POP3 problem with encrypted connection using Windows Vista

[SibKhatru]

I have an email acount with my employer, which I use without a problem

running Outlook 2003 with Windows XP SP2 and IE7, as a POP3/SMTP account. My

employer uses a certificate for the server, which is the same for the

intranet site.

Now on my new notebook I want to run Windows Vista with Office 2007 (i.e.

Outlook 2007). I have the certificate installed, and can go to the intranet

without problems. I enter exactly the same email acount settings as

before, which include:

- 'My outgoing server (SMTP) requires authentication' / 'Use same settings

as my incoming mail server'

- 'Server Port Numbers' specified for both incoming server (POP3) and

outgoing server (SMTP).

- SSL encrypted connection for both incoming and outgoing server

But when I test the account with Outlook 2007 it gives the following messages:

"Log onto incoming mail server (POP3): Your server does not support the

connection encryption type you have specified. Try changing the encryption

method. Contact your mail server administrator or Internet service provider

(ISP) for additional assistance."

and

"Send test e-mail message: Your server does not support the connection

encryption type you have specified. Try changing the encryption method.

Contact your mail server administrator or Internet service provider (ISP) for

additional assistance."

If I run Outlook 2007 with logging enabled it shows the following:

2007.07.20 15:36:10 xxx@xxx.com: UploadItems: 0 messages to send

2007.07.20 15:36:10 xxx@xxx.com: Synch operation completed

2007.07.20 15:36:10 xxx@xxx.com: Synch operation started (flags = 00000030)

2007.07.20 15:36:10 xxx@xxx.com: DoPOPDownload(flags = 00000030, max msg =

ffffffff): full items

2007.07.20 15:36:10 POP3 (aaa.bbb.ccc.ddd): Begin execution

2007.07.20 15:36:10 POP3 (aaa.bbb.ccc.ddd): ========= Initial blob

=========

2007.07.20 15:36:10 POP3 (aaa.bbb.ccc.ddd):

===================================

2007.07.20 15:36:10 POP3 (aaa.bbb.ccc.ddd): Port: 995, Secure: SSL, SPA: no

2007.07.20 15:36:10 POP3 (aaa.bbb.ccc.ddd): Finding host

2007.07.20 15:36:10 POP3 (aaa.bbb.ccc.ddd): Securing connection

2007.07.20 15:36:10 POP3 (aaa.bbb.ccc.ddd): Disconnected from host

2007.07.20 15:36:10 POP3 (aaa.bbb.ccc.ddd): End execution

2007.07.20 15:36:10 xxx@xxx.com: ReportStatus: RSF_COMPLETED, hr = 0x800ccc1a

2007.07.20 15:36:10 xxx@xxx.com: Synch operation completed

I also tried using the Vista Windows Mail, and it gives me the following

error:

"Your server has unexpectedly terminated the connection. Possible causes for

this include server problems, network problems, or a long period of

inactivity. Account: 'xxx', Server: 'aaa.bbb.ccc.ddd', Protocol: POP3, Port:

995, Secure(SSL): Yes, Error Number: 0x800CCC0F

The strange thing is that I can get it to work with the mail-monitor gadget

that is part of True Launch Bar (http://www.truelaunchbar.com/), still

running Windows Vista.

I have tried changing some advanced IE7 settings regarding encryption, tried

enabling/disabling Windows Firewall etc. but nothing helps.

(I have anonimized the email-address and ip-address, for privacy reasons).

Hope someone can help me.

Kind regards

Frank

Edited July 23, 2007 by SibKhatru

[cluberti]

If the bar utility works, then the problem is not Vista but Outlook 2007. Have you been able to get 2007 to work with your ISP on an XP machine, by chance?

[SibKhatru]

If the bar utility works, then the problem is not Vista but Outlook 2007. Have you been able to get 2007 to work with your ISP on an XP machine, by chance?

Hi cluberti,

I also suspected Outlook 2007 at first. But that would not explain why Windows Mail (the Outlook Express successor on Vista) also does not work. So I still think (or hope ) that it is a security/certificate/encryption/whatever setting in Vista, that is somehow by-passed by the toolbar gadget, but not by Outlook 2007 or Windows Mail.

I have not yet tried installing Outlook 2007 on an XP machine. I will try to upgrade Office 2003 on my XP machine to Office 2007 later this week or next week (am a little tied up in work), and see how that turns out. And maybe I also will try to install Office 2003 on Vista, and see if that would work.

Thanks for your suggestions,

Frank

[SibKhatru]

Hi cluberti,

I have now upgraded office 2003 on my XP machine to office 2007. And now it keeps asking for my password. When I cancel it (after numerous attempts) I get another error:

"Log onto incoming mail server (POP3): Your e-mail server rejected your login. Verify your user name and password in your account properties. Under Tools, click E-mail accounts. The server responded: -ERR Server error"

Send mail does not give an error. In fact, the outlook-test-messages are sent, I can see them with the web-mail reader.

The Outlook logging shows:

2007.07.24 19:58:05 POP3 (aaa.bbb.ccc.ddd): Port: 995, Secure: SSL, SPA: no

2007.07.24 19:58:05 POP3 (aaa.bbb.ccc.ddd): Finding host

2007.07.24 19:58:05 POP3 (aaa.bbb.ccc.ddd): Securing connection

2007.07.24 19:58:05 POP3 (aaa.bbb.ccc.ddd): Connected to host

2007.07.24 19:58:06 POP3 (aaa.bbb.ccc.ddd): <rx> +OK Server Ready

2007.07.24 19:58:06 POP3 (aaa.bbb.ccc.ddd): Authorizing to server

2007.07.24 19:58:06 POP3 (aaa.bbb.ccc.ddd): [tx] AUTH

2007.07.24 19:58:06 POP3 (aaa.bbb.ccc.ddd): <rx> +OK Supported authentication mechanisms:

2007.07.24 19:58:06 POP3 (aaa.bbb.ccc.ddd): <rx> LOGIN

2007.07.24 19:58:06 POP3 (aaa.bbb.ccc.ddd): <rx> .

2007.07.24 19:58:06 POP3 (aaa.bbb.ccc.ddd): [tx] USER user.user

2007.07.24 19:58:06 POP3 (aaa.bbb.ccc.ddd): <rx> -ERR Server error

2007.07.24 19:58:06 POP3 (aaa.bbb.ccc.ddd): Retrying authorization

2007.07.24 19:58:07 POP3 (aaa.bbb.ccc.ddd): Disconnected from host

I am not sure what this means, hope you or anybody else can help me along.

Regards,

Frank

[cluberti]

One question - is the server certificate you are using for POP3S using the same FQDN as the FQDN you use to connect to the mail server?

[SibKhatru]

One question - is the server certificate you are using for POP3S using the same FQDN as the FQDN you use to connect to the mail server?

Both the intranet website and the mail server are accessed/connected to by an IP address (aaa.bbb.ccc.ddd), not a (DNS) name. I have only one certifcate for both. The certificate shows that IP address for both 'issued to' and 'issued by'. In the certificate information I cannot find a FQDN, but I am not that knowledgable about certificates and security in general, so maybe I am overseeing it.

Does that answer your question? If not, let me know. And thanks for your time & effort!

Regards,

Frank

[cluberti]

One question - is the server certificate you are using for POP3S using the same FQDN as the FQDN you use to connect to the mail server?

Both the intranet website and the mail server are accessed/connected to by an IP address (aaa.bbb.ccc.ddd), not a (DNS) name. I have only one certifcate for both. The certificate shows that IP address for both 'issued to' and 'issued by'. In the certificate information I cannot find a FQDN, but I am not that knowledgable about certificates and security in general, so maybe I am overseeing it.

Does that answer your question? If not, let me know. And thanks for your time & effort!

Regards,

Frank

I think that is part of your issue - Outlook 2007 generally requires a certificate that is valid to a host name, not an IP address. You might want to contact your ISP to see why they don't have a cert for something like <mail.yourisp.com>. I think you may need a new cert and use an FQDN for this to work properly going forward...

[SibKhatru]

Ok, thanks. I will contact my employer to sort out the problem.

Regards,

Frank