Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Database mail constantly tries to use DOMAIN\Administrator account
So the Title says it all...
We have an 2008 R2 SQL Server that sends database mail to our Exchange 2007 server using a variety of stored procedures. None of the Database mail profiles/accounts use the DOMAIN\Administrator account (well-know accounts such as Administrator cannot use exchange server). What is happening:
In the Exchange server logs there is error 1035(logon denied) followed by 1020(user has valid credentials but is not authorized to use the server) These are expected if DOMAIN\Administrator tries to use the system; problem is, this account ISN'T using the system as far as I can see. SQL Server services and SQL server agent services are all started with DOMAIN\testuser account... I'm stuck.
I have attached the smtpReceive log from the exchange server as well; it shows the denied login but I cannot figure out where it is coming from!
The emails that we EXPECT to be sent are indeed sent; there is just this unsuccessful login even though there is no email going to/coming from DOMAIN\Administrator...
Any insight or help would be greatly appreciated!
Andy
We have an 2008 R2 SQL Server that sends database mail to our Exchange 2007 server using a variety of stored procedures. None of the Database mail profiles/accounts use the DOMAIN\Administrator account (well-know accounts such as Administrator cannot use exchange server). What is happening:
In the Exchange server logs there is error 1035(logon denied) followed by 1020(user has valid credentials but is not authorized to use the server) These are expected if DOMAIN\Administrator tries to use the system; problem is, this account ISN'T using the system as far as I can see. SQL Server services and SQL server agent services are all started with DOMAIN\testuser account... I'm stuck.
I have attached the smtpReceive log from the exchange server as well; it shows the denied login but I cannot figure out where it is coming from!
The emails that we EXPECT to be sent are indeed sent; there is just this unsuccessful login even though there is no email going to/coming from DOMAIN\Administrator...
Any insight or help would be greatly appreciated!
Andy
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Just follow the steps from this video:
https://www.youtube.com/watch?v=3tC4hbFXHE8
When you get to the Server name in the New Database Mail Account window make sure you give the exchange server full address, domain included, and then beneath in the SMTP Authentication section use either Anonymous, if it will be accepted, or a basic authentication that has access to that exchange server.
You will have to have admin right in order to do that.
https://www.youtube.com/watch?v=3tC4hbFXHE8
When you get to the Server name in the New Database Mail Account window make sure you give the exchange server full address, domain included, and then beneath in the SMTP Authentication section use either Anonymous, if it will be accepted, or a basic authentication that has access to that exchange server.
You will have to have admin right in order to do that.
But I have done that... This is a fresh install of SQL server on a new Windows 2012 box, and this issue showed up after we migrated. Each mail account is using a domain user (that is NOT Admin); everything works fine EXCEPT the authentication failure that should not be there there at all.... That's the issue.
Databases and these mail accounts/profiles. Databases were moved via backup/restore and the mail profiles/accounts were scripted out. Basically every time SQL server goes to send an email it is trying to authenticate the DOMAIN\Admin account. We don't have any SQL alerts being used, these are all scripts that send....
Well.... I created a new profile and linked it to a new account. Tested by running a simple query script. Emails sent fine, and same errors logged... so still no dice...
Zberteoc,
Yes, they are warnings only. I could have sworn I attached that log file, it is attached here. And yes, I am probably ok, it is just something I have been trying to troubleshoot as it was not there before...
errorlog10351020.txt
Yes, they are warnings only. I could have sworn I attached that log file, it is attached here. And yes, I am probably ok, it is just something I have been trying to troubleshoot as it was not there before...
errorlog10351020.txt
If it makes you feel better I am using at our company Database Mai Profiles for years now and only because your question I noticed that we get the same warnings in the Exchange Server(ES) but never had any issues sending email. Administrating the ES is not part of my job and I have never even bothered to ask about the logs. :)
This is a question for an ES admin rather than a DBA.
This is a question for an ES admin rather than a DBA.
interesting! I started with ES Admin, but after much discussion determined that yes this is indeed an SQL issue. I will leave it alone... For now! :-)
It is NOT an SQL issue! I just asked our ES admin and he says that those warning are there not only my database mail profiles related but in regards with other accounts as well.
This is obviously an ES issue.
This is obviously an ES issue.
Really... interesting even more! all of our other mail-related stuff (PHP, etc) have no issue whatsoever....
Of course, I went along and made sure that none of our SMTP calls are done using well-known accounts since those are blocked and will raise these warnings. At any rate thanks for the info!
Of course, I went along and made sure that none of our SMTP calls are done using well-known accounts since those are blocked and will raise these warnings. At any rate thanks for the info!
So the conclusion is that other account could be in the same status/situation like the ones used with the db mail profiles. Maybe they need some setting changed on ES side. If you find the answer please let me know.
Will do. I cannot seem to locate the KB link, but Exchange 2007 and up block certain account as they are most often hacked. Administrator is one of them; you need to use a different account when sending. I have several apps that I can replicate this exact issue with simply by changing the account to DOMAIN\Administrator. Best practice is to always create a specific user account for mail send and giving that user only the rights to send mail and nothing else. prevents a hacker from getting hold of the entire system!
Premium Content
You need an Expert Office subscription to comment.Start Free Trial