SMTP keeps prompting for credentials

I have a new Exchange 2016 server. OWA works perfectly. iPhones and Androids using ActiveSync work perfectly. Outlook clients on the local domain work perfectly. All and send and receive just fine. My Digicert certificate displays correctly for HTTPS.

The issue I am having is with the few remaining POP users. They can receive email just fine, but can't send. The issue is that the SMTP server won't accept anyone's credentials. Regardless of the email client, it always comes back and asks for the password again.

I have followed all of the steps here and triple-checked: https://technet.microsoft.com/en-us/library/gg298947(v=exchg.160).aspx

When I sign in to OWA and go to options, I see the SMTP settings displayed pointing to port 587.

What am I missing?
LVL 1
AaronSSHIT ConsultantAsked:
Who is Participating?
 
AaronSSHConnect With a Mentor IT ConsultantAuthor Commented:
This problem is resolved. I never figured out the exact cause. What I did to fix it was to copy all settings for all send/receive connectors one-by-one from a known good exchange server to this exchange server. After doing this, everything started working.
0
 
timgreen7077Exchange EngineerCommented:
Make sure that pop is enabled on ALL your Exchange 2016 servers, if that doesn't resolve the issue, enable pop logging so that you can see whats happening.
0
 
AaronSSHIT ConsultantAuthor Commented:
Only one server here. POP is ok, all POP connections accept the user/pass. It's only SMTP that is rejecting the user/pass.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Wayne88Commented:
Assuming you have already configured the network side  (opening up the port in your main firewall/router and forward the port to the Exchange server), can you check these:

If you have POP3 or IMAP4 clients that can only send SMTP email on port 25, you can configure port 25 on the "Client Frontend <Server name>" Receive connector to allow clients to send authenticated SMTP email. However, because port 25 is also configured on the "Client Frontend <Server name>" Receive connector for email from external SMTP servers, you'll need to modify the local IP addresses that are used to listen on port 25 on one or both of the connectors. For more information, see Receive connector local address bindings.

You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Receive connectors" entry in the Mail flow permissions topic.


https://technet.microsoft.com/en-us/library/gg298947(v=exchg.160).aspx
1
 
AaronSSHIT ConsultantAuthor Commented:
Initially I was testing externally. But now I am working locally, internal LAN, no firewall, direct connection to the Exchange server on the same physical switch.
0
 
timgreen7077Exchange EngineerCommented:
Ah ok. Do you have a SMTP relay created so that it will send out emails, if so it's normally anonymous so credentials aren't required.
1
 
Wayne88Commented:
Also check that you have allowed the clients to use SMTP as show below :

IC859294.jpg
0
 
AaronSSHIT ConsultantAuthor Commented:
I am using Exchange's default Client Frontend connector on port 587. I can't allow anonymous access because this port is externally exposed for remote, traveling users who need to send email.
0
 
AaronSSHIT ConsultantAuthor Commented:
Yep, the SMTP settings on OWA look just like your screenshot.
0
 
timgreen7077Exchange EngineerCommented:
agreed, look @wayne88 solution. that should fix the issue with the receive connector.
0
 
Wayne88Commented:
Is there an option in the email client to turn on logging?  We need to know what the error is and did you enter the username as "domain\username"?

Not sure if Exchange authentication will be in the event viewer of the Exchange server but wouldn't hurt to check to see if it's the credential being rejected.
0
 
timgreen7077Exchange EngineerCommented:
enable pop logging on the exchange server also.
0
 
AaronSSHIT ConsultantAuthor Commented:
I have tried Outlook, Foxmail (the user speaks chinese), and Thunderbird. One user has the issue on a phone but I don't know what software he is using. I was hoping for a more specific error message but I receive no error, only a repeat in requesting the credentials.

I have tried domain\username, username@domain, and the actual email address. username only works for POP, but not smtp.
0
 
AaronSSHIT ConsultantAuthor Commented:
Can you clarify why I would enable POP logging for an SMTP issue? POP is functioning correctly.
0
 
timgreen7077Exchange EngineerCommented:
You are attempting to email with a pop client,  so logging may show the failure and help lead to resolution.
0
 
AaronSSHIT ConsultantAuthor Commented:
Thunderbird reports: "Login to server mail.us.myprivatedomain.com failed."
0
 
Wayne88Commented:
This is internal right?  Sounds like it cannot find the server.  Did you create the A record on the DNS server to point to the Exchange server?

Can you ping mail.us.myprivatedomain.com successfully?
0
 
AaronSSHIT ConsultantAuthor Commented:
Internal. It finds the server ok (it's the same DNS name as POP). The issue is that it is rejecting the user credentials.
0
 
Wayne88Commented:
On the client side, using Outlook as an example you will see an option where you need to specify that the SMTP server requires authentication.   Can you make sure this is checked and to use the same settings as your incoming configuration.

IC859294.jpg
0
 
AaronSSHIT ConsultantAuthor Commented:
Yes, it is set to "use same".
0
 
Wayne88Commented:
I am out of ideas since you are sure that this is an SMTP authentication problem.  I will let you know if I can think of anything else.
0
 
AaronSSHIT ConsultantAuthor Commented:
I installed Wireshark and am going to see if I can capture a log of what is going on here.
0
 
AaronSSHIT ConsultantAuthor Commented:
Well, here's a wireshark capture of port 587 traffic. But I'm not smart enough to be able to interpret it:
https://www.dropbox.com/s/gl98j5a8szz6nm2/wireshark%20log.pcapng?dl=0
0
 
AaronSSHIT ConsultantAuthor Commented:
When using Powershell's Send-Mailmessage, I get this error:
5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM

What is odd is that I get this message even though I am providing credentials, it is not anonymous. That's where I'm hung up.
0
 
Wayne88Commented:
Thanks for getting back.  You can close this ticket and choose your own post as the solution. Cheers!
0
 
AaronSSHIT ConsultantAuthor Commented:
solved
0
All Courses

From novice to tech pro — start learning today.