Solved

Could BES be the issue with my exchange server?

Posted on 2012-03-26
16
241 Views
Last Modified: 2012-04-23
When moving to Exchange 2010, I also needed to move my BES server.

Part of the requirements for BES was to download and install http://www.microsoft.com/download/en/details.aspx?id=1004 on my Exchange Server.

I did this, and then later was told I shouldn't run the BES on the same machine as Exchange, so I created another virtual machine for BES. I have been having some issues with sending email on my exchange server. I have users that have multiple email accounts, and use our server to send all email.

Example:

email 1: user@mydomain.com pop:mail.mydomain.com smtp: mail.mydomain.com
email 2: user@someotherdomain.com pop:mail.someotherdomain.com smtp: mail.mydomain.com

Under the above setup, these users were able to send and receive email without any issues when we were on exchange 2003.

Now, under exchange 2010, they can receive email from both accounts, but they can't reply to email received from "user@someotherdomain.com"

I've gone over the "send as" permissions, and there doesn't appear to be a way to grant permissions to an account that isn't part of my domain.

Is there a possibility that this Messaging API and Collaboration Data Objects installation is causing these issues? If so, what's the best way to remove the software/repair exchange?

Bartender_1
0
Comment
Question by:Christopher McKay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
16 Comments
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37766397
I run BES on the same server as exchange.

What version of BES are you using?
0
 
LVL 22

Author Comment

by:Christopher McKay
ID: 37766418
Version 5.0.2 MR 1 (Bundle 25)
0
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37771481
Sorry I misread your post. The update shouldn't have any affect on it.

So am I understanding that this works:
email 1: user@mydomain.com pop:mail.mydomain.com smtp: mail.mydomain.com

but this one does not:
email 2: user@someotherdomain.com pop:mail.someotherdomain.com smtp: mail.mydomain.com
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 22

Author Comment

by:Christopher McKay
ID: 37771571
The second one does not send email. I get "5.7.1 Client does not have permissions to send as this sender." error when trying to reply to emails received on email 2.
0
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37772113
Sounds more like a relaying issue. You may want to double check some of your smtp settings possibly compare them to the old server if it is available.

Can you explain this more. The BES account should be a domain user.
"I've gone over the "send as" permissions, and there doesn't appear to be a way to grant permissions to an account that isn't part of my domain. "
0
 
LVL 22

Author Comment

by:Christopher McKay
ID: 37772267
User has an account on my network. Name: "user1@mydomain.com"
User has an account from their own domain (not hosted by us or them, hosted online) for email, Name: "user1@someotherdomain.com"

User is using a Mac computer, with email client.

These users are NOT using BES accounts. My query regarding the BES, is because it's something else in the mix that MAY be causing problems.


relay issue: Quite possibly, however, I'm not sure what I would need to change to make it work.
On Hub Transport, I have this:

Under Accepted Domains, Their "someotherdomain.com" is added as Type" External Relay" and Default is "False"


Current SMTP Settings are:

Send Connector configured on Exchange 2010 for "*.someotherdomain.com" Cost 1. Scoped send connector is NOT checked.

Under network tab, I have "Use domain name system (DNS) "MX" records to route mail automatically" selected, and "Enable Domain Security (Mutual Auth TLS) is NOT checked.
"Use the External DNS Lookup settings on the transport server" is checked.



Is there anything else I'm supposed to have?
0
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37772378
So user1@someotherdomain.com is trying to send/receive email from your exchange server instead of someotherdomain.com's mail server?
0
 
LVL 22

Author Comment

by:Christopher McKay
ID: 37772390
That's correct. I'm told that the reason is speed of connection to their server, and that I'm to just make it work like it used to work. (This worked previously on our Exchange 2003 setup, but doesn't work now on Exchange 2010.)
0
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37772418
Well you can try this:
"Under Accepted Domains, Their "someotherdomain.com" is added as Type" External Relay" and Default is "False""

Make it true

"Send Connector configured on Exchange 2010 for "*.someotherdomain.com" Cost 1. Scoped send connector is NOT checked."

Check the box

If it doesn't work I'll look at mine and see if anything rings a bell.
0
 
LVL 22

Author Comment

by:Christopher McKay
ID: 37772472
Under "Accepted Domains"

Their entry is marked false, but currently the entry for our domain is marked as "True", if I set theirs as default, will that not then mark mydomain entry as False?
0
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37772714
Ehhh don't change anything just yet. If you did change it back.

I compared mine to yours.

In the send connector properties make sure your fqdn is correct for your exchange server.

On mine the accepted domain is an internal relay which could be a simple difference in how we do things compared to you. Internal relay should do both external and internal though.

Then for a specific user we went to the Exchange Management Console and typed this:

Get-ReceiveConnector "External Relay" | Add-ADPermission -User "Domain\User" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
0
 
LVL 22

Author Comment

by:Christopher McKay
ID: 37777275
Is it possible to do this for an AD group? rather than just a user? Or should it be done on a per user basis?
0
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37781778
Looks like it is a per user thing. Here are the options for Add-AdPermission

http://technet.microsoft.com/en-us/library/bb124403.aspx
0
 
LVL 22

Author Comment

by:Christopher McKay
ID: 37812192
I've found something that may be the cause, however, I'm not sure how to fix it.

I've found that all my tests were succeeding, but to eliminate the potential that it was my admin account, I had someone else test this.
As murphy would have it, I didn't realize that the person testing this was also a domain admin. Therefore I had never tested a standard user.

When I setup a new "standard user" account, I found that the test failed on my computer. The same computer that succeeded with my account.

So, it looks like Admins can send as an external address, but standard users cannot. Where is this setting in Exchange? What permission or role do I have to give my standard users to make this work?
0
 
LVL 10

Accepted Solution

by:
pclinuxguru earned 500 total points
ID: 37832626
Well from playing with mine and looking over my notes from our conversion there is an issue with 2010 where by default it doesn't allow authenticated users to relay.

Add-AdPermission -Identity "Default Receive Connector" -User "NT AUTHORITY\Authenticated Users" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender

(replace Default Receive Connector with the name of your connector) is what we had to do to get my test install working. Authenticated Users should work. You can try swapping NT AUTHORITY\Authenticated Users with domain\domain users.
0
 
LVL 22

Author Comment

by:Christopher McKay
ID: 37848953
pclinuxguru, thanks so much for this! I've finally got it working, and have confirmed that there are no further issues on this front.

I will be accepting your solution as soon as I sort something out with an admin.

Bartender_1
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question