Exchange 2010: IMAP clients can't authenticate

jibbajabba

This is doing my head in .. I have setup an Exchange server which seems to be working just fine.

When user try to setup IMAP though, the SMTP login is not accepted and is rejected with an unknown username / password - but they can use the same credentials on OWA.

They seem to be able to read mails, just not sending any ... I have used both plain text login types with no luck

(connecting from Outlook 2010 btw.)

Edit:

When restarting the IMAP service I can see the following error in the event log:



Google doesn't return much on that either

Claymoore

Before we get too deep into this, why are your Outlook clients connecting to Exchange 2010 using IMAP instead of MAPI/Outlook Anywhere?

jibbajabba

Claymoore wrote: »

Before we get too deep into this, why are your Outlook clients connecting to Exchange 2010 using IMAP instead of MAPI/Outlook Anywhere?

At the moment I am studying towards Exchange and try to get hands on with it. At the moment I have moved every mailbox into the new Exchange server and I simply want to use / try every single option available.

As the Exchange server currently only hosts my own mailboxes (40+) I want to add it to my office Outlook for convinience.

Plus I have other user on that Exchange (just "play" accounts) but they also want to use it on phones which don't support Exchange accounts but only pop / imap.

The iPhone can handle multiple Exchange accounts so that is using push obviously but Outlook 2010 obviously can only handle one Exchange account at a time so I'd like to use IMAP for two accounts in particular as It is simply easier then going to OWA every now and then.

Plus it drives me crazy if something as easy as that isn't working ...

Claymoore

I wouldn't worry too much about IMAP as it's all but useless anymore. I have only ever needed it twice - once for first generation iPhones that didn't have activesync and once for an oddball application that used IMAP to integrate with the mail server. If you have older devices that only support IMAP, you need to weigh the risk of exposing your organization by broadening the attack surface of your mail system vs the cost of upgrading those devices.

According to your earlier post, IMAP is working because users can read their mail. Check the security settings on the SMTP receive connectors on your Hub Transport servers. They should allow anyone that authenticates to send through them, but you may need to change the authentication to allow basic authentication without requiring TLS. Once you have a valid, trusted cert (not the self-signed cert that Exchange installs by default) you can turn TLS back on.
Understanding Receive Connectors: Exchange 2010 SP1 Help

You can have multiple MAPI accounts in the same Outlook client, you just have to have permission to open them and send mail. You need full access and send as permissions, but you can configure Outlook to connect to additional mailboxes. I think you can access all the mailboxes to which you have permission through a single OWA session as well, but I have never tried it.
Permissions to Manage Mailbox Servers: Exchange 2010 SP1 Help
Open additional Exchange mailboxes - Outlook - Microsoft Office

jibbajabba

Thanks Clay for the response, much appreciated.

Claymoore wrote: »

I wouldn't worry too much about IMAP as it's all but useless anymore. I have only ever needed it twice - once for first generation iPhones that didn't have activesync and once for an oddball application that used IMAP to integrate with the mail server. If you have older devices that only support IMAP, you need to weigh the risk of exposing your organization by broadening the attack surface of your mail system vs the cost of upgrading those devices.

I don't like to use IMAP myself but I want to test every single bit in Exchange. The last time I worked with Exchange was with 5.5 I think .. now I thought "I still got it" and seing Exchange 2010 now proved me wrong

Claymoore wrote: »

According to your earlier post, IMAP is working because users can read their mail. Check the security settings on the SMTP receive connectors on your Hub Transport servers. They should allow anyone that authenticates to send through them, but you may need to change the authentication to allow basic authentication without requiring TLS. Once you have a valid, trusted cert (not the self-signed cert that Exchange installs by default) you can turn TLS back on.
Understanding Receive Connectors: Exchange 2010 SP1 Help

Ding ding ding ... I still wait for my wildcard cert to be issued but I didn't know / see that TLS is a requirement by default. I now disabled that and bang - SMTP is working

Thanks a bunch mate

Claymoore wrote: »

You can have multiple MAPI accounts in the same Outlook client, you just have to have permission to open them and send mail. You need full access and send as permissions, but you can configure Outlook to connect to additional mailboxes. I think you can access all the mailboxes to which you have permission through a single OWA session as well, but I have never tried it.
Permissions to Manage Mailbox Servers: Exchange 2010 SP1 Help
Open additional Exchange mailboxes - Outlook - Microsoft Office

I do access multiple MAPI accounts for my work mailboxes already so I know this is possible. Just didn't get it working through OWA (yet) - well, haven't much looked into that yet .. want to fix that IMAP issue first.

The Trouble is still though that my work Exchange server is obviously in a complete different environment so the only option is really getting multiple accounts visible in OWA ..

I really start to enjoy Exchange I must say ... it is setup in no time .. Although using an Edge server is still not working for me for some reason but that surely is just some firewalling issue (although LDAP is already allowed).

vCole

Claymoore beat me to do it - first thought was the SSL cert.