Error: Unable to connect with TLS encryption

Solution for anyone in the future that needs it. I resolved the issue by removing the self-signed back end certificate that exchange uses, and assigning the public cert to the default receive/send connectors in exchange.

Exchange:

ISS Manager:

  1. Select server then Server Certificates

  2. Right click the Exchange self-signed certificate and exported it just incase I need to restore it.

  3. After export I removed the cert from the server.

  4. Expand Sites and select Exchange Back End

  5. Under Actions, select Bindings. Edit the https port:444, and assign the public cert under “SSL certificate:”

Exchange Management Shell:

Some commands to gather information.

  1. Get-ExchangeCertificate

This lists the certificates installed on the server, copy the Thumbprint for your public cert

  1. Get-ReceiveConnector

This lists all the receive connectors for exchange. Copy all the identities for the ports that you need to re-assign the certificate for. i.e. 25, 465, 587

Some commands to create variables for assigning the cert.

  1. $cert = Get-ExchangeCertificate -Thumbprint %CertificateThumbprint you copied above%
  2. $tlscertificatename = “$($cert.Issuer)$($cert.Subject)”
  3. Set-ReceiveConnector “%ReceiveConnectorName%” -TlsCertificateName $tlscertificatename

Repeat step 3 for each receive connector you need to assign the cert.

You can check that certificate was assigned to the receive connector with command:

Get-ReceiveConnector | FL Identity,RemoteIPRanges,PermissionGroups,Auth*,TlsCertificateName

Finally restart ISS with:
IISRESET /NoForce

1 Like