The Problem:

Today, I fixed an extremely perplexing error. One of our clients was getting errors on every one of his mail programs about SSL for IMAP. One of the errors was “SERVER has sent an incorrect or unexpected message. Error Code: -12263” in Thunderbird.

After I poked around a bit, I found that when I ran “Get-ExchangeCertificate | fl” it found the cert, but said “RootCAType” was Unknown and “Status” was Invalid. Weird how I got an error only for IMAP, since IIS worked without a problem.

Scroll to the bottom to skip the error messages and go straight to the fix!

Relevant Error Messages:

Event Type:	Error

Event Source:	MSExchangeIMAP4

Event Category:	(1)

Event ID:	1102

Date:		10/5/2009

Time:		3:19:44 PM

User:		N/A

Computer:	their-mail-server.them.local

Description:

The IMAP4 service failed to connect using SSL or TLS encryption.  A valid certificate is not configured to respond to SSL/TLS connections.  Check the configured hostname as well as which certificates are installed in the Personal Certificates store of the Computer.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and

Event Type:	Error

Event Source:	MSExchangeIMAP4

Event Category:	(1)

Event ID:	2007

Date:		10/5/2009

Time:		3:10:33 PM

User:		N/A

Computer:	their-mail-server.them.local

Description:

A certificate for the hostname "mail.thoseguys.com" could not be found.  SSL or TLS encryption cannot be made to the IMAP service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The Solution:

To resolve the issue, I simply imported the Intermediate Authority’s certificate into the computer’s Intermediate Certificate Authorities store. I got the most current cert from the CA’s website. After I imported the new one, I deleted the old one that was in there, and things worked just fine!