Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Mon, 24 Apr 2006 19:40:42 -0700,    group: microsoft.public.exchange2000.transport        back       


Exchange 2000 secure SMTP sending failure    
Hello,

I came from a primarily UNIX/Linux background, but I've inherited a
Windows network, including an Exchange 2000 server, and I've run into
something puzzling.  A couple of days of searching TechNet, Google,
etc, hasn't turned up answers - just other people asking about the
same thing.

We had a the default SMTP virtual server, listening on port 25 and
unsecured.  That's fine, it is inside the firewall.

Well, I wanted to allow external access to email, but only secured.
Setting up IMAPS and POPS was simple.  For SMTP however, I couldn't
just require security as there are *many* things on the internal
network that just throw mail at the server.  So I created a second
SMTP virtual server and called it Secure SMTP.  I have it listening on
587 and 465, and testing it with my account it has been working fine
for a few weeks on my Treo.

On Friday I was asked to configure another phone to access email.
IMAPS was a snap, but I ran into a wall with SMTPS.  I was able to
determine two things:

1. If I point the client to the Default SMTP server, even if I
   reconfigure it to be secure, sending mail works.

2. If I add the other user to the 'Enterpise Admins' group we have in
   Active Directory, it works.


So it appears to be a permissions configurations issue on the new
Virtual Server.  I've tried configuring them indentically - both ways
(both secure, both insecure), and the behavior doesn't change.  It
works on the existing Default SMTP Virtual Server and fails on Secure SMTP.


The failures log this:
---
Event Type:   Warning
Event Source: MSExchangeTransport
Event Category:	SMTP Protocol 
Event ID:	1710
Date:		4/24/2006
Time:			9:17:54 PM
User:				N/A
Computer:			MAIL
Description:
The SMTP client "10.0.0.41" authenticated as user
"CYPHERMINT\fubar" attempted to send as "fubar@cyphermint.com".
Access was denied because the authenticated client does not have
permission to Send As this SMTP address. 
Data:
0000: 05 00 07 80               ...?    
---

While the success logs this:
---
Event Type:	Information
Event Source:	MSExchangeTransport
Event Category:	SMTP Protocol 
Event ID:	1708
Date:		4/24/2006
Time:			9:02:53 PM
User:				N/A
Computer:			MAIL
Description:
SMTP Authentication was performed successfully with client
"[10.0.0.41]".  The authentication method was "NTLM" and the username
was "CYPHERMINT\fubar". 
---


It seems that there must be some difference between the two virtual
servers - some policy, some security setting...  Something that allows
the default to realize CYPHERMINT\user is the same as
user@cyphermint.com, but is missing on the new virtual server.


I've spent the better part of 2 days on this 'simple' problem, so
before I throw myself on the $99 mercy of MS, I thought I'd see if
anyone has a clue-by-four to lay on me.  I'm probably missing
something obvious - like you can't have two virtual servers for the
same domain or something...

Thanks for any assistance.

-MZ
-- 
<URL:mailto:megazoneatmegazone.org> Gweep, Discordian, Author, Engineer, me.
"A little nonsense now and then, is relished by the wisest men" 508-852-2171
<URL:http://www.megazone.org/>  <URL:http://www.eyrie-productions.com/> Eris
date: Mon, 24 Apr 2006 19:40:42 -0700   author:   (MegaZone)

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us