Authentication Problems via Telnet

Good Afternoon,

I have a very strange issue happening in our environment with SMTP.

Information about our environment:

Mail Server: Exchange 2013
Mail Server OS: Windows Server 2012 R2 Standard
Receive connector on exchange has been created and is enabled
Users workstations: Windows 7 Professional
Users workstation mail clients: Office 2010
All users have local administrative rights to the workstations

Please read carefully my test results before answering. To keep it as simple as possible, tests are done with a telnet session and the goal is to authenticate successfully in the telnet session, nothing more.

The commands I am using in telnet is steps 1 through 7 from here: https://technet.microsoft.com/en-us/library/aa995718(v=exchg.65).aspx I am not concerned about the rest of the steps in this document with testing mail flow as the goal here is to authenticate ONLY.

For our tests we used two domain users (Mary and Peter) and 3 workstations (Peter’s workstation, Mary’s workstation and a test machine. Test machine is newly built with ONLY Windows installed for our testing with this issue), in these tests both users are using the CORRECT credentials. Result tests below.

telnet unsucessful authentication
1. Mary logs in to her workstation using her domain credentials and attempts to authenticate via telnet using her domain credentials. Authentication is UNSUCCESSFUL (seen above).

2. Mary logs in to her workstation under her domain credentials, Peter attempts to authenticate via telnet on her machine using his domain credentials. Authentication is SUCESSFUL.

3. Peter logs in to Mary’s workstation using his domain credentials and attempts to authenticate via telnet on her machine using his domain credentials. Authentication is SUCESSFUL

4. Peter logs in to his workstation using his domain credentials and attempts to authenticate via telnet on his machine using his domain credentials. Authentication is SUCESSFUL.

5. Mary logs in to Peters workstation using her domain credentials and attempts to authenticate via telnet on his machine using her domain credentials. Authentication is SUCESSFUL.

6. Peter logs in to his workstation using his domain credentials, Mary attempts to authenticate via telnet on his machine using her domain credentials. Authentication is SUCESSFUL

7. Peter logs in to the test workstation using his domain credentials and attempts to authenticate via telnet on the test machine using his domain credentials. Authentication is UNSUCESSFUL.

8. Mary logs in to the test workstation using his domain credentials and attempts to authenticate via telnet on the test machine using her domain credentials. Authentication is UNSUCESSFUL.

So what is causing this? From these tests we have come to the conclusion that something must be missing or disabled from both Mary’s and the test workstation, however why would Peter authenticate successfully on Mary’s machine if that were the case (test 2).

And it doesn’t appear that there is an issue with exchange as when Mary attempts to authenticate from Peters machine she is successful (tests 5 and 6).

We are absolutely stumped.

Anybody got any ideas?

Kindly advise.

Regards,
N
LVL 1
KevinInformation TechnologyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

joinaunionCommented:
Is Mary's machine blocking port 25 assuming your using port 25? Are you configured to use SSL&TLS and is Mary's pc configured likewise?
KevinInformation TechnologyAuthor Commented:
@joinaunion

Yes we are indeed using port 25.

All workstations including Mary's has Windows firewall disabled. So the port is not being blocked by the workstation.

All of the below are enabled under Mary's profile as well as all other users via GPO.

IE Advanced Options
Kindly advise.

Regards,
N
joinaunionCommented:
Are you able to assign Mary's pc a new ip and try again? (test purposes) I feel you may have tried to many times with the current ip wich in turn may have caused a Authentication ban on the current ip.

Please post back.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

KevinInformation TechnologyAuthor Commented:
@joinaunion

OK. Will give it a try tonight and revert back.

Thanks,
N
KevinInformation TechnologyAuthor Commented:
@joinaunion

So I changed the IP of Mary's machine as you suggested and the bugger finally authenticated. Amazing!!! Thank you so much, I never even imagined it could be the bloody IP giving us all this fuss.

So now that that's settled, how would I go about to remove this Authenticated ban on the IP??? I'm assuming exchange, but where in exchange as I've read several articles that this first had to be set up and to my knowledge it never was.

Below screenshot is where i should find it in the protection menu there should be a "Action Center" but its not there. Is there another place where it would be blocked?

exchange.png
Kindly advise.

Regards,
N
joinaunionCommented:
Is there a specific intrusion software your using on your server? If so that is where you will want to unblock/unban.

If not please post back.
KevinInformation TechnologyAuthor Commented:
@joinaunion - Thank you for your time. We do have a cisco ironport appliance for mail, however I haven't been able to locate the area for blocking/unblocking IP's within there.

Don't worry about it though, you have solved my initial problem and that's what matters most. I will be contacting cisco tonight to see if they can assist me, since we are paying for support of the appliance anyways.

Thanks again.

Kind Regards,
N
joinaunionCommented:
Glad to have helped. Anytime.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.