- You cannot receive mail from the Internet or from Office 365 when you use Transport Layer Security (TLS).
- If you use Telnet (for example, telnet localhost 25) to examine Simple Mail Transfer Protocol (SMTP) communications, you notice that the STARTTLS command is missing.
- If you examine the Application log in Event Viewer, you see an event that resembles the following:Log Name: Application
Date: MM/DD/YYYY 0:00:00 AM
Event ID: 12014
Task Category: TransportService
Microsoft Exchange could not find a certificate that contains the domain name <I>CN=Certificate Name, OU=<CertificateIssuer>, O=Certificate Provider, C=US<S>CN=mail.contoso.com, OU=IT, O=contoso, L=location, S=location, C=US in the personal store on the local computer.
- The check connectivity test to the on-premises server fails and you receive the following error message:450 4.4.101 Proxy session setup failed on Frontend with '451 4.4.0 Primary target IP address responded with "451 5.7.3 STARTTLS is required to send mail." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was <endpoint>'.
- Run the following commands:
Get-ReceiveConnector "ServerName\Default Frontend ReceiveConnector" | Set-ReceiveConnector -TlsCertificateName $null
Get-ReceiveConnector "ServerName\Default Frontend ReceiveConnector" | Set-ReceiveConnector -TlsDomainCapabilities $null
- Rerun the Hybrid Configuration wizard to update the receive connector on the hybrid server with the certificate information.
Article ID: 2989382 - Last Review: Dec 29, 2016 - Revision: 1