question

LucasLiu-MSFT avatar image
0 Votes"
LucasLiu-MSFT asked HectorMaldonado-1955 commented

[Migrated from MSDN Exchange Dev]Exchange Server: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80.

[Note] This thread was originally posted on MSDN. As the MSDN Exchange Dev forum mainly focuses on developing issues and the TechNet Exchange forums for general questions have been locked down, we manually migrated this one to Microsoft Q&A platform to continue the troubleshooting.

I have a Server 2012 R2 with Exchange Server Standard installed. Its been working for 3 years without mayor issues, but a couple of months now I been experience a torrent of errors in the system logs file:

A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80.

I need some guidance to troubleshoot this. There is nothing in Google, Microsoft Forums that actually fix of help find the source of this issue.

Most of the odd responses are: "Turn the alert off and the problem go away" scenario.

But when I clear the log, it takes 10 seconds to register at least 50 entries.

There is nothing there to help me even start looking for a solution.

Anyone that successfully have a procedure to troubleshoot this?

office-exchange-server-mailflow
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LucasLiu-MSFT avatar image
0 Votes"
LucasLiu-MSFT answered HectorMaldonado-1955 commented

Hi ,
Is there any problem during the use of Exchange?
Did you change any setting for Exchange befor this error code occurred?
According to my research, this is an error about Schannel. Schannel is a Security Support Provider (SSP) that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. You can check whether TLS verification is enabled for the Exchange organization by verifying the headers of sent and received emails. I suggest you contact the network team to check whether the TLS settings are correct and whether the function of using the authentication protocol is affected
Through the study of some similar cases, if the normal use of your Exchange is not affected, and all organizations that require TLS encryption, including Exchange, are operating normally. Then I think you can safely ignore these logs.
In addition, is there have any more related event log in the Event Viewer? If so, please share it with us. Please note that please cover your personal information.
There is a similar case you could refer to: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks Lucas for posting my question, i did additional steps to try pinpoint the problem.

First I wanted to isolate if the problem is generated externally or internally.

To determine this, I cloned my production environment (DC and Exchange Server) to a test environment.

The only difference is that the test environment does not have access to the Internet or any other local servers.

The result is that the error in question stop appearing in the windows logs.

Best bet: is not an internal error and it is not related to any change in the OS or application installed.


Since the problem stops completely, how I can troubleshoot to pinpoint what is hitting it from the outside (either lan or wan)?

0 Votes 0 ·

Hi @HectorMaldonado-1955 ,
Based on my knowledge, TLS 1.2 is used by default in Window 2012 R2, which can be used through WinHTTP, and Ensure your server is current on Windows Updates. Enabling TLS 1.2 can be used for incoming and outgoing connections of the Exchange organization, and to identify which connections are not encrypted with TLS 1.2.
Therefore, the occurrence of this error may be related to changes in Exchange settings and changes in OS. Exceptto checking the TLS settings, we also need pay attention to whether the included applications support TLS1.2.
In addition, are there any problems with the use of your Exchange organization? Are there other related error logs generated?



If the response is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·

There are no problems beside that one, but that one flood the logs inmediately.

0 Votes 0 ·