Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 381
  • Last Modified:

Exchange 2003 SBS server and client POP3 connections

We have a Windows 2003 SBS server that the Exchange 2003 has been dormant for some time since a previous system administrator had chosen to outsource the mail hosting.  The current users have been Popping the mail from this host to their Outlook clients.

The client wanted to begin to host mail internally now.  I've requested and received the MX record change to point to our outside address.

Comcast Business Class Internet service.  Cable Modem is configured to place our Cicso/Linksys EA6500 router in the DMZ.  The EA6500 is configured to pass ports 110, 25, 443, 80, 143, 593, 135 and 445 via the "Single Port Forwarding" setup in the "Apps and Gaming" Security tab.

I am able to telnet from an outside server to the POP3 and SMTP ports.

My issue is that some of the users can authenticate using POP3 but some are not able.  The error is "-ERR Logon failure: unknown user name or bad password."
All the users can authenticate to the Outlook Web Access portal.

I have run the CEICW a few times and still no luck.  I've changed the passwords for the users that could not connect and that has not made any difference.

Exchange 2003 is updated to SP2.
0
Ambonia
Asked:
Ambonia
  • 8
  • 7
1 Solution
 
Gareth GudgerCommented:
Are you POP'ing directly to the IP address? You didn't mention any A records configured. Just MX.

Also, Exchange 2003 is end of life. So, I would recommend upgrading that to a newer version of Exchange as soon as you can.

What was the reason to go back to an on-prem solution?
0
 
AmboniaAuthor Commented:
Yes we have "A" record as well as "MX" setup.

On-prem solution two reasons.  1. The moble users .pst files are vulnerable to data loss. 2. The desire of calendar sharing you get with Exchange.

Upgrading Exchange is not an option at this point.
0
 
Gareth GudgerCommented:
Have you considered Office 365?

You get all of that for $4 a user a month.

(Plus the backend is Exchange 2013).
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
AmboniaAuthor Commented:
That is an idea.

However, I would certainly like to sort out the issue that was presented.

Do you have any ideas regarding why some users authenticate OK to POP3 and others do not?
0
 
Gareth GudgerCommented:
Have you confirmed whether the problem users have POP enabled on their individual AD accounts? See image:
http://windowsitpro.com/site-files/windowsitpro.com/files/archive/windowsitpro.com/content/content/48505/figure_01.gif

Also, make sure their Outlook clients are POP'ing to the old hosted server. You may also need to flush DNS at the client side if the A record is the same for POP (new IP). Make sure they don't have static entries in their HOSTS file for the POP server.
0
 
AmboniaAuthor Commented:
Yes, the AD POP is enabled on the accounts.

I'll run the flushdns on the suspect client just to be sure.  However even when I use a fresh system to connect with the username and password giving problems I get the same result.  If I use a known good user/password credentials the connection is OK.

I'll be checking this out tomorrow.   Thanks.

The A record would be the same with a new IP.
0
 
AmboniaAuthor Commented:
UPDATE:  Checked the client systems.  No static entries in Hosts file. DNS has been flushed.  The are not Popping to the old hosting server.

Attempted to change the password for the user in question, no change.

Finally deleted the user and recreated a new one and connected the mailbox to this new user.  That allowed the new username and password to work.
0
 
Gareth GudgerCommented:
Can you compare all properties from the new user and one of the remaining problem users? I am thinking this is more on the AD side than an Exchange issue.

Check account properties for example.
--Make sure reverse hash is not enabled
--Users must change password at next log on.

--Confirm that the account is not disabled
--Confirm the account is not locked out.

--Do a reset password on a problem account.
0
 
AmboniaAuthor Commented:
Haven't heard of the "Reverse Hash" property.  Where is that or do I know it from as a different name?

Password is not set to change at next logon.
Account is not disabled,
Account is not locked out.

did a reset password on the account.

Still not working.
0
 
AmboniaAuthor Commented:
It may be with the AD issue.  I just submitted another request regarding reattaching a mailbox to a new user.  When selecting a new user via the AD browser there are only Object shown no users.  So cannot reconnect.  However when view ADUC the users are all there.
0
 
Gareth GudgerCommented:
Sorry was thinking off the top of my head. Make sure Reversible Encryption is not checked. In fact, review all those checkboxes. Any checked?

It could be an inheritable permissions issue.

From ADUC, go to the View menu >> Advanced Features (make sure it has a check mark next to it).

Then go back into the properties of the user and select the Security tab >> Advanced button.

There should be a checkbox for Inheritance. This should be checked. If not, check it and hit Ok. Then retry the POP connection.
0
 
AmboniaAuthor Commented:
Thanks, Reversable Encryption is disabled.
Inheritance was not checked for this uers.

Can now logon.  Great!
0
 
Gareth GudgerCommented:
What was the fix?
0
 
AmboniaAuthor Commented:
it appears that checking the box for allowing inheritance was what worked.
0
 
Gareth GudgerCommented:
Awesome!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now