hi

Trying to set up enforced TLS in exchange 2010. Created a send connector for partners using DNS MX routing etc. Added the domains i want to route via this connector and used the shell to set up the enforcement list. So far so good. Now when mail uses this connector i get errros in the mail queues

451 4.4.0 Primary Target ip address responded with 454 4.7.5 certificate validation failure

421 4.2.1 unable to connect

What is happening here? How come some domains work and others fail with above. Is it something that needs to be configured on the destination side

many thanks

hi

Trying to set up enforced TLS in exchange 2010. Created a send connector for partners using DNS MX routing etc. Added the domains i want to route via this connector and used the shell to set up the enforcement list. So far so good. Now when mail uses this connector i get errros in the mail queues

451 4.4.0 Primary Target ip address responded with 454 4.7.5 certificate validation failure

421 4.2.1 unable to connect

What is happening here? How come some domains work and others fail with above. Is it something that needs to be configured on the destination side

many thanks

Mutual TLS requires configuration on both sides, yes. Did you follow?

https://technet.microsoft.com/en-us/library/bb123543(v=exchg.141).aspx

This applies for Edge and Hub Transport Roles.

 

^^ What Andy said.

yes i followed the provided article. so the problem is not DNS/MX records it is the fact that the destination mail server must also be configured in the same way?

yes i followed the provided article. so the problem is not DNS/MX records it is the fact that the destination mail server must also be configured in the same way?

If you want to make it works, then yes, the destination server must be configured for mutual TLS ( Or whatever they want to call it if not using Exchange) to ensure it works consistently.