wakatashi1
asked on
Exchange 2013 IMAP - authentication fails
I'm running Exchange 2013 with Cumulative Update 1 installed, on Windows Server 2012 standard.
I've started the IMAP services, and have used the Powershell command "Set-ImapSettings -LoginType 1" (as per http://technet.microsoft.com/en-us/library/aa998252(v=exchg.150).aspx) to allow plain text authentication on port 143. After changing this setting, I restarted both IMAP services.
I've tried Thunderbird and Opera Mail as IMAP clients, as well trying telnet to port 143 in the hope of getting more information on why the failure occurs. The error returned is "NO LOGIN failed".
I've experimented with different IMAP authentication types at the server end, restarting the IMAP services after each change. But I've never successfully made an IMAP connection using any combination of authentication types.
I've tried various things for the login string, as per http://blogs.technet.com/b/exchange/archive/2004/03/31/105275.aspx. For example, I've tried domain/username, and domain/username/alias, and various combinations involving the UPN name. I've tried backslashes instead of forward slashes. I'm confident that the password I'm using is correct.
I enabled IMAP protocol logging, and got the following:
2013-06-20T09:18:56.173Z,0 0000000000 000E4,0,10 .0.0.253:1 43,10.0.0. 253:59175, ,1,0,53,Op enSession, ,
2013-06-20T09:18:56.173Z,0 0000000000 000E4,1,10 .0.0.253:1 43,10.0.0. 253:59175, ,1,12,119, capability ,,R=ok
2013-06-20T09:18:56.191Z,0 0000000000 000E4,2,10 .0.0.253:1 43,10.0.0. 253:59175, ,6,31,30,a uthenticat e,plain,"R =""2 NO AUTHENTICATE failed."";Msg=AuthFailed:W ellKnownAc count"
2013-06-20T09:18:56.191Z,0 0000000000 000E4,3,10 .0.0.253:1 43,10.0.0. 253:59175, ,5,39,20,l ogin,domai n\administ rator *****,"R=""4 NO LOGIN failed."";Msg=LogonFailed: WellKnownA ccount"
2013-06-20T09:18:56.191Z,0 0000000000 000E4,4,10 .0.0.253:1 43,10.0.0. 253:59175, ,0,0,0,Clo seSession, ,
2013-06-20T09:18:56.191Z,0 0000000000 000E5,0,10 .0.0.253:1 43,10.0.0. 253:59176, ,1,0,53,Op enSession, ,
2013-06-20T09:18:56.206Z,0 0000000000 000E5,1,10 .0.0.253:1 43,10.0.0. 253:59176, ,1,12,119, capability ,,R=ok
2013-06-20T09:18:56.206Z,0 0000000000 000E5,2,10 .0.0.253:1 43,10.0.0. 253:59176, ,1,31,30,a uthenticat e,plain,"R =""2 NO AUTHENTICATE failed."";Msg=""AuthFailed :LogonDeni ed,User: administrator@dnsdomain.co m"""
2013-06-20T09:18:56.206Z,0 0000000000 000E5,3,10 .0.0.253:1 43,10.0.0. 253:59176, ,1,55,20,l ogin,admin istrator@d nsdomain.c om *****,"R=""4 NO LOGIN failed."";Msg=LogonFailed: LoginDenie d"
2013-06-20T09:18:56.221Z,0 0000000000 000E5,4,10 .0.0.253:1 43,10.0.0. 253:59176, ,0,0,0,Clo seSession, ,
I've tried "test-imapconnectivity -mailboxcredential:(get-cr edential domain\administrator) | fl", and got the following:
RunspaceId : ecef0b6b-183e-4211-929d-e0 46af7c062f
LocalSite : Default-First-Site-Name
SecureAccess : False
VirtualDirectoryName :
Url :
UrlType : Unknown
Port : 993
ConnectionType : Ssl
ClientAccessServerShortNam e : Server
LocalSiteShortName : Default-First-Site-Name
ClientAccessServer : Server.domain.local
Scenario : Test IMAP4 Connectivity
ScenarioDescription : Connect to server using IMAP4 protocol, search for the test message, and delete it along
with any messages that are older than 24 hours.
PerformanceCounterName : ImapConnectivity-Latency
Result : Failure
Error : IMAP Error: aYKG NO LOGIN failed.
UserName : administrator
StartTime : 20/06/2013 10:30:59
Latency : 00:00:00.0368441
EventType : Error
LatencyInMillisecondsStrin g :
Identity :
IsValid : True
ObjectState : New
So now I'm stumped. I really need this to work because I am performing a server migration from a legacy Linux mail server at the weekend. I can connect via IMAP to the Linux server with no problems. But Exchange IMAP has resisted all my efforts, so far.
Help!!
I've started the IMAP services, and have used the Powershell command "Set-ImapSettings -LoginType 1" (as per http://technet.microsoft.com/en-us/library/aa998252(v=exchg.150).aspx) to allow plain text authentication on port 143. After changing this setting, I restarted both IMAP services.
I've tried Thunderbird and Opera Mail as IMAP clients, as well trying telnet to port 143 in the hope of getting more information on why the failure occurs. The error returned is "NO LOGIN failed".
I've experimented with different IMAP authentication types at the server end, restarting the IMAP services after each change. But I've never successfully made an IMAP connection using any combination of authentication types.
I've tried various things for the login string, as per http://blogs.technet.com/b/exchange/archive/2004/03/31/105275.aspx. For example, I've tried domain/username, and domain/username/alias, and various combinations involving the UPN name. I've tried backslashes instead of forward slashes. I'm confident that the password I'm using is correct.
I enabled IMAP protocol logging, and got the following:
2013-06-20T09:18:56.173Z,0
2013-06-20T09:18:56.173Z,0
2013-06-20T09:18:56.191Z,0
2013-06-20T09:18:56.191Z,0
2013-06-20T09:18:56.191Z,0
2013-06-20T09:18:56.191Z,0
2013-06-20T09:18:56.206Z,0
2013-06-20T09:18:56.206Z,0
2013-06-20T09:18:56.206Z,0
2013-06-20T09:18:56.221Z,0
I've tried "test-imapconnectivity -mailboxcredential:(get-cr
RunspaceId : ecef0b6b-183e-4211-929d-e0
LocalSite : Default-First-Site-Name
SecureAccess : False
VirtualDirectoryName :
Url :
UrlType : Unknown
Port : 993
ConnectionType : Ssl
ClientAccessServerShortNam
LocalSiteShortName : Default-First-Site-Name
ClientAccessServer : Server.domain.local
Scenario : Test IMAP4 Connectivity
ScenarioDescription : Connect to server using IMAP4 protocol, search for the test message, and delete it along
with any messages that are older than 24 hours.
PerformanceCounterName : ImapConnectivity-Latency
Result : Failure
Error : IMAP Error: aYKG NO LOGIN failed.
UserName : administrator
StartTime : 20/06/2013 10:30:59
Latency : 00:00:00.0368441
EventType : Error
LatencyInMillisecondsStrin
Identity :
IsValid : True
ObjectState : New
So now I'm stumped. I really need this to work because I am performing a server migration from a legacy Linux mail server at the weekend. I can connect via IMAP to the Linux server with no problems. But Exchange IMAP has resisted all my efforts, so far.
Help!!
ASKER
Good idea. I tried both "domain\user" and "user@domain.com" forms of credentials, but both failed:
...and...
There was an error testing the IMAP service
Additional Details
S: * OK The Microsoft Exchange IMAP4 service is ready.
C: 1 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
C: 2 LOGIN administrator <password>
S: 2 NO LOGIN failed.
C: 3 LIST "" *
S: 3 BAD Command received in Invalid state.
Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolException: 3 BAD Command received in Invalid state.
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.ImapProtocolTester.SendCommand(String command, String logString)
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.BaseProtocolTest.PerformTestReally()
...and...
There was an error testing the IMAP service
Additional Details
S: * OK The Microsoft Exchange IMAP4 service is ready.
C: 1 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
C: 2 LOGIN administrator@domain.local <password>
S: 2 NO LOGIN failed.
C: 3 LIST "" *
S: 3 BAD Command received in Invalid state.
Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolException: 3 BAD Command received in Invalid state.
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.ImapProtocolTester.SendCommand(String command, String logString)
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.BaseProtocolTest.PerformTestReally()
Also check port 993 open
http://www.cknotes.com/?tag=exchange-server
http://www.visualcron.com/forum.aspx?g=posts&m=8189
http://www.cknotes.com/?tag=exchange-server
http://www.visualcron.com/forum.aspx?g=posts&m=8189
ASKER
Thanks - I think, though, that the solution there was to set the authentication type to plain text login.
And I've already done that with the "Set-ImapSettings -LoginType 1" Powershell command, unfortunately.
And I've already done that with the "Set-ImapSettings -LoginType 1" Powershell command, unfortunately.
ASKER
Thing is, I need to be able to connect on port 143 (rather than 993) using plain text, with no SSL.
Have you tested it on the SSL port to confirm whether it works that way or not? It could be that the change you made wasn't effective. Did you restart the IMAP service after making the change?
The authentication method is domain/username/alias or the UPN (which may or may not be the same as the Email address).
Simon.
The authentication method is domain/username/alias or the UPN (which may or may not be the same as the Email address).
Simon.
ASKER
Yes, I've tested it on port 993 with SSL. And yes, I was careful to restart both the IMAP and the IMAP Backend services on the server after making any changes to the authentication type with Powershell.
I've tried domain/username/alias, and I've tried the UPN also (which in this case isn't the same as the e-mail address). But no dice!
I've tried domain/username/alias, and I've tried the UPN also (which in this case isn't the same as the e-mail address). But no dice!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Simon - you are a superstar of the Universe! Other accounts work fine.
Just for the icing on the cake, any idea why the built-in Administrator account shouldn't work? It has a mailbox which is perfectly accessible using OWA.
Thanks,
Dave
Just for the icing on the cake, any idea why the built-in Administrator account shouldn't work? It has a mailbox which is perfectly accessible using OWA.
Thanks,
Dave
There are lots of restrictions on the Administrator account. Ideally you shouldn't use it for anything. Most of the sites I admin the Administrator password is set then locked away and all admins have their own account. It is used for emergencies only.
Simon.
Simon.
ASKER
Yes, I know and I agree. But I don't see why from a technical standpoint it shouldn't allow IMAP connections to a mailbox attached to that account.
Anyway, it's pretty much irrelevant - I can now do what I need to do. Thank you very much for your help.
Anyway, it's pretty much irrelevant - I can now do what I need to do. Thank you very much for your help.
https://www.testexchangeconnectivity.com/