You are find IMAPS connections aren’t working. You’ve checked the settings with Get-IMAPSettings and confirmed the services are running.
Testing with OpenSSL you find there are problems with the SSL Handshake
openssl s_client -showcerts -connect %ServerName%:993
Loading ‘screen’ into random state – done
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 317 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
No ALPN negotiated
It took me a while to find this. It looks like Active Manager has intervened and disabled the Imap component.
Get-ComponentState -Identity ExchangeServer
And what do we see?
This kind of makes sense, just think about what you do to the Hub Transport component when you patch servers in a DAG.
This can be fixed by running
Set-ServerComponentState -Identity ExchangeServer1 -Component imapproxy -State Active -Requester HealthApi