Solved

Error when sending email via IMAP through exchange 2013

Posted on 2015-01-06
7
121 Views
Last Modified: 2016-06-21
Dear people,

I have a quite unique situation, for my caliber. I have a client with multiple domains, 12 till now, for internal compliance reasons. we are serving about 110 clients, spreaded in those domain. Each forest has its own ac controller, and mosto of them have succesful two way authentication. My problem is that i have Two exchange servers in two organixations, let's call the mr blue and mr green.

Some clients have mail accounts in mr blue, some on mr green and some to both. Since I cannot have or don't have the expertise to use autodiscovery for BOTH exchange organizaions on all my domains, I must find a way to connect my clients to both exchange servers, and organizations, in the same time. I dont care for most of the features All I need is to be able to send and receive from both using outlook 2013.

I am able to do so using OWA.  Also in all other domain except mr green i have added (using adsi and exchange powershell) autodiscovery service for mr blue. Now for all my clients except those that reside in mr green I can configure mr blue exchange in outlook.   My next thought was to use imap for those users in mr green, and thus to have a functional scenario. Indeed i was able to acivate IMAP and to connect mr green users to mr blue via IMAP (TLS port 143 and 25) ONLY, with no SMTP authentication checked in outlook (outgoing mail). Now I can send emails from mr green users to mr blue users (interanl mai) but no matter what i do, i cannot send to the rest of the world. every messege fails with the following error :  server error "550 5.7.1 unable to relay" just after my recipient address.

I can send correctly via OWA of cource, and all clients connected to mr blue with outlook-exchange can send normaly.

For more information, the remote connectivity  (exchange tools) is ok for sending and receiving via smpt (all tests are green) but fails in imap : (I don't have any certificate but the one exchange made on his own)


      
S: * OK The Microsoft Exchange IMAP4 service is ready.
C: 1 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LOGINDISABLED STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
C: 2 STARTTLS
S: 2 OK Begin TLS negotiation now.

Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolException: The remote certificate is invalid according to the validation procedure. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolTester.SecureConnection()
--- End of inner exception stack trace ---
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolTester.SecureConnection()
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.BaseProtocolTest.PerformTestReally()
Χρόνος που πέρασε: 1382 ms.  (thas greek - is says time passed)

same goes to pop3

Γίνεται έλεγχος του POP για το χρήστη consul\fmoul στον κεντρικό υπολογιστή cyta02.consul.gr:110:TLS.
       Ο έλεγχος ΡΟΡ απέτυχε.
       
      Πρόσθετες λεπτομέρειες
       
Χρόνος που πέρασε: 1555 ms.
       
      Βήματα ελέγχου
       
      Γίνεται δοκιμή επίλυσης του ονόματος κεντρικού υπολογιστή cyta02.consul.gr στο DNS.
       Το όνομα του κεντρικού υπολογιστή επιλύθηκε με επιτυχία.
       
      Πρόσθετες λεπτομέρειες
      Γίνεται έλεγχος της θύρας TCP 110 στον κεντρικό υπολογιστή cyta02.consul.gr για να εξασφαλιστεί ότι ανταποκρίνεται και είναι ανοιχτός.
       Η θύρα άνοιξε με επιτυχία.
       
      Πρόσθετες λεπτομέρειες
       
Χρόνος που πέρασε: 217 ms.
      Γίνεται έλεγχος της υπηρεσίας ΡΟΡ.
       Παρουσιάστηκε σφάλμα κατά τον έλεγχο της υπηρεσίας ΡΟΡ
       
      Πρόσθετες λεπτομέρειες
       
S: +OK The Microsoft Exchange POP3 service is ready.
C: CAPA
S: +OK
TOP
UIDL
STLS
.
C: STLS
S: +OK Begin TLS negotiation.

Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolException: The remote certificate is invalid according to the validation procedure. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolTester.SecureConnection()
--- End of inner exception stack trace ---
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolTester.SecureConnection()
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.BaseProtocolTest.PerformTestReally()
Χρόνος που πέρασε: 1324 ms.

PLEASE advise. is there any way to override this error. (IMAP ? POP3 ??).

Please not that using manual connection with exchange via https fails, I have a message that I excahnge must be connected to complete this action .etc..  i Believe you all know this issue .

I would very much like to provide me a way to have concurent connections with BOTH exchange servers in my clients regardless domain, (perfect scenario) but any suggestion will do at the the time.  Thanks, and plese do send if you need more info.
0
Comment
Question by:arigasexpert
  • 3
  • 2
7 Comments
 
LVL 15

Accepted Solution

by:
Ivan earned 500 total points
Comment Utility
Hi,

I had a same problem with POP/IMAP on Exchange 2013. Solution is to either use SMTP Authentication in Outlook (use option "Log on using" and write username and password, don't use option "use same username for..."),
or to grant relay permission for anonymous users.
First option is much better.
For second:
You need to go to the Exchange shell for granting the relay permission
Get-ReceiveConnector "<some_name>" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient

Regards,
0
 
LVL 15

Expert Comment

by:Ivan
Comment Utility
BTW, I just noticed that error is about exchange certificate. Are they all trusted and valid?
0
 

Author Comment

by:arigasexpert
Comment Utility
Thanks for the answer, but no joy. when I use use the option "Log on using" and write username and password, don't use option "use same username for..." it ask for username and pasword. I use the same credentians but I Cannot authenticate, test fails and cannot complete the outlook wizard.

My certificates are self signed. I fanthom that they are not valid and trusted anyware but in my exchange servers. ( so now they are not trusted.)
 Stil my issue is more likely to be an authentication one.
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
The self signed certificates generated by Exchange are not designed for production use. You need to switch to trusted certificates.

If you have two separate Exchange servers, then just ensure that Autodiscover works externally for them, then add the two accounts in Outlook as Exchange accounts.
That means running the new account wizard twice, entering the credentials when prompted. As long as the server resolves correctly and you have handled Autodiscover in the correct way (Which is not difficult when you are using a trusted certificate) then it will configure itself for you and you will have full functionality.

IMAP is  a pretty poor solution, only slightly better than POP3.

Simon.
0
 

Author Comment

by:arigasexpert
Comment Utility
Thanks you, for your answer, for you answer, i solved it by using spriggan13 suggetion on anonymous permisions, and I will now try to undestand how to implement autodiscovery for both organizations. I will switch to new certificates.
0
 
LVL 15

Expert Comment

by:Ivan
Comment Utility
Woohooo, points for me :)
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now