Answered by:
Cannot Send Mail from 2010 Exchange Server to New Exchange 2016 Server

Question
-
I'm trying to migrate to Exchange 2016 from Exchange 2010. I installed a new 2012 windows server and installed Exchange 2016 on it with no issues and by the book.
I can send email to any user on the 2010 server with no issue. I cannot send any email from a user on the 2010 server to one on the 2016 exchange server.
The Default Frontend Receiver on the Exchange 2016 machine has all default values (in security only Externally Secured, Partners, and Exchange Users are unchecked).
Scoping is also at default with ALL IP's for port 25.
My 2010 server produces this in it's queues for those emails:
HUB VERSION 15 - SMTP Relay in Active Directory Site - Retry - 451 4.4.0Primary target IP address responded with "421 4.4.2 Connection Dropped due to Socket Error.
I've checked the protocol logs on the Exchange 2016 box and see these:
2017-03-22T20:19:54.771Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D4714731B2DF15,0,10.200.80.200:717,10.200.80.200:21829,+,,
2017-03-22T20:19:54.771Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D4714731B2DF15,1,10.200.80.200:717,10.200.80.200:21829,>,"220 WNMail01.wayne.aaa075 Microsoft ESMTP MAIL Service ready at Wed, 22 Mar 2017 16:19:54 -0400",
2017-03-22T20:19:54.771Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D4714731B2DF15,2,10.200.80.200:717,10.200.80.200:21829,<,EHLO smtp.availability.contoso.com,
2017-03-22T20:19:54.771Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D4714731B2DF15,3,10.200.80.200:717,10.200.80.200:21829,>,250 WNMail01.wayne.aaa075 Hello [10.200.80.200] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
2017-03-22T20:19:54.771Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D4714731B2DF15,4,10.200.80.200:717,10.200.80.200:21829,<,QUIT,
2017-03-22T20:19:54.771Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D4714731B2DF15,5,10.200.80.200:717,10.200.80.200:21829,>,221 2.0.0 Service closing transmission channel,
2017-03-22T20:19:54.771Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D4714731B2DF15,6,10.200.80.200:717,10.200.80.200:21829,-,,Local
2017-03-22T20:20:11.746Z,WNMAIL01\Default Frontend WNMAIL01,08D4714731B2DF18,0,10.200.80.200:25,143.61.188.203:38819,+,,
2017-03-22T20:20:11.746Z,WNMAIL01\Default Frontend WNMAIL01,08D4714731B2DF18,1,10.200.80.200:25,143.61.188.203:38819,>,"220 WNMail01.wayne.aaa075 Microsoft ESMTP MAIL Service ready at Wed, 22 Mar 2017 16:20:11 -0400",
2017-03-22T20:20:11.746Z,WNMAIL01\Default Frontend WNMAIL01,08D4714731B2DF18,2,10.200.80.200:25,143.61.188.203:38819,<,EHLO AAANJ-MX.wayne.aaa075,
2017-03-22T20:20:11.746Z,WNMAIL01\Default Frontend WNMAIL01,08D4714731B2DF18,3,10.200.80.200:25,143.61.188.203:38819,>,250 WNMail01.wayne.aaa075 Hello [143.61.188.203] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM LOGIN X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
2017-03-22T20:20:11.746Z,WNMAIL01\Default Frontend WNMAIL01,08D4714731B2DF18,4,10.200.80.200:25,143.61.188.203:38819,<,X-ANONYMOUSTLS,
2017-03-22T20:20:11.746Z,WNMAIL01\Default Frontend WNMAIL01,08D4714731B2DF18,5,10.200.80.200:25,143.61.188.203:38819,>,220 2.0.0 SMTP server ready,
2017-03-22T20:20:11.746Z,WNMAIL01\Default Frontend WNMAIL01,08D4714731B2DF18,6,10.200.80.200:25,143.61.188.203:38819,*, CN=WNMail01 CN=WNMail01 452BFDAA124EB09F4C0F51EA587C2E72 816262535EDC532851D415CB8D02198448F0102B WNMail01;WNMail01.wayne.aaa075,Sending certificate Certificate subject Certificate issuer name Certificate serial number Certificate thumbprint Certificate subject alternate names
2017-03-22T20:20:11.746Z,WNMAIL01\Default Frontend WNMAIL01,08D4714731B2DF18,7,10.200.80.200:25,143.61.188.203:38819,*,,TLS negotiation failed with error IllegalMessage
2017-03-22T20:20:11.746Z,WNMAIL01\Default Frontend WNMAIL01,08D4714731B2DF18,8,10.200.80.200:25,143.61.188.203:38819,-,,LocalThis repeats any time a message is sent between users of on different exchange servers.
Both servers are on premise within the same site. The firewalls are turned off on the servers and they do not pass through any ASA when they communicate since it's internal.
Help
- Edited by Lascarius Wednesday, March 22, 2017 8:54 PM
Wednesday, March 22, 2017 8:30 PM
Answers
-
Issue has been resolved. Prior department made changes to the SCHANNEL registry keys and that led to failed negotiation from the 2010 server. The extra keys were backed up and deleted to what should be default and communication now works. I still need to scan and make sure PCI is met.
- Marked as answer by Lascarius Thursday, March 23, 2017 4:26 PM
Thursday, March 23, 2017 4:26 PM
All replies
-
Hi,
Given the error message below:
--------------------------------------------------------
2017-03-22T20:20:11.746Z,WNMAIL01\Default Frontend WNMAIL01,08D4714731B2DF18,6,10.200.80.200:25,143.61.188.203:38819,*, CN=WNMail01 CN=WNMail01 452BFDAA124EB09F4C0F51EA587C2E72 816262535EDC532851D415CB8D02198448F0102B WNMail01;WNMail01.wayne.aaa075,Sending certificate Certificate subject Certificate issuer name Certificate serial number Certificate thumbprint Certificate subject alternate names
2017-03-22T20:20:11.746Z,WNMAIL01\Default Frontend WNMAIL01,08D4714731B2DF18,7,10.200.80.200:25,143.61.188.203:38819,*,,TLS negotiation failed with error IllegalMessage
2017-03-22T20:20:11.746Z,WNMAIL01\Default Frontend WNMAIL01,08D4714731B2DF18,8,10.200.80.200:25,143.61.188.203:38819,-,,Local-------------------------------------------------------
After exchange the cert the error “TLS negotiation failed with error IllegalMessage” occurred, it’s recommended to re-assign the original self-signed certificate to the SMTP service via the command as following: (you can use the command: Get-ExchangeCertificate | FL to get the information needed)
Enable-ExchangeCertificate -Thumbprint <self-signed> -Services SMTP
If it doesn’t work, please post out the results of the following command:
Get-ExchangeCertificate | FL *(on Exchange server 2016)
Get-ReceiveConnector | FL name, fqdn, objectClass (on Exchange server 2016)
Get-SendConnector | FL name, fqdn, objectClass(on Exchange server 2010)
Hope it helps.
Regards,
Jason Chao
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- Edited by Jason.Chao Thursday, March 23, 2017 2:45 AM
Thursday, March 23, 2017 2:45 AM -
I liked where you were going with that. I was pretty hopeful but it didn't work. I tried setting it as you described. I rebooted the server and services to make sure certificate was being used and then checked the protocol logs and got same issue.
2017-03-23T14:15:37.939Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE43,0,10.200.80.200:25,143.61.188.203:57070,+,,
2017-03-23T14:15:37.939Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE43,1,10.200.80.200:25,143.61.188.203:57070,>,"220 WNMail01.wayne.aaa075 Microsoft ESMTP MAIL Service ready at Thu, 23 Mar 2017 10:15:37 -0400",
2017-03-23T14:15:37.939Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE43,2,10.200.80.200:25,143.61.188.203:57070,<,EHLO AAANJ-MX.wayne.aaa075,
2017-03-23T14:15:37.939Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE43,3,10.200.80.200:25,143.61.188.203:57070,>,250 WNMail01.wayne.aaa075 Hello [143.61.188.203] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
2017-03-23T14:15:37.939Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE43,4,10.200.80.200:25,143.61.188.203:57070,<,X-ANONYMOUSTLS,
2017-03-23T14:15:37.939Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE43,5,10.200.80.200:25,143.61.188.203:57070,>,220 2.0.0 SMTP server ready,
2017-03-23T14:15:37.939Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE43,6,10.200.80.200:25,143.61.188.203:57070,*, CN=WNMail01 CN=WNMail01 452BFDAA124EB09F4C0F51EA587C2E72 816262535EDC532851D415CB8D02198448F0102B WNMail01;WNMail01.wayne.aaa075,Sending certificate Certificate subject Certificate issuer name Certificate serial number Certificate thumbprint Certificate subject alternate names
2017-03-23T14:15:37.939Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE43,7,10.200.80.200:25,143.61.188.203:57070,*,,TLS negotiation failed with error IllegalMessage
2017-03-23T14:15:37.939Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE43,8,10.200.80.200:25,143.61.188.203:57070,-,,Local
2017-03-23T14:15:38.642Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE44,0,127.0.0.1:25,127.0.0.1:7116,+,,
2017-03-23T14:15:38.642Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE44,1,127.0.0.1:25,127.0.0.1:7116,>,"220 WNMail01.wayne.aaa075 Microsoft ESMTP MAIL Service ready at Thu, 23 Mar 2017 10:15:38 -0400",
2017-03-23T14:15:38.642Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE44,2,127.0.0.1:25,127.0.0.1:7116,<,EHLO,
2017-03-23T14:15:38.642Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE44,3,127.0.0.1:25,127.0.0.1:7116,>,250 WNMail01.wayne.aaa075 Hello [127.0.0.1] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
2017-03-23T14:15:38.642Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE44,4,127.0.0.1:25,127.0.0.1:7116,<,QUIT,
2017-03-23T14:15:38.642Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE44,5,127.0.0.1:25,127.0.0.1:7116,>,221 2.0.0 Service closing transmission channel,
2017-03-23T14:15:38.642Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE44,6,127.0.0.1:25,127.0.0.1:7116,-,,Local
2017-03-23T14:15:56.754Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE45,0,10.200.80.200:25,10.200.80.200:7143,+,,
2017-03-23T14:15:56.754Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE45,1,10.200.80.200:25,10.200.80.200:7143,>,"220 WNMail01.wayne.aaa075 Microsoft ESMTP MAIL Service ready at Thu, 23 Mar 2017 10:15:56 -0400",
2017-03-23T14:15:56.754Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE45,2,10.200.80.200:25,10.200.80.200:7143,<,EHLO smtp.availability.contoso.com,
2017-03-23T14:15:56.754Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE45,3,10.200.80.200:25,10.200.80.200:7143,>,250 WNMail01.wayne.aaa075 Hello [10.200.80.200] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
2017-03-23T14:15:56.754Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE45,4,10.200.80.200:25,10.200.80.200:7143,<,QUIT,
2017-03-23T14:15:56.754Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE45,5,10.200.80.200:25,10.200.80.200:7143,>,221 2.0.0 Service closing transmission channel,
2017-03-23T14:15:56.754Z,WNMAIL01\Default Frontend WNMAIL01,08D471F67E88DE45,6,10.200.80.200:25,10.200.80.200:7143,-,,Local
2017-03-23T14:16:04.707Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D471F67E88DE46,0,10.200.80.200:717,10.200.80.200:7145,+,,
2017-03-23T14:16:04.707Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D471F67E88DE46,1,10.200.80.200:717,10.200.80.200:7145,>,"220 WNMail01.wayne.aaa075 Microsoft ESMTP MAIL Service ready at Thu, 23 Mar 2017 10:16:03 -0400",
2017-03-23T14:16:04.707Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D471F67E88DE46,2,10.200.80.200:717,10.200.80.200:7145,<,EHLO smtp.availability.contoso.com,
2017-03-23T14:16:04.707Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D471F67E88DE46,3,10.200.80.200:717,10.200.80.200:7145,>,250 WNMail01.wayne.aaa075 Hello [10.200.80.200] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
2017-03-23T14:16:04.707Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D471F67E88DE46,4,10.200.80.200:717,10.200.80.200:7145,<,QUIT,
2017-03-23T14:16:04.707Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D471F67E88DE46,5,10.200.80.200:717,10.200.80.200:7145,>,221 2.0.0 Service closing transmission channel,
2017-03-23T14:16:04.707Z,WNMAIL01\Outbound Proxy Frontend WNMAIL01,08D471F67E88DE46,6,10.200.80.200:717,10.200.80.200:7145,-,,LocalIt's funny the clock on these logs is not the same time as my device. I thought that would be an issue but I'm guessing it stays on EDT. These protocol logs are being pulled from the Exchange 2016 server: Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive
Here's the new info you asked for:
VERBOSE: Connected to WNMail01.wayne.aaa075.
[PS] C:\Windows\system32>Get-ExchangeCertificate | fl *
PSComputerName : wnmail01.wayne.aaa075
RunspaceId : 3cf7dfa4-0277-4c3b-8b15-4e97e8a26cb2
PSShowComputerName : False
EnhancedKeyUsageList : {Server Authentication (1.3.6.1.5.5.7.3.1)}
DnsNameList : {WNMail01, WNMail01.wayne.aaa075}
SendAsTrustedIssuer : False
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WNMail01, WNMail01.wayne.aaa075}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : 25D8242206C4BC41251F8619968F3E24FCC4CAD2
RootCAType : None
Services : SMTP
Status : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize : 2048
Identity : WNMail01.wayne.aaa075\816262535EDC532851D415CB8D02198448F0102B
ServicesStringForm : ....S..
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
FriendlyName : Microsoft Exchange
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 3/21/2022 4:02:02 PM
NotBefore : 3/21/2017 4:02:02 PM
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 3, 17, 48, 130, 1, 249, 160, 3, 2, 1, 2, 2, 16, 69...}
SerialNumber : 452BFDAA124EB09F4C0F51EA587C2E72
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : 816262535EDC532851D415CB8D02198448F0102B
Version : 3
Handle : 1017853035056
Issuer : CN=WNMail01
Subject : CN=WNMail01PSComputerName : wnmail01.wayne.aaa075
RunspaceId : 3cf7dfa4-0277-4c3b-8b15-4e97e8a26cb2
PSShowComputerName : False
EnhancedKeyUsageList : {Server Authentication (1.3.6.1.5.5.7.3.1)}
DnsNameList : {Microsoft Exchange Server Auth Certificate}
SendAsTrustedIssuer : False
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : 1E26A0206C4EDE7CB3388EFF45F4A687DB3AB89F
RootCAType : None
Services : SMTP
Status : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : True
PublicKeySize : 2048
Identity : WNMail01.wayne.aaa075\D4A33856559FB3A3EC254692BC215B9A00CF681D
ServicesStringForm : ....S..
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid}
FriendlyName : Microsoft Exchange Server Auth Certificate
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 11/5/2021 5:33:24 PM
NotBefore : 12/1/2016 4:33:24 PM
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 3, 41, 48, 130, 2, 17, 160, 3, 2, 1, 2, 2, 16, 84...}
SerialNumber : 54C7C32E3C1183984268D5C82A96D850
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : D4A33856559FB3A3EC254692BC215B9A00CF681D
Version : 3
Handle : 1017853035312
Issuer : CN=Microsoft Exchange Server Auth Certificate
Subject : CN=Microsoft Exchange Server Auth CertificatePSComputerName : wnmail01.wayne.aaa075
RunspaceId : 3cf7dfa4-0277-4c3b-8b15-4e97e8a26cb2
PSShowComputerName : False
EnhancedKeyUsageList : {}
DnsNameList : {WNMail01, WNMail01.wayne.aaa075}
SendAsTrustedIssuer : False
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WNMail01, WNMail01.wayne.aaa075}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : F15E1A5F954F1905DBC8CA30028A3A396006B1DA
RootCAType : Registry
Services : SMTP
Status : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize : 2048
Identity : WNMail01.wayne.aaa075\52D663370F69558FD1139B5BACC77EAE617F4DDF
ServicesStringForm : ....S..
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
FriendlyName : Microsoft Exchange
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 12/1/2021 4:32:25 PM
NotBefore : 12/1/2016 4:32:25 PM
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 3, 17, 48, 130, 1, 249, 160, 3, 2, 1, 2, 2, 16, 65...}
SerialNumber : 4157888BAC76DBB94B45EA17FD36CFC8
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : 52D663370F69558FD1139B5BACC77EAE617F4DDF
Version : 3
Handle : 1017853043376
Issuer : CN=WNMail01
Subject : CN=WNMail01PSComputerName : wnmail01.wayne.aaa075
RunspaceId : 3cf7dfa4-0277-4c3b-8b15-4e97e8a26cb2
PSShowComputerName : False
EnhancedKeyUsageList : {Server Authentication (1.3.6.1.5.5.7.3.1)}
DnsNameList : {WMSvc-WNMAIL01}
SendAsTrustedIssuer : False
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WNMAIL01}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : 01E7D7379803A23AE6D45C083493C6FB7EA7944E
RootCAType : Registry
Services : None
Status : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : True
PublicKeySize : 2048
Identity : WNMail01.wayne.aaa075\3D84B005A19B79C762EDC9DD8D8C2E11FC03CDB3
ServicesStringForm : .......
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
FriendlyName : WMSVC
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 11/29/2026 3:53:26 PM
NotBefore : 12/1/2016 3:53:26 PM
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 2, 227, 48, 130, 1, 203, 160, 3, 2, 1, 2, 2, 16, 121...}
SerialNumber : 79CA0ADCB7C45B9045BDE861C3BBB9C1
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : 3D84B005A19B79C762EDC9DD8D8C2E11FC03CDB3
Version : 3
Handle : 1017853041072
Issuer : CN=WMSvc-WNMAIL01
Subject : CN=WMSvc-WNMAIL01PSComputerName : wnmail01.wayne.aaa075
RunspaceId : 3cf7dfa4-0277-4c3b-8b15-4e97e8a26cb2
PSShowComputerName : False
EnhancedKeyUsageList : {Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2)}
DnsNameList : {*.aaanonj.com, aaanonj.com, mail.aaanonj.com, autodiscover.aaanonj.com,
exchange01.aaanonj.com, webmail.aaanonj.com}
SendAsTrustedIssuer : False
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {*.aaanonj.com, aaanonj.com, mail.aaanonj.com, autodiscover.aaanonj.com,
exchange01.aaanonj.com, webmail.aaanonj.com}
CertificateRequest :
IisServices : {IIS://WNMail01/W3SVC/1, IIS://WNMail01/W3SVC/3}
IsSelfSigned : False
KeyIdentifier : AEC1D5625034A272B71E4EE8601AA3476411B77F
RootCAType : ThirdParty
Services : IIS, SMTP
Status : Valid
SubjectKeyIdentifier : AEC1D5625034A272B71E4EE8601AA3476411B77F
PrivateKeyExportable : True
PublicKeySize : 2048
Identity : WNMail01.wayne.aaa075\AAA99759DD01C599081E1F8AAF49B7AEAE55F742
ServicesStringForm : ...WS..
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid}
FriendlyName : Exchange01WC
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 9/1/2017 8:00:00 AM
NotBefore : 6/27/2016 8:00:00 PM
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 5, 126, 48, 130, 4, 102, 160, 3, 2, 1, 2, 2, 16, 7...}
SerialNumber : 0774EEEAEB9EC011226BBF267AA04290
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : AAA99759DD01C599081E1F8AAF49B7AEAE55F742
Version : 3
Handle : 1017853042096
Issuer : CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
Subject : CN=*.aaanonj.com, O="AAA North Jersey, INC.", L=Wayne, S=New Jersey, C=US
[PS] C:\Windows\system32>Get-ReceiveConnector | fl name, fqdn, objectclass
Name : Default AAANJ-MX
Fqdn : AAANJ-MX.wayne.aaa075
ObjectClass : {top, msExchSmtpReceiveConnector}Name : Client AAANJ-MX
Fqdn : AAANJ-MX.wayne.aaa075
ObjectClass : {top, msExchSmtpReceiveConnector}Name : AnonymousRelay
Fqdn : AAANJ-MX.wayne.aaa075
ObjectClass : {top, msExchSmtpReceiveConnector}Name : Default WNMAIL01
Fqdn : WNMail01.wayne.aaa075
ObjectClass : {top, msExchSmtpReceiveConnector}Name : Client Proxy WNMAIL01
Fqdn : WNMail01.wayne.aaa075
ObjectClass : {top, msExchSmtpReceiveConnector}Name : Default Frontend WNMAIL01
Fqdn : WNMail01.wayne.aaa075
ObjectClass : {top, msExchSmtpReceiveConnector}Name : Outbound Proxy Frontend WNMAIL01
Fqdn : WNMail01.wayne.aaa075
ObjectClass : {top, msExchSmtpReceiveConnector}Name : Client Frontend WNMAIL01
Fqdn : WNMail01.wayne.aaa075
ObjectClass : {top, msExchSmtpReceiveConnector}[PS] C:\Windows\system32>
VERBOSE: Connected to AAANJ-MX.wayne.aaa075.
[PS] C:\Windows\system32>Get-SendConnector | fl name, fqdn, objectclass
Name : Outbound Email
Fqdn : mail.aaanonj.com
ObjectClass : {top, msExchConnector, mailGateway, msExchRoutingSMTPConnector}[PS] C:\Windows\system32>
Thank you for your help in advance.
Thursday, March 23, 2017 2:30 PM -
Issue has been resolved. Prior department made changes to the SCHANNEL registry keys and that led to failed negotiation from the 2010 server. The extra keys were backed up and deleted to what should be default and communication now works. I still need to scan and make sure PCI is met.
- Marked as answer by Lascarius Thursday, March 23, 2017 4:26 PM
Thursday, March 23, 2017 4:26 PM