Solved

Authentication Problems via Telnet

Posted on 2016-11-08
8
35 Views
Last Modified: 2016-11-10
Good Afternoon,

I have a very strange issue happening in our environment with SMTP.

Information about our environment:

Mail Server: Exchange 2013
Mail Server OS: Windows Server 2012 R2 Standard
Receive connector on exchange has been created and is enabled
Users workstations: Windows 7 Professional
Users workstation mail clients: Office 2010
All users have local administrative rights to the workstations

Please read carefully my test results before answering. To keep it as simple as possible, tests are done with a telnet session and the goal is to authenticate successfully in the telnet session, nothing more.

The commands I am using in telnet is steps 1 through 7 from here: https://technet.microsoft.com/en-us/library/aa995718(v=exchg.65).aspx I am not concerned about the rest of the steps in this document with testing mail flow as the goal here is to authenticate ONLY.

For our tests we used two domain users (Mary and Peter) and 3 workstations (Peter’s workstation, Mary’s workstation and a test machine. Test machine is newly built with ONLY Windows installed for our testing with this issue), in these tests both users are using the CORRECT credentials. Result tests below.

telnet unsucessful authentication
1. Mary logs in to her workstation using her domain credentials and attempts to authenticate via telnet using her domain credentials. Authentication is UNSUCCESSFUL (seen above).

2. Mary logs in to her workstation under her domain credentials, Peter attempts to authenticate via telnet on her machine using his domain credentials. Authentication is SUCESSFUL.

3. Peter logs in to Mary’s workstation using his domain credentials and attempts to authenticate via telnet on her machine using his domain credentials. Authentication is SUCESSFUL

4. Peter logs in to his workstation using his domain credentials and attempts to authenticate via telnet on his machine using his domain credentials. Authentication is SUCESSFUL.

5. Mary logs in to Peters workstation using her domain credentials and attempts to authenticate via telnet on his machine using her domain credentials. Authentication is SUCESSFUL.

6. Peter logs in to his workstation using his domain credentials, Mary attempts to authenticate via telnet on his machine using her domain credentials. Authentication is SUCESSFUL

7. Peter logs in to the test workstation using his domain credentials and attempts to authenticate via telnet on the test machine using his domain credentials. Authentication is UNSUCESSFUL.

8. Mary logs in to the test workstation using his domain credentials and attempts to authenticate via telnet on the test machine using her domain credentials. Authentication is UNSUCESSFUL.

So what is causing this? From these tests we have come to the conclusion that something must be missing or disabled from both Mary’s and the test workstation, however why would Peter authenticate successfully on Mary’s machine if that were the case (test 2).

And it doesn’t appear that there is an issue with exchange as when Mary attempts to authenticate from Peters machine she is successful (tests 5 and 6).

We are absolutely stumped.

Anybody got any ideas?

Kindly advise.

Regards,
N
0
Comment
Question by:nobushi
  • 4
  • 4
8 Comments
 
LVL 16

Expert Comment

by:joinaunion
ID: 41879544
Is Mary's machine blocking port 25 assuming your using port 25? Are you configured to use SSL&TLS and is Mary's pc configured likewise?
0
 
LVL 1

Author Comment

by:nobushi
ID: 41879625
@joinaunion

Yes we are indeed using port 25.

All workstations including Mary's has Windows firewall disabled. So the port is not being blocked by the workstation.

All of the below are enabled under Mary's profile as well as all other users via GPO.

IE Advanced Options
Kindly advise.

Regards,
N
0
 
LVL 16

Accepted Solution

by:
joinaunion earned 500 total points
ID: 41881172
Are you able to assign Mary's pc a new ip and try again? (test purposes) I feel you may have tried to many times with the current ip wich in turn may have caused a Authentication ban on the current ip.

Please post back.
0
 
LVL 1

Author Comment

by:nobushi
ID: 41881262
@joinaunion

OK. Will give it a try tonight and revert back.

Thanks,
N
1
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 1

Author Comment

by:nobushi
ID: 41881532
@joinaunion

So I changed the IP of Mary's machine as you suggested and the bugger finally authenticated. Amazing!!! Thank you so much, I never even imagined it could be the bloody IP giving us all this fuss.

So now that that's settled, how would I go about to remove this Authenticated ban on the IP??? I'm assuming exchange, but where in exchange as I've read several articles that this first had to be set up and to my knowledge it never was.

Below screenshot is where i should find it in the protection menu there should be a "Action Center" but its not there. Is there another place where it would be blocked?

exchange.png
Kindly advise.

Regards,
N
0
 
LVL 16

Expert Comment

by:joinaunion
ID: 41882687
Is there a specific intrusion software your using on your server? If so that is where you will want to unblock/unban.

If not please post back.
0
 
LVL 1

Author Closing Comment

by:nobushi
ID: 41882985
@joinaunion - Thank you for your time. We do have a cisco ironport appliance for mail, however I haven't been able to locate the area for blocking/unblocking IP's within there.

Don't worry about it though, you have solved my initial problem and that's what matters most. I will be contacting cisco tonight to see if they can assist me, since we are paying for support of the appliance anyways.

Thanks again.

Kind Regards,
N
0
 
LVL 16

Expert Comment

by:joinaunion
ID: 41883090
Glad to have helped. Anytime.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A procedure for exporting installed hotfix details of remote computers using powershell
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now