Solved

Event ID 7004 Errors: XEXCH50 "504 Need to authenticate first" between external servers

Posted on 2004-08-19
10
24,574 Views
Last Modified: 2011-08-18
First the basics:  Exchange 2003 (no SP1) running on Windows Server 2003.  

I have been seeing numerous 7004 errors in my Application log that look like this:

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      SMTP Protocol
Event ID:      7004
Date:            8/19/2004
Time:            1:44:11 PM
User:            N/A
Computer:      PARIS_2K3_MAIL
Description:
This is an SMTP protocol error log for virtual server ID 1, connection #1145. The remote host "66.222.68.160", responded to the SMTP command "xexch50" with "504 Need to authenticate first  ". The full command sent was "XEXCH50 2432 2  ".  This will probably cause the connection to fail.

For more information, click http://www.microsoft.com/contentredirect.asp.


These errors are not followed or preceded by any other errors.  The SMTP log will go something like this for outbound:

2004-08-19 20:10:40 66.222.68.160 25 - - 220+server.ifs.local+Microsoft+ESMTP+MAIL+Service,+Version:+5.0.2195.6713+ready+at++Thu,+19+Aug+2004+15:08:31+-0500+ 0 SMTP -
2004-08-19 20:10:40 66.222.68.160 25 EHLO - mail.parispresents.com 0 SMTP -
2004-08-19 20:10:40 66.222.68.160 25 - - 250-server.ifs.local+Hello+[198.63.232.162] 0 SMTP -
2004-08-19 20:10:40 66.222.68.160 25 MAIL - FROM:<a@realaddress.com> 0 SMTP -
2004-08-19 20:10:40 66.222.68.160 25 - - 250+2.1.0+a@realaddress.com....Sender+OK 0 SMTP -
2004-08-19 20:10:40 66.222.68.160 25 RCPT - TO:<another@outsidecompany.com> 0 SMTP -
2004-08-19 20:10:40 66.222.68.160 25 - - 250+2.1.5+another@outsidecompany.com+ 0 SMTP -
2004-08-19 20:10:40 66.222.68.160 25 XEXCH50 - 2444+2 0 SMTP -
2004-08-19 20:10:40 66.222.68.160 25 - - 504+Need+to+authenticate+first 0 SMTP -
2004-08-19 20:10:40 66.222.68.160 25 BDAT - 165738+LAST 0 SMTP -
2004-08-19 20:10:43 66.222.68.160 25 - - 250+2.6.0++<C6B47B7F65A1E14691F584FFA0D268229B5C06@paris_2k3_mail.PARIS_PRESENTS>+Queued+mail+for+delivery 0 SMTP -
2004-08-19 20:10:43 66.222.68.160 25 QUIT - - 0 SMTP -
2004-08-19 20:10:43 66.222.68.160 25 - - 221+2.0.0+server.ifs.local+Service+closing+transmission+channel 0 SMTP -

I've changed the email addresses in the example above for privacy reasons.  But the a@realaddress.com is a real user in my domain and the another@outsidecompany.com is a legit message at the outside company.  Now this outside company doesn't seem to have any problems sending emails into my server.  The SMPT log looks rather normal:  

2004-08-19 13:20:07 66.222.68.160 0 xxxx - +server.ifs.local 500 SMTP -
2004-08-19 13:20:07 66.222.68.160 0 HELO - +server.ifs.local 250 SMTP -
2004-08-19 13:20:07 66.222.68.160 0 MAIL - +FROM:<another@outsidecompany.com> 250 SMTP -
2004-08-19 13:20:07 66.222.68.160 0 RCPT - +TO:<a@realaddress.com> 250 SMTP -
2004-08-19 13:20:07 66.222.68.160 0 DATA - +<C3FA8860FD0B4C4BBEF37AA951A1008B033966@server.ifs.local> 250 SMTP -
2004-08-19 13:20:07 66.222.68.160 0 QUIT - server.ifs.local 240 SMTP -

This error only seems to occur with this domain and a very small handful of others.  The vast majority of domains send/receive with no problems at all.  I have reviewed KB article 843106 and didn't find anything that really applies because it seems to be discussing Exchange servers within the same Org.  These are two external totally non-related servers in my situation.

Any help would be appreciated.

Thanks,
-Heath

0
Comment
Question by:hstahl76
  • 2
  • 2
  • 2
  • +4
10 Comments
 
LVL 12

Accepted Solution

by:
ColinRoyds earned 500 total points
ID: 11846371
you may want to read through this carefully
http://www.eventid.net/display.asp?eventid=7004&eventno=3510&source=MSExchangeTransport&phase=1

"From a newsgroup post: "If the only problem you are seeing is that XEXCH50 is being denied in some cases, but there is no mail flow problem, it sounds like everything is ok as long as XEXCH50 is only being denied from servers outside of your Exchange Organization and mail is still being received.
Exchange 2003 only accepts XEXCH50 protocol data from clients who authenticate and have been granted "Send As" permission on the receiving SMTP virtual server object in the AD. In this respect, Exchange 2003 behaves differently than Exchange 2000. Within a single Exchange organization, Exchange setup takes care of ensuring that all Exchange servers have the necessary "Send As" right on all of the SMTP virtual servers, through the ACL on the Exchange organization object in the AD which inherits down to all of the SMTP virtual server objects. Because of this, the XEXCH50 command should be properly sent and received between servers within a single Exchange organization. It is expected that Exchange 2003 will block inbound XEXCH50 data from other Exchange organizations by default, and in this regard, the fact that it is responding with "504 Need to authenticate first" is actually correct, if the remote server is not part of the same Exchange organization. If you are seeing this between servers in the same Exchange organization, that is potentially an authentication or ACLing problem that should be looked into. You can use “ADSIEdit.msc” to investigate the ACLs of the Exchange objects in the configuration container if you suspect that the necessary Exchange server security groups have not been granted the “Send As” access that they need on the SMTP virtual servers. If you are seeing this between servers in different Exchange organizations, it is normal expected behavior, and should not actually block mail flow. When Exchange 2003 rejects an inbound XEXCH50 attempt, it allows the client to continue without the XEXCH50 data. When Exchange 2000 or 2003 attempt to send an XEXCH50 command and are denied, they continue to try to send their message data".  

http://support.microsoft.com/default.aspx?scid=kb;en-us;843106
0
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 11846379
0
 

Author Comment

by:hstahl76
ID: 11851791
You're right Colin.  After re-reading that KB article that does appear to be normal behavior between any two E2K3 boxes.  I wasn't expecting them to try to do a XEXCH50 exchage because they weren't related to each other.  I should have paid more attention to the line following the XEXCH50 error where the actual data is transferred.  Sure enough I tracked the messages in System Manager and they were delivered and the recipient on my end reported no problems getting emails from the sender.  Guess I need to turn down my level of SMTP logging a bit so I can stop getting freaked out by all the Errors in the log.  LOL.  Thanks for clearing that up.

-Heath
0
 

Expert Comment

by:rmazzotta
ID: 12227544
I have the same messages here but one clietn is failing to send it's messages.  tehy session hangs for 10 minutes and then fails.  it then restarts the connection.  these hang all day and eventually they get throguh.  i have only one client that this is happening to.
0
 
LVL 1

Expert Comment

by:1eEurope
ID: 12782757
I have the same problem.
A connection to only some foreign domains is hanging on an XEXCH50 for 10 minutes until it breaks. All mails to this domain can't be sent and a NDR (non delivery report) is sent back to the the originator in my mail domain.
If I set up a mail trough a telnet connection from my mailserver, I can send a mail properly.

I get the error: 504 Need to authenticate first in my eventviewer as well as I sniff with Etherreal on the connection.

Mail sent to domains, wherer I can send them properly are being sent without this command.

Can anybody please help ?
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Expert Comment

by:tauby
ID: 14331628
I have the same "hanging" instance of this. The original question above came about due to someone looking maybe too closley at the logs ;). But mine came from a customer's email that never made it to the client, and like 1eEurope above, a NDR was received. I checked and the message sat in the queue for that domain and never left it--after days, still there. I had them send another simple test email to the same domain and it went. The offending message had a small MS Excel attachment, which previously such attachments had been delivered properly. But always, that same XEXCH50 "must authenticate" error. So it sounds like the XEXCH50 is a normal error you would receive on ALL emails sent outside your Exchange 2003 organization. So on my failing emails, there must be something else stopping them from reaching a small handful of domains. Soooooo, what could stop email from reaching a few domains only, and what should i look at log-wise? (I can tell you, that when i try to force these "stuck" emails to go out, the only error i could see (i have max. logging on the transport) is that XEXCH50 one.
0
 

Expert Comment

by:tsgrempel
ID: 14411701
I'm having the same problem as tauby.  My mail will sit there all day unless i intervene.  I've created a connector in E2K3 instead of using the default SMTP engine.  This way, I can force message to go out using HELO instead of EHLO.  After this, the mail goes out, but I'd rather send using the more secure EHLO format.  Any ideas out there?  Thanks.
0
 

Expert Comment

by:kalsss
ID: 14489141
We have same problem too with a SBS 2003 on a client server changing mails with some other external exchange servers ... just want to get down security level and make exchange to work. We use towork with Qmail or MDaemon, but don't know how to fix this issue. Is this ticket opened ? original post date is one year ago :)

Plese help.

ThanX.
0
 

Expert Comment

by:tsgrempel
ID: 14489179
I never quite resolved the issue... it just sort-of "went away"... let me know if you learn anyting else :)
0
 

Expert Comment

by:kalsss
ID: 14489227
I've just seen a post saying than problem was norton antivirus.

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21236293.html?query=Need+to+authenticate+first&clearTAFilter=true

MY customes is got a corporate license of McAffee ....  i'll check it ... but not think it may work.

I'll let U know !



0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now