Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.
Exchange Server 2010 Event Error 1020 using Powershell
Windows 2008 R2 Server
Exchange 2010 Enterprise RU10
Created a PowerShell script to send email
I run this on my computer using powershell after I do this Enter-pssession -computername serv025
It works great.
Now I try to run the same script on my SERV025 (Windows 2008 R2 with Exchange 2010)
I get this event error
Log Name: Application
Source: MSExchangeTransport
Date: 7/22/2015 7:32:49 PM
Event ID: 1020
Task Category: SmtpReceive
Level: Warning
Keywords: Classic
User: N/A
Computer: SERV025.FQDN.com
Description:
The account 'mydom\administrator' provided valid credentials, but is not authorized to use the server; failing authentication.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchangeTransport"
<EventID Qualifiers="32772">1020</E
<Level>3</Level>
<Task>1</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2015-07-22T23:
<EventRecordID>206601</Eve
<Channel>Application</Chan
<Computer>SERV025.FQDN.com
<Security />
</System>
<EventData>
<Data>MYDOM\administrator<
<Data>Default SERV025</Data>
</EventData>
</Event>
Found this
The suggested resolution is to verify that the account that is specified in the event text has the MS-Exch-SMTP-Submit permission assigned to it on the appropriate Receive connectors on the Hub Transport server or Edge Transport server.
and I did this
PS] C:\Windows\system32>Add-AD
-Authoritative-Domain-Send
Identity User Deny Inherited
-------- ---- ---- ---------
SERV025\Client SER... mydom\administrator False False
[PS] C:\Windows\system32>Add-AD
-Any-Sender
Identity User Deny Inherited
-------- ---- ---- ---------
SERV025\Client SER... mydom\administrator False False
Still getting the event 1020
What am I missing here
Exchange 2010 Enterprise RU10
Created a PowerShell script to send email
$body = netsh advfirewall firewall show rule name="Block_IP" | Out-String
$PSEmailServer = "SERV025.FQDN.COM"
Send-MailMessage -From "no-reply@mydom.com" -To "support@mydom.com" -Subject "SERV025 Firewall Rule BlockIP Updated" -Body $body -smtpserver $PSEmailServer
I run this on my computer using powershell after I do this Enter-pssession -computername serv025
It works great.
Now I try to run the same script on my SERV025 (Windows 2008 R2 with Exchange 2010)
I get this event error
Log Name: Application
Source: MSExchangeTransport
Date: 7/22/2015 7:32:49 PM
Event ID: 1020
Task Category: SmtpReceive
Level: Warning
Keywords: Classic
User: N/A
Computer: SERV025.FQDN.com
Description:
The account 'mydom\administrator' provided valid credentials, but is not authorized to use the server; failing authentication.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchangeTransport"
<EventID Qualifiers="32772">1020</E
<Level>3</Level>
<Task>1</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2015-07-22T23:
<EventRecordID>206601</Eve
<Channel>Application</Chan
<Computer>SERV025.FQDN.com
<Security />
</System>
<EventData>
<Data>MYDOM\administrator<
<Data>Default SERV025</Data>
</EventData>
</Event>
Found this
The suggested resolution is to verify that the account that is specified in the event text has the MS-Exch-SMTP-Submit permission assigned to it on the appropriate Receive connectors on the Hub Transport server or Edge Transport server.
and I did this
PS] C:\Windows\system32>Add-AD
-Authoritative-Domain-Send
Identity User Deny Inherited
-------- ---- ---- ---------
SERV025\Client SER... mydom\administrator False False
[PS] C:\Windows\system32>Add-AD
-Any-Sender
Identity User Deny Inherited
-------- ---- ---- ---------
SERV025\Client SER... mydom\administrator False False
Still getting the event 1020
What am I missing here
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Marten
First thanks for the quick responce
I ran this but still getting the error 1020
[PS] C:\Windows\system32>Get-Re
Identity Bindings Enabled
-------- -------- -------
SERV025\Client SERV025 {:::587, 0.0.0.0:587} True
SERV025\MYDOM Anonymous Relay {10.2.8.36:25} True
SERV025\MYDOM Port 1025 {10.2.8.37:1025} True
SERV025\Default TGCS025 {:::25, 0.0.0.0:25} True
[PS] C:\Windows\system32>Get-Re
Identity Deny
-------- ----
SERV025\Default SERV025 True
SERV025\Default SERV025 True
SERV025\Default SERV025 False
[PS] C:\Windows\system32>Add-Ad
Identity User Deny Inherited
-------- ---- ---- ---------
SERV025\Default S... MYDOM\administrator False False
[PS] C:\Windows\system32>Get-Re
Identity Deny
-------- ----
SERV025\Default SERV025 False
SERV025\Default SERV025 True
SERV025\Default SERV025 True
SERV025\Default SERV025 False
Thoughts
First thanks for the quick responce
I ran this but still getting the error 1020
[PS] C:\Windows\system32>Get-Re
Identity Bindings Enabled
-------- -------- -------
SERV025\Client SERV025 {:::587, 0.0.0.0:587} True
SERV025\MYDOM Anonymous Relay {10.2.8.36:25} True
SERV025\MYDOM Port 1025 {10.2.8.37:1025} True
SERV025\Default TGCS025 {:::25, 0.0.0.0:25} True
[PS] C:\Windows\system32>Get-Re
Identity Deny
-------- ----
SERV025\Default SERV025 True
SERV025\Default SERV025 True
SERV025\Default SERV025 False
[PS] C:\Windows\system32>Add-Ad
Identity User Deny Inherited
-------- ---- ---- ---------
SERV025\Default S... MYDOM\administrator False False
[PS] C:\Windows\system32>Get-Re
Identity Deny
-------- ----
SERV025\Default SERV025 False
SERV025\Default SERV025 True
SERV025\Default SERV025 True
SERV025\Default SERV025 False
Thoughts
Try this command to add ‘MS-Exch-SMTP-Submit’ permission on all receive connector
Get-ReceiveConnector | Add-AdPermission -User MYDOM\Administrator -ExtendedRights MS-Exch-SMTP-Submit
If it works, then remove permission one by one to find the appropriate Receive connector.
Get-ReceiveConnector | Add-AdPermission -User MYDOM\Administrator -ExtendedRights MS-Exch-SMTP-Submit
If it works, then remove permission one by one to find the appropriate Receive connector.
Kiss Sky
Ran this
[PS] C:\Windows\system32>Get-Re
bmit
Identity User Deny Inherited
-------- ---- ---- ---------
SERV025\Client TG... MYDOM\administrator False False
SERV025\TGCSNET A... MYDOM\administrator False False
SERV025\TGCSNET P... MYDOM\administrator False False
WARNING: The appropriate access control entry is already present on the object "CN=Default SERV025,CN=SMTP Receive
Connectors,CN=Protocols,CN
Groups,CN=TGCSNET,CN=Micro
"MYDOM\administrator".
SERV025\Default T... MYDOM\administrator False False
[PS] C:\Windows\system32>
Tested again and same event 1020
Just had a thought
I have another PowerShell script that sends email and that works with no issue
The only differenace is that loads the Exchange Exshell.psc1
Wondering if that is a problem?
Thoughts
Ran this
[PS] C:\Windows\system32>Get-Re
bmit
Identity User Deny Inherited
-------- ---- ---- ---------
SERV025\Client TG... MYDOM\administrator False False
SERV025\TGCSNET A... MYDOM\administrator False False
SERV025\TGCSNET P... MYDOM\administrator False False
WARNING: The appropriate access control entry is already present on the object "CN=Default SERV025,CN=SMTP Receive
Connectors,CN=Protocols,CN
Groups,CN=TGCSNET,CN=Micro
"MYDOM\administrator".
SERV025\Default T... MYDOM\administrator False False
[PS] C:\Windows\system32>
Tested again and same event 1020
Just had a thought
I have another PowerShell script that sends email and that works with no issue
The only differenace is that loads the Exchange Exshell.psc1
Wondering if that is a problem?
Thoughts
Just one question...
Is "no-reply@mydom.com" an eamil that does not exist in your environment? Do you have anonymous setup on any of your receive connectors with your IP address as an accepted IP to send Anonymous email? This would fail if you are doing this same process on a machine that does not have it's IP in the anonymous receive connector.
Will.
Is "no-reply@mydom.com" an eamil that does not exist in your environment? Do you have anonymous setup on any of your receive connectors with your IP address as an accepted IP to send Anonymous email? This would fail if you are doing this same process on a machine that does not have it's IP in the anonymous receive connector.
Will.
Will
yes no-reply@mydom.com is not in my environment
I use febooti a command line email smtp program and that works every time
Just using my powershell script it fails
should I try the 1025 port connector? If so how do I add that to my scipt?
Thoughts
yes no-reply@mydom.com is not in my environment
I use febooti a command line email smtp program and that works every time
Just using my powershell script it fails
should I try the 1025 port connector? If so how do I add that to my scipt?
Thoughts
Because you are not using Authentication (as this email account does not exist) you need to use Anonymous to send out as this user. Do you have an Anonymous Receive Connector that is configured with specific IP's that is allowed to send Anonymously?
If so, the machine you are running it from successfully (might be added to this connector). Try adding the IP of the Exchange server.
Will.
If so, the machine you are running it from successfully (might be added to this connector). Try adding the IP of the Exchange server.
Will.
Will
I am running this Powershell script on the Exchange Server.
I am logged on to the Sever as the Domains Administrator
Here is my receive Connectors full detail
[PS] C:\Windows\system32>get-re
RunspaceId : b8b66f5d-0a6f-4c48-b033-49
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
Banner :
BinaryMimeEnabled : True
Bindings : {:::587, 0.0.0.0:587}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
BareLinefeedRejectionEnabl
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : serv025.fqdn.com
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : 5
MessageRateSource : User
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 60
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : ExchangeUsers, Custom
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ff
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : True
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : serv025
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Client serv025
DistinguishedName : CN=Client serv025,CN=SMTP Receive Connectors,CN=Protocols,CN
rs,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin
s,CN=TGCSNET,CN=Microsoft Exchange,CN=Services,CN=Co
work,DC=tgcsnet,DC=com
Identity : serv025\Client serv025
Guid : 6380aca2-b8fa-402f-9904-38
ObjectCategory : fqdn.com/Configuration/Sch
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 7/23/2015 7:17:04 AM
WhenCreated : 1/10/2015 5:46:30 PM
WhenChangedUTC : 7/23/2015 11:17:04 AM
WhenCreatedUTC : 1/10/2015 10:46:30 PM
OrganizationId :
OriginatingServer : TGCS011.fqdn.com
IsValid : True
RunspaceId : b8b66f5d-0a6f-4c48-b033-49
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {10.2.8.36:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
BareLinefeedRejectionEnabl
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : serv025.fqdn.com
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 60
MaxLocalHopCount : 12
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers, Custom
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {10.1.8.0/22, 10.2.8.0/22}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : serv025
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : TGCSNET Anonymous Relay
DistinguishedName : CN=TGCSNET Anonymous Relay,CN=SMTP Receive Connectors,CN=Protocols,CN
,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin
ive Groups,CN=TGCSNET,CN=Micro
ur,DC=network,DC=tgcsnet,D
Identity : serv025\TGCSNET Anonymous Relay
Guid : 429d3036-4826-4eaf-8532-64
ObjectCategory : fqdn.com/Configuration/Sch
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 7/23/2015 7:17:04 AM
WhenCreated : 2/13/2015 10:09:20 PM
WhenChangedUTC : 7/23/2015 11:17:04 AM
WhenCreatedUTC : 2/14/2015 3:09:20 AM
OrganizationId :
OriginatingServer : TGCS011.fqdn.com
IsValid : True
RunspaceId : b8b66f5d-0a6f-4c48-b033-49
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {10.2.8.37:1025}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
BareLinefeedRejectionEnabl
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : serv025.fqdn.com
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 60
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers, Custom
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : serv025
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : TGCSNET Port 1025
DistinguishedName : CN=TGCSNET Port 1025,CN=SMTP Receive Connectors,CN=Protocols,CN
rvers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin
oups,CN=TGCSNET,CN=Microso
network,DC=tgcsnet,DC=com
Identity : serv025\TGCSNET Port 1025
Guid : 3162bead-ddab-4c34-aecb-7d
ObjectCategory : fqdn.com/Configuration/Sch
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 7/23/2015 7:17:04 AM
WhenCreated : 1/11/2015 6:05:00 PM
WhenChangedUTC : 7/23/2015 11:17:04 AM
WhenCreatedUTC : 1/11/2015 11:05:00 PM
OrganizationId :
OriginatingServer : TGCS011.fqdn.com
IsValid : True
RunspaceId : b8b66f5d-0a6f-4c48-b033-49
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {:::25, 0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
BareLinefeedRejectionEnabl
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : serv025.fqdn.com
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 60
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 5000
PermissionGroups : AnonymousUsers, Custom
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ff
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : serv025
SizeEnabled : EnabledWithoutValue
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default serv025
DistinguishedName : CN=Default serv025,CN=SMTP Receive Connectors,CN=Protocols,CN
ers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin
ps,CN=TGCSNET,CN=Microsoft
twork,DC=tgcsnet,DC=com
Identity : serv025\Default serv025
Guid : c7f72790-8ffa-4d59-8de2-59
ObjectCategory : fqdn.com/Configuration/Sch
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 7/22/2015 9:07:04 PM
WhenCreated : 1/10/2015 5:46:30 PM
WhenChangedUTC : 7/23/2015 1:07:04 AM
WhenCreatedUTC : 1/10/2015 10:46:30 PM
OrganizationId :
OriginatingServer : TGCS011.fqdn.com
IsValid : True
[PS] C:\Windows\system32>
Thoughts
I am running this Powershell script on the Exchange Server.
I am logged on to the Sever as the Domains Administrator
Here is my receive Connectors full detail
[PS] C:\Windows\system32>get-re
RunspaceId : b8b66f5d-0a6f-4c48-b033-49
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
Banner :
BinaryMimeEnabled : True
Bindings : {:::587, 0.0.0.0:587}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
BareLinefeedRejectionEnabl
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : serv025.fqdn.com
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : 5
MessageRateSource : User
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 60
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : ExchangeUsers, Custom
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ff
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : True
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : serv025
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Client serv025
DistinguishedName : CN=Client serv025,CN=SMTP Receive Connectors,CN=Protocols,CN
rs,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin
s,CN=TGCSNET,CN=Microsoft Exchange,CN=Services,CN=Co
work,DC=tgcsnet,DC=com
Identity : serv025\Client serv025
Guid : 6380aca2-b8fa-402f-9904-38
ObjectCategory : fqdn.com/Configuration/Sch
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 7/23/2015 7:17:04 AM
WhenCreated : 1/10/2015 5:46:30 PM
WhenChangedUTC : 7/23/2015 11:17:04 AM
WhenCreatedUTC : 1/10/2015 10:46:30 PM
OrganizationId :
OriginatingServer : TGCS011.fqdn.com
IsValid : True
RunspaceId : b8b66f5d-0a6f-4c48-b033-49
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {10.2.8.36:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
BareLinefeedRejectionEnabl
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : serv025.fqdn.com
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 60
MaxLocalHopCount : 12
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers, Custom
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {10.1.8.0/22, 10.2.8.0/22}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : serv025
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : TGCSNET Anonymous Relay
DistinguishedName : CN=TGCSNET Anonymous Relay,CN=SMTP Receive Connectors,CN=Protocols,CN
,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin
ive Groups,CN=TGCSNET,CN=Micro
ur,DC=network,DC=tgcsnet,D
Identity : serv025\TGCSNET Anonymous Relay
Guid : 429d3036-4826-4eaf-8532-64
ObjectCategory : fqdn.com/Configuration/Sch
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 7/23/2015 7:17:04 AM
WhenCreated : 2/13/2015 10:09:20 PM
WhenChangedUTC : 7/23/2015 11:17:04 AM
WhenCreatedUTC : 2/14/2015 3:09:20 AM
OrganizationId :
OriginatingServer : TGCS011.fqdn.com
IsValid : True
RunspaceId : b8b66f5d-0a6f-4c48-b033-49
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {10.2.8.37:1025}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
BareLinefeedRejectionEnabl
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : serv025.fqdn.com
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 60
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers, Custom
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : serv025
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : TGCSNET Port 1025
DistinguishedName : CN=TGCSNET Port 1025,CN=SMTP Receive Connectors,CN=Protocols,CN
rvers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin
oups,CN=TGCSNET,CN=Microso
network,DC=tgcsnet,DC=com
Identity : serv025\TGCSNET Port 1025
Guid : 3162bead-ddab-4c34-aecb-7d
ObjectCategory : fqdn.com/Configuration/Sch
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 7/23/2015 7:17:04 AM
WhenCreated : 1/11/2015 6:05:00 PM
WhenChangedUTC : 7/23/2015 11:17:04 AM
WhenCreatedUTC : 1/11/2015 11:05:00 PM
OrganizationId :
OriginatingServer : TGCS011.fqdn.com
IsValid : True
RunspaceId : b8b66f5d-0a6f-4c48-b033-49
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {:::25, 0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotification
EightBitMimeEnabled : True
BareLinefeedRejectionEnabl
DomainSecureEnabled : False
EnhancedStatusCodesEnabled
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : serv025.fqdn.com
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeou
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSou
MaxInboundConnectionPercen
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 60
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 5000
PermissionGroups : AnonymousUsers, Custom
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ff
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : serv025
SizeEnabled : EnabledWithoutValue
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default serv025
DistinguishedName : CN=Default serv025,CN=SMTP Receive Connectors,CN=Protocols,CN
ers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin
ps,CN=TGCSNET,CN=Microsoft
twork,DC=tgcsnet,DC=com
Identity : serv025\Default serv025
Guid : c7f72790-8ffa-4d59-8de2-59
ObjectCategory : fqdn.com/Configuration/Sch
ObjectClass : {top, msExchSmtpReceiveConnector
WhenChanged : 7/22/2015 9:07:04 PM
WhenCreated : 1/10/2015 5:46:30 PM
WhenChangedUTC : 7/23/2015 1:07:04 AM
WhenCreatedUTC : 1/10/2015 10:46:30 PM
OrganizationId :
OriginatingServer : TGCS011.fqdn.com
IsValid : True
[PS] C:\Windows\system32>
Thoughts
What server is 10.2.8.36:25? You are relaying Anonymously for all machines on 10.1.8.0/22 and 10.2.8.0/22. On the server where this is failing is it located within this subnet?
Will.
Will.
Will
10.2.8.36:25 is the exchange server windows 2008 R2
10.2.8.37:1025 is also the exchange server
have two nics on this server
Again I am running the script on the exchange server which is the only exchange server in my network
Thoughts
10.2.8.36:25 is the exchange server windows 2008 R2
10.2.8.37:1025 is also the exchange server
have two nics on this server
Again I am running the script on the exchange server which is the only exchange server in my network
Thoughts
guys
I switch to using febooti command line to send the email
changed the powershell script to out-file instead of out-string
The email is working.
Still would like to know why I can not send email using PowerShell
Thoughts
I switch to using febooti command line to send the email
changed the powershell script to out-file instead of out-string
The email is working.
Still would like to know why I can not send email using PowerShell
Thoughts
Sorry tom I got caught up with work. Have you tried to enable logging on your receive connectors?
Will.
Will.
Will
Thats not a problem I know how work can get sometimes.
I have verbose set on all my receive connectors "Protocol Logging level"
What should we look for?
Thats not a problem I know how work can get sometimes.
I have verbose set on all my receive connectors "Protocol Logging level"
What should we look for?
Does it should any events of this process failing or is it not even making it to the connector at all. Is this error message coming from your powershell session itself?
Might be a long shot but what is your execution policy set to and what version of powershell are you running on the server vs your workstation?
Will.
Might be a long shot but what is your execution policy set to and what version of powershell are you running on the server vs your workstation?
Will.
Will
changed the executionpolicy
was RemoteSigned
Version 3
PS C:\util> get-executionpolicy
RemoteSigned
PS C:\util> set-executionpolicy unrestricted
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic at
http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y
PS C:\util> get-executionpolicy
Unrestricted
PS C:\util> $psversiontable
Name Value
---- -----
PSVersion 3.0
WSManStackVersion 3.0
SerializationVersion 1.1.0.1
CLRVersion 4.0.30319.34209
BuildVersion 6.2.9200.16481
PSCompatibleVersions {1.0, 2.0, 3.0}
PSRemotingProtocolVersion 2.2
changed the executionpolicy
The error is reported in the Event log on the server
I am running this powershell on the server
If I run on my pc it works
Failing only on the server
Thoughts
changed the executionpolicy
was RemoteSigned
Version 3
PS C:\util> get-executionpolicy
RemoteSigned
PS C:\util> set-executionpolicy unrestricted
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic at
http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y
PS C:\util> get-executionpolicy
Unrestricted
PS C:\util> $psversiontable
Name Value
---- -----
PSVersion 3.0
WSManStackVersion 3.0
SerializationVersion 1.1.0.1
CLRVersion 4.0.30319.34209
BuildVersion 6.2.9200.16481
PSCompatibleVersions {1.0, 2.0, 3.0}
PSRemotingProtocolVersion 2.2
changed the executionpolicy
The error is reported in the Event log on the server
I am running this powershell on the server
If I run on my pc it works
Failing only on the server
Thoughts
Tom after looking at your initial question, you have added the permission for submit to the client receive connector. This is a double fault. Because this receive connector needs requires authentication (the email your sending as is not present) so you can only use anonymous receive connectors, and the permission group for Client receive connector is Exchange Users. Also this connector uses port 587 when the Send-mailmessage uses port 25. So you need to run that initial command Add-adpermission.... against TGCS Anonymous Relay and it should work for you.
That should be it. You set it against the wrong connector.
Will.
That should be it. You set it against the wrong connector.
Will.
Will
I believe it was set on that connector ran this again
[PS] C:\Windows\system32>Add-Ad
-Exch-SMTP-Submit
WARNING: The appropriate access control entry is already present on the object "CN=TGCSNET Anonymous Relay,CN=SMTP
Receive Connectors,CN=Protocols,CN
(FYDIBOHF23SPDLT),CN=Admin
Exchange,CN=Services,CN=Co
Identity User Deny Inherited
-------- ---- ---- ---------
TGCS025\TGCSNET A... MYDOM\administrator False False
Thoughts
I believe it was set on that connector ran this again
[PS] C:\Windows\system32>Add-Ad
-Exch-SMTP-Submit
WARNING: The appropriate access control entry is already present on the object "CN=TGCSNET Anonymous Relay,CN=SMTP
Receive Connectors,CN=Protocols,CN
(FYDIBOHF23SPDLT),CN=Admin
Exchange,CN=Services,CN=Co
Identity User Deny Inherited
-------- ---- ---- ---------
TGCS025\TGCSNET A... MYDOM\administrator False False
Thoughts
Can you remove the entries from the other recieve connectors beside the anonymous one and try again?
Will.
Will.
Will
ran this
Remove-AdPermission -Identity "All Other Connectors" -User MYDOM\Administrator-Extend
Tried the script same error
Thoughts
ran this
Remove-AdPermission -Identity "All Other Connectors" -User MYDOM\Administrator-Extend
Tried the script same error
Thoughts
If you check AD are these permissions present? This is the required permission for when you are running directly on the exchange server.
Can you see if there is any difference between you workstation and the exchange server? That permission should be all that is required. Possible AD is not propagating.
Will.
Can you see if there is any difference between you workstation and the exchange server? That permission should be all that is required. Possible AD is not propagating.
Will.
Checking the AD permissions on the server/receive connector you have applied it to in Exchange. Make sure that the change was replicated via AD. Check the AD computer account a long with the receive connector in ADSIEdit.
Will.
Will.
Will
The AD Computer account yes what do I check for?
In AdSIEdit what do I look for many objects there?
The AD Computer account yes what do I check for?
In AdSIEdit what do I look for many objects there?
You will need to check the PERMISSIONS that you set using the powershell cmdlet. check the computer object and also the receive connector object as well.
Will.
Will.
Will
Totally confused now.
I do not see what your asking for
I am in ADSI Edit now and all I see are The Containers the objects under them
IE CN=Computers
CN=SERV025
Nothing Else
I see an OU for Microsoft Exchange Security Group and many CN under it
What am I missing here?
Totally confused now.
I do not see what your asking for
I am in ADSI Edit now and all I see are The Containers the objects under them
IE CN=Computers
CN=SERV025
Nothing Else
I see an OU for Microsoft Exchange Security Group and many CN under it
What am I missing here?
Right click the object and select Properties>Security and check to make sure that your permissions, have been applied.
Your initial command add-ADpermission was done from Exchange did it actually get replicated to your domain controllers? I am getting you to validate this. You have run all of the required commands to ensure that this should work, so maybe something was missed or something else in your environment that is causing this not to work.
Ultimately you know your environment better than i do, so i can only point you in the direction.
Will.
Your initial command add-ADpermission was done from Exchange did it actually get replicated to your domain controllers? I am getting you to validate this. You have run all of the required commands to ensure that this should work, so maybe something was missed or something else in your environment that is causing this not to work.
Ultimately you know your environment better than i do, so i can only point you in the direction.
Will.
Will
That's what I thought
On the SERV025 Properties Security I do not see the mydom\administrator listed under group or user names but I see the Administrators group which mydom\administrator is a member of
I still do not see the receive connector in ADSIEDIT where exactly is that kept?
That's what I thought
On the SERV025 Properties Security I do not see the mydom\administrator listed under group or user names but I see the Administrators group which mydom\administrator is a member of
I still do not see the receive connector in ADSIEDIT where exactly is that kept?
Will
Found the information in ADSIEdit
The account is listed in security on the receive connectors.
One other note for you.
I have another PowerShell script that works but it is using the exchange powershell add in
Thoughts?
If you need I can post both scripts for you
Found the information in ADSIEdit
The account is listed in security on the receive connectors.
One other note for you.
I have another PowerShell script that works but it is using the exchange powershell add in
Thoughts?
If you need I can post both scripts for you
Closing this with no answer
Decided to use febooti which works from running on the same sever.
Very strange that from powershell can not send an email on the same server that exchange runs on.
It works on my computer and other servers
Decided to use febooti which works from running on the same sever.
Very strange that from powershell can not send an email on the same server that exchange runs on.
It works on my computer and other servers
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange
From novice to tech pro — start learning today.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
http://matavesi.com/harlan/?p=245
I e:
-ExtendedRights MS-Exch-SMTP-Submit
Not
-ExtendedRights MS-Exch-SMTP-Accept
Regards Marten