Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!
Database mail constantly tries to use DOMAIN\Administrator account
So the Title says it all...
We have an 2008 R2 SQL Server that sends database mail to our Exchange 2007 server using a variety of stored procedures. None of the Database mail profiles/accounts use the DOMAIN\Administrator account (well-know accounts such as Administrator cannot use exchange server). What is happening:
In the Exchange server logs there is error 1035(logon denied) followed by 1020(user has valid credentials but is not authorized to use the server) These are expected if DOMAIN\Administrator tries to use the system; problem is, this account ISN'T using the system as far as I can see. SQL Server services and SQL server agent services are all started with DOMAIN\testuser account... I'm stuck.
I have attached the smtpReceive log from the exchange server as well; it shows the denied login but I cannot figure out where it is coming from!
The emails that we EXPECT to be sent are indeed sent; there is just this unsuccessful login even though there is no email going to/coming from DOMAIN\Administrator...
Any insight or help would be greatly appreciated!
Andy
We have an 2008 R2 SQL Server that sends database mail to our Exchange 2007 server using a variety of stored procedures. None of the Database mail profiles/accounts use the DOMAIN\Administrator account (well-know accounts such as Administrator cannot use exchange server). What is happening:
In the Exchange server logs there is error 1035(logon denied) followed by 1020(user has valid credentials but is not authorized to use the server) These are expected if DOMAIN\Administrator tries to use the system; problem is, this account ISN'T using the system as far as I can see. SQL Server services and SQL server agent services are all started with DOMAIN\testuser account... I'm stuck.
I have attached the smtpReceive log from the exchange server as well; it shows the denied login but I cannot figure out where it is coming from!
The emails that we EXPECT to be sent are indeed sent; there is just this unsuccessful login even though there is no email going to/coming from DOMAIN\Administrator...
Any insight or help would be greatly appreciated!
Andy
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
But I have done that... This is a fresh install of SQL server on a new Windows 2012 box, and this issue showed up after we migrated. Each mail account is using a domain user (that is NOT Admin); everything works fine EXCEPT the authentication failure that should not be there there at all.... That's the issue.
Databases and these mail accounts/profiles. Databases were moved via backup/restore and the mail profiles/accounts were scripted out. Basically every time SQL server goes to send an email it is trying to authenticate the DOMAIN\Admin account. We don't have any SQL alerts being used, these are all scripts that send....
Well.... I created a new profile and linked it to a new account. Tested by running a simple query script. Emails sent fine, and same errors logged... so still no dice...
Zberteoc,
Yes, they are warnings only. I could have sworn I attached that log file, it is attached here. And yes, I am probably ok, it is just something I have been trying to troubleshoot as it was not there before...
errorlog10351020.txt
Yes, they are warnings only. I could have sworn I attached that log file, it is attached here. And yes, I am probably ok, it is just something I have been trying to troubleshoot as it was not there before...
errorlog10351020.txt
If it makes you feel better I am using at our company Database Mai Profiles for years now and only because your question I noticed that we get the same warnings in the Exchange Server(ES) but never had any issues sending email. Administrating the ES is not part of my job and I have never even bothered to ask about the logs. :)
This is a question for an ES admin rather than a DBA.
This is a question for an ES admin rather than a DBA.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
interesting! I started with ES Admin, but after much discussion determined that yes this is indeed an SQL issue. I will leave it alone... For now! :-)
It is NOT an SQL issue! I just asked our ES admin and he says that those warning are there not only my database mail profiles related but in regards with other accounts as well.
This is obviously an ES issue.
This is obviously an ES issue.
Really... interesting even more! all of our other mail-related stuff (PHP, etc) have no issue whatsoever....
Of course, I went along and made sure that none of our SMTP calls are done using well-known accounts since those are blocked and will raise these warnings. At any rate thanks for the info!
Of course, I went along and made sure that none of our SMTP calls are done using well-known accounts since those are blocked and will raise these warnings. At any rate thanks for the info!
So the conclusion is that other account could be in the same status/situation like the ones used with the db mail profiles. Maybe they need some setting changed on ES side. If you find the answer please let me know.
Will do. I cannot seem to locate the KB link, but Exchange 2007 and up block certain account as they are most often hacked. Administrator is one of them; you need to use a different account when sending. I have several apps that I can replicate this exact issue with simply by changing the account to DOMAIN\Administrator. Best practice is to always create a specific user account for mail send and giving that user only the rights to send mail and nothing else. prevents a hacker from getting hold of the entire system!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
https://www.youtube.com/watch?v=3tC4hbFXHE8
When you get to the Server name in the New Database Mail Account window make sure you give the exchange server full address, domain included, and then beneath in the SMTP Authentication section use either Anonymous, if it will be accepted, or a basic authentication that has access to that exchange server.
You will have to have admin right in order to do that.