Link to home
Start Free TrialLog in
Avatar of MCIT-Libya
MCIT-Libya

asked on

POP3 not working with exchange 2016

i have two Exchange Server 2016 installed, i need to enable pop3 on ports 110 and 25, it keeps asking me username/password  whereas i am giving right info.

My Exchange is not live yet, so i am using public IP to access it instead of hostname.

i can telnet to both ports from the internet on 110 and 995

On Remote connectivity Analyzer it's not allowing me to do the test since it does not allow me to enter IP of server only, instead of hostname.
On exchange shell, if i run test-popconnectivity the following will go success:
Test-PopConnectivity -ClientAccessServer exchange-dr -lightmode -MailboxCredential (Get-Credential)
Test-PopConnectivity -ClientAccessServer exchange-dr -lightmode -MailboxCredential (Get-Credential)  -PortClientAccessServer 995

but following will fail:
Test-PopConnectivity -ClientAccessServer exchange-dr -lightmode -MailboxCredential (Get-Credential) -PortClientAccessServer 110

The error is:
Microsoft.Exchange.Monitoring.ProtocolException:
                                                              Authentication failed.
                                                             The connection is being
                                                             closed.
                                                             The handshake failed
                                                             due to an unexpected
                                                             packet format.Server
                                                             response while making
                                                             connection:[]. --->
                                                             System.IO.IOException:
                                                             The handshake failed
                                                             due to an unexpected
                                                             packet format.
Avatar of als315
als315
Flag of Russian Federation image
Have you followed these instructions:
https://docs.microsoft.com/en-us/exchange/clients/pop3-and-imap4/configure-pop3
?
I think it is not possible to use IP address instead of FQDN of your server, but you can add FQDN to the hosts file on client:
c:\Windows\System32\drivers\etc\hosts
Avatar of masnrock
masnrock
Flag of United States of America image
Check your settings for POP. What is LoginType set as? If SecureLogin, that would explain your issues. Remember that you're trying to go the insecure route, which I would never recommend.
Avatar of Michelangelo
Michelangelo
Flag of Italy image
check your POP settings: 
get-popsettings -server yourserver| fl identity, UnencryptedOrTLSBindings, SSLBindings

Open in new window


that will show where you are using TLS/SSL and where you are using unencrypted connection.
Then use the relevant value for Test-PopConnectivity parameter:
-ConnectionType

The ConnectionType parameter specifies the type of connection that's used to connect to the POP3 service. Valid values are:
Plaintext

References:
https://docs.microsoft.com/en-us/powershell/module/exchange/client-access/test-popconnectivity?view=exchange-ps
Avatar of MCIT-Libya
MCIT-Libya

ASKER

Thanks for your prompt help, following are the settings for pop3 configured.


UnencryptedOrTLSBindings : {[::]:110, 0.0.0.0:110}
SSLBindings              : {[::]:995, 0.0.0.0:995}

right now if i add -connectiontype PlainText in test-popconnectivity command even 110 port goes successful

So with test-popconnectivity both ports are working 110 with plaintext and 995 without, but still my pop client couldn't manage to connect.

if i try to connect on port 110 it keeps asking me for username/password, and if i try to connect with 995 it says that server not responding.

Please advise.
Avatar of Michelangelo
Michelangelo
Flag of Italy image
I suspect some sort of network/firewall issue
try this and check settings are what you expect 
get-exchangeserver yourserver |  get-popsettings | fl identity, UnencryptedOrTLSBindings, SSLBindings, X509certificate, logintype, InternalConnectionSettings, ExternalConnectionSettings,*banner*

Open in new window


TELNETting form the internet does connect to 995? If no connection, pass the issue to whoever cares after network. If it's you, check you firewall settings. Also, check Exchange firewall rules (they should be set up automatically to allow for incoming connections.

If you get an answer from the 995 port,  try setting the ip/fqdn association in your local host file.

Also, note you can enable protocollog with set-popsettings to get more info about the error.
Avatar of MCIT-Libya
MCIT-Libya

ASKER

i can telnet to 110 port successfully but cannot on 995

i believe it is something with exchange server itself, i tried to telnet on the server itself but still could not manage on port 995

once i enable protocol logs where can i check those logs?

in the recieve connectors do i have to add ports 110 and 995?
Avatar of MCIT-Libya
MCIT-Libya

ASKER

after enabling protocol logging, i found this in the logs:

ErrMsg=ProxyNotAuthenticated
Avatar of MCIT-Libya
MCIT-Libya

ASKER

i am using wild card certificate, is it ok?
Avatar of Michelangelo
Michelangelo
Flag of Italy image
Never met that issue
have a look at a elevated cmd to your proxy settings (though they don't matter for local connections)
netsh winhttp show proxy

However, have a look at this thread and let us know any outcome you get

https://social.technet.microsoft.com/Forums/Azure/en-US/b14005e4-6416-463b-91db-a4f14620c9f2/imap-connection-failure-no-login-failed-proxynotauthenticated?forum=exchangesvrclients

it is suggested
We finally engaged Microsoft support and we have been asked to perform the following:

Change the value of EnableGSSAPIAndNTLMAuth value on IMAPSettings on the Exchange 2013 servers to FALSE and restart both IMAP services: Set-IMAPSettings –EnableGSSAPIAndNTLMAuth:$FALSE  -Server "<name of the Exchange server>"
If the issue persist, change the LogOn type of "MSExchangeIMAP4backend" service from "Network Service" to "Local System Account" on all Mailbox servers and restart the service
The issue has been resolved at step 2.

For more explanation, Microsoft suspect that the behaviour is related with the privileges of Network Service and Local System accounts:

Local System is a very high-privileged built-in account. It has extensive privileges on the local system and acts as the computer on the network.

Network Service account is a built-in account that has more access to resources and objects than members of the Users group. Services that run as the Network Service account access network resources by using the credentials of the computer account.
Avatar of MCIT-Libya
MCIT-Libya

ASKER

Hi,

There is an update, my current findings are that since i have two exchange servers(but they  are on different IP subnets)  and incoming/outgoing of pop3 i am giving are for exchange 1 which is different for the client. the exchange 1 forwards that request to exchange 2 and both servers are having issue while communicating because of some SSL issue.

i shutdown other exchange, now i can logon incoming server successfully. but for outgoing if i use port 2525 it's working fine but i need to use 25 and 465 working. both of them are not working. for port 25 it is keep asking for password and for 465  it is giving me encryption setting error.

i have attached pics for my settings on 25 and 465, on port 2525 it's working fine. but i have to make it work on 25 and 465.

Please advise
set1.jpg
set2.jpg
Avatar of MCIT-Libya
MCIT-Libya

ASKER

Also after turning off Exchange 2, i have lost access to ecp and owa. it gives me http 503 error.

i enter https://mymailserver/ecp/?exchclientver=15 instead of just https://mymailserver/ecp it works fine

but owa is not working at all. i have already tried to fix the bindings of the certificate to Microsoft Exchange but nothing happened.
Avatar of MCIT-Libya
MCIT-Libya

ASKER

So the final conclusion is that as soon as i turn off exchange 2. Everything, pop3 and owa/ecp are working fine but as soon as i switch that server  ON things stop.

Any ideas what should i do for this?
Avatar of Michelangelo
Michelangelo
Flag of Italy image
You have a custom setup which is not working and that is dependant both on your network setup and on the people who did that setup. For one You should not have ssl issues when proxying between exchanges and you should not use port 2525 to send emails. Chances are that Troubleshooting your setup would be lenghty and would involve your network team. Try to understand why you exchange was setup the way it is and come back.
Avatar of MCIT-Libya
MCIT-Libya

ASKER

Well, This is fresh installation of exchange. The exchange servers are physically at different sites connected together using site to site vpn.

That's why there network range is different.

i want to make sure that when exchange 2 stops, exchange 1 keeps working.

now pop3 works fine but only if exchange 2 is online also. if that exchange stops than pop3 and owa both stops even on the other server.

how can i check this dependency and fix it.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.