You cannot connect to a server that is running Exchange 2000 Server or Exchange Server 2003 to download e-mail messages when you use IMAP4 or POP3 through a Secure Sockets Layer (SSL) connection (904983)
The information in this article applies to:
- Microsoft Exchange Server 2003 Standard Edition
- Microsoft Exchange Server 2003 Enterprise Edition
- Microsoft Exchange 2000 Server
- Microsoft Exchange 2000 Enterprise Server
SYMPTOMSWhen you use Internet Message Access Protocol, version 4rev1
(IMAP4) or Post Office Protocol 3 (POP3) through a Secure Sockets Layer (SSL)
connection to connect to a server that is running either Exchange 2000 Server or Exchange Server 2003 to download
e-mail messages, you cannot connect to the server. Additionally, you may receive an error message that states that the server has unexpectedly closed the connection.CAUSEThis problem occurs if the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security policy is enabled on the client computer or on the server. When
this security policy is enabled, the client or the server requires Federal
Information Processing Standard (FIPS)-compliant encryption to be negotiated
for programs that use cryptographic services. If this security policy is enabled, the SSL participants are limited to a specific set of cipher suites. These cipher suites are called "block ciphers". Block cipher algorithms include data padding as part
of their implementation. This padding is not being correctly handled for
the Exchange SSL implementation.RESOLUTIONTo resolve this problem, disable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security policy on the client or on the server if this security policy is not
required. If the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security policy is enabled in Local Security Policy, follow
these steps.
- Click Start, click Run,
type secpol.msc, and then click
OK.
- Expand Local Policies, click
Security Options, and then double-click System
cryptography: Use FIPS compliant algorithms for encryption, hashing, and
signing in the right pane.
- Click Disabled, and then click
OK.
If the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security policy is enabled as part of Group Policy, contact the
administrator for help. STATUSMicrosoft
has confirmed that this is a problem in the Microsoft products that are listed
in the "Applies to" section.
Modification Type: | Major | Last Reviewed: | 7/29/2005 |
---|
Keywords: | kbexchPOPIMAPNNTP kbprb KB904983 kbAudITPRO |
---|
|