We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


MSExchangeTransport Event ID:7004 504 Need to authenticate first

emgee11 asked
Medium Priority
Last Modified: 2012-05-11
I'm running Windows Small Business Server 2003 with Exchange 2003. We only have the one server. The remote host IP shown is not ours or our ISP's.

Yesterday I had two occurrences of the following error logged:


This is an SMTP protocol error log for virtual server ID 1, connection #8. The remote host "", responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 2536 2 ". This will probably cause the connection to fail. For more information, click http://www.microsoft.com/contentredirect.asp.

I followed the MS KB article 843106. On our side it seems things are configured as outlined.

If there is any other information I can provide to help diagnose please let me know.

PS: I'm not an Exchange expert.  :-)

Thank you!
Watch Question

Did you go through this


Well I guess you did

SurpressExternal, as you noted, only influences outbound EXEXCH50, not inbound Exch50. You can allow anonymous Exch50 to come in by following the steps at http://www.microsoft.com/technet/prodtechnol/exchange/Guides/Ex2k3DepGuide/02bd89b4-715d-4048-999b-070640e9c49e.mspx?mfr=true. But rather than do this you're better of making sure the mail between your two servers is authenticated.
If you wish to disable the Exch50 completely, you can do it by modifying the unregistering the exch50 DLL, but I wouldn't recommend doing this either.

I'd look closer at the SMTP protocol logs for your system, I don't believe XEXCH50 is your issue. Failing Exch50 does not interrupt mailflow and should cause no problems. Outbound SMTP should always continue the SMTP session after failing to issue Exch50 and will continue to submit mail (both for mail between your two servers and mail coming in externally from the internet. the ability to send / retrieve Exch50 shouldn't change with time and require a reboot, either... I'd start there for your investigation.
Is mail queued up? If so, there's a diagnostic string in the queue viewer that should help you indicate why you need to reboot a server to regain mailflow.

Are you having any mail flow issues?



Mail is not queued up and mailflow in/out is working. I see no disruption that way.

I do not know whose server that is (aside from doing an NSLOOKUP). We're a small business and we don't do anything fancy with our Exchange other than send/receive e-mail between our customers, suppliers, etc.

My concern is whether our SBS2003/Exchange 2003 box is/has been compromised in any way.
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview



The domain is one we've e-mailed with before. Not sure why their server (I assume) this time caused the issue, but I'll assume it is ok. My users haven't seen any disruption or issues communicating.

I was more concerned about the system being compromised due the "Send As" portion contained in the error.

Thanks for your advice and input.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.