Ok, in that case, start looking at firewall , anti-virus or any other 3rd party software installed on Exch that may be intefering.
Ensure the FQDN on the send connector matches the subject name on the cert.
Is there anything in between Exch and 365 other than the firewall? Any other SMTP gateways or devices? ( proxies, anti-spam appliances etc...)
Office 365 Hybrid Connector Error '450 4.4.317 Cannot connect to remote server' when validating connector.
Hi All,
When trying to enable TLS on our connector from O365 to onprem, we get the following error: 450 4.4.317 Cannot connect to remote server [Message=451 4.4.0 TLS negotiation failed with error ConnectionReset]
We run Exchange 2013 (fully updated) hybrid environment.
We use a GoDaddy cert, which is in date and is assigned to the connectors onprem.
I've checked our exchange certs, all are in date.
If we re-run the hybrid wizard, it tries to create connectors with TLS enabled, they fail with the above error, so currently we disable TLS to allow mail flow to work.
Any help would be greatly appreciated.
Thanks,
DG
5 answers
Sort by: Most helpful
-
Andy David - MVP 147.6K Reputation points MVP
2022-01-29T19:12:23.867+00:00 -
Andy David - MVP 147.6K Reputation points MVP
2022-01-29T17:52:16.617+00:00 Have you enabled TLS 1.2 on your on-prem Exchange Servers?
https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/ba-p/607649 -
Mattox, David 1 Reputation point
2022-05-26T13:16:18.517+00:00 @Andy David - MVP getting same issue on SSL cert renewal. TLS is enabled on Exchange 2019 on premises server. Mail seems to be flowing but there are messages in the queue. When you mentioned "Ensure the FQDN on send connector matches the subject name on the cert" please elaborate. My send connectors were created by the hybrid connection wizard. Thank you
-
Asif Khan 0 Reputation points
2024-08-30T05:01:51.03+00:00 I faced the same issue after my SSL certificate were expired. I updated the certificate only my Mailbox servers, but I did not update SSL on my CAS servers. Email from outside were pending on my EXO queue. After update SSL certificate on CAS server and bind in IIS, mail start coming normally.
You must update SSL on you CAS servers, bind new certificate in IIS.
-
Asif Khan 0 Reputation points
2024-08-30T05:06:55.6166667+00:00 I had the same issue after SSL certificate for Exchange on-perm server expired.
I update the certificate on all mailbox servers but forget to update on CAS server. external email start queuing up on EXO. after I update the SSL certificate on my CAS servers and did the binding in IIS server, mail flow from External email start working.
Key:
You must update the SSL certificate on CAS servers, and the bind them in IIS.