Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Exchange Server cannot communicate with non-TLS domains

Exchange Server cannot communicate with non-TLS domains

View products that this article applies to.

Symptoms

After you configure the SMTP connector to use the Transport Layer Security (TLS) protocol, a server that is running Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003 cannot communicate with domains that do not use TLS. When this issue occurs, you may experience the following symptoms:
  • SMTP queues that contain messages are in a retry state. When you examine the status of the queues, you see the following:
    The remote SMTP service does not support TLS.
  • Users receive non-delivery reports (NDRs) that contain information that is similar to the following:
    The recipient could not be processed because it would violate the security policy in force. #5.7.0 SMTP: 530 5.7.0 Must issue a start TLS command first.

↑ Back to the top

Cause

This issue occurs when you use one SMTP connector to route traffic both to domains that are TLS-configured and to domains that are not TLS-configured.

↑ Back to the top

Resolution

To resolve this issue, remove TLS encryption from the default SMTP connector, and then create a dedicated SMTP connector for TLS-encrypted traffic. To do this, follow these steps:
  1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
  2. Remove TLS encryption from the default SMTP connector. To do this:
    1. Click Connectors, right-click the SMTP connector that you use for TLS-encrypted traffic, and then click Properties.
    2. Click the Advanced tab, click Outbound Security, click to clear the TLS encryption check box, and then click OK two times.
  3. Create a connector for TLS-encrypted traffic. To do this:
    1. With the Connectors branch still selected, right-click the right pane of Exchange System Manager, point to New, and then click SMTP Connector.
    2. In the Name box, type a descriptive name for the new connector. For example, type TLS_Dedicated_Connector.
    3. Click Add, click the name of the SMTP virtual server that you want to use with this connector, and then click OK.
    4. Click the Address Space tab, click Add, and then click SMTP if it is not already selected.
    5. Make sure that the Allow messages to be relayed to these domains check box is cleared, and then click OK.
    6. In the Internet Address Space Properties dialog box, accept the default values, and then click OK.
    7. Click the Advanced tab, click Outbound Security, click to select the TLS encryption check box, and then click OK two times.

↑ Back to the top

Keywords: KB329061, kbprb

↑ Back to the top

Article Info
Article ID : 329061
Revision : 6
Created on : 10/25/2007
Published on : 10/25/2007
Exists online : False
Views : 367