Configure SMTP Server on Microsoft Windows Server 2022

Despite being deprecated for over a decade, there is still a number of reasons why one might want to use the Simple Mail Transfer Protocol Service in Windows Server. One that specifically comes to mind are devices, such as printers, that do not support some authentication protocols on modern servers.

Unfortunately, upon installing the SMTP service in Windows 2022, the service cannot be configured using the MMC for Internet Information Services 6.0. You might see a ‘Snapin Error’ prompting to report the error or ignore and continue. Neither option will advance the configuration of the service.

Error message presented when attempting to edit properties of the SMTP virtual server

Resolving the Problem

The problem is a bad configuration file installed by default. This can be rectified with the following steps.

  1. Stop SMTPSVC and IISADMIN services. They are displayed as Simple Mail Transfer Protocol (SMTP) and IIS Admin Service respectively.
  2. Open “C:\Windows\System32\inetsrv\MetaBase.xml” for editing.
  3. Find: Location =”/LM/SmtpSvc/1″
  4. Attributes for that XML element are listed alphabetically. Add: RelayIpList=””
  5. Save the MetaBase.xml file.
  6. Start SMTPSVC and IISADMIN services.
  7. Open Internet Information Services (IIS) 6.0 Manager from Administrative Tools. Right-click [SMTP Virtual Server #1] and select ‘Properties…’.
  8. Configure the service as you need.

Services Not Listed

If you do not see the SMTP service listed, I wrote a post some time ago about modifying the SMTP service using the terminal.

Create a PFX certificate file using OpenSSL

I usually work with Linux-based operating systems for web development. However, my company does run a couple of Microsoft Windows(R) servers for internal financial systems. When securing connections to Windows services, it is often useful to have certificates available in PFX format.

To convert a private key, certificate, and (optionally) any trusted chains; you will need the following:

  • The private key file.
  • A PEM containing the corresponding certificate.
  • Additional trust chains to be included (may also be included in the PEM in bullet 2).
  • OpenSSL (I tested this with the Mac OS X High Sierra – LibreSSL 2.2.7).

Place all of the files in your home directory and start a terminal session. Execute the following command, replacing the file names where appropriate for the files you have prepared:

openssl pkcs12 -export -out trevweb.pfx -inkey trevweb.key -in trevweb.crt -certfile trust-chain.crt

Assuming everything executed correctly, you should now have a ‘trevweb.pfx’ file located in your home directory ready to be imported easily by Windows services. A PFX, or I think more accurately a PKCS #12, file is a binary file format that may contain multiple certificate bundles.

SMTP Service Auto-Start on Windows Server 2016

I recently installed the SMTP (Simple Mail Transfer Protocol) feature to Windows Server 2016. Everything seemed fine until I discovered that the SMTP service does not start automatically on system re-boot. Furthermore, the service is not listed under the Services management snap-in. Operating the SMTP service via the IIS Manager 6.0 manager manually works just fine.

This situation can be remedied at the command prompt using ‘sc’. i.e.

sc config smtpsvc start= auto

Note that there is a space between the parameter ‘start=’ and the value ‘auto’. This is intentional and all name/value pairs need to be separated like this.

All being well, a confirmation will be displayed:

[SC] ChangeServiceConfig SUCCESS

This does not solve the problem of the SMTP not being listed under the services management snap-in. If anyone can shed any light on that, please leave a comment.

I do know that the display name for the service is ‘Simple Mail Transfer Protocol (SMTP)’. This can be confirmed by executing:

sc getdisplayname smtpsvc