Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 333
  • Last Modified:

IMAP not working Exchange 2003 (SBS 2003 Server)

I am working on an SBS 2003 server with Exchange 2003, and cannot get IMAP to work through the email client (outlook) or a smart phone. The connection fails when trying to setup the IMAP account and says the server refused connection. I have tried to telnet from the command line on the exchange server to both the server IP and Loopback and port 143 and I get:

* BYE Connection refused

Connection to host lost.

If I telnet to 993 I get a blinking cursor with no information


Connection to host lost.

Here are other steps I have taken so far:

-Checked Server is listening on 143 using CMD netstat -na|find ":143"
(I got TCP 0.0.0.0:143 0.0.0.0:0 LISTENING)
-Ports 143 and 993 opened on Firewall and confirmed open using canyouseeme.org. Was successful for both.
-Confirmed Microsoft Exchange IMAP4 service running in services
-Checked and set Default IMAP4 Virtual Server...Access...connection to "All except the list below" (no IP's listed).
-Made sure IMAP4 Virtual Server showed started
-Checked General Tab and setting set to "All Unassigned" Advanced set to "All Unassigned" TCP 143 and SSL 993
-Made sure the user properties had the IMAP4 "Enabled, using protocal defaults" under the Exchange Features tab in Active Directory.

We have no 3rd party software firewall loaded on the server, and the antivirus does not have firewall capabilities at all. Thank you in advance for your help.
0
ckleavitt2
Asked:
ckleavitt2
  • 9
  • 8
1 Solution
 
Alan HardistyCommented:
Why are you trying to configure IMAP as opposed to Activesync for Mobiles and RPC over HTTPS for Outlook?

IMAP is available, but you have better options available out of the box at your disposal.

Alan
0
 
ckleavitt2Author Commented:
I have a few users connected to other exchange servers already, but I needed to give them access to an email on this servers domain.
0
 
Alan HardistyCommented:
How are they going to access the server and are they internal or external?

Alan
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
ckleavitt2Author Commented:
They access the server while both in the office and externally. We have a VPN for a few and others would connect directly to the server via IMAP.
0
 
Alan HardistyCommented:
Do you know about Outlook using RPC over HTTPS and Activesync?
0
 
ckleavitt2Author Commented:
I have not worked with RPC over HTTPS and the phones are connected using ActiveSync, but I have mistakenly thought that you could only connect to a single exchange server with outlook and with the phones ActiveSync. I now see that 2010 ( or 2013, but not with exchange 2003) can in-fact support multiple exchange servers under the sam profile. Do you recommend RPC over HTTPS as opposed to setting up the additional exchange account in outlook and they just use the VPN they already use for ERP and File Shares? Thanks for your help Alan, you have been a big help in the past too.
0
 
Alan HardistyCommented:
The beauty of the RPC over HTTPS option is it will work without a VPN and starting with Outlook 2010, you can add multiple Exchange accounts in the same profile.  Personally I think  this is much better that IMAP accounts, if you have the option to use it over IMAP.

Mobiles can have multiple Activesync accounts configured on the same device without any issues.

If they are already using VPN, then you can configure Exchange without the RPC over HTTPS option, but it might be worth getting that working so that when the users drop the VPN, email still works.

Now with SBS 2003, you may have come across my Activesync Article to get that up and running an if that is up and running, all you need to do is make sure the RPC virtual directory in IIS has Basic and Windows Authentication enabled and the RPC over HTTPS option should work too.

Both of the above need an SSL certificate with a proper Fully Qualified Domain Name in it.  This can be a self-issued one, but the cost of a purchase certificate is about £30 a year so not a massive outlay.

So - now I've hopefully stopped asking questions!  What would you like to do and what do you need help with?

(Always happy to help).

Alan
0
 
ckleavitt2Author Commented:
Alan,

Our users are a mix of 2010 and 2007 outlook. So, I guess RPC over HTTPS might not be an option for the 2007 users. I think it would be beneficial to get the RPC setup, which If you know a good guide I would appreciate it. I would still like to get IMAP going  for those users on 2007 if possible, and am of course stuck on that. Any thoughts?
0
 
ckleavitt2Author Commented:
I don't think mind is working today. I read your above post wrong. You were not saying RPC only works with 2010, but rather in the same profile with 2010 and above?
0
 
Alan HardistyCommented:
RPC will work with Outlook 2003 and up - it's just the multiple Exchange accounts in the same profile that needs Outlook 2010 to work, so if the 2007 users don't need more than one account, then you should be fine.

Are you using a self-issued certificate or a trusted 3rd party certificate?

It's way easier to get a 3rd party cert to work with RPC.

Alan
0
 
ckleavitt2Author Commented:
We have a cert we purchased.
0
 
Alan HardistyCommented:
Perfect.

So - if you visit the test site at https://testexchangeconnectivity.com, run the Outlook Connectivity test but then on the following page, specify manual server settings.

The RPC Proxy server is your public FQDN e.g., mail.domain.com (and should match your SSL certificate name) and the Exchange server is your internal server FQDN e.g., SBS2003.internaldomain.local.  The Mutual auth principal name should be msstd:mail.domain.com and the Authentication is usually Basic but should match your server.

Runt hat test and see if you get a good result.  If not, modify the RPC virtual Directory Security Settings in IIS Manager and make sure it has Basic and Integrated Windows Auth enabled, then apply the settings, run assert from a command prompt and re-test.  Better now?

Alan
0
 
ckleavitt2Author Commented:
Ok will do at my next opportunity. Thanks.
0
 
Alan HardistyCommented:
No problems - ready as and when you are.
0
 
Alan HardistyCommented:
BTW - you can run the test from any computer in any location (as long as you know the right settings).
0
 
ckleavitt2Author Commented:
Looks like we will be upgrading the servers soon, so I can roll this out then. Thank you for the help.
0
 
Alan HardistyCommented:
No problems - good luck and have a Happy Xmas / New Year.

Alan
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 9
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now