2k3 server, as the E2k8 server proxies the request.

    Thursday, December 4, 2008 5:01 AM