Back to Community Threads
3
TLS / SSL negotiation errors
Question asked by CCC - 9/29/2014 at 10:56 AM
Unanswered
We are seeing some of these errors in our logs
 
Exception negotiating TLS session: System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted
 
Any way to tell which cyphers they are trying (and failing) to negotiate?
 
 
 
 
 
 

3 Replies

Reply to Thread
0
Joe Wolf Replied
9/29/2014 at 6:09 PM
I agree you should run IISCrypto and use the "Best Practices" setting. You may also want to diagnose some of the problems using https://www.ssllabs.com/ssltest

-Joe
Thanks, -Joe
0
CCC Replied
9/30/2014 at 5:14 AM
Looks to have been related to TLSv1.0, I would have thought the sender would have just negotiated a more secure cipher.
0
Roland Thöni Replied
1/18/2021 at 3:55 PM
One question about that Error and sorry for my English.
Can any of you tell me the best attitude in IISCrypto?
I've tried a lot now, but keep getting this error and the "Best Practices" have nothing changed. In ssllabs.com now I have a A
Thanks to all
>When I turn on TLS_RSA_WITH_3DES_EDE_CBC_SHA using IISCrypto, I get the same error<

Logfile SMTP
[2021.01.18] 23:45:29.702 [IP Adresse][40819751] rsp: 554 Security failure
[2021.01.18] 23:45:29.702 [IP Adresse][40819751] Exception negotiating TLS session: System.IO.IOException: Fehler bei Authentifizierung, da die Gegenseite den Transportstream geschlossen hat.
[2021.01.18]    bei System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
[2021.01.18]    bei System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
[2021.01.18]    bei System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
[2021.01.18]    bei System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
[2021.01.18]    bei System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
[2021.01.18]    bei System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
[2021.01.18]    bei System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
[2021.01.18]    bei MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(db_system_binding_port setting, Log log, String sessionId)
[2021.01.18]    bei MailService.TcpServerLib.SMTP.SMTPSession.STARTTLS()
[2021.01.18] 23:45:29.702 [IP Adresse][40819751] disconnected at 18.01.2021 23:45:29
-----------------------------
[2021.01.18] 23:45:30.014 [IP Adresse][62420123] rsp: 220 Start TLS negotiation
[2021.01.18] 23:45:30.124 [IP Adresse][62420123] rsp: 554 Security failure
[2021.01.18] 23:45:30.124 [IP Adresse][62420123] Exception negotiating TLS session: System.Security.Authentication.AuthenticationException: Fehler bei SSPI-Aufruf, siehe interne Ausnahme. ---> System.ComponentModel.Win32Exception: Der Client und der Server können keine Daten austauschen, da sie nicht über einen gemeinsamen Algorithmus verfügen
[2021.01.18]    --- Ende der internen Ausnahmestapelüberwachung ---
[2021.01.18]    bei System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
[2021.01.18]    bei System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
[2021.01.18]    bei System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
[2021.01.18]    bei System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
[2021.01.18]    bei System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
[2021.01.18]    bei System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
[2021.01.18]    bei MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(db_system_binding_port setting, Log log, String sessionId)
[2021.01.18]    bei MailService.TcpServerLib.SMTP.SMTPSession.STARTTLS()
[2021.01.18] 23:45:30.124 [IP Adresse][62420123] disconnected at 18.01.2021 23:45:30

Logfile IMAP
[2021.01.18] 22:17:41.386 [IP Unknown][47175390] Exception: (PooledTcpItem.cs) Fehler bei SSPI-Aufruf, siehe interne Ausnahme.
[2021.01.18] 22:17:41.386 [IP Unknown][47175390] StackTrace:    bei System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
[2021.01.18]    bei System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
[2021.01.18]    bei MailService.TcpServerLib.Common.PooledTcpItem.EndConvertToSSL(IAsyncResult asyncResult)
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Microsoft's Remote Connectivity Analyzer and MAPISmarterMail > Desktop and Mobile Synchronization
Trouble Connecting Apple Mail Using MAPI/EWSSmarterMail > Troubleshooting
Timeouts, Crashes and IP Binding Issues Caused by Server HardwareSmarterMail > Troubleshooting
Configure SSL/TLS to Secure SmarterMailSmarterMail > Server Configuration and Management