Solved

IMAP not working Exchange 2003 (SBS 2003 Server)

Posted on 2014-12-11
17
288 Views
Last Modified: 2014-12-19
I am working on an SBS 2003 server with Exchange 2003, and cannot get IMAP to work through the email client (outlook) or a smart phone. The connection fails when trying to setup the IMAP account and says the server refused connection. I have tried to telnet from the command line on the exchange server to both the server IP and Loopback and port 143 and I get:

* BYE Connection refused

Connection to host lost.

If I telnet to 993 I get a blinking cursor with no information


Connection to host lost.

Here are other steps I have taken so far:

-Checked Server is listening on 143 using CMD netstat -na|find ":143"
(I got TCP 0.0.0.0:143 0.0.0.0:0 LISTENING)
-Ports 143 and 993 opened on Firewall and confirmed open using canyouseeme.org. Was successful for both.
-Confirmed Microsoft Exchange IMAP4 service running in services
-Checked and set Default IMAP4 Virtual Server...Access...connection to "All except the list below" (no IP's listed).
-Made sure IMAP4 Virtual Server showed started
-Checked General Tab and setting set to "All Unassigned" Advanced set to "All Unassigned" TCP 143 and SSL 993
-Made sure the user properties had the IMAP4 "Enabled, using protocal defaults" under the Exchange Features tab in Active Directory.

We have no 3rd party software firewall loaded on the server, and the antivirus does not have firewall capabilities at all. Thank you in advance for your help.
0
Comment
Question by:ckleavitt2
  • 9
  • 8
17 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40495020
Why are you trying to configure IMAP as opposed to Activesync for Mobiles and RPC over HTTPS for Outlook?

IMAP is available, but you have better options available out of the box at your disposal.

Alan
0
 

Author Comment

by:ckleavitt2
ID: 40495041
I have a few users connected to other exchange servers already, but I needed to give them access to an email on this servers domain.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40495058
How are they going to access the server and are they internal or external?

Alan
0
 

Author Comment

by:ckleavitt2
ID: 40495131
They access the server while both in the office and externally. We have a VPN for a few and others would connect directly to the server via IMAP.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40495686
Do you know about Outlook using RPC over HTTPS and Activesync?
0
 

Author Comment

by:ckleavitt2
ID: 40497898
I have not worked with RPC over HTTPS and the phones are connected using ActiveSync, but I have mistakenly thought that you could only connect to a single exchange server with outlook and with the phones ActiveSync. I now see that 2010 ( or 2013, but not with exchange 2003) can in-fact support multiple exchange servers under the sam profile. Do you recommend RPC over HTTPS as opposed to setting up the additional exchange account in outlook and they just use the VPN they already use for ERP and File Shares? Thanks for your help Alan, you have been a big help in the past too.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40497920
The beauty of the RPC over HTTPS option is it will work without a VPN and starting with Outlook 2010, you can add multiple Exchange accounts in the same profile.  Personally I think  this is much better that IMAP accounts, if you have the option to use it over IMAP.

Mobiles can have multiple Activesync accounts configured on the same device without any issues.

If they are already using VPN, then you can configure Exchange without the RPC over HTTPS option, but it might be worth getting that working so that when the users drop the VPN, email still works.

Now with SBS 2003, you may have come across my Activesync Article to get that up and running an if that is up and running, all you need to do is make sure the RPC virtual directory in IIS has Basic and Windows Authentication enabled and the RPC over HTTPS option should work too.

Both of the above need an SSL certificate with a proper Fully Qualified Domain Name in it.  This can be a self-issued one, but the cost of a purchase certificate is about £30 a year so not a massive outlay.

So - now I've hopefully stopped asking questions!  What would you like to do and what do you need help with?

(Always happy to help).

Alan
0
 

Author Comment

by:ckleavitt2
ID: 40501161
Alan,

Our users are a mix of 2010 and 2007 outlook. So, I guess RPC over HTTPS might not be an option for the 2007 users. I think it would be beneficial to get the RPC setup, which If you know a good guide I would appreciate it. I would still like to get IMAP going  for those users on 2007 if possible, and am of course stuck on that. Any thoughts?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:ckleavitt2
ID: 40501165
I don't think mind is working today. I read your above post wrong. You were not saying RPC only works with 2010, but rather in the same profile with 2010 and above?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40501203
RPC will work with Outlook 2003 and up - it's just the multiple Exchange accounts in the same profile that needs Outlook 2010 to work, so if the 2007 users don't need more than one account, then you should be fine.

Are you using a self-issued certificate or a trusted 3rd party certificate?

It's way easier to get a 3rd party cert to work with RPC.

Alan
0
 

Author Comment

by:ckleavitt2
ID: 40501270
We have a cert we purchased.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40501390
Perfect.

So - if you visit the test site at https://testexchangeconnectivity.com, run the Outlook Connectivity test but then on the following page, specify manual server settings.

The RPC Proxy server is your public FQDN e.g., mail.domain.com (and should match your SSL certificate name) and the Exchange server is your internal server FQDN e.g., SBS2003.internaldomain.local.  The Mutual auth principal name should be msstd:mail.domain.com and the Authentication is usually Basic but should match your server.

Runt hat test and see if you get a good result.  If not, modify the RPC virtual Directory Security Settings in IIS Manager and make sure it has Basic and Integrated Windows Auth enabled, then apply the settings, run assert from a command prompt and re-test.  Better now?

Alan
0
 

Author Comment

by:ckleavitt2
ID: 40501421
Ok will do at my next opportunity. Thanks.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40501429
No problems - ready as and when you are.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 40501430
BTW - you can run the test from any computer in any location (as long as you know the right settings).
0
 

Author Comment

by:ckleavitt2
ID: 40509215
Looks like we will be upgrading the servers soon, so I can roll this out then. Thank you for the help.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40509282
No problems - good luck and have a Happy Xmas / New Year.

Alan
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now