POP3 authentication problem - Exchange 2003

Panda 5888
Panda 5888 used Ask the Experts™
on
Environment:
- AD 2003 SP2
- Exchange 2003 SP2
- Outlook 2003 SP3

IT happened many months ago where a few users can't login to their POP3 account, via Outlook, mobile phone, tabletPC, etc. The issue was never resolved, those users switched to RPC/HTTPs/OWA

And more and more users are having the problem.

If I create a new user, the new users will not have this problem

 Error on Outlook
There is no event error logged on the Exchange server, AD server or the PC.

I have no clue what is going on.

Please help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Mike ThomasConsultant
Top Expert 2010

Commented:
What format are the users typing their user names? if just "username" try username@domain.local (where domain is the Domain name where the user account belongs not the email domain name)
Panda 5888Engineer

Author

Commented:
I have tried <user_id>@domain.com, domain\user_id and also just user_id ... all doesn't work.
Panda 5888Engineer

Author

Commented:
it used to work with just user_id ...

FYI I have actually installed a new Exchange 2003 server, move all mailboxes over to the new server and remove the old Exchange 2003 server, yet some of our users still have this problem ...
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Mike ThomasConsultant
Top Expert 2010

Commented:
Have you actually started the default POP3 virtual server on the new exchange box? and set the authentication type that the users should use? and are the users connecting to the new server? check these things next.

Panda 5888Engineer

Author

Commented:
yep ... POP3 virtual server is on, authentication set to basic ... we have been using that same setting for years. But now 2 out of 10 users can't login to POP3.   8 will have no problem...
Mike ThomasConsultant
Top Expert 2010

Commented:
Then there must be something about these 2 out of 10 users, cached credentials? try password resets, double check details, double check connectivity to the new exchange servers, try to find the common denominator really. Check the obvious as we sometimes dismiss that without reason.
Panda 5888Engineer

Author

Commented:
The only thing that I think is consistent is the user_id(AD) itself ... ..  because the same user can't access POP3 from any PC, mobile phone(Android, Iphone, etc), tabletPC ....  but another user can access POP3 from those same PC, mobile phone(Android, Iphone, etc), tabletPC. But there is no event viewer error, I have no idea where to drill into. ..
Mike ThomasConsultant
Top Expert 2010

Commented:
I just read this tip

Try loggin in with the username "DOMAIN\ACCOUNT\ALIAS"

If the mailbox alias is not the same as the domain account name this might be the issue here...so check that for a user after you test.

Panda 5888Engineer

Author

Commented:
amazing ... .yr suggestion actually resolved 1 user's problem, he has a different alias, so I have changed his alias to be same as his user_id, it is working for him now..

but another 2 users aren't so lucky, both of them has a user_id = alias .... they still have POP3 problem.
I remember changing their alias to something else sometimes ago, but I have changed it back to be the same as their user_id back then....
Mike ThomasConsultant
Top Expert 2010

Commented:
Well that's a start, you possibly have a few issues here so it might be worth checking the alias thing out for all the users and seeing what's is left to fix then we can deal with that after, also have any of these users been migrated to or imported to the domain?
Panda 5888Engineer

Author

Commented:
thanks...
hmm no, we only have 1 forest, 1 domain .. it is a fairly simple environment here. I'll get that 2 users to try DOMAIN\ACCOUNT\ALIAS later....
Panda 5888Engineer

Author

Commented:
the 2 users tried DOMAIN\ACCOUNT\ALIAS, it didn't work. .... .weird !!

My mailbox Account ID and Alias is different, but I can just login with account_id@domain.com ...
Panda 5888Engineer

Author

Commented:
I found that if I do not enable "Anonymous" authentication on Exchange 2003 front-end SMTP virtual server, the 2 users cannot send emails via SMTP. All other users can...
Error as such  
setting
setting
I don't think enabling  "Anonymous" authentication on Exchange 2003 front-end SMTP virtual is a good idea..... any ideas?
haha.jpg
Mike ThomasConsultant
Top Expert 2010

Commented:
No do not enable anon, is it just these 2 users who are havng issues now?
Panda 5888Engineer

Author

Commented:
yes 2 users .... when I enable anon, everything can go thru the SMTP virtual server ....including the 2 problem users. .... if I disable anon, the 2 problem users will not be able to send emails via the front-end server .... I tried connecting them to the back-end server, they are able to send emails via the back-end server.
So I guess something is wrong between the front-end and back-end server, for these 2 users.. ..
Mike ThomasConsultant
Top Expert 2010

Commented:

Try just a password reset for this users? might go as far as recreating their accounts in AD, then reconnect old mailboxes to them etc, unless you can figure out what is different about these 2 users.
Engineer
Commented:
I have got Microsoft per incident support, using Microsoft network monitor 3.4 tool, we found some authentication problem. .. Further investigation reveals that those 2 user's security inheritance check box from its parent was unchecked. So just check it and manually enter all permissions for SELF, and it will resolve the problem.
Panda 5888Engineer

Author

Commented:
no comment

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial