Solved

Exchange 2003 SBS server and client POP3 connections

Posted on 2014-04-21
15
368 Views
Last Modified: 2014-04-26
We have a Windows 2003 SBS server that the Exchange 2003 has been dormant for some time since a previous system administrator had chosen to outsource the mail hosting.  The current users have been Popping the mail from this host to their Outlook clients.

The client wanted to begin to host mail internally now.  I've requested and received the MX record change to point to our outside address.

Comcast Business Class Internet service.  Cable Modem is configured to place our Cicso/Linksys EA6500 router in the DMZ.  The EA6500 is configured to pass ports 110, 25, 443, 80, 143, 593, 135 and 445 via the "Single Port Forwarding" setup in the "Apps and Gaming" Security tab.

I am able to telnet from an outside server to the POP3 and SMTP ports.

My issue is that some of the users can authenticate using POP3 but some are not able.  The error is "-ERR Logon failure: unknown user name or bad password."
All the users can authenticate to the Outlook Web Access portal.

I have run the CEICW a few times and still no luck.  I've changed the passwords for the users that could not connect and that has not made any difference.

Exchange 2003 is updated to SP2.
0
Comment
Question by:Ambonia
  • 8
  • 7
15 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40013851
Are you POP'ing directly to the IP address? You didn't mention any A records configured. Just MX.

Also, Exchange 2003 is end of life. So, I would recommend upgrading that to a newer version of Exchange as soon as you can.

What was the reason to go back to an on-prem solution?
0
 

Author Comment

by:Ambonia
ID: 40013865
Yes we have "A" record as well as "MX" setup.

On-prem solution two reasons.  1. The moble users .pst files are vulnerable to data loss. 2. The desire of calendar sharing you get with Exchange.

Upgrading Exchange is not an option at this point.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40013882
Have you considered Office 365?

You get all of that for $4 a user a month.

(Plus the backend is Exchange 2013).
0
 

Author Comment

by:Ambonia
ID: 40013902
That is an idea.

However, I would certainly like to sort out the issue that was presented.

Do you have any ideas regarding why some users authenticate OK to POP3 and others do not?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40014038
Have you confirmed whether the problem users have POP enabled on their individual AD accounts? See image:
http://windowsitpro.com/site-files/windowsitpro.com/files/archive/windowsitpro.com/content/content/48505/figure_01.gif

Also, make sure their Outlook clients are POP'ing to the old hosted server. You may also need to flush DNS at the client side if the A record is the same for POP (new IP). Make sure they don't have static entries in their HOSTS file for the POP server.
0
 

Author Comment

by:Ambonia
ID: 40014061
Yes, the AD POP is enabled on the accounts.

I'll run the flushdns on the suspect client just to be sure.  However even when I use a fresh system to connect with the username and password giving problems I get the same result.  If I use a known good user/password credentials the connection is OK.

I'll be checking this out tomorrow.   Thanks.

The A record would be the same with a new IP.
0
 

Author Comment

by:Ambonia
ID: 40025217
UPDATE:  Checked the client systems.  No static entries in Hosts file. DNS has been flushed.  The are not Popping to the old hosting server.

Attempted to change the password for the user in question, no change.

Finally deleted the user and recreated a new one and connected the mailbox to this new user.  That allowed the new username and password to work.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40025241
Can you compare all properties from the new user and one of the remaining problem users? I am thinking this is more on the AD side than an Exchange issue.

Check account properties for example.
--Make sure reverse hash is not enabled
--Users must change password at next log on.

--Confirm that the account is not disabled
--Confirm the account is not locked out.

--Do a reset password on a problem account.
0
 

Author Comment

by:Ambonia
ID: 40025251
Haven't heard of the "Reverse Hash" property.  Where is that or do I know it from as a different name?

Password is not set to change at next logon.
Account is not disabled,
Account is not locked out.

did a reset password on the account.

Still not working.
0
 

Author Comment

by:Ambonia
ID: 40025252
It may be with the AD issue.  I just submitted another request regarding reattaching a mailbox to a new user.  When selecting a new user via the AD browser there are only Object shown no users.  So cannot reconnect.  However when view ADUC the users are all there.
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40025257
Sorry was thinking off the top of my head. Make sure Reversible Encryption is not checked. In fact, review all those checkboxes. Any checked?

It could be an inheritable permissions issue.

From ADUC, go to the View menu >> Advanced Features (make sure it has a check mark next to it).

Then go back into the properties of the user and select the Security tab >> Advanced button.

There should be a checkbox for Inheritance. This should be checked. If not, check it and hit Ok. Then retry the POP connection.
0
 

Author Comment

by:Ambonia
ID: 40025326
Thanks, Reversable Encryption is disabled.
Inheritance was not checked for this uers.

Can now logon.  Great!
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40025329
What was the fix?
0
 

Author Comment

by:Ambonia
ID: 40025349
it appears that checking the box for allowing inheritance was what worked.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40025356
Awesome!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now