Exchange 2003 SBS server and client POP3 connections

We have a Windows 2003 SBS server that the Exchange 2003 has been dormant for some time since a previous system administrator had chosen to outsource the mail hosting.  The current users have been Popping the mail from this host to their Outlook clients.

The client wanted to begin to host mail internally now.  I've requested and received the MX record change to point to our outside address.

Comcast Business Class Internet service.  Cable Modem is configured to place our Cicso/Linksys EA6500 router in the DMZ.  The EA6500 is configured to pass ports 110, 25, 443, 80, 143, 593, 135 and 445 via the "Single Port Forwarding" setup in the "Apps and Gaming" Security tab.

I am able to telnet from an outside server to the POP3 and SMTP ports.

My issue is that some of the users can authenticate using POP3 but some are not able.  The error is "-ERR Logon failure: unknown user name or bad password."
All the users can authenticate to the Outlook Web Access portal.

I have run the CEICW a few times and still no luck.  I've changed the passwords for the users that could not connect and that has not made any difference.

Exchange 2003 is updated to SP2.
AmboniaSystem EngineerAsked:
Who is Participating?
 
Gareth GudgerConnect With a Mentor Commented:
Sorry was thinking off the top of my head. Make sure Reversible Encryption is not checked. In fact, review all those checkboxes. Any checked?

It could be an inheritable permissions issue.

From ADUC, go to the View menu >> Advanced Features (make sure it has a check mark next to it).

Then go back into the properties of the user and select the Security tab >> Advanced button.

There should be a checkbox for Inheritance. This should be checked. If not, check it and hit Ok. Then retry the POP connection.
0
 
Gareth GudgerCommented:
Are you POP'ing directly to the IP address? You didn't mention any A records configured. Just MX.

Also, Exchange 2003 is end of life. So, I would recommend upgrading that to a newer version of Exchange as soon as you can.

What was the reason to go back to an on-prem solution?
0
 
AmboniaSystem EngineerAuthor Commented:
Yes we have "A" record as well as "MX" setup.

On-prem solution two reasons.  1. The moble users .pst files are vulnerable to data loss. 2. The desire of calendar sharing you get with Exchange.

Upgrading Exchange is not an option at this point.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Gareth GudgerCommented:
Have you considered Office 365?

You get all of that for $4 a user a month.

(Plus the backend is Exchange 2013).
0
 
AmboniaSystem EngineerAuthor Commented:
That is an idea.

However, I would certainly like to sort out the issue that was presented.

Do you have any ideas regarding why some users authenticate OK to POP3 and others do not?
0
 
Gareth GudgerCommented:
Have you confirmed whether the problem users have POP enabled on their individual AD accounts? See image:
http://windowsitpro.com/site-files/windowsitpro.com/files/archive/windowsitpro.com/content/content/48505/figure_01.gif

Also, make sure their Outlook clients are POP'ing to the old hosted server. You may also need to flush DNS at the client side if the A record is the same for POP (new IP). Make sure they don't have static entries in their HOSTS file for the POP server.
0
 
AmboniaSystem EngineerAuthor Commented:
Yes, the AD POP is enabled on the accounts.

I'll run the flushdns on the suspect client just to be sure.  However even when I use a fresh system to connect with the username and password giving problems I get the same result.  If I use a known good user/password credentials the connection is OK.

I'll be checking this out tomorrow.   Thanks.

The A record would be the same with a new IP.
0
 
AmboniaSystem EngineerAuthor Commented:
UPDATE:  Checked the client systems.  No static entries in Hosts file. DNS has been flushed.  The are not Popping to the old hosting server.

Attempted to change the password for the user in question, no change.

Finally deleted the user and recreated a new one and connected the mailbox to this new user.  That allowed the new username and password to work.
0
 
Gareth GudgerCommented:
Can you compare all properties from the new user and one of the remaining problem users? I am thinking this is more on the AD side than an Exchange issue.

Check account properties for example.
--Make sure reverse hash is not enabled
--Users must change password at next log on.

--Confirm that the account is not disabled
--Confirm the account is not locked out.

--Do a reset password on a problem account.
0
 
AmboniaSystem EngineerAuthor Commented:
Haven't heard of the "Reverse Hash" property.  Where is that or do I know it from as a different name?

Password is not set to change at next logon.
Account is not disabled,
Account is not locked out.

did a reset password on the account.

Still not working.
0
 
AmboniaSystem EngineerAuthor Commented:
It may be with the AD issue.  I just submitted another request regarding reattaching a mailbox to a new user.  When selecting a new user via the AD browser there are only Object shown no users.  So cannot reconnect.  However when view ADUC the users are all there.
0
 
AmboniaSystem EngineerAuthor Commented:
Thanks, Reversable Encryption is disabled.
Inheritance was not checked for this uers.

Can now logon.  Great!
0
 
Gareth GudgerCommented:
What was the fix?
0
 
AmboniaSystem EngineerAuthor Commented:
it appears that checking the box for allowing inheritance was what worked.
0
 
Gareth GudgerCommented:
Awesome!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.