Avatar of steamngn
steamngn
 asked on

Database mail constantly tries to use DOMAIN\Administrator account

So the Title says it all...
We have an 2008 R2 SQL Server that sends database mail to our Exchange 2007 server using a variety of stored procedures. None of the Database mail profiles/accounts use the DOMAIN\Administrator account (well-know accounts such as Administrator cannot use exchange server). What is happening:
In the Exchange server logs there is error 1035(logon denied) followed by 1020(user has valid credentials but is not authorized to use the server) These are expected if DOMAIN\Administrator tries to use the system; problem is, this account ISN'T using the system as far as I can see. SQL Server services and SQL server agent services are all started with DOMAIN\testuser account... I'm stuck.
I have attached the smtpReceive log from the exchange server as well; it shows the denied login but I cannot figure out where it is coming from!
The emails that we EXPECT to be sent are indeed sent; there is just this unsuccessful login even though there is no email going to/coming from DOMAIN\Administrator...

Any insight or help would be greatly appreciated!
Andy
Microsoft SQL ServerExchange

Avatar of undefined
Last Comment
steamngn

8/22/2022 - Mon
Zberteoc

Just follow the steps from this video:

https://www.youtube.com/watch?v=3tC4hbFXHE8

When you get to the Server name in the New Database Mail Account window make sure you give the exchange server full address, domain included, and then beneath in the SMTP Authentication section use either Anonymous, if it will be accepted, or a basic authentication that has access to that exchange server.

You will have to have admin right in order to do that.
steamngn

ASKER
But I have done that... This is a fresh install of SQL server on a new Windows 2012 box, and this issue showed up after we migrated. Each mail account is using a domain user (that is NOT Admin); everything works fine EXCEPT the authentication failure that should not be there there at all.... That's the issue.
Zberteoc

What did you migrate?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
steamngn

ASKER
Databases and these mail accounts/profiles. Databases were moved via backup/restore and the mail profiles/accounts were scripted out. Basically every time SQL server goes to send an email it is trying to authenticate the DOMAIN\Admin account. We don't have any SQL alerts being used, these are all scripts that send....
Zberteoc

You will have to rebuild the database mail profiles.
steamngn

ASKER
Well.... I created a new profile and linked it to a new account. Tested by running a simple query script. Emails sent fine, and same errors logged... so still no dice...
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Zberteoc

If the email is sent what is the problem?
Zberteoc

By the way, I don't see any attachment to this question. You mentioned you attached the log.
Zberteoc

Another thing, 1035 and 1020 are warnings and not Errors. I think you are fine.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
steamngn

ASKER
Zberteoc,
Yes, they are warnings only. I could have sworn I attached that log file, it is attached here. And yes, I am probably ok, it is just something I have been trying to troubleshoot as it was not there before...
errorlog10351020.txt
ASKER CERTIFIED SOLUTION
Zberteoc

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
steamngn

ASKER
interesting! I started with ES Admin, but after much discussion determined that yes this is indeed an SQL issue. I will leave it alone... For now! :-)
Zberteoc

It is NOT an SQL issue! I just asked our ES admin and he says that those warning are there not only my database mail profiles related but in regards with other accounts as well.

This is obviously an ES issue.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
steamngn

ASKER
Really... interesting even more! all of our other mail-related stuff (PHP, etc) have no issue whatsoever....
Of course, I went along and made sure that none of our SMTP calls are done using well-known accounts since those are blocked and will raise these warnings. At any rate thanks for the info!
Zberteoc

So the conclusion is that other account could be in the same status/situation like the ones used with the db mail profiles. Maybe they need some setting changed on ES side. If you find the answer please let me know.
steamngn

ASKER
Will do. I cannot seem to locate the KB link, but Exchange 2007 and up block certain account as they are most often hacked. Administrator is one of them; you need to use a different account when sending. I have several apps that I can replicate this exact issue with simply by changing the account to DOMAIN\Administrator. Best practice is to always create a specific user account for mail send and giving that user only the rights to send mail and nothing else. prevents a hacker from getting hold of the entire system!
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes