Member_2_6492660_1

asked on 3/30/2015

Exchange 2010 ReceiveConnector Event 1035

After migrating from Exchange 2007 to Exchange 2010 I made a big mistake not documenting my receive connector settings on Exchange 2007. Both exchange 2007 and exchange 2010 ran together for about two weeks then I completely uninstalled and removed the 2007 exchange server.

Now on a regular basis I get event 1035

Type :            Warning
Date :            2/13/2015
Time :            8:14:05 PM
Event :            1035
Source :            MSExchangeTransport
Category :      SmtpReceive
User :            N/A
Computer :      SERV025.FQDN.com
Description:
The description for Event ID ( 1035 ) in Source ( MSExchangeTransport ) could not be found.
Either the component that raises this event is not installed on the computer or the installation is corrupted.You can install or repair the component or try to change Description Server.

The following information was included with the event (insertion strings):
LogonDenied
Default SERV025
Ntlm
203.125.141.216

The ip address given is foreign not an ip address known by my system.

This occurs regularly with different ip addresses.

I have been blocking countries in my router but this is crazy..

I believe my default serv025 receiver connector is not setup correctly.

This is my default receive connector

[PS] C:\Windows\system32>get-receiveconnector 'default serv025' |fl

RunspaceId : e062116f-832a-4908-adce-e055fa4830b4
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {:::25, 0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
BareLinefeedRejectionEnabled : False
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : SERV025.fqdn.com
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : unlimited
MaxInboundConnectionPercentagePerSource : 100
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 60
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 5000
PermissionGroups : AnonymousUsers
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : SERV025
SizeEnabled : EnabledWithoutValue
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default SERV025
DistinguishedName : CN=Default SERV025,CN=SMTP Receive Connectors,CN=Protocols,CN=SERV025,CN=Serv ers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=MYDOMAIN,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=xxxx,DC=xxxx,DC=Mydomain,DC=com
Identity : SERV025\Default SERV025
Guid : c7f72790-8ffa-4d59-8de2-59a919e8b5a1
ObjectCategory : our.network.tgcsnet.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 3/29/2015 10:16:42 PM
WhenCreated : 1/10/2015 5:46:30 PM
WhenChangedUTC : 3/30/2015 2:16:42 AM
WhenCreatedUTC : 1/10/2015 10:46:30 PM
OrganizationId :
OriginatingServer : serv011.fqdn.com
IsValid : True

I think this is the cause
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer

What should this be? I am thinking I only need TLS

I have another receive connector for port 1025 and it only has TLS and it works I can receive email fro outside sources using port 1025.

Thoughts.

ExchangeEmail Servers

Last Comment

Member_2_6492660_1

8/22/2022 - Mon

ASKER CERTIFIED SOLUTION

Will Szymkowski

3/30/2015

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

GET A PERSONALIZED SOLUTION

Ask your own question & get feedback from real experts

Find out why thousands trust the EE community with their toughest problems.

Member_2_6492660_1

3/30/2015

ASKER

Will

I never had this issue on exchange 2007?

I really think it is the settings on the

AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer

What do you think will happen if I just leave TLS on?

Thoughts?

Will Szymkowski

3/30/2015

If you have left the defaults for the default receive connector then you should be fine. I would not be changing the default receive connector settings. This is not so much an issue with Exchange but security from your firewall to the Exchange server.

Exchange is doing its job blocking the connection from relaying off the default receive connector.

I would not worry about this error message.

Harden your firewall settings.

Will.

Member_2_6492660_1

3/30/2015

ASKER

Will

If I start blocking all these addresses that's all I will be doing is adding them one by one and they will just go to the next address and try.

What is the default receive connector settings look like. I believe mine is not default reason I say that is because when I first brought up exchange 2010 with my exchange 2007 I was making a lot of changes on the receive connectors to get things to work.

Do you have a fresh default receive connector that I can compare mine to?

Thanks

This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

rwheeler23

Will Szymkowski

3/30/2015

Here is my default receive connector for Exchange 2010

[PS] C:\Windows\system32>Get-ReceiveConnector -Identity "Ex1\default ex1" | fl


RunspaceId                              : 878434cd-72f5-4baa-ba43-f8ad68c7e9d7
AuthMechanism                           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {:::25, 0.0.0.0:25}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
BareLinefeedRejectionEnabled            : False
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    : EX1.example.com
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : unlimited
MaxInboundConnectionPercentagePerSource : 100
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 60
MaxLocalHopCount                        : 12
MaxLogonFailures                        : 3
MaxMessageSize                          : 10 MB (10,485,760 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 5000
PermissionGroups                        : ExchangeUsers, ExchangeServers, ExchangeLegacyServers
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : None
RemoteIPRanges                          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : False
ExtendedProtectionPolicy                : None
LiveCredentialEnabled                   : False
TlsDomainCapabilities                   : {}
Server                                  : EX1
SizeEnabled                             : EnabledWithoutValue
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : Default EX1
DistinguishedName                       : CN=Default EX1,CN=SMTP Receive Connectors,CN=Protocols,CN=EX1,CN=Servers,CN=E
                                          xchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Fi
                                          rst Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exampl
                                          e,DC=com
Identity                                : EX1\Default EX1
Guid                                    : 8559e25e-7f08-432e-8c68-bc5569278138
ObjectCategory                          : example.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 2/13/2015 8:01:13 PM
WhenCreated                             : 12/31/2014 10:43:36 AM
WhenChangedUTC                          : 2/14/2015 1:01:13 AM
WhenCreatedUTC                          : 12/31/2014 3:43:36 PM
OrganizationId                          :
OriginatingServer                       : DC.example.com
IsValid                                 : True

Open in new window

Will.

Member_2_6492660_1

3/30/2015

ASKER

Will

Thanks

Almost exactly the same

Yours
PermissionGroups : ExchangeUsers, ExchangeServers, ExchangeLegacyServers

Mine
PermissionGroups : AnonymousUsers

What's the difference?

IF I do not use "AnonymousUsers" then I can not receive email from outside sources?

Thoughts

Hariom

3/31/2015

Make sure your server is not an open relay

https://alanhardisty.wordpress.com/2010/07/12/how-to-close-an-open-relay-in-exchange-2007-2010/

⚡ FREE TRIAL OFFER

Try out a week of full access for free.

Find out why thousands trust the EE community with their toughest problems.

SOLUTION

Hariom

3/31/2015

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

GET A PERSONALIZED SOLUTION

Ask your own question & get feedback from real experts

Find out why thousands trust the EE community with their toughest problems.

Member_2_6492660_1

3/31/2015

ASKER

I ran this

Get-ReceiveConnector | Get-ADPermission | where {($_.ExtendedRights -like “*SMTP-Accept-Any-Recipient*”)} | where {$_.User -like ‘*anonymous*’} | ft identity,user,extendedrights

I have no open relays.

I also do not have a smart host defined.

Just do not know why I need all these on my default connector?
Only have one Exchange Server in my organization Do I really need Exchange Server as an authentication ?
What do I really require?

Default serv025 Port 25
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer

Port 1025
AuthMechanism : Tls

The port 1025 never receives the same error message I receive email on that port daily.

Ran the tests from http://www.mailradar.com/openrelay/

All tested completed! No relays accepted by remote host!

Thoughts

Hariom

3/31/2015

OK so you have 2 receive connector one for external and one for internal

1) Default serv025 - For External E-mail Receive
2) Port 1025 - For Internal E-mail Receive

External connector is receiving e-mail on port 25
Internal Connector is receiving e-mail on port 1025.

It seems that both the AuthMechanism is set correctly .

I guess some one from 203.125.141.216 is trying to connect to your exchange server , and due to security exchange is not allowing us.

Do you have any external users OR partner who is using this external connector as relay.

This is information events which states that exchange server has blocked the connection , you can block this user or ignore.

Member_2_6492660_1

3/31/2015

ASKER

Sorry for the confusion

I have two External Receive Connectors one for port 25 the other port 1025
External connector is receiving e-mail on port 25
External Connector is receiving e-mail on port 1025.
I have another receive connector for internal only.

Yes 203.125.141.216 is trying to connect and with my setup Exchange is rejecting this attempt.

No external partners no external users

All my external users you iphones tablets or outlook to connect using active sync.

I was trying to avoid having to manually block all of these attempts. It seems on certain days I get several who keep trying.

Most are one offs but some try over and over don't they get it?

Maybe I can write a script that will email me a list that I then can block or something like that

Know of any?

All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat

William Peck

Hariom

3/31/2015

Yes there are powershell scripts available to send an email when something happens in the Event Log.

http://sharepointjack.com/2013/powershell-to-send-an-email-when-something-happens-in-the-event-log/

Member_2_6492660_1

3/31/2015

ASKER

Guys

Thanks for the information

I will start working on a script that will email me a list daily of all the event 1035 errors with the ip address so I can block them if need be.

Thanks again