Domain Security uses Transport Layer Security (TLS) with mutual authentication to provide session-based authentication and encryption .With mutual TLS
authentication, each server verifies the identity of the other server by validating a certificate that is provided by that other server, so when we are not be able to validate the remote certificate , mail flow is interrupted.
- Disable Domain secure on the Required Send connector.
a).On a Hub Transport server, open the Exchange Management Console, click Organization Configuration, click Hub Transport, and then in the result pane, click
the Send Connectors tab.
b).Select the Send connector that sends mail to the domain from which you want to send domain-secured e-mail, and then, in the action pane, click Properties.
c).On the Network tab, Uncheck Enable Domain Security (Mutual Auth TLS), click Apply, and then click OK.
- We need to figure out the Issue with our's or remote server's SMTP TLS certificate as a validate failure is causing the mailflow to break .
- At our end we can verify that certificate is Valid, Trusted, enabled for SMTP & indeed the FQDN on the Send connector is same as Certificate's to ensure that
Certificate is being picked up by send connector.
- For detail Pre-requesites & troubleshooting, please refer to the Domain secure whitepaper at http://technet.microsoft.com/en-us/library/bb266978.aspx.
0 Kommentare