Database mail constantly tries to use DOMAIN\Administrator account
So the Title says it all...
We have an 2008 R2 SQL Server that sends database mail to our Exchange 2007 server using a variety of stored procedures. None of the Database mail profiles/accounts use the DOMAIN\Administrator account (well-know accounts such as Administrator cannot use exchange server). What is happening:
In the Exchange server logs there is error 1035(logon denied) followed by 1020(user has valid credentials but is not authorized to use the server) These are expected if DOMAIN\Administrator tries to use the system; problem is, this account ISN'T using the system as far as I can see. SQL Server services and SQL server agent services are all started with DOMAIN\testuser account... I'm stuck.
I have attached the smtpReceive log from the exchange server as well; it shows the denied login but I cannot figure out where it is coming from!
The emails that we EXPECT to be sent are indeed sent; there is just this unsuccessful login even though there is no email going to/coming from DOMAIN\Administrator...
Any insight or help would be greatly appreciated!
Andy
When you get to the Server name in the New Database Mail Account window make sure you give the exchange server full address, domain included, and then beneath in the SMTP Authentication section use either Anonymous, if it will be accepted, or a basic authentication that has access to that exchange server.
You will have to have admin right in order to do that.
steamngn
ASKER
But I have done that... This is a fresh install of SQL server on a new Windows 2012 box, and this issue showed up after we migrated. Each mail account is using a domain user (that is NOT Admin); everything works fine EXCEPT the authentication failure that should not be there there at all.... That's the issue.
Databases and these mail accounts/profiles. Databases were moved via backup/restore and the mail profiles/accounts were scripted out. Basically every time SQL server goes to send an email it is trying to authenticate the DOMAIN\Admin account. We don't have any SQL alerts being used, these are all scripts that send....
Zberteoc
You will have to rebuild the database mail profiles.
steamngn
ASKER
Well.... I created a new profile and linked it to a new account. Tested by running a simple query script. Emails sent fine, and same errors logged... so still no dice...
Zberteoc,
Yes, they are warnings only. I could have sworn I attached that log file, it is attached here. And yes, I am probably ok, it is just something I have been trying to troubleshoot as it was not there before... errorlog10351020.txt
interesting! I started with ES Admin, but after much discussion determined that yes this is indeed an SQL issue. I will leave it alone... For now! :-)
Zberteoc
It is NOT an SQL issue! I just asked our ES admin and he says that those warning are there not only my database mail profiles related but in regards with other accounts as well.
Really... interesting even more! all of our other mail-related stuff (PHP, etc) have no issue whatsoever....
Of course, I went along and made sure that none of our SMTP calls are done using well-known accounts since those are blocked and will raise these warnings. At any rate thanks for the info!
Zberteoc
So the conclusion is that other account could be in the same status/situation like the ones used with the db mail profiles. Maybe they need some setting changed on ES side. If you find the answer please let me know.
steamngn
ASKER
Will do. I cannot seem to locate the KB link, but Exchange 2007 and up block certain account as they are most often hacked. Administrator is one of them; you need to use a different account when sending. I have several apps that I can replicate this exact issue with simply by changing the account to DOMAIN\Administrator. Best practice is to always create a specific user account for mail send and giving that user only the rights to send mail and nothing else. prevents a hacker from getting hold of the entire system!
https://www.youtube.com/watch?v=3tC4hbFXHE8
When you get to the Server name in the New Database Mail Account window make sure you give the exchange server full address, domain included, and then beneath in the SMTP Authentication section use either Anonymous, if it will be accepted, or a basic authentication that has access to that exchange server.
You will have to have admin right in order to do that.