Forum Discussion

__AlexXx__'s avatar
Brass Contributor
Jun 23, 2024

Exchange 2019 - The remote certificate is invalid according to the validation procedure

Hi guys,


I`m starting with Exchange and already facing an issue regarding SMTP Service.

I have an app that needs to relay SMTP through my Exhange 2019.


A receive connector has been created, the app IP was allowed into this receive connector, port 587 configured, FQDN configured as well.

I have this zone in my internal DNS and of course, an A record pointing MAIL entry to the Exchange Server.


I will paste the script that I`m using to try the SMTP relay at the end of this post.

So, sometimes the relay works and sometimes fails and returns:

Send-MailMessage : The remote certificate is invalid according to the validation procedure.
At C:\Users\MYuser\Desktop\smtptest.ps1:15 char:9
+         Send-MailMessage @sendMailParams -BodyAsHtml -Credential $cre ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], AuthenticationException
    + FullyQualifiedErrorId : AuthenticationException,Microsoft.PowerShell.Commands.SendMailMessage


I have two certificates installed in this Exchange Server, one is issued by internal CA and the other one by a public CA. The second one is a wildcert for *


My point is, what am I missing? It seems a little weird for me that sometimes work and sometimes dont.


This is the ps1 script that I`m using to try the smtp relay:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

       $sendMailParams = @{
            From = email address removed for privacy reasons
            To = email address removed for privacy reasons
            Subject = "Test SMTP Relay"
            Body = "Email sent for tests purposes"
            SMTPServer = ""
            Port = 587
            Encoding = "UTF8"

        Send-MailMessage @sendMailParams -BodyAsHtml -Credential $credential -UseSsl


Of course, the certificate is valid, is assigned to SMTP Service in Exchange Server and is TLS1.2.

The resolves for Exchange Server IP and the Application can reach the server using internal IP and mentioned port.

Anonymous user is allowed for now in receive connector.


Thanks in advance

  • __AlexXx__ 

    The error message you're encountering indicates that the certificate used by the SMTP server is not trusted by your client, causing the Send-MailMessage command to fail.

    Certificate SMTP use must only one.
