locked
Exchange 2013 Authentication issue in SMTP RRS feed

  • Question

  • Hi experts,

    I have exchange 2013 standard server with MailBox and CAS in same windows server. I have used server 6-7 months without issue, but after having restart of server recently, i can only use OWA properly and Cannot send mails using outlook because i am asking to authenticate always. but even i gave correct authentication details, i am not able to send email and its asking password again and again. 

    i checked logs and below is the output.

    2015-11-30T03:57:38.420Z,MAILSVR\RCOnnector,08D2F7298078DDC1,24,192.168.1.5:465,192.168.1.5:48626,*,MAILSVR;MAILSVR.xxx.xx.xx,Certificate alternate names
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,25,192.168.1.5:465,192.168.1.5:48626,*,,TLS negotiation succeeded
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,26,192.168.1.5:465,192.168.1.5:48626,<,EHLO MAILSVR.xxx.xx.xx,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,27,192.168.1.5:465,192.168.1.5:48626,>,250-MAILSVR.xxx.xx.xx Hello [192.168.1.5],
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,28,192.168.1.5:465,192.168.1.5:48626,>,250-SIZE 36700160,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,29,192.168.1.5:465,192.168.1.5:48626,>,250-PIPELINING,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,30,192.168.1.5:465,192.168.1.5:48626,>,250-DSN,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,31,192.168.1.5:465,192.168.1.5:48626,>,250-ENHANCEDSTATUSCODES,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,32,192.168.1.5:465,192.168.1.5:48626,>,250-AUTH LOGIN,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,33,192.168.1.5:465,192.168.1.5:48626,>,250-X-EXPS EXCHANGEAUTH GSSAPI NTLM,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,34,192.168.1.5:465,192.168.1.5:48626,>,250-X-EXCHANGEAUTH SHA256,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,35,192.168.1.5:465,192.168.1.5:48626,>,250-8BITMIME,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,36,192.168.1.5:465,192.168.1.5:48626,>,250-BINARYMIME,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,37,192.168.1.5:465,192.168.1.5:48626,>,250-CHUNKING,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,38,192.168.1.5:465,192.168.1.5:48626,>,250-XRDST,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,39,192.168.1.5:465,192.168.1.5:48626,>,250-XPROXY,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,40,192.168.1.5:465,192.168.1.5:48626,>,250-XPROXYFROM,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,41,192.168.1.5:465,192.168.1.5:48626,>,250-XPROXYTO,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,42,192.168.1.5:465,192.168.1.5:48626,>,250 XSYSPROBE,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,43,192.168.1.5:465,192.168.1.5:48626,<,X-EXPS EXCHANGEAUTH,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,44,192.168.1.5:465,192.168.1.5:48626,*,SMTPSubmit SMTPSubmitForMLS SMTPAcceptAnyRecipient SMTPAcceptAuthenticationFlag SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender BypassAntiSpam BypassMessageSizeLimit SMTPSendEXCH50 SMTPAcceptEXCH50 AcceptRoutingHeaders AcceptForestHeaders AcceptOrganizationHeaders SendRoutingHeaders SendForestHeaders SendOrganizationHeaders SendAs SMTPSendXShadow SMTPAcceptXShadow SMTPAcceptXProxyFrom SMTPAcceptXSessionParams SMTPAcceptXMessageContextADRecipientCache SMTPAcceptXMessageContextExtendedProperties SMTPAcceptXMessageContextFastIndex SMTPAcceptXAttr SMTPAcceptXSysProbe,Set Session Permissions
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,45,192.168.1.5:465,192.168.1.5:48626,*,NT AUTHORITY\SYSTEM,authenticated
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,46,192.168.1.5:465,192.168.1.5:48626,>,235 <authentication response>,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,47,192.168.1.5:465,192.168.1.5:48626,<,XPROXY SID=08D2F7298078DDBE IP=192.168.1.201 PORT=49870 DOMAIN=DellPCPC,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,48,192.168.1.5:465,192.168.1.5:48626,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,49,192.168.1.5:465,192.168.1.5:48626,>,250 XProxy accepted,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,50,192.168.1.5:465,192.168.1.5:48626,<,AUTH LOGIN,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,51,192.168.1.5:465,192.168.1.5:48626,>,334 <authentication response>,
    2015-11-30T03:57:38.451Z,MAILSVR\RCOnnector,08D2F7298078DDC1,52,192.168.1.5:465,192.168.1.5:48626,>,334 <authentication response>,
    2015-11-30T03:57:38.498Z,MAILSVR\RCOnnector,08D2F7298078DDC1,53,192.168.1.5:465,192.168.1.5:48626,*,SMTPSubmit SMTPAcceptAnyRecipient BypassAntiSpam AcceptRoutingHeaders,Set Session Permissions
    2015-11-30T03:57:38.498Z,MAILSVR\RCOnnector,08D2F7298078DDC1,54,192.168.1.5:465,192.168.1.5:48626,*,,The local server is configured to proxy client sessions but the incoming session is itself a proxied session.
    2015-11-30T03:57:38.498Z,MAILSVR\RCOnnector,08D2F7298078DDC1,55,192.168.1.5:465,192.168.1.5:48626,>,535 5.7.3 Authentication unsuccessful,
    2015-11-30T03:57:38.498Z,MAILSVR\RCOnnector,08D2F7298078DDBE,23,192.168.1.5:587,192.168.1.209:49870,*,,Setting up proxy session failed for 'dg@xxx.xx.xx' with error: 535 5.7.3 Authentication unsuccessful
    2015-11-30T03:57:38.498Z,MAILSVR\RCOnnector,08D2F7298078DDC1,56,192.168.1.5:465,192.168.1.5:48626,<,QUIT,
    2015-11-30T03:57:38.498Z,MAILSVR\RCOnnector,08D2F7298078DDC2,0,192.168.1.5:465,192.168.1.5:48631,+,,
    2015-11-30T03:57:38.498Z,MAILSVR\RCOnnector,08D2F7298078DDC1,57,192.168.1.5:465,192.168.1.5:48626,>,221 2.0.0 Service closing transmission channel

    Thank you in advance

    Monday, November 30, 2015 4:11 AM

Answers

  • Hi thanks, 

    Hi thanks,

    Hi Thanks,
    this output were normal.

    i created below connectors using shell after removing all receive connectors. then it works fine. 

    $range = "0.0.0.0-255.255.255.255","::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
    Get-TransportService | % {
    $server = $_.Name
    New-ReceiveConnector -Name "Client Proxy $server" -Bindings 0.0.0.0:465, [::]:465 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS,ExchangeServer -RemoteIPRanges $range -TransportRole HubTransport -PermissionGroups ExchangeUsers,ExchangeServers -MaxMessageSize 35MB -MessageRateLimit 5 -MessageRateSource User -EnableAuthGSSAPI $True -Server $server

    New-ReceiveConnector -Name "Default Frontend $server" -Bindings 0.0.0.0:25, [::]:25 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS,ExchangeServer -RemoteIPRanges $range -TransportRole FrontendTransport -PermissionGroups AnonymousUsers,ExchangeServers,ExchangeLegacyServers -MaxMessageSize 36MB -DomainSecureEnabled $True -ProtocolLoggingLevel Verbose -Server $server

    New-ReceiveConnector -Name "Outbound Proxy Frontend $server" -Bindings 0.0.0.0:717, [::]:717 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS,ExchangeServer -RemoteIPRanges $range -TransportRole FrontendTransport -PermissionGroups ExchangeServers -MaxMessageSize 36MB -DomainSecureEnabled $True -ProtocolLoggingLevel Verbose -Server $server

    New-ReceiveConnector -Name "Client Frontend $server" -Bindings 0.0.0.0:587, [::]:587 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS -RemoteIPRanges $range -TransportRole FrontendTransport -PermissionGroups ExchangeUsers -MaxMessageSize 35MB -MessageRateLimit 5 -MessageRateSource User -EnableAuthGSSAPI $True -Server $server

    New-ReceiveConnector -Name "Default $server" -Bindings [::]:2525, 0.0.0.0:2525 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS,ExchangeServer -RemoteIPRanges $range -TransportRole HubTransport -PermissionGroups ExchangeUsers,ExchangeServers,ExchangeLegacyServers -MaxMessageSize 35MB -MaxInboundConnectionPerSource Unlimited -MaxInboundConnectionPercentagePerSource 100 -MaxRecipientsPerMessage 5000 -SizeEnabled EnabledWithoutValue -Server $server
    }

    and its works now :)

    • Marked as answer by HackerGK Wednesday, December 2, 2015 10:57 AM
    Wednesday, December 2, 2015 10:31 AM

All replies

  • Hi,

    Could you check the outlook connectivity test & see for any errors.

    https://technet.microsoft.com/en-us/library/dd638082(v=exchg.160).aspx

    Monday, November 30, 2015 11:25 AM
  • Hi HackerGK,

    Please run the following command to check whether the "Exchange Users" group had been selected in permission groups :

    Get-Receiveconnector -identity "MAILSVR\RCOnnector" |fl auth*,permission*
    Best regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Niko Cheng
    TechNet Community Support

    • Proposed as answer by krselva Thursday, December 24, 2015 8:51 PM
    Tuesday, December 1, 2015 10:18 AM
    Moderator
  • Hi thanks, actually it gave me 

    451 4.7.0 Temporary server error. Please try again later. PRX2

    then i removed all connectors add added restored default connectors again using,

    $range = "0.0.0.0-255.255.255.255","::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
    Get-TransportService | % {
    $server = $_.Name
    New-ReceiveConnector -Name "Client Proxy $server" -Bindings 0.0.0.0:465, [::]:465 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS,ExchangeServer -RemoteIPRanges $range -TransportRole HubTransport -PermissionGroups ExchangeUsers,ExchangeServers -MaxMessageSize 35MB -MessageRateLimit 5 -MessageRateSource User -EnableAuthGSSAPI $True -Server $server

    New-ReceiveConnector -Name "Default Frontend $server" -Bindings 0.0.0.0:25, [::]:25 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS,ExchangeServer -RemoteIPRanges $range -TransportRole FrontendTransport -PermissionGroups AnonymousUsers,ExchangeServers,ExchangeLegacyServers -MaxMessageSize 36MB -DomainSecureEnabled $True -ProtocolLoggingLevel Verbose -Server $server

    New-ReceiveConnector -Name "Outbound Proxy Frontend $server" -Bindings 0.0.0.0:717, [::]:717 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS,ExchangeServer -RemoteIPRanges $range -TransportRole FrontendTransport -PermissionGroups ExchangeServers -MaxMessageSize 36MB -DomainSecureEnabled $True -ProtocolLoggingLevel Verbose -Server $server

    New-ReceiveConnector -Name "Client Frontend $server" -Bindings 0.0.0.0:587, [::]:587 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS -RemoteIPRanges $range -TransportRole FrontendTransport -PermissionGroups ExchangeUsers -MaxMessageSize 35MB -MessageRateLimit 5 -MessageRateSource User -EnableAuthGSSAPI $True -Server $server

    New-ReceiveConnector -Name "Default $server" -Bindings [::]:2525, 0.0.0.0:2525 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS,ExchangeServer -RemoteIPRanges $range -TransportRole HubTransport -PermissionGroups ExchangeUsers,ExchangeServers,ExchangeLegacyServers -MaxMessageSize 35MB -MaxInboundConnectionPerSource Unlimited -MaxInboundConnectionPercentagePerSource 100 -MaxRecipientsPerMessage 5000 -SizeEnabled EnabledWithoutValue -Server $server
    }

    and its works now :)

    Wednesday, December 2, 2015 10:28 AM
  • Hi thanks, 

    Hi thanks,

    Hi Thanks,
    this output were normal.

    i created below connectors using shell after removing all receive connectors. then it works fine. 

    $range = "0.0.0.0-255.255.255.255","::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
    Get-TransportService | % {
    $server = $_.Name
    New-ReceiveConnector -Name "Client Proxy $server" -Bindings 0.0.0.0:465, [::]:465 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS,ExchangeServer -RemoteIPRanges $range -TransportRole HubTransport -PermissionGroups ExchangeUsers,ExchangeServers -MaxMessageSize 35MB -MessageRateLimit 5 -MessageRateSource User -EnableAuthGSSAPI $True -Server $server

    New-ReceiveConnector -Name "Default Frontend $server" -Bindings 0.0.0.0:25, [::]:25 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS,ExchangeServer -RemoteIPRanges $range -TransportRole FrontendTransport -PermissionGroups AnonymousUsers,ExchangeServers,ExchangeLegacyServers -MaxMessageSize 36MB -DomainSecureEnabled $True -ProtocolLoggingLevel Verbose -Server $server

    New-ReceiveConnector -Name "Outbound Proxy Frontend $server" -Bindings 0.0.0.0:717, [::]:717 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS,ExchangeServer -RemoteIPRanges $range -TransportRole FrontendTransport -PermissionGroups ExchangeServers -MaxMessageSize 36MB -DomainSecureEnabled $True -ProtocolLoggingLevel Verbose -Server $server

    New-ReceiveConnector -Name "Client Frontend $server" -Bindings 0.0.0.0:587, [::]:587 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS -RemoteIPRanges $range -TransportRole FrontendTransport -PermissionGroups ExchangeUsers -MaxMessageSize 35MB -MessageRateLimit 5 -MessageRateSource User -EnableAuthGSSAPI $True -Server $server

    New-ReceiveConnector -Name "Default $server" -Bindings [::]:2525, 0.0.0.0:2525 -AuthMechanism Tls,Integrated,BasicAuth,BasicAuthRequireTLS,ExchangeServer -RemoteIPRanges $range -TransportRole HubTransport -PermissionGroups ExchangeUsers,ExchangeServers,ExchangeLegacyServers -MaxMessageSize 35MB -MaxInboundConnectionPerSource Unlimited -MaxInboundConnectionPercentagePerSource 100 -MaxRecipientsPerMessage 5000 -SizeEnabled EnabledWithoutValue -Server $server
    }

    and its works now :)

    • Marked as answer by HackerGK Wednesday, December 2, 2015 10:57 AM
    Wednesday, December 2, 2015 10:31 AM