Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Error when sending email via IMAP through exchange 2013

Posted on 2015-01-06
7
Medium Priority
?
180 Views
Last Modified: 2016-06-21
Dear people,

I have a quite unique situation, for my caliber. I have a client with multiple domains, 12 till now, for internal compliance reasons. we are serving about 110 clients, spreaded in those domain. Each forest has its own ac controller, and mosto of them have succesful two way authentication. My problem is that i have Two exchange servers in two organixations, let's call the mr blue and mr green.

Some clients have mail accounts in mr blue, some on mr green and some to both. Since I cannot have or don't have the expertise to use autodiscovery for BOTH exchange organizaions on all my domains, I must find a way to connect my clients to both exchange servers, and organizations, in the same time. I dont care for most of the features All I need is to be able to send and receive from both using outlook 2013.

I am able to do so using OWA.  Also in all other domain except mr green i have added (using adsi and exchange powershell) autodiscovery service for mr blue. Now for all my clients except those that reside in mr green I can configure mr blue exchange in outlook.   My next thought was to use imap for those users in mr green, and thus to have a functional scenario. Indeed i was able to acivate IMAP and to connect mr green users to mr blue via IMAP (TLS port 143 and 25) ONLY, with no SMTP authentication checked in outlook (outgoing mail). Now I can send emails from mr green users to mr blue users (interanl mai) but no matter what i do, i cannot send to the rest of the world. every messege fails with the following error :  server error "550 5.7.1 unable to relay" just after my recipient address.

I can send correctly via OWA of cource, and all clients connected to mr blue with outlook-exchange can send normaly.

For more information, the remote connectivity  (exchange tools) is ok for sending and receiving via smpt (all tests are green) but fails in imap : (I don't have any certificate but the one exchange made on his own)


      
S: * OK The Microsoft Exchange IMAP4 service is ready.
C: 1 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LOGINDISABLED STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
C: 2 STARTTLS
S: 2 OK Begin TLS negotiation now.

Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolException: The remote certificate is invalid according to the validation procedure. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolTester.SecureConnection()
--- End of inner exception stack trace ---
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolTester.SecureConnection()
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.BaseProtocolTest.PerformTestReally()
Χρόνος που πέρασε: 1382 ms.  (thas greek - is says time passed)

same goes to pop3

Γίνεται έλεγχος του POP για το χρήστη consul\fmoul στον κεντρικό υπολογιστή cyta02.consul.gr:110:TLS.
       Ο έλεγχος ΡΟΡ απέτυχε.
       
      Πρόσθετες λεπτομέρειες
       
Χρόνος που πέρασε: 1555 ms.
       
      Βήματα ελέγχου
       
      Γίνεται δοκιμή επίλυσης του ονόματος κεντρικού υπολογιστή cyta02.consul.gr στο DNS.
       Το όνομα του κεντρικού υπολογιστή επιλύθηκε με επιτυχία.
       
      Πρόσθετες λεπτομέρειες
      Γίνεται έλεγχος της θύρας TCP 110 στον κεντρικό υπολογιστή cyta02.consul.gr για να εξασφαλιστεί ότι ανταποκρίνεται και είναι ανοιχτός.
       Η θύρα άνοιξε με επιτυχία.
       
      Πρόσθετες λεπτομέρειες
       
Χρόνος που πέρασε: 217 ms.
      Γίνεται έλεγχος της υπηρεσίας ΡΟΡ.
       Παρουσιάστηκε σφάλμα κατά τον έλεγχο της υπηρεσίας ΡΟΡ
       
      Πρόσθετες λεπτομέρειες
       
S: +OK The Microsoft Exchange POP3 service is ready.
C: CAPA
S: +OK
TOP
UIDL
STLS
.
C: STLS
S: +OK Begin TLS negotiation.

Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolException: The remote certificate is invalid according to the validation procedure. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolTester.SecureConnection()
--- End of inner exception stack trace ---
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolTester.SecureConnection()
at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.BaseProtocolTest.PerformTestReally()
Χρόνος που πέρασε: 1324 ms.

PLEASE advise. is there any way to override this error. (IMAP ? POP3 ??).

Please not that using manual connection with exchange via https fails, I have a message that I excahnge must be connected to complete this action .etc..  i Believe you all know this issue .

I would very much like to provide me a way to have concurent connections with BOTH exchange servers in my clients regardless domain, (perfect scenario) but any suggestion will do at the the time.  Thanks, and plese do send if you need more info.
0
Comment
Question by:arigasexpert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 17

Accepted Solution

by:
Ivan earned 2000 total points
ID: 40533221
Hi,

I had a same problem with POP/IMAP on Exchange 2013. Solution is to either use SMTP Authentication in Outlook (use option "Log on using" and write username and password, don't use option "use same username for..."),
or to grant relay permission for anonymous users.
First option is much better.
For second:
You need to go to the Exchange shell for granting the relay permission
Get-ReceiveConnector "<some_name>" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient

Regards,
0
 
LVL 17

Expert Comment

by:Ivan
ID: 40533222
BTW, I just noticed that error is about exchange certificate. Are they all trusted and valid?
0
 

Author Comment

by:arigasexpert
ID: 40533231
Thanks for the answer, but no joy. when I use use the option "Log on using" and write username and password, don't use option "use same username for..." it ask for username and pasword. I use the same credentians but I Cannot authenticate, test fails and cannot complete the outlook wizard.

My certificates are self signed. I fanthom that they are not valid and trusted anyware but in my exchange servers. ( so now they are not trusted.)
 Stil my issue is more likely to be an authentication one.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40533409
The self signed certificates generated by Exchange are not designed for production use. You need to switch to trusted certificates.

If you have two separate Exchange servers, then just ensure that Autodiscover works externally for them, then add the two accounts in Outlook as Exchange accounts.
That means running the new account wizard twice, entering the credentials when prompted. As long as the server resolves correctly and you have handled Autodiscover in the correct way (Which is not difficult when you are using a trusted certificate) then it will configure itself for you and you will have full functionality.

IMAP is  a pretty poor solution, only slightly better than POP3.

Simon.
0
 

Author Comment

by:arigasexpert
ID: 40533858
Thanks you, for your answer, for you answer, i solved it by using spriggan13 suggetion on anonymous permisions, and I will now try to undestand how to implement autodiscovery for both organizations. I will switch to new certificates.
0
 
LVL 17

Expert Comment

by:Ivan
ID: 40534092
Woohooo, points for me :)
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question