- Remove From My Forums
-
Question
-
Hello,
on my exchange 2016 server i am receiving the following event:Inbound authentication failed with error LogonDenied for Receive connector Default Frontend EX02. The authentication mechanism is Login. The source IP address of the client who tried to authenticate to Microsoft Exchange is [192.168.2.207].
I didn`t find the solution yet.
192.168.2.207 is the ip of my Kemp-load-balancer.Anybody who know a Solution for this?
Thx
Answers
-
Yes. here it is :
go to ADSI Edit, Configuration -> Services -> Microsoft Exchange -> Domain.com-> Administrative Groups -> Exchange Administrative Group -> Servers -> CAS01->
Protocols -> SMTP Receive Connectors, then go to the properties for the «Client Proxy CAS01» .on the security tab, go to «Authenticated Users» and make sure «Accept any Sender» and «Accept Authoritative Domain Sender» are Allow
-
Marked as answer by
Monday, July 4, 2016 6:00 PM
-
Marked as answer by
When you cleared out the Active Directory entries for your failed exchange server, you may have taken out a little too much stuff, including the Service Connection Point settings. If you go back to the ACBrown IT World blog post you linked above, you’ll note that I wrote an additional post that explains the inner workings of the SCP for Autodiscover. Check those settings and make sure that they are pointing to the new server rather than the old one, otherwise you’ll have trouble connecting systems that are on the domain.
As for the error message you’re getting above, that’s usually due to the permissions not being set properly for impersonation or something similar. You may have already found it, but look here:
http://support.microsoft.com/kb/979174 Opens a new window
That suggests that the Service Principal Name for the server itself is not set up properly. This may actually be an artifact of the old exchange server. Did you use the same server name when you built the replacement server? If you did, was the old server fully deleted from AD? If you just reset the account in AD when building the new server and used that object to join the new server, the SPN information attached to it may be corrupted. Recreating the SPN should fix the error in that case. Also check firewall (if it’s on, Windows Firewall can be a little overzealous on servers).
Was this post helpful?
thumb_up
thumb_down
- Remove From My Forums
-
Question
-
Hi. We have a single Ex2007 SP1 server. Recently we started having one sender from outside the organization start getting their messages NDRed (it worked fine before). First they would get a delay notice then it would bomb out with SMTP 4.4.7 error. We can send to them, but they can’t send to us.
Next I start looking in the server’s application event log and see many of these about every 15 min.:
Event ID: 1035
Source: MSExchangeTransport
Inbound authentication failed with error LogonDenied for Receive connector Default MAIL. The authentication mechanism is Gssapi. The source IP address of the client who tried to authenticate to Microsoft Exchange is [xxx.xxx.xxx.xxx].I check out the IP address and it is the IP of the sender that can no longer send.
That lead to much googling which suggested 1. Turning off Exchange Authentication and Integrated Authentication on the Default connector. or 2. Making another connector for that IP with those authentication methods disabled.
I guess what I don’t understand is why this server requires authentication at all just to send us mail. What makes me a little more cautious is that when I check their mail server on mxlookup it says those servers may be open relays. They are not, however, on any blacklists. Any insight would be greatly appreciated.
Answers
-
Hi,
From your description, it seems to be a known issue.
Cause:
The remote hosts that are attempting to connect to the E2k7 and generating the event ID 1035 appear to be an Exchange 2000 server. During the SMTP session, they are trying to authenticate using X-EXPS GSSAPI instead of ANONYMOUS LOGON and they are failing authentication. E2k7 is then dropping the connection with a 400 level response so the remote hosts will retry the connection later. Currently, it is not clear why it is attempting to authenticate instead of doing an anonymous logon. Most likely, the server is an Exchange server and when it sees another Exchange server is answering, it is attempting the authentication.Workaround:
Set the Default Receive connector to have a RemoteIPRange for the internal network only.Configured a new receive connector with a Type of «Internet». With this type of connector, the only Authentication that is enabled is TLS so the AUTH GSSAPI verb will not be advertised. Anonymous Permission Group will be automatically added. This will prevent any remote Exchange servers from attempting to use Exchange authentication.Restarted the Transport service.
Mike
After installing CU4 on my Exchange 2016 servers and bouncing them, they started throwing MSExchangeTransportDelivery Event 1035 every few minutes.
Here’s the full error:
Log Name: Application
Source: MSExchangeTransportDelivery
Date: 3/19/2017 10:30:14 AM
Event ID: 1035
Task Category: SmtpReceive
Level: Warning
Keywords: Classic
User: N/A
Computer: MBX1.exchangeitup.com
Description:
Inbound authentication failed with error UnexpectedExchangeAuthBlobCheckForClockSkew for Receive connector Default Mailbox Delivery MBX1. The authentication mechanism is ExchangeAuth. The source IP address of the client who tried to authenticate to Microsoft Exchange is [127.0.0.1].
The error, in this case tells you exactly what to look for. Check the system clocks across your Exchange servers and Domain Controller.
For now (to get Exchange running properly), manually set the clocks the same and then restart the Frontend Transport and Transport Services on each Exchange server.
Now, figure out why your clocks are wrong. If these are VM’s, follow my post on how to set your VMWare host and guest clocks.
If they’re hardware machines, prolly need to replace the CMOS battery, which prolly means if it’s that old, you need to replace the server itself 
Проблема:
В журнале приложений CAS01 фиксируются предупреждения вида:
Log Name: Application
Source: MSExchangeFrontEndTransport
Date: 09.07.2013 15:24:02
Event ID: 1035
Task Category: SmtpReceive
Level: Warning
Keywords: Classic
User: N/A
Computer: CAS01.domain.com
Description:
Inbound authentication failed with error LogonDenied for Receive connector Client Frontend CAS01. The authentication mechanism is Login. The source IP address of the client who tried to authenticate to Microsoft Exchange is [127.0.0.1].
Event Xml:
< Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
<System>
<Provider Name=»MSExchangeFrontEndTransport» />
<EventID Qualifiers=»32772″>1035</EventID>
<Level>3</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=»2013-07-09T11:24:02.000000000Z» />
<EventRecordID>164696</EventRecordID>
<Channel>Application</Channel>
<Computer>CAS01.domain.com</Computer>
<Security />
</System>
<EventData>
<Data>LogonDenied</Data>
<Data>Client Frontend CAS01</Data>
<Data>Login</Data>
<Data>127.0.0.1</Data>
</EventData>
< /Event>
При этом в журнале «\cas01c$Program FilesMicrosoftExchange ServerV15TransportRolesLogsFrontEndProtocolLogSmtpReceive» фиксируются записи вида:
CAS01,08D04A98B8FDD36A,42,127.0.0.1:587,127.0.0.1:41112,*,,Inbound AUTH LOGIN failed because of LogonDenied 2013-07-09T11:24:03.000Z,CAS01Client Frontend CAS01,08D04A98B8FDD36A,43,127.0.0.1:587,127.0.0.1:41112,*,,User Name: HealthMailbox896e040d888546a48194fb00dd245648@domain.com
Решение:
Вывести список всех ящиков HealthMonitor’ов по команде powershell-консоли Exchange на сервере CAS01:
PS> Get-Mailbox -Monitoring
Удалить все эти ящики:
PS> Get-Mailbox -Monitoring | Remove-Mailbox
При этом выбрать вариант «[A] Yes to All».
При запуске командлета могут появляться ошибки вида:
Active Directory operation failed on server.domain.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031520C3, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : NotSpecified: (:) [Remove-Mailbox], ADOperationException
+ FullyQualifiedErrorId : 7C60F97C,Microsoft.Exchange.Management.RecipientTasks.RemoveMailbox
+ PSComputerName : cas01.domain.com
Проверить оставшиеся ящики:
PS> Get-Mailbox -Monitoring
Найти в AD учётную запись (или записи), соответствующую имени оставшегося ящика HealthMonitor’а, и проверить, что в её свойствах в разделе «Profile» -> «Security» -> «Advanced» предлагается только отключить наследование прав (Disable inheritance). Если же предлагается наоборот включить наследование, то включить наследование.
Ещё раз выполнить удаление ящиков:
PS> Get-Mailbox -Monitoring | Remove-Mailbox
Проверить оставшиеся ящики:
PS> Get-Mailbox -Monitoring
Даже если какие-то ящики остались, перезапустить службу «MSExchangeHM» (Microsoft Exchange Health Manager) на всех серверах: CAS01, MBX01, MBX02.
Кое-что по теме: