{"id":7689,"date":"2015-08-05T13:26:14","date_gmt":"2015-08-05T20:26:14","guid":{"rendered":"http:\/\/brainlitter.com\/?p=7689"},"modified":"2015-08-05T13:26:14","modified_gmt":"2015-08-05T20:26:14","slug":"office-365-cant-deliver-email-to-exchange-2003-servers","status":"publish","type":"post","link":"https:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/","title":{"rendered":"Office 365 can\u2019t deliver email to Exchange 2003 Servers"},"content":{"rendered":"<h2>What<\/h2>\n<p>The issue was that the clients Exchange 2003 Server (32bit, on Windows Server 2003) was no longer receiving emails from Office 365 (Exchange Online) accounts.\u00a0 It would take days to be aware of the issue as TLS connections would &#8220;hang\/time out&#8221; but Exchange Online would continue to try and deliver the message until the delivery timeline expired. I.e. NDR&#8217;s came after *days* and very disruptive to business email delivery.<\/p>\n<p><em>Side note: if someone has SBS 2003 kicking around, I bet they could have similar issues.<\/em><\/p>\n<h2>So What<\/h2>\n<p>There were a few issues at play here:<\/p>\n<ul>\n<li>The cert was newer (G2 from GoDaddy) and IIS\/Windows 2003 didn&#8217;t have the Intermediate Cert in its intermediate store<\/li>\n<li>The cert needed to be applied in Exchange (it was still referencing the older cert)<\/li>\n<li>Exchange TLS support was out of date and needed a hotfix to support it<\/li>\n<\/ul>\n<h3>Diagnosing<\/h3>\n<ul>\n<li>When troubleshooting, the first two issues above were easily identified by looking in the event logs as there were errors every time the SMTP service was stopped\/started that correlated to a mismatched SSL (TLS) cert<\/li>\n<li>The TLS &#8220;stalling&#8221; errors were harder to diagnose, however, the two clues were:<br \/>\nIn the Transport Queues, I found dozens of everlasting connections to protection.outlook.com servers &#8211; running hours &#8211; connections just never closed<\/li>\n<li>In the SMTP logs, I would see a session open, but the conversation would never conclude (see below for an example):<\/li>\n<\/ul>\n<p><a href=\"\/wp-content\/uploads\/sites\/3\/2015\/08\/Bad-SMTP.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-7690 size-medium\" src=\"\/wp-content\/uploads\/sites\/3\/2015\/08\/Bad-SMTP-300x16.png\" alt=\"Bad SMTP - TLS not closing on Exchange 2003 Connections\" width=\"300\" height=\"16\" srcset=\"https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/Bad-SMTP.png?resize=300%2C16&amp;ssl=1 300w, https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/Bad-SMTP.png?resize=1024%2C56&amp;ssl=1 1024w, https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/Bad-SMTP.png?resize=768%2C42&amp;ssl=1 768w, https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/Bad-SMTP.png?w=1107&amp;ssl=1 1107w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>To contrast, this is what a normal connection would look like (TLS as well, with Gmail &#8211; notice there was data sent and it actually quit\/closed)\u2026<\/p>\n<p><a href=\"\/wp-content\/uploads\/sites\/3\/2015\/08\/Good-SMTP.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-7691\" src=\"\/wp-content\/uploads\/sites\/3\/2015\/08\/Good-SMTP-300x25.png\" alt=\"Good SMTP - TLS session closing\" width=\"300\" height=\"25\" srcset=\"https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/Good-SMTP.png?resize=300%2C25&amp;ssl=1 300w, https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/Good-SMTP.png?resize=1024%2C84&amp;ssl=1 1024w, https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/Good-SMTP.png?resize=768%2C63&amp;ssl=1 768w, https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/Good-SMTP.png?w=1194&amp;ssl=1 1194w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<h2>Now What<\/h2>\n<p>In the end, the magic answer was addressing three things for this client:<\/p>\n<ul>\n<li>As it was a new (renewed but new root CA) cert involved, it was also from GoDaddy&#8217;s G2 (newer) cert provider, using a stronger (newer) cypher that wasn&#8217;t supported by Office 365\/Exchange Online for connectivity anymore so this meant we needed to download the GoDaddy G2 Intermediate Cert and place it in the computers Intermediate Cert Store<\/li>\n<li>The cert needed to be applied to the SMTP Service in Exchange Admin in the Transport settings (it was still trying to connect with the older\/expired cert)<\/li>\n<li>As it was a new\/higher cypher cert, TLS was now unable to connect happily. This required applying the following hotfix (I was hesitant at first as this hotfix is from 2008!!! &#8211; I eventually applied it because this hotfix is post Exchange 2003 Service Pack 2 &#8211; so they didn&#8217;t have it already and no future fix addressed it either &#8211; the hotfix is here (had to make sure we downloaded the 32bit version as the hotfix site insisted I download the 64bit, being on a 64 bit desktop when I browsed the site): <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/957047\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/support.microsoft.com\/en-us\/kb\/957047<\/a> (note the hotfix and related article you might find refers to trouble SENDING to Office 365 but in this case, SMTP is a two way street and totally applies).<\/li>\n<\/ul>\n<p>Hope that helps someone.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What The issue was that the clients Exchange 2003 Server (32bit, on Windows Server 2003) was no longer receiving emails from Office 365 (Exchange Online) accounts.\u00a0 It would take days to be aware of the issue as TLS connections would &#8220;hang\/time out&#8221; but Exchange Online would continue to try and deliver the message until the &hellip; <a href=\"https:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/\"><\/a><\/p>\n","protected":false},"author":10,"featured_media":7692,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":"","_jetpack_memberships_contains_paid_content":false},"categories":[4,8,39],"tags":[400,401,402,403,101,404,405,21,406,407],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Office 365 can\u2019t deliver email to Exchange 2003 Servers<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Office 365 can\u2019t deliver email to Exchange 2003 Servers\" \/>\n<meta property=\"og:description\" content=\"What The issue was that the clients Exchange 2003 Server (32bit, on Windows Server 2003) was no longer receiving emails from Office 365 (Exchange Online) accounts.\u00a0 It would take days to be aware of the issue as TLS connections would &#8220;hang\/time out&#8221; but Exchange Online would continue to try and deliver the message until the &hellip;\" \/>\n<meta property=\"og:url\" content=\"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"Brainlitter - Inside the mind of Sean Wallbridge\" \/>\n<meta property=\"article:published_time\" content=\"2015-08-05T20:26:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/emaildead.jpg?fit=200%2C300\" \/>\n\t<meta property=\"og:image:width\" content=\"200\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sean Wallbridge\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sean Wallbridge\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/\",\"url\":\"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/\",\"name\":\"Office 365 can\u2019t deliver email to Exchange 2003 Servers\",\"isPartOf\":{\"@id\":\"https:\/\/regroove.ca\/brainlitter\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/#primaryimage\"},\"image\":{\"@id\":\"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/emaildead.jpg?fit=200%2C300&ssl=1\",\"datePublished\":\"2015-08-05T20:26:14+00:00\",\"dateModified\":\"2015-08-05T20:26:14+00:00\",\"author\":{\"@id\":\"https:\/\/regroove.ca\/brainlitter\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77\"},\"breadcrumb\":{\"@id\":\"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/#primaryimage\",\"url\":\"https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/emaildead.jpg?fit=200%2C300&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/emaildead.jpg?fit=200%2C300&ssl=1\",\"width\":200,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Brainlitter\",\"item\":\"https:\/\/regroove.ca\/brainlitter\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Office 365 can\u2019t deliver email to Exchange 2003 Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/regroove.ca\/brainlitter\/#website\",\"url\":\"https:\/\/regroove.ca\/brainlitter\/\",\"name\":\"Brainlitter - Inside the mind of Sean Wallbridge\",\"description\":\"Dad. Husband. Drummer. Learner of Things.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/regroove.ca\/brainlitter\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/regroove.ca\/brainlitter\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77\",\"name\":\"Sean Wallbridge\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/regroove.ca\/brainlitter\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g\",\"caption\":\"Sean Wallbridge\"},\"url\":\"https:\/\/regroove.ca\/brainlitter\/author\/swallbridge\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Office 365 can\u2019t deliver email to Exchange 2003 Servers","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/","og_locale":"en_US","og_type":"article","og_title":"Office 365 can\u2019t deliver email to Exchange 2003 Servers","og_description":"What The issue was that the clients Exchange 2003 Server (32bit, on Windows Server 2003) was no longer receiving emails from Office 365 (Exchange Online) accounts.\u00a0 It would take days to be aware of the issue as TLS connections would &#8220;hang\/time out&#8221; but Exchange Online would continue to try and deliver the message until the &hellip;","og_url":"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/","og_site_name":"Brainlitter - Inside the mind of Sean Wallbridge","article_published_time":"2015-08-05T20:26:14+00:00","og_image":[{"width":200,"height":300,"url":"https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/emaildead.jpg?fit=200%2C300","type":"image\/jpeg"}],"author":"Sean Wallbridge","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sean Wallbridge","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/","url":"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/","name":"Office 365 can\u2019t deliver email to Exchange 2003 Servers","isPartOf":{"@id":"https:\/\/regroove.ca\/brainlitter\/#website"},"primaryImageOfPage":{"@id":"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/#primaryimage"},"image":{"@id":"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/emaildead.jpg?fit=200%2C300&ssl=1","datePublished":"2015-08-05T20:26:14+00:00","dateModified":"2015-08-05T20:26:14+00:00","author":{"@id":"https:\/\/regroove.ca\/brainlitter\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77"},"breadcrumb":{"@id":"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/#primaryimage","url":"https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/emaildead.jpg?fit=200%2C300&ssl=1","contentUrl":"https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/emaildead.jpg?fit=200%2C300&ssl=1","width":200,"height":300},{"@type":"BreadcrumbList","@id":"http:\/\/regroove.ca\/brainlitter\/2015\/08\/05\/office-365-cant-deliver-email-to-exchange-2003-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Brainlitter","item":"https:\/\/regroove.ca\/brainlitter\/"},{"@type":"ListItem","position":2,"name":"Office 365 can\u2019t deliver email to Exchange 2003 Servers"}]},{"@type":"WebSite","@id":"https:\/\/regroove.ca\/brainlitter\/#website","url":"https:\/\/regroove.ca\/brainlitter\/","name":"Brainlitter - Inside the mind of Sean Wallbridge","description":"Dad. Husband. Drummer. Learner of Things.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/regroove.ca\/brainlitter\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/regroove.ca\/brainlitter\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77","name":"Sean Wallbridge","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/regroove.ca\/brainlitter\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g","caption":"Sean Wallbridge"},"url":"https:\/\/regroove.ca\/brainlitter\/author\/swallbridge\/"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/i0.wp.com\/regroove.ca\/brainlitter\/wp-content\/uploads\/sites\/2\/2015\/08\/emaildead.jpg?fit=200%2C300&ssl=1","_links":{"self":[{"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/posts\/7689"}],"collection":[{"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/comments?post=7689"}],"version-history":[{"count":0,"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/posts\/7689\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/media\/7692"}],"wp:attachment":[{"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/media?parent=7689"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/categories?post=7689"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/tags?post=7689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}