Back to Community Threads
4
Exception negotiating TLS session: System.NullReferenceException: Object reference not set to an instance of an object.
Problem reported by Neil Colvin - 6/24/2015 at 4:18 PM
Submitted
When TLS is enabled, the following occurs on EVERY STARTTLS command received.  Only solution is to disable TLS.
This is 14.0.5647.
 
[2015.06.24] 10:49:37 [198.21.5.86][24343486] cmd: STARTTLS
[2015.06.24] 10:49:37 [198.21.5.86][24343486] rsp: 220 Start TLS negotiation
[2015.06.24] 10:49:37 [198.21.5.86][24343486] Exception negotiating TLS session: System.NullReferenceException: Object reference not set to an instance of an object.
[2015.06.24]    at MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(IPBindingPort setting, Log log, String sessionId)
[2015.06.24]    at MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(IPBindingPort setting)
[2015.06.24]    at MailService.TcpServerLib.SMTP.SMTPSession.#W8()
 

8 Replies

Reply to Thread
0
Bruce Barnes Replied
6/24/2015 at 5:49 PM
Did you properly export the SmarterMail CER file, mapping it to port 25 and 587 (port 25 for MX to MX traffic, and port 587 for client to MX ttaffic)? Are you running under IIS? Did you properly add the primarily, and secondary certificates to the operating system SSL store?
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Neil Colvin Replied
6/24/2015 at 7:28 PM
I followed these instructions exactly:
 
portal.smartertools.com/kb/a2671/configure-ssl-tls-to-secure-smartermail.aspx
 
They do not mention most of the steps you mention in your post :(
 
I am running under IIS 7
 
 
0
Bruce Barnes Replied
6/25/2015 at 6:22 AM
 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Neil Colvin Replied
6/25/2015 at 6:42 AM
I had done all that.  That was when I got the exception.  I have removed the TLS from the ports, and all works perfectly.
0
Matt Petty Replied
6/25/2015 at 8:20 AM
Employee Post
SmarterMail 14 supports .pfx files for setting up your SSL for your ports. It might be worth giving that a shot.

When you put the .pfx file in you should see a password field get added to that window, if you have given your .pfx file a password then your going to need to enter it into that field.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Bruce Barnes Replied
6/25/2015 at 8:38 AM
I just worked on one of these cases for a company in Pittsburgh Pennsylvania, and it turned out to be three issues:
 
  1. the CER file had not been properly exported
  2. the SECONDARY certificates had not been added to the SSL store
  3. the proper certificate had not been mapped to SSL
There is a whole lot more to this than just the SmarterMail portion.
 
additionally, all SSL ciphers are now depreciated and only TLS is allowed, so TLS 1.0, TLS 1.1, and TLS 1.2 must, depending on the capability of the operating system version, have been properly enabled.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Neil Colvin Replied
6/25/2015 at 8:52 AM
This is Windows Server 2008 R2.
 
All of the "Test Certificate" ran correctly.
 
The instructions only refer to a single certificate ???
0
Bruce Barnes Replied
6/25/2015 at 9:00 AM
Test your MAIL SERVER's fully qualified domain name, IE: mail.yourdomain.com, against this URL and see how it reports:
 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

TLS 1.0/1.1 Deprecation InformationGeneral Topics
eM Client Fails to Connect to IMAPSmarterMail > Troubleshooting
Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Calendars - SmarterMail vs ExchangeSmarterMail > Desktop and Mobile Synchronization