Microsoft KB Archive/818530

From BetaArchive Wiki

Article ID: 818530

Article Last Modified on 10/26/2006


APPLIES TO

  • Microsoft Exchange 2000 Server Standard Edition



SYMPTOMS

After you upgrade your Microsoft Exchange 2000 Server computers to Microsoft Exchange 2000 Server Service Pack 3 (SP3), the Simple Mail Transfer Protocol (SMTP) connectors that you previously configured between your routing groups no longer transfer messages between those routing groups. Additionally, the following event appears in the application log in Event Viewer: Event Type: Warning
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 1709
Date: date
Time: time
User: N/A
Computer: servername
Description: The SMTP client "IP Address" did not authenticate before attempting to send mail. Access was denied.
Data: 0000: 05 00 07 80 ...€


CAUSE

This problem occurs if all the following conditions exist:

  • You have configured an SMTP connector to an SMTP virtual server other than the default SMTP virtual server.


-and-

  • This SMTP connector does not have a routing group that is connected.


-and-

  • You have turned off anonymous access for this SMTP connector.

When you install Exchange 2000 Server Service Pack 3, X-EXPS Kerberos authentication is not performed to a virtual server whose name does not match the fully qualified domain name (FQDN) or the NetBIOS name of the computer. This is a change from Microsoft Exchange 2000 Server Service Pack 2 (SP2).

RESOLUTION

Cumulative Rollup information

To resolve this problem, obtain the September 2003 Exchange 2000 Server Post-Service Pack 3 (SP3) Rollup. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

824282 September 2003 Exchange 2000 Server Post-Service Pack 3 Rollup


Hotfix information

A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Microsoft Exchange 2000 Server service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support


Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Prerequisites

Because of file dependencies, this update requires Microsoft Exchange 2000 Server Service Pack 3 (SP3). For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

301378 How to Obtain the Latest Exchange 2000 Server Service Pack


File information

Component: Transport

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 

Date         Time   Version            Size    File name
--------------------------------------------------------------    
07-Apr-2003  20:54  6.0.6452.0        524,288  Reapi.dll        
07-Apr-2003  21:01  6.0.6452.0        311,296  Resvc.dll

MORE INFORMATION

After you install this hotfix, you must set a bit in the heuristics field of the Microsoft Active Directory directory service connector object to cause Exchange 2000 Server to revert to the authentication behavior from Exchange 2000 Server SP 2. When you set this bit to True, the connector is regarded as internal to the routing group and EXPS authentication is enabled. Use the ADSI Edit snap-in to enable EXPS authentication.

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

  1. Click Start, click Run, type adsiedit.msc in the Open box, and then click OK.


Note ADSI Edit is included with the Microsoft Windows 2000 Support Tools. To install the Microsoft Windows 2000 Support Tools, run the Setup.exe program from the Support\Tools folder on the Windows 2000 CD-ROM.

  1. Expand Configuration Container [servername.yourdomain.com], expand CN=Services, expand CN=Microsoft Exchange, expand CN=Organization (where Organization is the name of your organization), expand CN=Administrative Groups, expand CN=First Administrative Group (where First Administrative Group is the name of your administrative group), expand CN=Routing Groups, expand CN=First Routing Group (where First Routing Group is the name of your routing group), and then click CN=Connections.
  2. In the right pane, right-click the locally-scoped SMTP connector item, and then click Properties.
  3. In the Select which properties to view list, click Both.
  4. In the Select a property to view list, click heuristics.
  5. In the Edit Attribute box, type 16384 (4000 hexadecimal), and then click Set.
  6. Click Apply, and then click OK.
  7. Quit the ADSI Edit utility.

Important When you set this bit to true, if the SMTP connector is not configured as direct Domain Name System (DNS), Exchange Server considers the connector as internal to the routing group. Therefore, EXPS authentication is enabled. The SMTP connector is not configured as direct DNS when the Use DNS to route to each address space on this connector option is not selected in the connector Properties dialog box in Exchange System Manager.

If the connector is configured to use DNS to route to each address space, external EXPS is disabled even if you use the previous steps to set the heuristics bit to enable external EXPS on the connector. External EXPS is disabled because a direct DNS relay on a connector relays mail to DNS names that coincide with the domain part of the SMTP address. In this scenario, a malicious external user may receive your EXPS authentication information.

STATUS

Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server.


Additional query words: kbExchange2000preSP4septbarFix XCON

Keywords: kbhotfixserver kbqfe kbqfe kbfix kbexchange2000presp4fix kbbug KB818530



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/818530&oldid=194675
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki