none
Suddenly start receiving a lot of event id 1035 RRS feed

  • Question

  • Hi to all.
    As the title said suddenly start to receive a lot of 1035 event id
    Can anyone help me to solve this problem.
    I'm not familiar with exchange so i need detail instruction how to solve it.
    Thanks for your time andpatience

    Below is the event log

    Event Type:    Warning
    Event Source:    MSExchangeTransport
    Event Category:    SmtpReceive
    Event ID:    1035
    Date:        12/4/2016
    Time:        4:29:26 μμ
    User:        N/A
    Computer:    "My Exchange Server"
    Description:
    Inbound authentication failed with error LogonDenied for Receive connector Default "My Exchange Server". The authentication mechanism is Ntlm. The source IP address of the client who tried to authenticate to Microsoft Exchange is [98.175.70.58].

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Thursday, April 14, 2016 10:09 AM

Answers

  • SMSMSE - looks like this an application which running on the same server of Exchange server? HT server? correct me if I'm wrong?

    I'd suggest either to configure SMSMSE  on separate Physical/Virtual box or filter the email completely outside your network, in that case Im talking about cloud-based anti-spam, not sure if Symantec offer but this is the best practices. 


    Where Technology Meets Talent

    Friday, April 15, 2016 6:47 PM

All replies

  • You're welcome to enable SMTP protocol logging on the receive connector and see who's trying to connect and with what credentials.  My first guess is that someone is trying to hack you, which is normal, really.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Thursday, April 14, 2016 6:59 PM
    Moderator
  • you should be using either EOP or any 3rd party anti-spam on-prem/cloud based to keep attacks outside of exchange.

    Where Technology Meets Talent

    Thursday, April 14, 2016 7:46 PM
  • Hi,

    This Error event indicates that the inbound authentication from the specified source on the specified Receive connector has failed.

    To resolve this error, please verify that the Receive connector and the remote client are configured to use a common authentication method with the correct credentials and required certificates.

    https://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=1035&EvtSrc=MSExchangeTransport&LCID=1033

    Addictionally,also refer to the below articles to troubleshoot the issue:

    https://support.microsoft.com/en-us/kb/979174

    Regards,

    David 


    Friday, April 15, 2016 3:08 AM
    Moderator
  • Thanks all of you for your time.

    David i don't think that the problem is in my Exchange server because

    We did not make any changes in the default connector, did not hear any complain for loosing emails in my domain and the IP that try to send me email is in black list in 3 diff lists (Check the specific IP in mxtoolbox)

    With these proofs start thinking that Ed Crowley and ExchangeITPro has right.

    ExchangeITPro we using SMSMSE in our Exchange server and i open case in Symantec to make a further investigation.

    For any newer will keep you updated.

    Thanks again.

    Friday, April 15, 2016 6:49 AM
  • SMSMSE - looks like this an application which running on the same server of Exchange server? HT server? correct me if I'm wrong?

    I'd suggest either to configure SMSMSE  on separate Physical/Virtual box or filter the email completely outside your network, in that case Im talking about cloud-based anti-spam, not sure if Symantec offer but this is the best practices. 


    Where Technology Meets Talent

    Friday, April 15, 2016 6:47 PM