• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 24793
  • Last Modified:

Event ID 7004 Errors: XEXCH50 "504 Need to authenticate first" between external servers

First the basics:  Exchange 2003 (no SP1) running on Windows Server 2003.  

I have been seeing numerous 7004 errors in my Application log that look like this:

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      SMTP Protocol
Event ID:      7004
Date:            8/19/2004
Time:            1:44:11 PM
User:            N/A
Computer:      PARIS_2K3_MAIL
This is an SMTP protocol error log for virtual server ID 1, connection #1145. The remote host "", responded to the SMTP command "xexch50" with "504 Need to authenticate first  ". The full command sent was "XEXCH50 2432 2  ".  This will probably cause the connection to fail.

For more information, click http://www.microsoft.com/contentredirect.asp.

These errors are not followed or preceded by any other errors.  The SMTP log will go something like this for outbound:

2004-08-19 20:10:40 25 - - 220+server.ifs.local+Microsoft+ESMTP+MAIL+Service,+Version:+5.0.2195.6713+ready+at++Thu,+19+Aug+2004+15:08:31+-0500+ 0 SMTP -
2004-08-19 20:10:40 25 EHLO - mail.parispresents.com 0 SMTP -
2004-08-19 20:10:40 25 - - 250-server.ifs.local+Hello+[] 0 SMTP -
2004-08-19 20:10:40 25 MAIL - FROM:<a@realaddress.com> 0 SMTP -
2004-08-19 20:10:40 25 - - 250+2.1.0+a@realaddress.com....Sender+OK 0 SMTP -
2004-08-19 20:10:40 25 RCPT - TO:<another@outsidecompany.com> 0 SMTP -
2004-08-19 20:10:40 25 - - 250+2.1.5+another@outsidecompany.com+ 0 SMTP -
2004-08-19 20:10:40 25 XEXCH50 - 2444+2 0 SMTP -
2004-08-19 20:10:40 25 - - 504+Need+to+authenticate+first 0 SMTP -
2004-08-19 20:10:40 25 BDAT - 165738+LAST 0 SMTP -
2004-08-19 20:10:43 25 - - 250+2.6.0++<C6B47B7F65A1E14691F584FFA0D268229B5C06@paris_2k3_mail.PARIS_PRESENTS>+Queued+mail+for+delivery 0 SMTP -
2004-08-19 20:10:43 25 QUIT - - 0 SMTP -
2004-08-19 20:10:43 25 - - 221+2.0.0+server.ifs.local+Service+closing+transmission+channel 0 SMTP -

I've changed the email addresses in the example above for privacy reasons.  But the a@realaddress.com is a real user in my domain and the another@outsidecompany.com is a legit message at the outside company.  Now this outside company doesn't seem to have any problems sending emails into my server.  The SMPT log looks rather normal:  

2004-08-19 13:20:07 0 xxxx - +server.ifs.local 500 SMTP -
2004-08-19 13:20:07 0 HELO - +server.ifs.local 250 SMTP -
2004-08-19 13:20:07 0 MAIL - +FROM:<another@outsidecompany.com> 250 SMTP -
2004-08-19 13:20:07 0 RCPT - +TO:<a@realaddress.com> 250 SMTP -
2004-08-19 13:20:07 0 DATA - +<C3FA8860FD0B4C4BBEF37AA951A1008B033966@server.ifs.local> 250 SMTP -
2004-08-19 13:20:07 0 QUIT - server.ifs.local 240 SMTP -

This error only seems to occur with this domain and a very small handful of others.  The vast majority of domains send/receive with no problems at all.  I have reviewed KB article 843106 and didn't find anything that really applies because it seems to be discussing Exchange servers within the same Org.  These are two external totally non-related servers in my situation.

Any help would be appreciated.


  • 2
  • 2
  • 2
  • +4
1 Solution
you may want to read through this carefully

"From a newsgroup post: "If the only problem you are seeing is that XEXCH50 is being denied in some cases, but there is no mail flow problem, it sounds like everything is ok as long as XEXCH50 is only being denied from servers outside of your Exchange Organization and mail is still being received.
Exchange 2003 only accepts XEXCH50 protocol data from clients who authenticate and have been granted "Send As" permission on the receiving SMTP virtual server object in the AD. In this respect, Exchange 2003 behaves differently than Exchange 2000. Within a single Exchange organization, Exchange setup takes care of ensuring that all Exchange servers have the necessary "Send As" right on all of the SMTP virtual servers, through the ACL on the Exchange organization object in the AD which inherits down to all of the SMTP virtual server objects. Because of this, the XEXCH50 command should be properly sent and received between servers within a single Exchange organization. It is expected that Exchange 2003 will block inbound XEXCH50 data from other Exchange organizations by default, and in this regard, the fact that it is responding with "504 Need to authenticate first" is actually correct, if the remote server is not part of the same Exchange organization. If you are seeing this between servers in the same Exchange organization, that is potentially an authentication or ACLing problem that should be looked into. You can use “ADSIEdit.msc” to investigate the ACLs of the Exchange objects in the configuration container if you suspect that the necessary Exchange server security groups have not been granted the “Send As” access that they need on the SMTP virtual servers. If you are seeing this between servers in different Exchange organizations, it is normal expected behavior, and should not actually block mail flow. When Exchange 2003 rejects an inbound XEXCH50 attempt, it allows the client to continue without the XEXCH50 data. When Exchange 2000 or 2003 attempt to send an XEXCH50 command and are denied, they continue to try to send their message data".  

hstahl76Author Commented:
You're right Colin.  After re-reading that KB article that does appear to be normal behavior between any two E2K3 boxes.  I wasn't expecting them to try to do a XEXCH50 exchage because they weren't related to each other.  I should have paid more attention to the line following the XEXCH50 error where the actual data is transferred.  Sure enough I tracked the messages in System Manager and they were delivered and the recipient on my end reported no problems getting emails from the sender.  Guess I need to turn down my level of SMTP logging a bit so I can stop getting freaked out by all the Errors in the log.  LOL.  Thanks for clearing that up.

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

I have the same messages here but one clietn is failing to send it's messages.  tehy session hangs for 10 minutes and then fails.  it then restarts the connection.  these hang all day and eventually they get throguh.  i have only one client that this is happening to.
I have the same problem.
A connection to only some foreign domains is hanging on an XEXCH50 for 10 minutes until it breaks. All mails to this domain can't be sent and a NDR (non delivery report) is sent back to the the originator in my mail domain.
If I set up a mail trough a telnet connection from my mailserver, I can send a mail properly.

I get the error: 504 Need to authenticate first in my eventviewer as well as I sniff with Etherreal on the connection.

Mail sent to domains, wherer I can send them properly are being sent without this command.

Can anybody please help ?
I have the same "hanging" instance of this. The original question above came about due to someone looking maybe too closley at the logs ;). But mine came from a customer's email that never made it to the client, and like 1eEurope above, a NDR was received. I checked and the message sat in the queue for that domain and never left it--after days, still there. I had them send another simple test email to the same domain and it went. The offending message had a small MS Excel attachment, which previously such attachments had been delivered properly. But always, that same XEXCH50 "must authenticate" error. So it sounds like the XEXCH50 is a normal error you would receive on ALL emails sent outside your Exchange 2003 organization. So on my failing emails, there must be something else stopping them from reaching a small handful of domains. Soooooo, what could stop email from reaching a few domains only, and what should i look at log-wise? (I can tell you, that when i try to force these "stuck" emails to go out, the only error i could see (i have max. logging on the transport) is that XEXCH50 one.
I'm having the same problem as tauby.  My mail will sit there all day unless i intervene.  I've created a connector in E2K3 instead of using the default SMTP engine.  This way, I can force message to go out using HELO instead of EHLO.  After this, the mail goes out, but I'd rather send using the more secure EHLO format.  Any ideas out there?  Thanks.
We have same problem too with a SBS 2003 on a client server changing mails with some other external exchange servers ... just want to get down security level and make exchange to work. We use towork with Qmail or MDaemon, but don't know how to fix this issue. Is this ticket opened ? original post date is one year ago :)

Plese help.

I never quite resolved the issue... it just sort-of "went away"... let me know if you learn anyting else :)
I've just seen a post saying than problem was norton antivirus.


MY customes is got a corporate license of McAffee ....  i'll check it ... but not think it may work.

I'll let U know !

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

  • 2
  • 2
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now