No announcement yet.

Exchange 2010 best practice for receive connectors to avoid STARTTLS errors

  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2010 best practice for receive connectors to avoid STARTTLS errors

    We're receiving the usual MSExchangeTransport 12014 error on our new Exchange 2010 box. It's a single box and still talking to our old Exchange 2007 while we wrap up the migration.

    No edge server or device. We send all email out to a single mail server (offsite) that handles anti-spam for us; they also send back in on the same range of IP addresses and we have our hardware firewall set to only allow SMTP in from that range.

    Our internal domain is domain.local, for sake of this discussion.

    Our best practice has always been to leave the DEFAULT receive connector alone, with the except of taking out from the network and just specifying our local subnet (192.168.0.x) in here. We understand the DEFAULT connector is for Exchange servers to talk to each other. We do not touch the FQDN here as this appears to be a no-no and will break Exchange servers from talking to each other. Correct?

    We then setup a second receive connector which we'll call "Receive from Internet". In here we set the network to be and We set proper authentication and security and DO set the correct external FQDN here (

    We receive the 12014 STARTTLS error on the default receive connector, and presumably this is only while the old 2007 box is still around.

    I couldn't find a good article explaining how Exchange 2007 and 2010 talk to each other in this situation, so I wasn't comfortable unchecking TLS or any other authentication methods on the box.

    Any suggestions? Thanks.