Avatar of Member_2_6492660_1
Member_2_6492660_1
Flag for United States of America asked on

Exchange Server 2010 Event Error 1020 using Powershell

Windows 2008 R2 Server
Exchange 2010 Enterprise RU10

Created a PowerShell script to send email

$body = netsh advfirewall firewall show rule name="Block_IP" | Out-String
$PSEmailServer = "SERV025.FQDN.COM"
Send-MailMessage -From "no-reply@mydom.com" -To "support@mydom.com" -Subject "SERV025 Firewall Rule BlockIP Updated" -Body $body -smtpserver $PSEmailServer

Open in new window


I run this on my computer using powershell after I do this Enter-pssession -computername serv025

It works great.

Now I try to run the same script on my SERV025 (Windows 2008 R2 with Exchange 2010)

I get this event error

Log Name:      Application
Source:        MSExchangeTransport
Date:          7/22/2015 7:32:49 PM
Event ID:      1020
Task Category: SmtpReceive
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SERV025.FQDN.com
Description:
The account 'mydom\administrator' provided valid credentials, but is not authorized to use the server; failing authentication.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="32772">1020</EventID>
    <Level>3</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-22T23:32:49.000000000Z" />
    <EventRecordID>206601</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV025.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>MYDOM\administrator</Data>
    <Data>Default SERV025</Data>
  </EventData>
</Event>

Found this

The suggested resolution is to verify that the account that is specified in the event text has the MS-Exch-SMTP-Submit permission assigned to it on the appropriate Receive connectors on the Hub Transport server or Edge Transport server.


and I did this

PS] C:\Windows\system32>Add-ADPermission "Client SERV025" -User "mydom\Administrator" -ExtendedRights ms-Exch-SMTP-Accept
-Authoritative-Domain-Sender

Identity             User                 Deny  Inherited
--------             ----                 ----  ---------
SERV025\Client SER... mydom\administrator    False False


[PS] C:\Windows\system32>Add-ADPermission "Client SERV025" -User "mydom\Administrator" -ExtendedRights ms-Exch-SMTP-Accept
-Any-Sender

Identity             User                 Deny  Inherited
--------             ----                 ----  ---------
SERV025\Client SER... mydom\administrator    False False

Still getting the event 1020


What am I missing here
ExchangeWindows Server 2008Powershell

Avatar of undefined
Last Comment
Member_2_6492660_1

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Marten Rune

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Member_2_6492660_1

ASKER
Marten

First thanks for the quick responce

I ran this but still getting the error 1020

[PS] C:\Windows\system32>Get-ReceiveConnector

Identity                                Bindings                                Enabled
--------                                --------                                -------
SERV025\Client SERV025                  {:::587, 0.0.0.0:587}                   True
SERV025\MYDOM Anonymous Relay         {10.2.8.36:25}                          True
SERV025\MYDOM Port 1025               {10.2.8.37:1025}                        True
SERV025\Default TGCS025                 {:::25, 0.0.0.0:25}                     True


[PS] C:\Windows\system32>Get-ReceiveConnector -Identity "SERV025\Default SERV025" | Get-AdPermission -User MYDOM\Administrator | Format-Table -View User

Identity                                                    Deny
--------                                                    ----
SERV025\Default SERV025                                     True
SERV025\Default SERV025                                     True
SERV025\Default SERV025                                     False


[PS] C:\Windows\system32>Add-AdPermission -Identity "Default SERV025" -User MYDOM\Administrator -ExtendedRights MS-Exch-SMTP-Submit

Identity             User                 Deny  Inherited
--------             ----                 ----  ---------
SERV025\Default S... MYDOM\administrator    False False


[PS] C:\Windows\system32>Get-ReceiveConnector -Identity "SERV025\Default SERV025" | Get-AdPermission -User MYDOM\Administrator | Format-Table -View User

Identity                                                    Deny
--------                                                    ----
SERV025\Default SERV025                                     False
SERV025\Default SERV025                                     True
SERV025\Default SERV025                                     True
SERV025\Default SERV025                                     False



Thoughts
SOLUTION
Minecraft_ Enderman

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Member_2_6492660_1

ASKER
Kiss Sky

Ran this

[PS] C:\Windows\system32>Get-ReceiveConnector | Add-AdPermission -User MYDOM\Administrator -ExtendedRights MS-Exch-SMTP-Su
bmit

Identity             User                 Deny  Inherited
--------             ----                 ----  ---------
SERV025\Client TG... MYDOM\administrator    False False
SERV025\TGCSNET A... MYDOM\administrator    False False
SERV025\TGCSNET P... MYDOM\administrator    False False
WARNING: The appropriate access control entry is already present on the object "CN=Default SERV025,CN=SMTP Receive
Connectors,CN=Protocols,CN=SERV025,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=TGCSNET,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=MYDOM,DC=network,DC=tgcsnet,DC=com" for account
"MYDOM\administrator".
SERV025\Default T... MYDOM\administrator    False False


[PS] C:\Windows\system32>

Tested again and same event 1020


Just had a thought

I have another PowerShell script that sends email and that works with no issue
The only differenace is that loads the Exchange Exshell.psc1  

Wondering if that is a problem?
Thoughts
Will Szymkowski

Just one question...
Is "no-reply@mydom.com" an eamil that does not exist in your environment? Do you have anonymous setup on any of your receive connectors with your IP address as an accepted IP to send Anonymous email? This would fail if you are doing this same process on a machine that does not have it's IP in the anonymous receive connector.

Will.
Your help has saved me hundreds of hours of internet surfing.
fblack61
Member_2_6492660_1

ASKER
Will

yes no-reply@mydom.com is not in my environment

I use febooti a command line email smtp program and that works every  time

Just using my powershell script it fails

should  I try the 1025 port connector? If so how do I add that to my scipt?

Thoughts
SOLUTION
Will Szymkowski

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Member_2_6492660_1

ASKER
Will

I am running this Powershell script on the Exchange Server.

I am logged on to the Sever as the Domains Administrator

Here is my receive Connectors full detail

[PS] C:\Windows\system32>get-receiveconnector | fl


RunspaceId                              : b8b66f5d-0a6f-4c48-b033-4991fa815f0a
AuthMechanism                           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {:::587, 0.0.0.0:587}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
BareLinefeedRejectionEnabled            : False
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    : serv025.fqdn.com
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : 5
MessageRateSource                       : User
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 60
MaxLocalHopCount                        : 8
MaxLogonFailures                        : 3
MaxMessageSize                          : 10 MB (10,485,760 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 200
PermissionGroups                        : ExchangeUsers, Custom
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : Verbose
RemoteIPRanges                          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : True
ExtendedProtectionPolicy                : None
LiveCredentialEnabled                   : False
TlsDomainCapabilities                   : {}
Server                                  : serv025
SizeEnabled                             : Enabled
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : Client serv025
DistinguishedName                       : CN=Client serv025,CN=SMTP Receive Connectors,CN=Protocols,CN=serv025,CN=Serve
                                          rs,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Group
                                          s,CN=TGCSNET,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=our,DC=net
                                          work,DC=tgcsnet,DC=com
Identity                                : serv025\Client serv025
Guid                                    : 6380aca2-b8fa-402f-9904-3884333c4a56
ObjectCategory                          : fqdn.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 7/23/2015 7:17:04 AM
WhenCreated                             : 1/10/2015 5:46:30 PM
WhenChangedUTC                          : 7/23/2015 11:17:04 AM
WhenCreatedUTC                          : 1/10/2015 10:46:30 PM
OrganizationId                          :
OriginatingServer                       : TGCS011.fqdn.com
IsValid                                 : True

RunspaceId                              : b8b66f5d-0a6f-4c48-b033-4991fa815f0a
AuthMechanism                           : Tls
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {10.2.8.36:25}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
BareLinefeedRejectionEnabled            : False
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    : serv025.fqdn.com
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 60
MaxLocalHopCount                        : 12
MaxLogonFailures                        : 3
MaxMessageSize                          : 10 MB (10,485,760 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 200
PermissionGroups                        : AnonymousUsers, Custom
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : None
RemoteIPRanges                          : {10.1.8.0/22, 10.2.8.0/22}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : False
ExtendedProtectionPolicy                : None
LiveCredentialEnabled                   : False
TlsDomainCapabilities                   : {}
Server                                  : serv025
SizeEnabled                             : Enabled
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : TGCSNET Anonymous Relay
DistinguishedName                       : CN=TGCSNET Anonymous Relay,CN=SMTP Receive Connectors,CN=Protocols,CN=serv025
                                          ,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrat
                                          ive Groups,CN=TGCSNET,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=o
                                          ur,DC=network,DC=tgcsnet,DC=com
Identity                                : serv025\TGCSNET Anonymous Relay
Guid                                    : 429d3036-4826-4eaf-8532-64e02fd0637e
ObjectCategory                          : fqdn.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 7/23/2015 7:17:04 AM
WhenCreated                             : 2/13/2015 10:09:20 PM
WhenChangedUTC                          : 7/23/2015 11:17:04 AM
WhenCreatedUTC                          : 2/14/2015 3:09:20 AM
OrganizationId                          :
OriginatingServer                       : TGCS011.fqdn.com
IsValid                                 : True

RunspaceId                              : b8b66f5d-0a6f-4c48-b033-4991fa815f0a
AuthMechanism                           : Tls
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {10.2.8.37:1025}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
BareLinefeedRejectionEnabled            : False
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    : serv025.fqdn.com
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 60
MaxLocalHopCount                        : 8
MaxLogonFailures                        : 3
MaxMessageSize                          : 10 MB (10,485,760 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 200
PermissionGroups                        : AnonymousUsers, Custom
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : None
RemoteIPRanges                          : {0.0.0.0-255.255.255.255}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : False
ExtendedProtectionPolicy                : None
LiveCredentialEnabled                   : False
TlsDomainCapabilities                   : {}
Server                                  : serv025
SizeEnabled                             : Enabled
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : TGCSNET Port 1025
DistinguishedName                       : CN=TGCSNET Port 1025,CN=SMTP Receive Connectors,CN=Protocols,CN=serv025,CN=Se
                                          rvers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Gr
                                          oups,CN=TGCSNET,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=our,DC=
                                          network,DC=tgcsnet,DC=com
Identity                                : serv025\TGCSNET Port 1025
Guid                                    : 3162bead-ddab-4c34-aecb-7d9aecb96609
ObjectCategory                          : fqdn.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 7/23/2015 7:17:04 AM
WhenCreated                             : 1/11/2015 6:05:00 PM
WhenChangedUTC                          : 7/23/2015 11:17:04 AM
WhenCreatedUTC                          : 1/11/2015 11:05:00 PM
OrganizationId                          :
OriginatingServer                       : TGCS011.fqdn.com
IsValid                                 : True

RunspaceId                              : b8b66f5d-0a6f-4c48-b033-4991fa815f0a
AuthMechanism                           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {:::25, 0.0.0.0:25}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
BareLinefeedRejectionEnabled            : False
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    : serv025.fqdn.com
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : unlimited
MaxInboundConnectionPercentagePerSource : 100
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 60
MaxLocalHopCount                        : 8
MaxLogonFailures                        : 3
MaxMessageSize                          : 10 MB (10,485,760 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 5000
PermissionGroups                        : AnonymousUsers, Custom
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : Verbose
RemoteIPRanges                          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : False
ExtendedProtectionPolicy                : None
LiveCredentialEnabled                   : False
TlsDomainCapabilities                   : {}
Server                                  : serv025
SizeEnabled                             : EnabledWithoutValue
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : Default serv025
DistinguishedName                       : CN=Default serv025,CN=SMTP Receive Connectors,CN=Protocols,CN=serv025,CN=Serv
                                          ers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                          ps,CN=TGCSNET,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=our,DC=ne
                                          twork,DC=tgcsnet,DC=com
Identity                                : serv025\Default serv025
Guid                                    : c7f72790-8ffa-4d59-8de2-59a919e8b5a1
ObjectCategory                          : fqdn.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 7/22/2015 9:07:04 PM
WhenCreated                             : 1/10/2015 5:46:30 PM
WhenChangedUTC                          : 7/23/2015 1:07:04 AM
WhenCreatedUTC                          : 1/10/2015 10:46:30 PM
OrganizationId                          :
OriginatingServer                       : TGCS011.fqdn.com
IsValid                                 : True



[PS] C:\Windows\system32>


Thoughts
Will Szymkowski

What server is 10.2.8.36:25? You are relaying Anonymously for all machines on 10.1.8.0/22 and 10.2.8.0/22. On the server where this is failing is it located within this subnet?

Will.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Member_2_6492660_1

ASKER
Will

10.2.8.36:25 is the exchange server windows 2008 R2

10.2.8.37:1025 is also the exchange server

have two nics on this server

Again I am running the script on the exchange server which is the only exchange server in my network


Thoughts
Member_2_6492660_1

ASKER
guys

I switch to using febooti command line to send the email

changed the powershell script to out-file   instead of out-string

The email is working.

Still would like to know why I can not send email using PowerShell


Thoughts
Will Szymkowski

Sorry tom I got caught up with work. Have you tried to enable logging on your receive connectors?

Will.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Member_2_6492660_1

ASKER
Will

Thats not a problem I know how work can get sometimes.

I have verbose set on all my receive connectors "Protocol Logging level"


What should we look for?
Will Szymkowski

Does it should any events of this process failing or is it not even making it to the connector at all. Is this error message coming from your powershell session itself?

Might be a long shot but what is your execution policy set to and what version of powershell are you running on the server vs your workstation?

Will.
Member_2_6492660_1

ASKER
Will

changed the executionpolicy
was RemoteSigned

Version 3


PS C:\util> get-executionpolicy
RemoteSigned
PS C:\util> set-executionpolicy unrestricted

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic at
http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y
PS C:\util> get-executionpolicy
Unrestricted
PS C:\util> $psversiontable

Name                           Value
----                           -----
PSVersion                      3.0
WSManStackVersion              3.0
SerializationVersion           1.1.0.1
CLRVersion                     4.0.30319.34209
BuildVersion                   6.2.9200.16481
PSCompatibleVersions           {1.0, 2.0, 3.0}
PSRemotingProtocolVersion      2.2

changed the executionpolicy


The error is reported in the Event log on the server
I am running this powershell on the server

If I run on my pc it works

Failing only on the server

Thoughts
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Will Szymkowski

Tom after looking at your initial question, you have added the permission for submit to the client receive connector. This is a double fault. Because this receive connector needs requires authentication (the email your sending as is not present) so you can only use anonymous receive connectors, and the permission group for Client receive connector is Exchange Users. Also this connector uses port 587 when the Send-mailmessage uses port 25. So you need to run that initial command Add-adpermission.... against TGCS Anonymous Relay and it should work for you.

That should be it. You set it against the wrong connector.

Will.
Member_2_6492660_1

ASKER
Will

I believe it was set on that connector ran this again

[PS] C:\Windows\system32>Add-AdPermission -Identity "TGCSNET Anonymous Relay" -User MYDOM\Administrator -ExtendedRights MS
-Exch-SMTP-Submit
WARNING: The appropriate access control entry is already present on the object "CN=TGCSNET Anonymous Relay,CN=SMTP
Receive Connectors,CN=Protocols,CN=TGCS025,CN=Servers,CN=Exchange Administrative Group
(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=TGCSNET,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=our,DC=network,DC=tgcsnet,DC=com" for account "OUR\administrator".

Identity             User                 Deny  Inherited
--------             ----                 ----  ---------
TGCS025\TGCSNET A... MYDOM\administrator    False False


Thoughts
Will Szymkowski

Can you remove the entries from the other recieve connectors beside the anonymous one and try again?

Will.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Member_2_6492660_1

ASKER
Will

ran this

Remove-AdPermission -Identity "All Other Connectors" -User MYDOM\Administrator-ExtendedRights MS -Exch-SMTP-Submit

Tried the script  same error

Thoughts
Will Szymkowski

If you check AD are these permissions present? This is the required permission for when you are running directly on the exchange server.

Can you see if there is any difference between you workstation and the exchange server? That permission should be all that is required. Possible AD is not propagating.

Will.
Member_2_6492660_1

ASKER
Will

Which permission you thinking about?

Where in ad do you mean?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Will Szymkowski

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Member_2_6492660_1

ASKER
Will

The AD Computer account yes what do I check for?

In AdSIEdit what do I look for many objects there?
SOLUTION
Will Szymkowski

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Member_2_6492660_1

ASKER
Will

Totally confused now.

I do not see what your asking for

I am in ADSI Edit now and all I see are The Containers the objects under them

IE CN=Computers
            CN=SERV025

Nothing Else

I see an OU for Microsoft Exchange Security Group and many CN under it

What am I missing here?
Will Szymkowski

Right click the object and select Properties>Security and check to make sure that your permissions, have been applied.

Your initial command add-ADpermission was done from Exchange did it actually get replicated to your domain controllers? I am getting you to validate this. You have run all of the required commands to ensure that this should work, so maybe something was missed or something else in your environment that is causing this not to work.

Ultimately you know your environment better than i do, so i can only point you in the direction.

Will.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Member_2_6492660_1

ASKER
Will

That's what I thought

On the SERV025 Properties Security I do not see the mydom\administrator listed under group or user names but I see the Administrators group which mydom\administrator is a member of

I still do not see the receive connector in ADSIEDIT  where exactly is that kept?
Member_2_6492660_1

ASKER
Will

Found the information in ADSIEdit

The account is listed in security on the receive connectors.

One other note for you.

I have another PowerShell script that works but it is using the exchange powershell add in

Thoughts?

If you need I can post both scripts for you
Member_2_6492660_1

ASKER
Closing this with no answer

Decided to use febooti  which works from running on the same sever.

Very strange that from powershell can not send an email on the same server that exchange runs on.

It works on my computer and other servers
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.