Forum Discussion
Solved
All messages sent outside my organization are not encrypted
Hi community Experts, I have an exchange configuration as follows: . 2 servers (a Mailbox & an Edge Transport) run under windows 2022 . Exchange server 2019 installed on the 2 servers. I foll...
- Hello community experts,
I'm happy to inform you that I've just solved my problem.
The problem wasn't related to my exchange servers at all, but rather to my Firewall/Router.
There was a rule in my Firewall/Router that prevented my edge transport server from using START TLS.
I hope this may help others in their troubleshooting process.
Thank you all for your answers.
Collins_Kouam
You need to have a Public Certificate for example edge.domain.tld with a private Key installed on your Exchange Edge Server.
Get-SendConnector -Identity YourInternetConnectorName | fl
#Check the Property TlsCertificateName
#Create the Variable on your Edge Server
$Cert = Get-ExchangeCertificate -Thumbprint "ThumbPrintOfEdgeCertificate"
$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"
#You need to set this on the Exchange Server (Not Edge) > will then transferred via EdgeSync
Set-Sendconnecter -Identity "ValueFrom $tlscertificatename" -TlsCertificate $tlscertificatename
Regards
Andres
Hello Andres Bohren,
Sorry I'm only posting today, I had a few days off.
1. I have a certificate of the form mail.example.com installed on my Mailbox Server and edge transport server with private key.
2. the "TlsCertificateName" property is empty when I execute the command:
Get-SendConnector -Identity YourInternetConnectorName | fl
3. When I execute the following command from my Mailbox server (not edge)
Set-Sendconnecter -Identity "ValueFrom $tlscertificatename" -TlsCertificateName $tlscertificatename
I get a Warning:
WARNING: The command completed successfully but no settings of 'MyInternetConnectorName' have been modified.
When I telnet to remote mail servers on their port 25 from my edge transport server no START TLS, but from my mailbox server I can see the START TLS negotiation.
Sorry I'm only posting today, I had a few days off.
1. I have a certificate of the form mail.example.com installed on my Mailbox Server and edge transport server with private key.
2. the "TlsCertificateName" property is empty when I execute the command:
Get-SendConnector -Identity YourInternetConnectorName | fl
3. When I execute the following command from my Mailbox server (not edge)
Set-Sendconnecter -Identity "ValueFrom $tlscertificatename" -TlsCertificateName $tlscertificatename
I get a Warning:
WARNING: The command completed successfully but no settings of 'MyInternetConnectorName' have been modified.
When I telnet to remote mail servers on their port 25 from my edge transport server no START TLS, but from my mailbox server I can see the START TLS negotiation.
