We help IT Professionals succeed at work.

Exchange 2010 / Outlook 2007 Sending Mail Issue

good day everyone,

got the weirdest thing going on with our Exchange 2010/Outlook 2007, after migrating our users from Exchange 2003 to Exchange 2010 we started getting the following error in Outlook 2007:


Task 'BCM - Sending' reported error (0x800CCC80) : 'None of the authentication methods supported by this client are supported by your server.'

We do plan on using SSL for our OWA but it's not deployed as of yet. This happens not to the main SMTP account but the secondary account that is set up as a POP account (not POP server account) it's just an additonal send mail account the user has access to when composing a new email, there is an option where the click on Account and select which domain they want to be seen as when sending email.

if anyone has seen this before any help would be deeply appreciated, i have about 40 user that are not able to send from their second account. thank you.

Regards,

ITProfessional120

Comment
Watch Question

Sr. Systems Engineer
Commented:
Look at the client access on the server clients use in hub transport Exchange 2010 (as usual) has higher levels of security than previous versions.. you probably need to tell your clients they need to use SPA security when connecting now, or change the settings on the exchange server, although everyone freaks out over security the truth is it's very difficult for someone to get a password without encrypting because someone would have to be 'on the same network' and listening to everything between your client and your server..

That said, if you are working in intelligence or you are a target due to being a lawyers office, financial institution, etc.. you really don't have to worry about that.. it's keeping your server secure that you need to worry about not someone getting a users password so data encryption is overkill in probably 95% of the servers on the internet..



 
clientaccessexchange2010.jpg
Steve AgnewSr. Systems Engineer

Commented:
Oh it's Server Configuration Client Acces / POP3 ?IMAP tab (not hub transport)

Author

Commented:
the option is selected, should i select SPA under the profile in Outlook 2007?

Author

Commented:
or should i switch it to basic authentication?

Author

Commented:
tried it both ways and it came back with the same error message mentioned above. any else you can recommend?
Steve AgnewSr. Systems Engineer

Commented:
Yes you do now know you make changes they sometimes don't take effect until the software / server is rebooted...

You can try to turn on SPA in outlook, as I mentioned unless you have high security concerns due to your oranization- encryption is usually unnecessary overkill so turn it off on the server and reboot the server.

Author

Commented:
when you say turn it off do you mean select basic authentication or basic authentication (windows integrated)?

Author

Commented:
i forgot to mention we still have the exchange 2003 server running, it managing the journaling account since mx logic does not support exchange 2010 as of yet. should i do anything on the 2003 box?

i also see that under authentication on the 2003 box the anonymous, basic auth and integrated are all checked, could this be causing a conflict?

Author

Commented:
Just a heads up everyone, i was able to resolve this read below:


Exchange 2010 by default forces POP to use TLS authentication automatically to go along with their theme of
lock things down then open holes as admins see fit as opposed to earlier versions (2003 and prior) that allow everything in/out then you would create security/filtering etc. after the fact, The settings defined in Exchange 2003 won’t automatically carry over either. Because of this, when POP is utilized on the Exchange 2010 server, there are a few parameters that have to be set up even if upgrading from another Exchange environment.

there is a posibility that the install/uninstall of the AV scanning software could reset this service to it’s default settings  


under Exchange Manangement Console navigate to Server Configuration> Client Access> Authentication and select Plain Text Login in the X.509 ceritificate name box type in the FQDN of your OWA address, save the settings and reboot the server then try to send an email from that secondary POP account.



Author

Commented:
Thank you!!!

Author

Commented:
guys see my entry dated  06/15/10 02:09 PM, it has the rest of what needs to be done to get it working. DeadNight was right on point with his suggestion but there are some extra steps to follow that may or may not apply to your situation. thank you.