SSL and IMAP does not work!
![Rich Matheisen [MVP]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Rich Matheisen [MVP]
[ snip ]
>A secure conneciton to the server could not be established:
>Configuration:
> Account: mail.spc.int
> Server: mail.spc.int
> User name: NOUMEA\alb
> Protocol: IMAP
> Port: 993
> Secure(SSL): 1
> Code: 800ccc1a
0x800CCC1A SECURE_CONNECT_FAILED Unable to connect using SSL.
>Is there anything else that has to be enabled/configured to enable SSL
>access to an exchange server via IMAP?
Well, there's one thing: the Exchange servive account must be a member
of the local Administrators group.
>Any suggestions/help/fixes would be appreciated.
When you start the Information Store service on the xchange server, is
there an error when the IS tries to bind to port 993?
This is just an explanation of how to configure SSL:
XFOR: Enabling SSL For Exchange Server [Q175439]
You didn't mention any Anti-Virus software, but perhaps this applies?
XFOR: GroupShield Interferes with POP3/IMAP with SSL Enabled [Q250926]
------------------
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Al Blake
https access to the OWA works perfectly, indicating that the key is
correctly installed.
IMAP access to the server also works perfectly, using the standard port
(143).
Despite the fact that the key is correctly installed for all prototols on
the server (IMAP, SMTP, NNTP, WWW, LDAP) SSL access to IMAP does not work.
When a client tries to access the exchange server mailbox using SSL (port
993) the following response is received:
A secure conneciton to the server could not be established:
Configuration:
Account: mail.spc.int
Server: mail.spc.int
User name: NOUMEA\alb
Protocol: IMAP
Port: 993
Secure(SSL): 1
Code: 800ccc1a
Is there anything else that has to be enabled/configured to enable SSL
access to an exchange server via IMAP?
When I telnet to port 143 on the Exchange server I see the following prompt:
* OK Microsoft Exchange IMAP4rev1 server version 5.5.2650.23
(tazar.spc.org.nc) ready
When I telnet to port 993 I get nothing - the telnet session connects but
there is no prompt. Is this normal?
Any suggestions/help/fixes would be appreciated.
__________________________________________
Al Blake, Information Technology Manager
Secretariat of the Pacific Community.
BPD5 98848 Noumea Cedex.
New Caledonia.
Tel +687 26.01.44 Fax +687 26.38.18
Email: a...@spc.int
Rich Matheisen [MVP]
>Thanks for the reply Rich but I have tried all your sugestions already.
And you're not running Groupshield?
>I've
>also been through Technet, reinstalled the certificates 10 times and
>reinstalled the entire Exchange server! I am running out of things to try. I
>ahevalso tried to call MS PSS support this morning for TWO HOURS but cannot
>get connected despite the fact we have paid IN ADVANCE for support calls.
>What a waste of money.
Today seemed a bit busy for them. I don't know if it was a phone
system problem or something else. I did speak with PSS this afternoon
and it did take about ten rings before the phone was answered, but
after that things went just fine.
Al Blake
also been through Technet, reinstalled the certificates 10 times and
reinstalled the entire Exchange server! I am running out of things to try. I
ahevalso tried to call MS PSS support this morning for TWO HOURS but cannot
get connected despite the fact we have paid IN ADVANCE for support calls.
What a waste of money.
Can anyone who has an operational SSL POP of IMAP tell me waht they see when
they telnet to port 993 and/or 995? I see nothing.
ie My telnet session connects but then just hangs there like a dumb
sh1t...no prompt..no nothing...is this normal?
Its certainly not what I see when I telnet to the 'normal' ports.
Rich Matheisen [MVP] <rich...@rmcons.com.NOSPAM.COM> wrote in message
news:1lpqkskb7r4pbhh62...@4ax.com...
> "Al Blake" <a...@spc.int> wrote:
>
> [ snip ]
>
> >A secure conneciton to the server could not be established:
> >Configuration:
> > Account: mail.spc.int
> > Server: mail.spc.int
> > User name: NOUMEA\alb
> > Protocol: IMAP
> > Port: 993
> > Secure(SSL): 1
> > Code: 800ccc1a
>
> 0x800CCC1A SECURE_CONNECT_FAILED Unable to connect using SSL.
>
> >Is there anything else that has to be enabled/configured to enable SSL
> >access to an exchange server via IMAP?
>
> Well, there's one thing: the Exchange servive account must be a member
> of the local Administrators group.
>
> >Any suggestions/help/fixes would be appreciated.
>
> When you start the Information Store service on the xchange server, is
> there an error when the IS tries to bind to port 993?
>
> This is just an explanation of how to configure SSL:
> XFOR: Enabling SSL For Exchange Server [Q175439]
>
> You didn't mention any Anti-Virus software, but perhaps this applies?
> XFOR: GroupShield Interferes with POP3/IMAP with SSL Enabled [Q250926]
>
>
Al Blake
document it here in case anyone else encounters the same problems. We have
had a working https key for over a year (Verisign). To use this for the
other protocols (imap,pop,smtp,ldap) I created ket requests for those
protocols in key manager using exactly the same information as was used for
the original key. I then added the key certficate. The procedure worked
perfectly; key manager was happy and there were no errors.
According to key manager the keys were correctly insstalled and
operational - but they were not. Clients could not contact the SSL versions
of the imap, pop or ldap protocols, even though their unencrypted versions
worked just fine.
Yesterday I tried a different approac;
1. Open Key Manager
2. Delete keys for all protocols except https
3. Backup the https key.
4. Import the https key into the other protocols (imap, ldap, smtp)
5. Now ALL portocols work with SSL
I cant explain it - perhaps Key Manager was incorrectly reporting that the
keys had been installed when I used the first procedure? Anyway, the
backup/import of a known working key fixed the problem (I didnt know you
could import to a different protocol until yesterday, which is why I didnt
try it before).
Regards
Al Blake <a...@spc.int> wrote in message news:394e4...@home.spc.org.nc...
> We have a valid Verisign key on our Exchange 5.5 Sp3 server (NT4 + SP6a).
> https access to the OWA works perfectly, indicating that the key is
> correctly installed.
> IMAP access to the server also works perfectly, using the standard port
> (143).
> Despite the fact that the key is correctly installed for all prototols on
> the server (IMAP, SMTP, NNTP, WWW, LDAP) SSL access to IMAP does not work.
> When a client tries to access the exchange server mailbox using SSL (port
> 993) the following response is received:
>
> A secure conneciton to the server could not be established:
> Configuration:
> Account: mail.spc.int
> Server: mail.spc.int
> User name: NOUMEA\alb
> Protocol: IMAP
> Port: 993
> Secure(SSL): 1
> Code: 800ccc1a
>
> Is there anything else that has to be enabled/configured to enable SSL
> access to an exchange server via IMAP?
>
> When I telnet to port 143 on the Exchange server I see the following
prompt:
> * OK Microsoft Exchange IMAP4rev1 server version 5.5.2650.23
> (tazar.spc.org.nc) ready
>
> When I telnet to port 993 I get nothing - the telnet session connects but
> there is no prompt. Is this normal?
>
> Any suggestions/help/fixes would be appreciated.
>