none
Exchange 2010 Pop3 Connection Problem -ERR Logon failure: unknown user name or bad password.

    Question

  • Hi

    We migrated to our exchange to 2010 from 2003. Some users can connect to pop3 service with only user name, others not. Some user have to enter domain name username@domain.com for pop3 auth. I can not find any solution about this. Why the exchange 2010 server needs to domain name to login  for some users. Whet i test the connection by telnet

    +OK The Microsoft Exchange POP3 service is ready.
    user username
    +OK
    pass password
    -ERR Logon failure: unknown user name or bad password.
    -ERR Connection is closed. 12

    +OK The Microsoft Exchange POP3 service is ready.
    user username@domainname.com
    +OK
    pass password
    +OK User successfully logged on.


    Sunday, January 22, 2012 12:11 AM

All replies

  • Does the alias and and user name match for these users?
    Sukh
    • Proposed as answer by nschoot Friday, July 5, 2013 11:49 AM
    Sunday, January 22, 2012 12:25 AM
  • Hello,

     

    The POP3 service is set to run as Administrator, and it needs to be using the local credentials.

    You can logon successfully using alias, while can’t logon successfully by user name. Maybe it is the cause that Sukh said.

     

    Best Regards,

    Lisa

     

    Monday, January 23, 2012 6:39 AM
    Moderator
  • Yes, it is matching. If i use username@domain.name , i can login. But with another user, i do not need to use domain name. I can login only username and password. like

    user1@domain.com and pass login is succes but for another user , only user name is enought without @domain name another user user2 and pass login is succes.


    Networker
    Wednesday, January 25, 2012 8:35 PM
  • Yes matching.
    Networker
    Wednesday, January 25, 2012 8:42 PM
  • There are two identity parameters it will accept as the username for logon - mailbox alias and UPN.

    If the alias matches the user name, then logging on with the username will work. 

     If you want all of your users to be able to logon with their username, you need to change their mailbox alias to match their username.


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Wednesday, January 25, 2012 8:59 PM
  • I am sure mailbox allias and user names same. I tested this problem with 4-5 users. If the user on exchange 2003, i can login with AD username (same with mail address-allias ). But when i migrate the user to exchange 2010, some users can login with only user name (same with Ad), but some users not like my account. When i create new user on exchange 2010, there is no problem with pop3.


    Networker
    Wednesday, January 25, 2012 9:08 PM
  • Can they logon with their UPN?
    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Wednesday, January 25, 2012 9:12 PM
  • If i do the mistake please correct me, if ups is username@domain.com yes. I can login with .
    Networker
    Wednesday, January 25, 2012 9:16 PM
  • If i do the mistake please correct me, if UPN is username@domain.com yes. I can login with .
    Networker
    Wednesday, January 25, 2012 9:17 PM
  • That's it.  If the alias names truly do match the samaccountname, then I can't explain why they don't work. 
    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Wednesday, January 25, 2012 9:22 PM
  • So interesting for me,

    We try to migrate to 2003 to 2010. I migrated some users. Some users can login without UPN, but the exchange 2010 want to some users with UPN. Thanks. The big problem, i have some web based system with working pop3 aut. ı cannot use these system with exchange 2010.


    Networker
    Wednesday, January 25, 2012 9:27 PM
  • So interesting for me,

    We try to migrate to 2003 to 2010. I migrated some users. Some users can login without UPN, but the exchange 2010 want to some users with UPN. Thanks. The big problem, i have some web based system with working pop3 aut. ı cannot use these system with exchange 2010.


    Networker

    I would post this in a seperate thread.
    Sukh
    Wednesday, January 25, 2012 9:37 PM
  • I'm starting  to wonder if there's any resitrictions on the allowed characterset that would make some valid samaccountnames unusable for POP3 logon.
    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Wednesday, January 25, 2012 9:41 PM
  • No they are same problem. Which services and web baseed application use pop3 have same problem. i wanted to give an example from another sides. I have same problem with web based application, telnet and outlook. some users can connect with the these 3 service with only username some users can connect with UPN.
    Networker
    Wednesday, January 25, 2012 9:44 PM
  • I checked all items one by one on adsi edit for two user. i am working with user1 account since 2003. there is no problem about pop3 aut. When i migrate to exchange 2010 i had problem after 1 minute. I checked some users on system. Which user migrate to exchange 2010 , cannot login with pop3 . but some users can login with out domain name after migration. i checked these users with others. if there is any tool for checking specialy i can use for more log.
    Networker
    Wednesday, January 25, 2012 9:49 PM
  • Have you enabled protocol logging for POP3?
    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Wednesday, January 25, 2012 9:51 PM
  • Manualy no. only i am checking windows event logs.
    Networker
    Wednesday, January 25, 2012 9:52 PM
  • but i have debug file . i can send for check.
    Networker
    Wednesday, January 25, 2012 9:52 PM
  • Can you past the relevant section, not the entire log.
    Sukh
    Wednesday, January 25, 2012 10:38 PM
  • A part of Pop3 log located at bottom. Thanks for your help.

    dateTime,sessionId,seqNumber,sIp,cIp,user,duration,rqsize,rpsize,command,parameters,context
    #Software: Microsoft Exchange Server
    #Version: 14.0.0.0
    #Log-type: POP3 Log
    #Date: 2012-01-25T22:09:09.950Z
    #Fields: dateTime,sessionId,seqNumber,sIp,cIp,user,duration,rqsize,rpsize,command,parameters,context
    2012-01-25T22:09:09.950Z,0000000000000001,0,10.1.20.14:110,10.1.20.14:42890,,-2147483648,0,51,OpenSession,,
    2012-01-25T22:09:12.415Z,0000000000000001,1,10.1.20.14:110,10.1.20.14:42890,,140,12,5,user,daydenk,R=ok
    2012-01-25T22:09:16.564Z,0000000000000001,2,10.1.20.14:110,10.1.20.14:42890,,124,10,56,pass,*****,"R=""-ERR Logon failure: unknown user name or bad password."";RpcL=-1;LdapL=-1;Msg=LogonFailed:LoginDenied"
    2012-01-25T22:09:17.344Z,0000000000000001,3,10.1.20.14:110,10.1.20.14:42890,,0,0,25,InvalidCommand,,"R=""-ERR Protocol error. 19"";RpcL=-1;LdapL=-1"
    2012-01-25T22:10:09.685Z,0000000000000001,4,10.1.20.14:110,10.1.20.14:42890,,0,0,31,CloseSession,,
    2012-01-25T22:11:27.035Z,0000000000000002,0,10.1.20.14:110,10.1.20.14:42972,,-2147483648,0,51,OpenSession,,
    2012-01-25T22:11:43.664Z,0000000000000002,1,10.1.20.14:110,10.1.20.14:42972,,0,26,5,user,daydenk@robcol.k12.tr,R=ok
    2012-01-25T22:11:55.348Z,0000000000000002,2,10.1.20.14:110,10.1.20.14:42972,daydenk,7893,10,34,pass,*****,"R=ok;RpcC=20;RpcL=109;LdapC=15;LdapL=47;Msg=""User:Dogan Aydenk:953158a6-99cd-4030-9c4d-92cec75b82ee:Academic_2010:PUB-PBOX.robcol.k12.tr"";Budget=""Conn:0,HangingConn:0,AD:$null/$null/1%,CAS:$null/$null/10%,AB:$null/$null/0%,RPC:$null/$null/1%,FC:1000/0,Policy:DefaultThrottlingPolicy_7ec365b0-28c7-40d1-9fe1-74367915e1a8,Norm[Resources:(DC)DUYGU.robcol.k12.tr(Health:-1%,HistLoad:0),(Mdb)Academic_2010(Health:-1%,HistLoad:0),]"""
    2012-01-25T22:11:59.638Z,0000000000000002,3,10.1.20.14:110,10.1.20.14:42972,daydenk,0,0,25,InvalidCommand,,"R=""-ERR Protocol error. 19"";Budget=""Conn:0,HangingConn:0,AD:$null/$null/1%,CAS:$null/$null/10%,AB:$null/$null/0%,RPC:$null/$null/1%,FC:1000/0,Policy:DefaultThrottlingPolicy_7ec365b0-28c7-40d1-9fe1-74367915e1a8,Norm[Resources:(DC)DUYGU.robcol.k12.tr(Health:-1%,HistLoad:0),(Mdb)Academic_2010(Health:-1%,HistLoad:0),]"""
    2012-01-25T22:12:01.447Z,0000000000000002,4,10.1.20.14:110,10.1.20.14:42972,daydenk,0,0,0,CloseSession,,"Budget=""Conn:0,HangingConn:0,AD:$null/$null/1%,CAS:$null/$null/10%,AB:$null/$null/0%,RPC:$null/$null/1%,FC:1000/0,Policy:DefaultThrottlingPolicy_7ec365b0-28c7-40d1-9fe1-74367915e1a8,Norm[Resources:(DC)DUYGU.robcol.k12.tr(Health:-1%,HistLoad:0),(Mdb)Academic_2010(Health:-1%,HistLoad:0),]"""
    2012-01-25T22:16:02.071Z,0000000000000003,0,10.1.20.14:995,10.1.20.14:43006,,0,0,0,OpenSession,,
    2012-01-25T22:16:15.347Z,0000000000000004,0,10.1.20.14:110,10.1.20.14:43016,,-2147483648,0,51,OpenSession,,
    2012-01-25T22:16:17.624Z,0000000000000004,1,10.1.20.14:110,10.1.20.14:43016,,0,12,5,user,daydenk,R=ok
    2012-01-25T22:16:22.538Z,0000000000000004,2,10.1.20.14:110,10.1.20.14:43016,,0,10,56,pass,*****,"R=""-ERR Logon failure: unknown user name or bad password."";Msg=LogonFailed:LoginDenied"
    2012-01-25T22:16:23.677Z,0000000000000004,3,10.1.20.14:110,10.1.20.14:43016,,0,0,25,InvalidCommand,,"R=""-ERR Protocol error. 19"""
    2012-01-25T22:16:24.972Z,0000000000000004,4,10.1.20.14:110,10.1.20.14:43016,,0,1,25,InvalidCommand,w,"R=""-ERR Protocol error. 19"""
    2012-01-25T22:16:25.143Z,0000000000000004,5,10.1.20.14:110,10.1.20.14:43016,,0,0,25,InvalidCommand,,"R=""-ERR Protocol error. 20"""
    2012-01-25T22:16:26.547Z,0000000000000005,0,10.1.20.14:110,10.1.20.14:43023,,-2147483648,0,51,OpenSession,,
    2012-01-25T22:16:29.121Z,0000000000000005,1,10.1.20.14:110,10.1.20.14:43023,,0,12,5,user,daydenk,R=ok
    2012-01-25T22:16:34.628Z,0000000000000005,2,10.1.20.14:110,10.1.20.14:43023,,0,10,56,pass,*****,"R=""-ERR Logon failure: unknown user name or bad password."";Msg=LogonFailed:LoginDenied"
    2012-01-25T22:16:35.454Z,0000000000000005,3,10.1.20.14:110,10.1.20.14:43023,,0,0,25,InvalidCommand,,"R=""-ERR Protocol error. 19"""
    2012-01-25T22:17:26.782Z,0000000000000005,4,10.1.20.14:110,10.1.20.14:43023,,0,0,31,CloseSession,,
    2012-01-25T22:21:50.540Z,0000000000000006,0,10.1.20.14:110,178.239.83.179:43977,,-2147483648,0,51,OpenSession,,
    2012-01-25T22:21:50.602Z,0000000000000006,1,10.1.20.14:110,178.239.83.179:43977,,0,26,5,user,daydenk@robcol.k12.tr,R=ok
    2012-01-25T22:21:52.802Z,0000000000000006,2,10.1.20.14:110,178.239.83.179:43977,daydenk,2137,10,34,pass,*****,"R=ok;RpcC=13;RpcL=62;LdapC=7;LdapL=31;Msg=""User:Dogan Aydenk:953158a6-99cd-4030-9c4d-92cec75b82ee:Academic_2010:PUB-PBOX.robcol.k12.tr"";Budget=""Conn:0,HangingConn:0,AD:$null/$null/1%,CAS:$null/$null/1%,AB:$null/$null/0%,RPC:$null/$null/1%,FC:1000/0,Policy:DefaultThrottlingPolicy_7ec365b0-28c7-40d1-9fe1-74367915e1a8,Norm[Resources:(DC)DUYGU.robcol.k12.tr(Health:-1%,HistLoad:0),(Mdb)Academic_2010(Health:-1%,HistLoad:0),]"""
    2012-01-25T22:21:52.864Z,0000000000000006,3,10.1.20.14:110,178.239.83.179:43977,daydenk,15,4,17,stat,,"R=ok;Rows=286;TotalSize=8480437;Budget=""Conn:0,HangingConn:0,AD:$null/$null/1%,CAS:$null/$null/1%,AB:$null/$null/0%,RPC:$null/$null/1%,FC:1000/0,Policy:DefaultThrottlingPolicy_7ec365b0-28c7-40d1-9fe1-74367915e1a8,Norm[Resources:(DC)DUYGU.robcol.k12.tr(Health:-1%,HistLoad:0),(Mdb)Academic_2010(Health:-1%,HistLoad:0),]"""
    2012-01-25T22:21:52.927Z,0000000000000006,4,10.1.20.14:110,178.239.83.179:43977,daydenk,0,4,3046,uidl,,"R=ok;Budget=""Conn:0,HangingConn:0,AD:$null/$null/1%,CAS:$null/$null/1%,AB:$null/$null/0%,RPC:$null/$null/1%,FC:1000/0,Policy:DefaultThrottlingPolicy_7ec365b0-28c7-40d1-9fe1-74367915e1a8,Norm[Resources:(DC)DUYGU.robcol.k12.tr(Health:-1%,HistLoad:0),(Mdb)Academic_2010(Health:-1%,HistLoad:0),]"""
    2012-01-25T22:21:54.627Z,0000000000000006,5,10.1.20.14:110,178.239.83.179:43977,daydenk,1575,7,1065,top,1 0,"R=ok;RpcC=4;LdapC=3;LdapL=15;Budget=""Conn:0,HangingConn:0,AD:$null/$null/1%,CAS:$null/$null/3%,AB:$null/$null/0%,RPC:$null/$null/1%,FC:1000/0,Policy:DefaultThrottlingPolicy_7ec365b0-28c7-40d1-9fe1-74367915e1a8,Norm[Resources:(DC)DUYGU.robcol.k12.tr(Health:-1%,HistLoad:0),(Mdb)Academic_2010(Health:-1%,HistLoad:0),(DC)PEACE.robcol.k12.tr(Health:-1%,HistLoad:0),]"""
    2012-01-25T22:21:54.799Z,0000000000000006,6,10.1.20.14:110,178.239.83.179:43977,daydenk,15,9,2402,top,286 0,"R=ok;RpcC=3;Budget=""Conn:0,HangingConn:0,AD:$null/$null/1%,CAS:$null/$null/3%,AB:$null/$null/0%,RPC:$null/$null/1%,FC:1000/0,Policy:DefaultThrottlingPolicy_7ec365b0-28c7-40d1-9fe1-74367915e1a8,Norm[Resources:(DC)DUYGU.robcol.k12.tr(Health:-1%,HistLoad:0),(Mdb)Academic_2010(Health:-1%,HistLoad:0),(DC)PEACE.robcol.k12.tr(Health:-1%,HistLoad:0),]"""
    2012-01-25T22:21:54.877Z,0000000000000006,7,10.1.20.14:110,178.239.83.179:43977,daydenk,15,4,2906,list,,"R=ok;Rows=286;TotalSize=8480437;Budget=""Conn:0,HangingConn:0,AD:$null/$null/1%,CAS:$null/$null/3%,AB:$null/$null/0%,RPC:$null/$null/1%,FC:1000/0,Policy:DefaultThrottlingPolicy_7ec365b0-28c7-40d1-9fe1-74367915e1a8,Norm[Resources:(DC)DUYGU.robcol.k12.tr(Health:-1%,HistLoad:0),(Mdb)Academic_2010(Health:-1%,HistLoad:0),(DC)PEACE.robcol.k12.tr(Health:-1%,HistLoad:0),]"""
    2012-01-25T22:21:54.970Z,0000000000000006,8,10.1.20.14:110,178.239.83.179:43977,daydenk,0,4,61,quit,,"R=ok;Budget=""Conn:0,HangingConn:0,AD:$null/$null/1%,CAS:$null/$null/3%,AB:$null/$null/0%,RPC:$null/$null/1%,FC:1000/0,Policy:DefaultThrottlingPolicy_7ec365b0-28c7-40d1-9fe1-74367915e1a8,Norm[Resources:(DC)DUYGU.robcol.k12.tr(Health:-1%,HistLoad:0),(Mdb)Academic_2010(Health:-1%,HistLoad:0),(DC)PEACE.robcol.k12.tr(Health:-1%,HistLoad:0),]"""
    2012-01-25T22:36:53.840Z,0000000000000007,0,10.1.20.14:110,178.239.83.179:40256,,-2147483648,0,51,OpenSession,,


    Networker
    Thursday, January 26, 2012 10:04 AM
  • It appears to like the username, but not the password.  Again I'm wondering of it related to the allowed characterset. 
    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Thursday, January 26, 2012 12:05 PM
  • Try changing the LoginType to PlainTextAuthentication - http://technet.microsoft.com/en-us/library/aa997154.aspx Restart the service and check again.

    Other thing to do is what mjoliner has suggested, try a basic password with basic character set, like password


    Sukh
    Thursday, January 26, 2012 12:52 PM
  • I have changed the logintype before to PlainTextAuthentication.
    Networker
    Thursday, January 26, 2012 1:14 PM
  • i have the same issue any resoled there

    Saturday, June 16, 2012 11:15 PM
  • I have found the solution to the damm problem

    once you have configured Pop3 and you only want Clear Text Authentication. 

    Open the user account in AD, goto Account Tab

    Under Account Options, Tick the last box in the list i.e

    Do Not require Kerberos preAuthentication.

    AD in new systems requires users to use Kerberos before anything else and that causes this issue i believe.

    Thanks

    Sunday, September 23, 2012 10:10 PM
  • This fixed an issue I had with a user... Tried everything. User could login, Webmail even worked, but not POP3 (nor IMAP)... Was caused by a different alias.

    Friday, July 5, 2013 11:50 AM