When trying to configure TLS communication between Email Prevent and MTA the TLS handshake never completes and the following error is found in the SMTPOperational log on the detection server:

 (SMTP_CONNECTION.XXXX) Forward connection error (tid=XX cid=Y mta=<> reason=Channel is null in ESMPPerr:recv)

IE:

 (SMTP_CONNECTION.5203) Forward connection error (tid=XX cid=YY mta=<> reason=Channel is null in ESMPPerr:recv)

SMTP Prevent running in forwarding or reflecting mode

The keystore password may not be set on the Detection server's configuration.  This prevents the DLP services from being able to access the keystore when a certificate exchange needs to happen between servers.

It can be also mismatch between keystore and keypair passwords.
 

1. Log onto the Enforce console that manages Network Prevent for Email Server.
2. Select System > Servers > Overview from the main menu bar.
3. Click the name of the Network Prevent for Email Server you want to configure.
4. Click Configure.
5. In the Security Configuration section, fill in the fields as follows:

   Field	Description
   Keystore Password	Enter the correct password for the keystore file
   Confirm Keystore Password	Re-enter the keystore password

6. Click Save.

The Network Prevent for Email Server keystore password and key password values must match. Use the same prevent_keystore_password when you generate the key for Network Prevent for Email Server.