Error: "Could not establish trust relationship for the SSL/TLS secure channel"

Problem description:

Email does not flow for devices. In the SEG web listener logs, you see the warning message "System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive."  

You may see the following warning message as well: "WebException encountered while 'proxying client request to mail server' ' from SEG to mail server'. WebExStatus: 'TrustFailure', RequestTid: '', Status Code: '', Status Description: '', ExMessage: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.' "



Make sure that the SEG server trusts the SSL certificate of the mail server.  From the SEG server, open a browser and try to connect to https://<server url>/microsoft-server-activesync, and verify that you do not receive any SSL error.  

This URL can be taken from the Web Listener config file.

  • If you receive a certificate error, make sure it is not expired, and is issued to the right domain.  
  • If the certificate is valid, install the root certificate into the Trusted Root store on the SEG server.
  • If the Exchange certificate looks correct, make sure the SSL certificate on the SEG server doesn't show any errors when accessing https://<SEG URL>/microsoft-server-activesync from an external browser.
For more information on troubleshooting SSL errors, read the Introduction to SSL Certificate Troubleshooting document.
Have more questions? Submit a request


Article is closed for comments.