none
POP and IMAP ssl certificate issue

    Question

  • Hi,

    I have one issue when I run remote connectivity analyzer to test my POP and IMAP then I get this issue like below 

    I have SNI certificate and it runs perfect on my autodiscover. But is issue when I test it on IMAP and POP.

    I cannot figured out what to do.

    Best regards

    ZS 

    Tuesday, January 16, 2018 7:47 AM

Answers

  • It looks fine.

    Any special error message when configure IMAP4 with your Exchange account?

    Ensure POP3 service, IMAP4 service, POP3 backend service and IMAP backend service running well on CAS and Mailbox server role.
    Also, run below command to check the status of PopProxy and ImapProxy components:
    Get-ServerComponentState -Identity <ServerName>

    If not, use the following command to make PopProxy active:
    Set-ServerComponentState -Identity <ServerName> -component PopProxy -state Active -requester HealthAPI

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Bosancero Monday, January 29, 2018 1:53 PM
    Friday, January 26, 2018 5:04 AM
    Moderator
  • Hi Allen,

    Thanks for response I have fixed my issue and it's only need was reboot my exchange server so it works well. 

    Again thanks for help.

    Best regards

    ZS

    • Marked as answer by Bosancero Wednesday, January 31, 2018 1:52 PM
    Wednesday, January 31, 2018 1:52 PM

All replies

  • I don't know the term SNI certificate.  You mean single name?  Is the name the same that's being used to connect to IMAP?  Check:

    Get-IMAPSettings | FL x509CertificateName

    to see if the name there is consistent with the certificate.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Tuesday, January 16, 2018 7:52 PM
    Moderator
  • Hi Ed,

    It shows correct certificate on correct domain. I have checked error's and could't see some errors that indicate configuration missing. When I run with tls i get this error, maybe it will help little on the issue.


    Thursday, January 18, 2018 8:32 PM
  • That error means nothing to me, sorry.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Thursday, January 18, 2018 9:22 PM
    Moderator
  • Hi Bosancero,

    Any update about your issue?
    Any error returns when configure POP3 or IMAP4 account?

    If this issue remain exists, help to collect the error message and the output of "Get-IMAPSettings | FL".
    Note: remove sensitive message.

    Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, January 23, 2018 6:29 AM
    Moderator
  • Hi Allen,

    I didn't found the correct solution yet. I have made "Get-IMAPettings"

    RunspaceId                        : 334f255e-9f30-4e19-9ca0-4ffaeaf15288

    ProtocolName                      : IMAP4
    Name                              : 1
    MaxCommandSize                    : 10240
    ShowHiddenFoldersEnabled          : False
    UnencryptedOrTLSBindings          : {[::]:143, 0.0.0.0:143}
    SSLBindings                       : {[::]:993, 0.0.0.0:993}
    InternalConnectionSettings        : {xchg-server.xxxx.local:993:SSL, xchg-server.xxxx.local:143:TLS}
    ExternalConnectionSettings        : {mail.mydomain.dk:993:SSL}
    X509CertificateName               : mail.mydomain.dk
    Banner                            : The Microsoft Exchange IMAP4 service is ready.
    LoginType                         : SecureLogin
    AuthenticatedConnectionTimeout    : 00:30:00
    PreAuthenticatedConnectionTimeout : 00:01:00
    MaxConnections                    : 2147483647
    MaxConnectionFromSingleIP         : 2147483647
    MaxConnectionsPerUser             : 16
    MessageRetrievalMimeFormat        : BestBodyFormat
    ProxyTargetPort                   : 1993
    CalendarItemRetrievalOption       : iCalendar
    OwaServerUrl                      :
    EnableExactRFC822Size             : False
    LiveIdBasicAuthReplacement        : False
    SuppressReadReceipt               : False
    ProtocolLogEnabled                : False
    EnforceCertificateErrors          : False
    LogFileLocation                   : C:\Program Files\Microsoft\Exchange Server\V15\Logging\Imap4
    LogFileRollOverSettings           : Daily
    LogPerFileSizeQuota               : 0 B (0 bytes)
    ExtendedProtectionPolicy          : None
    EnableGSSAPIAndNTLMAuth           : True
    Server                            : XCHG-SERVER
    AdminDisplayName                  :
    ExchangeVersion                   : 0.10 (14.0.100.0)
    DistinguishedName                 : CN=1,CN=IMAP4,CN=Protocols,CN=XCHG-SERVER,CN=Servers,CN=Exchange Administrative Gro
                                        up (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=xxxx Exchange Hosting,CN=Microso
                                        ft Exchange,CN=Services,CN=Configuration,DC=alfa,DC=local
    Identity                          : XCHG-SERVER\1
    Guid                              : cb2aad6b-d8fe-48c5-a152-21fc5369e56d
    ObjectCategory                    : xxxx.local/Configuration/Schema/ms-Exch-Protocol-Cfg-IMAP-Server
    ObjectClass                       : {top, protocolCfg, protocolCfgIMAP, protocolCfgIMAPServer}
    WhenChanged                       : 16-01-2018 00:58:32
    WhenCreated                       : 15-02-2017 09:44:15
    WhenChangedUTC                    : 15-01-2018 23:58:32
    WhenCreatedUTC                    : 15-02-2017 08:44:15
    OrganizationId                    :
    Id                                : XCHG-SERVER\1
    OriginatingServer                 : domainserver.xxx.local
    IsValid                           : True
    ObjectState                       : Unchanged

    thanks

    Best regards

    ZS

    Tuesday, January 23, 2018 7:14 AM
  • It looks fine.

    Any special error message when configure IMAP4 with your Exchange account?

    Ensure POP3 service, IMAP4 service, POP3 backend service and IMAP backend service running well on CAS and Mailbox server role.
    Also, run below command to check the status of PopProxy and ImapProxy components:
    Get-ServerComponentState -Identity <ServerName>

    If not, use the following command to make PopProxy active:
    Set-ServerComponentState -Identity <ServerName> -component PopProxy -state Active -requester HealthAPI

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Bosancero Monday, January 29, 2018 1:53 PM
    Friday, January 26, 2018 5:04 AM
    Moderator
  • Hi Allen,

    Thanks, nice it was that was not working. My IMAP4 proxy and POPproxy was inactive, I didn't seen that. I have one question more, I still get this issue. I can't understand it because my certifiacate is ok, and I can't understand why I get this error message.


    My Configuration:

    [PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint BC238A57226E7264F5BED5BFEF56BE277DC74AE6| Format-List


    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                         ule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.mydomain.com, autodiscover.mydomain.com, mydomain.com}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manche
                         ster, C=GB
    NotAfter           : 18-11-2018 00:59:59
    NotBefore          : 17-11-2017 01:00:00
    PublicKeySize      : 4096
    RootCAType         : ThirdParty
    SerialNumber       : 168BE8AE443A29614BA4BD89E27F682F
    Services           : IMAP, POP, IIS, SMTP
    Status             : Valid
    Subject            : CN=mail.mydomain.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
    Thumbprint         : BC238A57226E7264F5BED5BFEF56BE277DC74AE6

    Best regards

    Zlatan Smajic

    Monday, January 29, 2018 1:53 PM
  • Can you configure POP3 or IMAP4 account successful?

    I note that the host name is mail.domain.dk in ExRCA report, if it places in your Exchange certificate and you can configure POP3 account successful, you can ignore this certificate error in ExRCA.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, January 31, 2018 1:13 PM
    Moderator
  • Hi Allen,

    Thanks for response I have fixed my issue and it's only need was reboot my exchange server so it works well. 

    Again thanks for help.

    Best regards

    ZS

    • Marked as answer by Bosancero Wednesday, January 31, 2018 1:52 PM
    Wednesday, January 31, 2018 1:52 PM