tadduci
asked on
Receiving event id 1035 inbound authentication failed on Exchange 2007
Does anyone know why my exchange 2007 server might be receiving these messages all of a sudden? I have no other problems to speak of...
Inbound authentication failed with error LogonDenied for Receive connector Default PGIEXCHSVR. The authentication mechanism is Gssapi. The source IP address of the client who tried to authenticate to Microsoft Exchange is [68.213.242.160].
Inbound authentication failed with error LogonDenied for Receive connector Default PGIEXCHSVR. The authentication mechanism is Gssapi. The source IP address of the client who tried to authenticate to Microsoft Exchange is [68.213.242.160].
ASKER
I do not recognize that ip but the first 3 octets are from my isp... the 4th octet does not belong to me.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We were having the same errors show up in the Application Event Log after upgrading to Exchange 2007 from Exchange 2003.
We got a work around from Microsoft's Exchange Support. I hope this information helps others so they don't have to pay an arm and a leg on a support call...
The problem stems from an authentication issue with the Gssapi as the log states. I was told it's an issue with the Default Receive Connector on the Exchange server. Here's the work around I was given (it worked for us):
Open the 'Exchange Management Console'
Expand the 'Server Configuration'
Click on 'Hub Transport'
Click on the Exchange server in the right pane
Right click on the 'Default ServerName' connector, Properties
Click on the 'Network' tab
Delete the default '0.0.0.0 255.255' entry under 'Receive mail from remote servers...'
Manually add the IP(s) or IP range(s) of your Exchange servers (this allows them to receive mail from each other)
Click 'OK'
Right click in the 'Receive Connectors' tab, New Receive Connector
Enter a name for the connector (i.e. From Internet)
Select the intended use should be 'Internet'
Click 'Next'
Enter the Fully Qualified Domain Name (FQDN) of your Exchange server
Click 'Next'
Click 'New', 'Finish'
Right click on the new connector you just created, Properties
Click on the 'Authentication' tab
Make sure the only option checked is 'Transport Layer Security (TLS)'
Click on the 'Permission Groups' tab
Make sure the only option checked is 'Anonymous'
Click 'OK'
You shouldn't see any more of these Event ID's in the Application Log anymore, and all of your mail should now be received correctly.
We got a work around from Microsoft's Exchange Support. I hope this information helps others so they don't have to pay an arm and a leg on a support call...
The problem stems from an authentication issue with the Gssapi as the log states. I was told it's an issue with the Default Receive Connector on the Exchange server. Here's the work around I was given (it worked for us):
Open the 'Exchange Management Console'
Expand the 'Server Configuration'
Click on 'Hub Transport'
Click on the Exchange server in the right pane
Right click on the 'Default ServerName' connector, Properties
Click on the 'Network' tab
Delete the default '0.0.0.0 255.255' entry under 'Receive mail from remote servers...'
Manually add the IP(s) or IP range(s) of your Exchange servers (this allows them to receive mail from each other)
Click 'OK'
Right click in the 'Receive Connectors' tab, New Receive Connector
Enter a name for the connector (i.e. From Internet)
Select the intended use should be 'Internet'
Click 'Next'
Enter the Fully Qualified Domain Name (FQDN) of your Exchange server
Click 'Next'
Click 'New', 'Finish'
Right click on the new connector you just created, Properties
Click on the 'Authentication' tab
Make sure the only option checked is 'Transport Layer Security (TLS)'
Click on the 'Permission Groups' tab
Make sure the only option checked is 'Anonymous'
Click 'OK'
You shouldn't see any more of these Event ID's in the Application Log anymore, and all of your mail should now be received correctly.
It could be an attempt to relay through your server using authenticated relaying. Does the error show which account it was?
Simon.
--
Once your question has been answered, please remember to accept an answer and close the question.