Exchange 2013: Pop/Imap clients unable to Authenticate
Lets take a look at an issue in E2013 where Pop/Imap clients unable to Authenticate
Exchange 2010 SP3: 2 mailbox server in DAG, 2 CAS/HT with windows NLB
Exchange 2013 CU1: 2 mailbox server in DAG, 2 CAS with windows NLB
During the co-existence phase during Exchange 2010 to 2013 migration, Pop/Imap clients are unable to authenticate.
In the log file we can see the following message. No other message.
NLB IP:993,ClientIP:55612,,112,27,23,login,Loginid password,”R=””05up NO LOGIN failed.””;Msg=””User:username:2796642b-68aa-49cc-93c0-0414276541fe:SDB1:mailbox server FQDN;Proxy:mailbox server FQDN:143:SSL;NotAuthenticated”””
By default logging is disabled and you need to enable by running the below cmd:
Set-imapsettings -server CASServerName –ProtocolLogEnabled $true
Set-popsettings -server CASServerName –ProtocolLogEnabled $true
Default Imap Log File Location is C:Program FilesMicrosoftExchange ServerV15LoggingImap4
Default Pop Log File Location is C:Program FilesMicrosoftExchange ServerV15LoggingPOP3
You might also see the following events in the system log:
Log Name: System
Date: 8/4/2013 1:00:33 AM
Event ID: 36888
Task Category: None
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
This is a bug in Exchange 2013 CU1.
Install Cumulative update 2 for Exchange 2013 on all the Exchange 2013 Servers starting from Mailbox role.
For sending emails when you use SMTP we will be using the CAS client connector and might need to run the below cmd.
Set-ReceiveConnector “*CASHostnameClient Frontend CASHostname” -AdvertiseClientSettings $True -FQDN NLBUrl
I am using windows NLB so I am used NLBUrl in the cmd to get high availability.
I have asked Microsoft to fix the cmd in the below link:
I would recommend moving to CU2 if you have pop/imap users.
Microsoft MVP | Exchange Server