Announcement

Collapse
No announcement yet.

Exchange 2003 and xexch50 error????

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2003 and xexch50 error????

    Hello all,

    I have two offices connected via a DSL tunnel with an exchange server 2003 in each office. I have just gone live and I keep recieving these messages in my event log, in the exchange server office 1.

    Event id: 7004
    Source: MSExchange Transport

    This is an SMTP protocol error log for virtual server ID 1, connection #563. The remote host "192.168.1.8", responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 2928 2 ". This will probably cause the connection to fail.

    The IP address in our second exchange server in site 2. The error appears on the exchange server in site 1.

    Its like the second exchange server is trying to connect the the first one and its failing??

    Any help most appreciated.

    Regards,

    Rob

  • #2
    1. XEXCH50 is being denied from servers in the same Exchange organization.
    2. Check that the Windows integrated authentication is enabled on both affected servers.

    If the only problem you're seeing is that XEXCH50 is being denied in some cases, but there is no mailflow problem, it sounds like everything is ok as long as XEXCH50 is only being denied from servers outside of your Exchange org and mail is still being received.

    XEXCH50
    -------
    Exchange 2003 only accepts XEXCH50 protocol data from clients who authenticate and have been granted "Send As" permission on the receiving SMTP virtual server object in the AD. In this respect, Exchange 2003 behaves differently than Exchange 2000 (as you have noticed).

    Within a single Exchange organization, Exchange setup takes care of ensuring that all Exchange servers have the necessary "Send As" right on all of the SMTP virtual servers, through the ACL on the Exchange organization object in the AD which inherits down to all of the SMTP virtual server objects. Because of this, XEXCH50 should be properly sent and received between servers within a single Exchange organization.

    It is expected that Exchange 2003 will block inbound XEXCH50 data from other Exchange organizations by default, and in this regard the fact that it is responding with "504 Need to authenticate first" is actually correct, if the remote server is not part of the same Exchange organization.

    If you're seeing this between servers in the same Exchange organization, that is potentially an authentication or ACLing problem that should be looked into. You can use ADSIEdit.msc to investigate the ACLs of the Exchange objects in the configuration container if you suspect that the necessary Exchange server security groups have not been granted the Send As access that they need on the SMTP virtual servers.

    If you're seeing this between servers in different Exchange organizations, it is normal expected behavior, and should not actually block mailflow.

    When Exchange 2003 rejects an inbound XEXCH50 attempt, it allows the client to continue without the XEXCH50 data. When Exchange 2000 or 2003 attempt to send an XEXCH50 command and are denied, they continue to try and end their message data.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      ok thanks. Can you tell me where I can see if the Windows Authentication is enabled?

      Is that under the server settings then security tab in the exchange snapin?

      I have various users defined there..

      Thanks,

      Rob

      Comment


      • #4
        Virtual SMTP server properties - so yes in Exchange System Manager.

        Windows integrated authentiation on the SMTP virtual servers on both servers. This is on the access tab -> authentication button.
        Andrew

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          I have it turned off. The reason being I noticed a high amount of NDR messages in my event viewer and then checked my Mail queue to find 1000's off Spam messages. Even though all relaying is turned off they can still use your Exchange server as a mail relay.

          When you have windows authentication turned on.

          This article explains it:

          http://www.winnetmag.com/MicrosoftEx...ook_40507.html

          I have changed all my passwords and deleted any un-used accounts. It has stopped for the time being. I still don't know how they go it?

          Is there any way not to get this error and not have windows authentication turned on?

          Comment


          • #6
            I am starting to get worried. I noticed this today in my event log.

            This is an SMTP protocol error log for virtual server ID 1, connection #711. The remote host "213.4.134.28", responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 2368 2 ". This will probably cause the connection to fail.


            The address is not from our WAN. Its an external ip address. Are they trying to authenticate with a Windows user to our mail server? Then they could relay spam?

            I am not sure if I have to disable the relay for:
            SMTP default virtual server
            Relay
            Relay restrictions:
            Grant or deny relay permissions for specific users.

            I have marked "Authenticated users" may relay and submit permission.

            Do I need to have this enabled? Or can I disable it? All my users are connecting via OWA or via Outlook. Nothing is done via POP3.

            Rob

            Comment


            • #7
              Originally posted by robbo007
              I am starting to get worried. I noticed this today in my event log.

              This is an SMTP protocol error log for virtual server ID 1, connection #711. The remote host "213.4.134.28", responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 2368 2 ". This will probably cause the connection to fail.


              The address is not from our WAN. Its an external ip address. Are they trying to authenticate with a Windows user to our mail server? Then they could relay spam?
              Its possible someone is trying to use brute-force to guess a password.

              Originally posted by robbo007
              I am not sure if I have to disable the relay for:
              SMTP default virtual server
              Relay
              Relay restrictions:
              Grant or deny relay permissions for specific users.

              I have marked "Authenticated users" may relay and submit permission.

              Do I need to have this enabled? Or can I disable it? All my users are connecting via OWA or via Outlook. Nothing is done via POP3.
              I would remove relay permission for "Authenticated Users". If you need to allow relay consider doing it on a per users basis and never use a broad user group like Authenticated Users which could potentially include any user account. Doing this opens you to a brute-force attack because the built-in accounts are well known and gives them half of the puzzle - its much harder if they don't know the username.

              Relay is unnecessary for OWA and only external POP3 users without an ISP mail server really need it.
              Andrew

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              Comment


              • #8
                Re: Exchange 2003 and xexch50 error????

                Take a look at Microsoft article m843106 about troubleshooting the 504 error

                Comment

                Working...
                X