Urgent SSL Certificate issue.

Discussion forum for Enterprise Edition.
Post Reply
Nomad
Posts: 16
Joined: Thu Jan 11, 2018 5:35 pm

Urgent SSL Certificate issue.

Post by Nomad »

Good day, have a nasty issue with ME 9.84 on a Windows 2012R2 server in our lab (private lan for testing).

We enabled SSL as follows (TLS inbound/outbound have always been on):
Servers -> localhost -> Properties -> SSL tab and selected out SSL certificate.

Did a few test and all worked well, then reversed the setting by selecting "NONE".

Now when we try to send email via a MAPI client (outlook 365), we get an error "530 yada yada, ESMTP denied access".

We have doube/triple checked out work, rebooted and still the same error, our stmp log a well as the debug log are not indicating any errors.

We were planning on putting this server into production this evening, but are holding off.

What else can we check or should change?

Nomad
Posts: 16
Joined: Thu Jan 11, 2018 5:35 pm

UPDATE Re: Urgent SSL Certificate issue.

Post by Nomad »

I was in error, I found these entries in my SMTP Debug Log:
**** Error 0x80092004 returned by CertFindCertificateInStore
**** Error creating credentials object for SSL session

Googling the first error did not really help, hopefully someone can help.

Thanks.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Urgent SSL Certificate issue.

Post by MailEnable-Ian »

Hi,

Do you require SSL? In your last reply you mentioned you set SSL to be "none" under the SSL certificate configuration window. If set to none then you shouldn't see certificate errors in the SMTP log files. The errors seem to indicate problems when services are trying to bind to the cert. Did you apply the relevant permissions on the certificate? Please see:

Code: Select all

https://www.mailenable.com/kb/content/article.asp?ID=ME020479
As for the error "530 yada yada, ESMTP denied access" this means that the IP address your connecting from is being denied access by the SMTP service. You will find that the IP address of the client machine has been added to the SMTP access control list under the "Deny list". This is automatically added by the "Connection Dropping" security option (

Code: Select all

https://www.mailenable.com/documentation/10.0/Enterprise/SMTP_props_-Security.html
- Connection Dropping).
Regards,

Ian Margarone
MailEnable Support

Post Reply