Since 20.10.1 upgrade Orchestrator and Studio can't send SMTP emails

Hi! Since upgrading our platform to 20.10.1 last month, we have been experiencing an issue with sending SMTP emails from Orchestrator (on premises) and Studio. We use a private SMTP email server.

Given the below error messages, I believe it has something to do with our unique environment and the new SSL requirements introduced in 20.10.1. We have tried multiple things, also listed below, and would like assistance in troubleshooting.

Our main concern is that Orchestrator alerts are not being sent. There is a possibility some processes are not sending emails; however this is of lesser concern because most of our Send SMTP Email activities have SecureConnection set to “None”.

We received the following error message when sending a test email in Orchestrator from the Tenant > Settings > Mail page. We also received the same message in Studio when using the Send SMTP Email activity (old Mail package version, 1.7.2) with SecureConnection set to any setting other than “None”:

Sending the test mail failed! Original message: An error occurred while attempting to establish an SSL or TLS connection.

This usually means that the SSL certificate presented by the server is not trusted by the system for one or more of
the following reasons:

1. The server is using a self-signed certificate which cannot be verified.
2. The local system is missing a Root or Intermediate certificate needed to verify the server’s certificate.
3. A Certificate Authority CRL server for one or more of the certificates in the chain is temporarily unavailable.
4. The certificate presented by the server is expired or invalid.

It is also possible that the set of SSL/TLS protocols supported by the client and server do not match.

See MailKit/FAQ.md at master · jstedfast/MailKit · GitHub for possible solutions.
(#2600)

Tried updating the Uipath.Mail.Activities package version in studio to latest (1.10.5). Resulted in a different, seemingly more specific error message:

Send SMTP Mail Message: An error occurred while attempting to establish an SSL or TLS connection. The host name did not match the name given in the server’s SSL certificate.

Current orchestrator Mail settings, which worked prior to 20.10.1:

• Enable alerts email: True
• Use default credentials: True
• Enable SSL: False
• SMTP Host: our private email server
• SMTP Domain: our private domain
• SMTP Port: 25
• SMTP Username: Blank
• SMTP Password: Blank
• Default From Address: Fake email address, Robot.Admin@ourdomain.com
• Default From Display Name: PROD - Robot.Admin@ourdomain.com

We have tried the following:

• Orchestrator
  • Attempted to replace a self-signed certificate on our (on prem) orchestrator server with a newly purchased certificate. Sending the test email from the orchestrator produced the same error message.
  • Created a new firewall rule on the orchestrator server to allow use of port 25.
    • Supposedly, port 25 is for standard, unencrypted text. Not sure why we are encountering an issue with SSL/TLS.
  • Confirmed our email server’s certificate is valid, not self-signed. Our server supports TLS, but it is not required.
  • Left multiple fields blank, one by one, and sending test emails.
    • Blank SMTP Host - Failed. Host name required.
    • Blank SMTP Domain - Same old error.
    • Blank SMTP Port - Test email sent successfully. Error message replaced with success message. Email was not received.
      • Further suggests a problem with SSL/TLS.
  • Set SMTP port to 465, 587, 995, 993. These all timed out.
  • Replaced existing fake Default From Address with a real one, with and without credentials, with and without “Use default credentials” checked, with port set to 25 and without, with existing SMTP Host and with one corresponding to the “real” from address (Server name: smtp.office365.com, Port: 587).
    • Only factor continued to be SMTP port. No combination of settings resulted in test email going through.
  • Attempted every combination of orchestrator Mail settings we could think of.
• Studio
  • Set SecureConnection to “None”. Email went through successfully. Unsure how to apply this to Orchestrator.
  • Checked the Windows event viewer of the Studio machine. Error message: “The remote certificate is invalid according to the validation procedure.” This did not provide more information.

The following have been suggested in other forum posts, but we have not yet tried them:

• “Change the setting of certificates in your antivirus.”
• “You can work around this problem by supplying a custom RemoteCertificateValidationCallback and setting it on the client’s ServerCertificateValidationCallback property.”
  • Would the client in this case be the orchestrator?
• The following in combination:
  • Replace a self-signed certificate on our (on prem) orchestrator server with a newly purchased certificate.
  • Attempt with new firewall rule.
  • Attempt with SMTP Port set to blank.

Please let me know what else we can try.

We got this exact error recently, for SMTP emails.

We found that if we turned off encryption in the activity, the emails sent.

We use a DNS entry (ie smtp.somewhere.com) to load balance connections to multiple SMTP servers. A new certificate had been published and it wasn’t signed for that DNS name. They published a new certificate, accounting for that DNS name, and it fixed the issue.

Hi Paul! Thanks for your reply! Sounds promising based on my second error message.

It’s a Friday, so I might not be able to get together with my team today to test your suggestion. Will reply back with our results when I can.

By the way, a test that clued us into the issue with the DNS name not being in the certificate was that we upgraded to the latest version of UiPath Mail Activities. Then the error we got was different, and more useful - it said something like “name doesn’t match.”