?
Solved

Setting up Echange 2003 mailboxes

Posted on 2007-10-04
16
Medium Priority
?
539 Views
Last Modified: 2013-11-30
I've been trying to set it up for a while now, and every time something is achieved, some new problem pops up. I have Windows SBS 2003 with Exchange, and I have set up the 2 users in active directory. After that I proceeded to set up mailboxes, and after bumping into a few problems and googling a lot, I managed to have Outlook Express send emails from a machine that's not on the network to external addresses. I've upgraded to Outlook 2003, and now it says the account is not allowed to send messages. Relaying permissions are on for the account in Exchange on the server. I'm sure it's a checkbox somewhere, as usual. I should also mention that whereas I was able to send emails from the domain to outside and within the domain, emails from outside were bounced back, with user does not exist message. Let me know if you need specific settings, I am kind of new to Exchange, just trying to set it up to receive and send emails from @domain.com... - you'd think, how hard can it be :)
0
Comment
Question by:luefher
  • 8
  • 8
16 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20019728
The problem is that you don't set up mailboxes separately with SBS.  Instead of creating users in Active Directory, you should be using the Server Management Console > Users Snap-in and run the Add New User Wizard.  

Using this wizard performs the following items:

" Creates user account. Allow multiple users to be created.
" Enables Exchange e-mail services for the user. Exchange mailboxes are created if e-mail alias is specified.
" Sends an introductory e-mail to the user. The e-mail content is located in %sbsprogramdir%\Administration\samplemail.htm.
" Assigns the user to Exchange distribution lists.
" Grants access to network resources such as shared folders, printers, and fax printers.
" Grants permissions to SharePoint.
" Grants the user VPN/Dial-in access or not via group membership.
" Gives the user remote administration privileges or not via group membership.
" Deploys software to user computers (launches the Setup Computer wizard).
" Assigns user(s) a logon script \\servername\NETLOGON\SBS_LOGON_SCRIPT.bat. If a logon script already exists for the user, a pointer to the SBS logon script is appended to the existing logon script. Logon script entry: \\servername\Clients\Setup\Applnch.exe /s servername

Then, When you join a workstation to your SBS Domain, you need to also use the wizards so that Outlook 2003 gets configured automatically.  First you run the Setup Client Computer Wizard (unless you allowed the Add User Wizard to continue on to setting up the computer account), then at the workstation you use IE and go to http://<servername>/connectcomputer to join it to the domain.

If you've not followed these steps to join workstations, please see http://sbsurl.com/rejoin to fix this.

Finally... (actually this should be the first thing you do), the Configure Email and Internet Connection Wizard (CEICW -- linked as "Connect to the Internet on the To-Do list in the Server Management Console) must be run to make sure that Exchange is configured properly.

A visual how-to for that is here:  http://sbsurl.com/ceicw

Jeff
TechSoEasy
0
 

Author Comment

by:luefher
ID: 20019833
I think you misunderstood the question. The network logons work fine, both on the local network and remote; however, for email, I don't want to join the domain - I'd like to have a pop3/smtp server running on the machine so that email for the @domain.com can be downloaded with any pop3 client from any connection. When I try to download or send it (machine not joined to the domain), I get a response: "4.5.7.3. Client does not have permission to submit mail to this server"...
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20020020
Okay then... the problem is that POP3/SMTP is not the recommended method to access email remotely when you have an SBS.  POP3 Email isn't secure, and if you download email from Exchange via POP3, then it is potentially removed from the server which would make backup impossible, and bypass the benefits of "Deleted Item Recovery".  Not to mention, it could remove messages from your Exchange mailbox so that it doesn't sync on every device you connect with and doesn't include your Contacts, Calendar, Tasks, or Notes.  Additionally, Exchange's Intelligent Message Filter (SPAM protection) doesn't work when you use POP3.

Instead, SBS offers a few ways to access email remotely that work much better.  Since you have Outlook 2003 installed, you should be using RPC over HTTPS.  

This feature must be enabled in the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > To-Do List) by checking the box on the Web Services Configuration Screen for "Outlook via the Internet".

A visual how-to is here:  http://sbsurl.com/ceicw

Port 443 must be open on your router/firewall.

Then RPC over HTTPS client configuration instructions are on the server's Remote Web Workplace main menu -- linked as "Configure Outlook via the Internet" -- access the RWW Main Menu by going to http://localhost/remote from on your server.  (See http://sbsurl.com/rww for more info on RWW).

A full overview for SBS based RPC/HTTPS configurations is here:  http://sbsurl.com/rpc

If accessing email from a public computer or a non-Windows OS, you can use Outlook Web Access which provides almost the same experience as Outlook 2003.  OWA should also be enabled in the CEICW and then you can access it via https://server.domain.com/exchange (or if you don't have a FQDN configured, https://ip.addre.ss/exchange).

Jeff
TechSoEasy


 
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 

Author Comment

by:luefher
ID: 20020122
Well, I feel you are not addressing the problem here. I do NOT want to use web interface, or LAN, since the clients are not on it. Let me explain it again: I have SBS 2003, and Exchange (obviously 2003) running on a <domain>. All I want is to set up Exchange properly so that it can send/receive emails from/to LAN/external ips. Any ideas?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20020132
I'm not telling you to use the web interface or LAN... I'm telling you that you configure your REMOTE OUTLOOK 2003 with RPC over HTTP and it works with ANY Internet Connection.

Please review the articles I linked to so you can learn about this.

Jeff
TechSoEasy
0
 

Author Comment

by:luefher
ID: 20061837
Sorry it took me a while to get back to this.
I've tried the described method - I've enabled Outlook via the Internet in CEICW, and continued to configure Outlook itself. In Exchange Server Settings, I put www.<domain>.com as the server (since I haven't set up a subdomain for Exchange yet), and then my network logon name as the mailbox. When I clicked Check Name, it said the server could not be resolved, and a look at the firewall log revealed that there were packets on ports 445, 110, 335, and 339. After I opened 445 and 339, clicking on Check Name brings up a dialog with User Name (pre-filled with logon name), Password, and Domain Name. For the domain name I enter <domain>.local, and for the password - my logon password. When I click ok, I get an error - "You logon information was incorrect. Check your username and domain, then type the password again." When I check Event Log on the server, under Security there is a Failure Audit, with this info:

Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      <network logon>
       Domain:            <remote machine domain>
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      <remote workstation name>
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      <WAN ip address>
       Source Port:      0

Did I forget to set something up? I've followed all the steps up until this point...
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20061931
You can't use www.domain.com for the server if www.domain.com doesn't actually point to your SBS's external IP address.  Please note that the CEICW specifically states that if you don't have a FQDN pointing to your server that you should enter the IP address.

Furthermore, the instructions specifically state that you should NOT click on Check Name.  But that hardly matters if you haven't configured the server correctly.

Jeff
TechSoEasy
0
 

Author Comment

by:luefher
ID: 20067299
Oops, my bad - didn't realize it was Outlook 2002 - I've set up 2003 and configured it. I am able to send and receive emails between user1@mydomain.com and user2@mydomain.com. It also sends emails from user@mydomain.com to user@some.other.domain.com (I've received the email I sent to my gmail account). However, when trying to send from gmail to @mydomain.com, it doesn't show up in Outlook, and searching mailbox on the server doesn't find it as well. Port 25 is open in firewall - tried to disable it and the email bounced back to gmail with error 500 so, I figure it reaches the server but never makes it to the store... Is there a way to track what happened to it, or, perhaps, it's something else altogether?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20067746
"searching mailbox on the server doesn't find it as well."

What mailbox on the server?

"Is there a way to track what happened to it"

Sure... but I'm wondering... do you actually have a public MX record even configured for your domain?  Because above you stated that you don't have a FQDN pointing to your SBS's IP.  

Also above you stated, " look at the firewall log revealed that there were packets on ports 445, 110, 335, and 339. After I opened 445 and 339" and I want to be absolutely clear to you that those ports should NOT be opened.  This is RPC over HTTPS which only requires port 443 open on your SBS's firewall (router).  You don't need to go outside of any of the instructions I already linked for you.

Jeff
TechSoEasy
0
 

Author Comment

by:luefher
ID: 20068221
I tried to search for that message by going to Exchange Server Manager > Tools > Message Tracking Center and searching for messages addressed to user@mydomain.com... I've setup the MX record for subdomain.mydomain.com yesterday, and checked it today at dnsstuff.com, it points to my external IP address. I've closed up ports 445, 110, 335, 339. At this point I have 443 and 25 open and directed to the local IP address of the server...
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20068245
Please check whether or not your new Host Name is actually connecting to your Exchange Server by going to http://www.mxtoolbox.com

Jeff
TechSoEasy
0
 

Author Comment

by:luefher
ID: 20068503
The MX Lookup for "domain.com" showed the following:


Preference      10
Host Name      mx-subdomain.domain.com
IP Address      my external IP address
TTL             14400

10/12/2007 2:28:33 PM Central Standard Time
DNS Host: Unknown
Email Host:


When I clicked Diagnostics, and entered "mx-subdomain.domain.com" for the Mail Server, it showed this:


Banner:         
domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 12 Oct 2007 15:33:00 -0400 [62 ms]
Connect Time:       0.062 seconds - Good
Transaction Time:       5.281 seconds - Warning
Relay Check:       OK - This server is not an open relay.
Rev DNS Check:       OK - 24.184.57.42 resolves to ...domain.net
GeoCode Info:       Geocoding server is unavailable
Session Transcript:       
HELO mxtoolbox.com - DIAGNOSTIC TEST - See http://www.mxtoolbox.com/Policy.aspx
501 5.5.4 Invalid Address [5047 ms]
HELO mxtoolbox.com
250 domain.com Hello [64.20.227.131] [47 ms]
MAIL FROM: <test@mxtoolbox.com>
454 5.7.3 Client does not have permission to submit mail to this server. [62 ms]


Must be that last line (454 5.7.3) that's the problem?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20068762
There's no problem from that report.

If you are having problems receiving email from your GMail account I don't know why, other than you not having your proper SMTP address configured on your user account.  This would normally be done automatically when you run the CEICW and put domain.com as your Email Domain Name.

What you might want to do is send a message OUT to your GMail account and then reply back and see if that works.  It could take GMail up to 48-hours from when you configured the MX record to actually get the proper DNS propagation.

Also, if your IP Address is DYNAMIC, then you will need to use your ISP's SMTP Server as a Smart Host for sending email because otherwise, most major ISP's will reject it.  Check the Blacklists at www.mxtoolbox.com (I'd guess that you're listed... but that's normal with Dynamic IP Address Ranges).

Jeff
TechSoEasy
0
 

Author Comment

by:luefher
ID: 20071556
Just checked my gmail - the one I sent yesterday in the morning (from domain.com to gmail and then replied) NDN'd with this error:

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

    luefher@arthou.com

Message will be retried for 2 more day(s)

Technical details of temporary failure:
TEMP_FAILURE: SMTP Error (state 12): 454 5.7.3 Client does not have permission to submit mail to this server.

  ----- Message header follows -----

Received: by 10.142.84.3 with SMTP id h3mr907217wfb.1192192659434;
       Fri, 12 Oct 2007 05:37:39 -0700 (PDT)
Received: by 10.142.199.18 with HTTP; Fri, 12 Oct 2007 05:37:39 -0700 (PDT)
Message-ID: <594c5b520710120537q1d9acbaoebf4f28aacc3901a@mail.gmail.com>
Date: Fri, 12 Oct 2007 08:37:39 -0400
From: "=?UTF-8?Q?L=C5=ABfher?=" <luepher@gmail.com>
To: "=?UTF-8?Q?l=C5=ABfher?=" <luefher@arthou.com>
Subject: test
MIME-Version: 1.0
Content-Type: multipart/alternative;
       boundary="----=_Part_5575_24691244.1192192659433"


It's got to be some setting somewhere in Exchange...
Smart host is only for outbound mail, though, right?
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 20076808
Did you disable anonymous access on the Exchange Virtual SMTP Server?

Jeff
TechSoEasy
0
 

Author Comment

by:luefher
ID: 20095320
hooray!! enabling it solved bounce-backs! thank you so much for all your help!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question