Solved

IMAP not working Exchange 2003 (SBS 2003 Server)

Posted on 2014-12-11
17
306 Views
Last Modified: 2014-12-19
I am working on an SBS 2003 server with Exchange 2003, and cannot get IMAP to work through the email client (outlook) or a smart phone. The connection fails when trying to setup the IMAP account and says the server refused connection. I have tried to telnet from the command line on the exchange server to both the server IP and Loopback and port 143 and I get:

* BYE Connection refused

Connection to host lost.

If I telnet to 993 I get a blinking cursor with no information


Connection to host lost.

Here are other steps I have taken so far:

-Checked Server is listening on 143 using CMD netstat -na|find ":143"
(I got TCP 0.0.0.0:143 0.0.0.0:0 LISTENING)
-Ports 143 and 993 opened on Firewall and confirmed open using canyouseeme.org. Was successful for both.
-Confirmed Microsoft Exchange IMAP4 service running in services
-Checked and set Default IMAP4 Virtual Server...Access...connection to "All except the list below" (no IP's listed).
-Made sure IMAP4 Virtual Server showed started
-Checked General Tab and setting set to "All Unassigned" Advanced set to "All Unassigned" TCP 143 and SSL 993
-Made sure the user properties had the IMAP4 "Enabled, using protocal defaults" under the Exchange Features tab in Active Directory.

We have no 3rd party software firewall loaded on the server, and the antivirus does not have firewall capabilities at all. Thank you in advance for your help.
0
Comment
Question by:ckleavitt2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
17 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40495020
Why are you trying to configure IMAP as opposed to Activesync for Mobiles and RPC over HTTPS for Outlook?

IMAP is available, but you have better options available out of the box at your disposal.

Alan
0
 

Author Comment

by:ckleavitt2
ID: 40495041
I have a few users connected to other exchange servers already, but I needed to give them access to an email on this servers domain.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40495058
How are they going to access the server and are they internal or external?

Alan
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:ckleavitt2
ID: 40495131
They access the server while both in the office and externally. We have a VPN for a few and others would connect directly to the server via IMAP.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40495686
Do you know about Outlook using RPC over HTTPS and Activesync?
0
 

Author Comment

by:ckleavitt2
ID: 40497898
I have not worked with RPC over HTTPS and the phones are connected using ActiveSync, but I have mistakenly thought that you could only connect to a single exchange server with outlook and with the phones ActiveSync. I now see that 2010 ( or 2013, but not with exchange 2003) can in-fact support multiple exchange servers under the sam profile. Do you recommend RPC over HTTPS as opposed to setting up the additional exchange account in outlook and they just use the VPN they already use for ERP and File Shares? Thanks for your help Alan, you have been a big help in the past too.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40497920
The beauty of the RPC over HTTPS option is it will work without a VPN and starting with Outlook 2010, you can add multiple Exchange accounts in the same profile.  Personally I think  this is much better that IMAP accounts, if you have the option to use it over IMAP.

Mobiles can have multiple Activesync accounts configured on the same device without any issues.

If they are already using VPN, then you can configure Exchange without the RPC over HTTPS option, but it might be worth getting that working so that when the users drop the VPN, email still works.

Now with SBS 2003, you may have come across my Activesync Article to get that up and running an if that is up and running, all you need to do is make sure the RPC virtual directory in IIS has Basic and Windows Authentication enabled and the RPC over HTTPS option should work too.

Both of the above need an SSL certificate with a proper Fully Qualified Domain Name in it.  This can be a self-issued one, but the cost of a purchase certificate is about £30 a year so not a massive outlay.

So - now I've hopefully stopped asking questions!  What would you like to do and what do you need help with?

(Always happy to help).

Alan
0
 

Author Comment

by:ckleavitt2
ID: 40501161
Alan,

Our users are a mix of 2010 and 2007 outlook. So, I guess RPC over HTTPS might not be an option for the 2007 users. I think it would be beneficial to get the RPC setup, which If you know a good guide I would appreciate it. I would still like to get IMAP going  for those users on 2007 if possible, and am of course stuck on that. Any thoughts?
0
 

Author Comment

by:ckleavitt2
ID: 40501165
I don't think mind is working today. I read your above post wrong. You were not saying RPC only works with 2010, but rather in the same profile with 2010 and above?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40501203
RPC will work with Outlook 2003 and up - it's just the multiple Exchange accounts in the same profile that needs Outlook 2010 to work, so if the 2007 users don't need more than one account, then you should be fine.

Are you using a self-issued certificate or a trusted 3rd party certificate?

It's way easier to get a 3rd party cert to work with RPC.

Alan
0
 

Author Comment

by:ckleavitt2
ID: 40501270
We have a cert we purchased.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40501390
Perfect.

So - if you visit the test site at https://testexchangeconnectivity.com, run the Outlook Connectivity test but then on the following page, specify manual server settings.

The RPC Proxy server is your public FQDN e.g., mail.domain.com (and should match your SSL certificate name) and the Exchange server is your internal server FQDN e.g., SBS2003.internaldomain.local.  The Mutual auth principal name should be msstd:mail.domain.com and the Authentication is usually Basic but should match your server.

Runt hat test and see if you get a good result.  If not, modify the RPC virtual Directory Security Settings in IIS Manager and make sure it has Basic and Integrated Windows Auth enabled, then apply the settings, run assert from a command prompt and re-test.  Better now?

Alan
0
 

Author Comment

by:ckleavitt2
ID: 40501421
Ok will do at my next opportunity. Thanks.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40501429
No problems - ready as and when you are.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 40501430
BTW - you can run the test from any computer in any location (as long as you know the right settings).
0
 

Author Comment

by:ckleavitt2
ID: 40509215
Looks like we will be upgrading the servers soon, so I can roll this out then. Thank you for the help.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40509282
No problems - good luck and have a Happy Xmas / New Year.

Alan
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
In-place Upgrading Dirsync to Azure AD Connect
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question