Solved

Only one user successful at using IMAP to connect to Exchange Server 2003

Posted on 2004-09-12
24
996 Views
Last Modified: 2012-05-05
I have Windows Small Business Server 2003 w/ Exchange Server 2003 running.  I have the IMAP service started.  One user, which happens to be me, is able to successfuly authenticate to the IMAP server through either Outlook Express or snappermail on a Palm.  However, for any other user, I am getting a bad username/password error.  I have checked and the other users appear to be configured in the same way that my account is.  What could I be missing?

Thanks-
Courtney

This is urgent, hence the high point value.
0
Comment
Question by:consultgal
  • 10
  • 8
  • 5
  • +1
24 Comments
 
LVL 7

Expert Comment

by:alshahnaz
ID: 12041074
are u coonnecting to ur exchange through proxy if so

try this workaround

On one of the proxy array members, open the Web Proxy properties, click the Routing Tab, and then click the Advanced button.
Input a valid administrator account to all proxy array members.
Select "Allow basic/clear text authentication."
Apply your changes.
The changes will be applied to all proxy array members.

Shahnaz
0
 

Author Comment

by:consultgal
ID: 12041848
Not connecting through a proxy.

Courtney
0
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 12041919
go to ADUC / users properties / Exchange Advanced / Protocols / IMAP / put a tick in enable for mailbox
and thats it
0
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 12041926
you might also want to try using domain\usernam for username
0
 

Author Comment

by:consultgal
ID: 12048257
Don't have protocols listed under Exchange Advanced Tab.  However, on Exchange Features tab, I have protocols and for all of the users who cannot successfully authenticate to the IMAP server, IMAP is showing as Enabled.  I also have tried domain/username with no success.  For my account, however, I can successfully authenticate using either username only or domain\username.

Courtney
0
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 12052135
Courtney

Are you trying this locally from inside your LAN for all users?
0
 

Author Comment

by:consultgal
ID: 12054359
From both inside and outside.  Either way should be acceptable, as I have opened the appropriate port on the firewall.

Courtney
0
 

Author Comment

by:consultgal
ID: 12055481
I'm thinking about creating a new user from scratch and seeing if that new user can authenticate to the IMAP server.  If so, then I will recreate the necessary users and move the mailbox store from the old to the new (if that's possible, which I presume it is).

Courtney
0
 

Author Comment

by:consultgal
ID: 12056489
A newly created user also has no problem authenticating.  To sum up:  all (except one) of my legacy users cannot authenticate and receive a bad username/password error.  Newly created users and myself all can authenticate.  All users have IMAP enabled.  Can anyone make sense of this?  Is my only option to delete and recreate the old users?  If so, what is the best way to do so?

Thanks-
Courtney  
0
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 12056953
Courtney
If it's only one user then I would delete the account, but before you do that change the mail address to be something else or add a number in so it's different, because when you re-create the account Exchange remembers the old deleted mail address and will not let you use the same for a few weeks. So if the mail is user@domain.com make user1@domain.com.
to be safe you might want to rename the account in the same way before deletion ADUC / right clcik user then rename
then go into the properties and rename all the left over missed sections the same way you did the mail address
this should fix it then
0
 

Author Comment

by:consultgal
ID: 12058355
It is not just one user, unfortunately, it is all legacy users.  Currently, only one of them needs IMAP access, however, this solution (delete and recreate) would eventually have to be done for any of these "legacy users" when they need IMAP access.  This is really not the ideal solution and would love for people to chime in on some other things that I should look for.

Courtney
0
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 12059015
in that case I would agree with you, I have run out of idea's I am afraid but I would leave this question open as long as possible or until you have an answer.
Good Luck
Colin
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 12

Expert Comment

by:ColinRoyds
ID: 12059050
Courtney I have opened a new question pointing back at this one, hopefully someone can assist
http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21131055.html
0
 
LVL 12

Accepted Solution

by:
BNettles73 earned 500 total points
ID: 12059569

Open System Manager > navigate to the server > right click and select properties > click on the diagnostics logging tab > click on IMAP4Svc and turn up logging on each to maximum ....

Try to connect with an account that is not working ... then tell me what you see in the Application Event logs ...
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 12059601

btw ... can the legacy users access their email using OWA?
Have you verified the user accounts have access in the mailbox permissions?
When you say legacy users, do you mean migrated accounts?
Did you perform an inplace upgrade?
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 12059666

If you reset the user account password, are you able to access the mailbox?
Can you print out the exact error you receive when the logon fails?

I'm sure you are configuring the clients correctly, but can you review this article and verify. Thanks.

How to Configure Outlook Express for an IMAP Server
http://support.microsoft.com/default.aspx?scid=kb;en-us;264580

Telnet to port 143 on the IMAP server ...

Do you see something like this?
+OK Microsoft Exchange IMAP4rev1 server version x.x.x (F.Q.D.N.) ready

Type
? login domain/username password

What do you see after this?

Please explain the legacy user to me a little more ... I'm not sure exactly what you mean by legacy user, other than migrated ... if the user account is now in AD, it isn't really a legacy user account ...

0
 

Author Comment

by:consultgal
ID: 12059739
Here is the info from the Event Viewer for an unsuccesful attempt:

DS lookup for user jhigbee, connecting from 192.168.5.1, failed with error 0x80040920.
followed by
Authentication attempt from 192.168.5.1 to jhigbee has failed with error 0x52e.

I just managed to solve the problem a little bit, although I'm not sure why it is working this way.  For my own account, I used only my login name for account name.  Either the login alone or domain\login worked for my account.  For one the accounts that I was unable to get to work before using domain\login\alias just worked. However, if I use that same format for my account, it fails.  It works, so I'm happy but that seems like strange behavior.

Courtney
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 12059750
Next round of thought ...

Check the following:

Navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
Expand IMAP4 - Right-click the virtual server that you want to work with, and then select Properties.
In the Access tab, click Authentication.
Make sure Basic and Integrated Authentication are checked.
Close out ...

Next -
Open IIS manager on the Exchange box and make sure the exchange virtual directories have Basic and Integrated Authentication enabled. On /exchweb, make sure anonymous access is enabled.


 
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 12059787


Understanding login strings with POP3/IMAP
http://blogs.msdn.com/exchange/archive/2004/03/31/105275.aspx


Here is the KB article discussing the DS lookup error you are receiving ... it references POP but is relevant for IMAP -
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q296/3/87.ASP&NoWebContent=1


Enter the logon credentials in the following format when you are connecting through POP3:
DomainName\LogonName\MailboxAlias

-OR-
Verify that the Mailbox Alias value and the User Logon Name (Pre-Windows 2000) value match (if they do not, change them so that they do match):
In Active Directory Users and Computers, right-click the user account that you want to modify, and then click Properties.
On the Account tab, note the value in the User Logon Name (PreWindows 2000) box, which is the logon name or the samAccountName attribute.
On the Exchange General tab, note the value in the Alias box, which is the mailbox alias or the mailNickName attribute.
Note If the value in the User Logon Name (Pre-Windows 2000) box matches the value in the Mailbox Alias box, type the following logon credentials in the POP3 client:
DomainName\LogonName
0
 

Author Comment

by:consultgal
ID: 12059872
I saw all that briefly and I will look at it some more but the odd behavior is that for my account the values do not match (logon and alias) bit I cannot use domain\logon\alias successfuly.  On other accounts, where they also do not match, I must.

Courtney
0
 

Author Comment

by:consultgal
ID: 12059890
I accepted the answer of BNettles because his tip to set logging to maximum and check the Event Viewer is what lead me to try the solution that ultimately worked which was appending the mailbox alias to the account name info.

Thanks for the help-
Courtney
0
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 12061961
Courtney, I am glad it is sorted out and you are right to give BNettles73 the points but I think a thank you for opening another question on your behalf would have been appreciated.
0
 

Author Comment

by:consultgal
ID: 12062086
I'm sorry.  You are 100% right.  A thank you is much deserved and perhaps I should have even split the points, although I'm not sure how that works.  In my own defense, a thank you would most definitely have been forthcoming.  I'm just a bit slow right now as I am at T minus 1 to a move acorss the country and the server decided to go berserk on me all at the same time.  Nonetheless, no excuses to forget to show appreciation for someone else's kindness.

So better late than never...

Thanks!

Courtney
0
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 12062196
Courtney

Don't worry a points split was not neccessary as I am really not bothered about them as I have quite a few already and BNettles73 did solve your problem,and I can understand your predicament now that you have explained it, so don't worry it's no problem at all.
I am glad that you where able to get the answers you needed and the BNettles73 was able to help.

Colin
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now