All,
I experienced an issue this morning with my dyndns service. I use them to send all of my email from my exchange server to external recipients. It appears they forgot to renew their certificate on the their receivers. These are the errors that I'm receiving on both exchange servers that I manage.
451 4.4.0 Primary target IP address responded with: "454 4.7.5 Certificate validation failure."
I also so in my logs event 11005 that stated this: Unable to validate the TLS certificate of the smart host for the connector MailHop Outbound. The certificate validation error for the certificate is CertificateExpired. If the problem persists, contact the administrator of the smart host to resolve the problem.
So I came to the conclusion that DynDNS forgot to renew their cert. Oops!
I notified them and they stated this:
I have received and acknowledged your concern regarding messages not being able to be sent through our outbound.mailhop.org server or generating a certificate-related error message.
At this time, Dyn is aware of a couple of our servers experiencing issues with their certificates and we are working towards a resolution of this issue.
To temporarily alleviate the issue, we kindly ask that you retry sending your messages with TLS turned off in your mail client. We will post an update to our status.dyn-inc.com site as soon as the issue has been resolved.
That said, if you are managing SBS 2008 or Exchange 2007 here is how to disable TLS quickly:
Just uncheck the "Basic Authentication over TLS" and viola!
Let me know if you have any issues with this.
-Spader
UPDATE 10-07-11: I am still having issues with my Exchange 2007 server, but the other server that I support which is exchange 2003 started working at 8:46am on the same day that the issues started 10-3-11.
I definitely which they would figure out how to be compatiable with exchange 2007, I'm sure many people are running this and having issues. Here is the error message that I'm receiving on my exchange 2007 server (SBS 2008):
Log Name: Application
Source: MSExchangeTransport
Date: 10/7/2011 7:47:58 AM
Event ID: 11005
Task Category: MessageSecurity
Level: Error
Description:
Unable to validate the TLS certificate of the smart host for the connector MailHop Outbound. The certificate validation error for the certificate is UntrustedRoot. If the problem persists, contact the administrator of the smart host to resolve the problem.
It looks like they are either using a self signed certificate or used a certificate authority that is not in the SBS 2008 trusted root CA list.
PLEASE fix DynDNS, I would like to enable my encryption!
-Spader
UPDATE 10-19-11: I randomly checked to see if DynDNS has fix their issue today and finally was able to send messages using encryption. Thank you for finally fixing your issue DynDNS. We are finally back to normal!
-Spader
I am experiencing the same problem, but when I contacted Dyndns with my logs appended, they told me to try adding a regkey that has to do with the updater. Needless to say, it wasn't effective. I have been reluctant to turn TLS off (mail will send if I do), but this is getting a bit ridiculous. Thanks for sharing the info.
ReplyDelete