[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1092
  • Last Modified:

MSExchangeTransport Event ID:7004 504 Need to authenticate first

I'm running Windows Small Business Server 2003 with Exchange 2003. We only have the one server. The remote host IP shown is not ours or our ISP's.


Yesterday I had two occurrences of the following error logged:

MSExchangeTransport  
7004

This is an SMTP protocol error log for virtual server ID 1, connection #8. The remote host "64.26.128.250", responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 2536 2 ". This will probably cause the connection to fail. For more information, click http://www.microsoft.com/contentredirect.asp.


I followed the MS KB article 843106. On our side it seems things are configured as outlined.

If there is any other information I can provide to help diagnose please let me know.

PS: I'm not an Exchange expert.  :-)

Thank you!
0
emgee11
Asked:
emgee11
  • 5
  • 2
1 Solution
 
steinmtoCommented:
Did you go through this

http://support.microsoft.com/kb/843106
0
 
steinmtoCommented:
Well I guess you did
0
 
steinmtoCommented:
SurpressExternal, as you noted, only influences outbound EXEXCH50, not inbound Exch50. You can allow anonymous Exch50 to come in by following the steps at http://www.microsoft.com/technet/prodtechnol/exchange/Guides/Ex2k3DepGuide/02bd89b4-715d-4048-999b-070640e9c49e.mspx?mfr=true. But rather than do this you're better of making sure the mail between your two servers is authenticated.
 
If you wish to disable the Exch50 completely, you can do it by modifying the unregistering the exch50 DLL, but I wouldn't recommend doing this either.

I'd look closer at the SMTP protocol logs for your system, I don't believe XEXCH50 is your issue. Failing Exch50 does not interrupt mailflow and should cause no problems. Outbound SMTP should always continue the SMTP session after failing to issue Exch50 and will continue to submit mail (both for mail between your two servers and mail coming in externally from the internet. the ability to send / retrieve Exch50 shouldn't change with time and require a reboot, either... I'd start there for your investigation.
 
Is mail queued up? If so, there's a diagnostic string in the queue viewer that should help you indicate why you need to reboot a server to regain mailflow.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
steinmtoCommented:
Are you having any mail flow issues?
0
 
emgee11Author Commented:
@steinmto:

Mail is not queued up and mailflow in/out is working. I see no disruption that way.

I do not know whose server that is (aside from doing an NSLOOKUP). We're a small business and we don't do anything fancy with our Exchange other than send/receive e-mail between our customers, suppliers, etc.

My concern is whether our SBS2003/Exchange 2003 box is/has been compromised in any way.
0
 
steinmtoCommented:
I would check and make sure you are not having any mailflow issue with cpisc-csic.ca.  That is the domain of the ip address 64.26.128.250 listed.  If not I think everything is fine and I do not think your email system was compromised.
0
 
emgee11Author Commented:
@steinmto:

The domain is one we've e-mailed with before. Not sure why their server (I assume) this time caused the issue, but I'll assume it is ok. My users haven't seen any disruption or issues communicating.

I was more concerned about the system being compromised due the "Send As" portion contained in the error.

Thanks for your advice and input.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now