none
TLS negotiation failed with error BadBindings

    Question

  • Hello,

    I changed the ssl ucc cert provider from godaddy to comodo and installed the new cert. All services are asigned to the new cert. Almost all emails on the receive connector work fine.

    But the samsung printer and hrs.de seem to have problems negoatiating tls.

    Patch level is CU11

    checktls.com works with no errors.

    Receive connector log shows this:

    0:57214,+,,
    1:57214,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
    2:57214,>,"220 Mail1.XXXXXXXX.com Microsoft ESMTP MAIL Service ready at Sat, 30 Apr 2016 15:18:59 +0200",
    3:57214,<,EHLO SEC001599DDC76E,
    4:57214,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
    5:57214,>,250-Mail1.XXXXXXXX.com Hello [192.168.1.202],
    6:57214,>,250-SIZE,
    7:57214,>,250-PIPELINING,
    8:57214,>,250-DSN,
    9:57214,>,250-ENHANCEDSTATUSCODES,
    10:57214,>,250-STARTTLS,
    11:57214,>,250-X-ANONYMOUSTLS,
    12:57214,>,250-X-EXPS GSSAPI NTLM,
    13:57214,>,250-8BITMIME,
    14:57214,>,250-BINARYMIME,
    15:57214,>,250-CHUNKING,
    16:57214,>,250-XEXCH50,
    17:57214,>,250-XRDST,
    18:57214,>,250 XSHADOWREQUEST,
    19:57214,<,STARTTLS ,
    20:57214,>,220 2.0.0 SMTP server ready,
    21:57214,*,,Sending certificate
    22:57214,*,"CN=mail.XXXXXXXX.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated",Certificate subject
    23:57214,*,"CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB",Certificate issuer name
    24:57214,*,69BXXXXXXXXDE03,Certificate serial number
    25:57214,*,043XXXXXXXX5E1A,Certificate thumbprint
    26:57214,*,mail.XXXXXXXX.com;autodiscover.XXXXXXXX.com;mail1.XXXXXXXX.com;mail3.XXXXXXXX.com,Certificate alternate names
    27:57214,*,,TLS negotiation failed with error BadBindings
    28:57214,-,,Local

    Saturday, April 30, 2016 1:40 PM

All replies

  • Hey G. Sauer,

    Just to confirm. Everything else works fine except this one printer?

    Did anything else change with the certificate such as going from SHA-1 to SHA-2 for example?

    Perhaps DNS settings on the Samsung - maybe it can't reach the revocation list form Comodo.

    Perhaps the date is wrong on the Samsung so it thinks the cert is expired?

    Could also be that the Samsung needs a simple reboot.


    Practical help for Exchange & Office 365 - SuperTekBoy | Twitter | LinkedIn

    Saturday, April 30, 2016 5:20 PM
  • Hi, thanks for the answer.

    The printer and the website hrs.com (booking confirmation or password reset emails) don't work.

    old and new cert are SHA-2

    dns settings are ok

    time and date are ok

    reboot didn't change anything

    Saturday, April 30, 2016 10:04 PM
  • If it only started after you replaced Certificate Authorities, sounds like a support call to Comodo. Perhaps there are some intermediary certs you need to replace. Although with most everything working doesn't sound like the case.


    Practical help for Exchange & Office 365 - SuperTekBoy | Twitter | LinkedIn

    Saturday, April 30, 2016 10:40 PM