Forum Discussion
O365 hybrid connector to onprem failing TLS
Found that the STARTLS command availability depends on the security options combination enabled on the connector.
created a connector with just TLS enabled and worked
The receive connector is the same for port 25 and 587
below an extract of it
unspaceId : 8694c07f-0c4d-40e5-848b-af31a34b85fd
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {[::]:25, 0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
SmtpUtf8Enabled : True
BareLinefeedRejectionEnabled : False
DomainSecureEnabled : True
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
ProxyEnabled : False
AdvertiseClientSettings : False
Fqdn : SRVEX01.domain.local
ServiceDiscoveryFqdn :
TlsCertificateName : <I>CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US<S>CN=*.XXXXX.com, O=XXXX
Since the fact the connector is the same for the two ports but only on port 587 I see the STARTLS option makes me wonder about some particular setting to change.
Looking on another installation ( exchange 2019 ) the startls is present also on port 25
What is the output of Get-ExchangeCertificate on your on-premises server instance(s)? Take a look at:
https://learn.microsoft.com/en-us/powershell/module/exchangepowershell/enable-exchangecertificate?view=exchange-ps
and make sure you enabled the correct valid cert for smtp.