[ExchangeList] Re: Event ID 7010

  • From: "Jensen, Douglas" <douglas.jensen@xxxxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 25 May 2006 11:41:59 -0500

Thanks, Simon and Mahadevan. I had already looked at those web pages and
either I don't understand or my exchange server doesn't understand.
 
Note: I can not send email to their Exchange server but they can send
email to my Exchange server. Their Exchange server is new. They had some
other kind of box before and now (as of 2 days ago when these issues
started) they have a new Exchange server.
 
Here is the exact error I get:
 
Event Type:      Error

Event Source:      MSExchangeTransport

Event Category:      SMTP Protocol 

Event ID:      7010

Date:       5/25/2006

Time:       8:58:22 AM

User:       N/A

Computer:      MAILSHAKOPEE

Description:

This is an SMTP protocol log for virtual server ID 1, connection #50.
The client at "65.174.247.112" sent a "xexch50" command, and the SMTP
server responded with "504 Need to authenticate first  ". The full
command sent was "xexch50 1008 2".  This will probably cause the
connection to fail. 

 

For more information, click http://www.microsoft.com/contentredirect.asp
<http://www.microsoft.com/contentredirect.asp> .

 

It appears to me that my server thinks the client at 65.174.247.112 sent
a xexch50 command (xexch 1008 2) and my SMTP server responded with the
504 need to auth.... This is not the order of things that Microsoft KB
81222 says things should happen. It says that after the RCPT TO command,
If the remote host advertised support for XEXCH50, in response to EHLO,
then my server would send XEXCH50 with the size of the file to be sent
followed by a 2. It appears the Client (other server?) is sending this
xexch50 1008 2 command and my server is responding 504 need to
authenticate first. Am I reading these correctly? 

 

My server is currently is set (Microsoft KB 818222) to not send xexch50
commands outside our domain by configuring the SuppressExternal registry
entry in the xexch50 section and it is configured to send a HELO instead
of EHLO so the other server does not think it can send us xexch50
information BUT it appears the other server (client) is sending that
xexch50 1008 2 information. Or am I misreading who is the server and who
is the client?

 

I have done the Telnet thing to their server and am able to send email
that way. My commands are in red. I sent the ehlo to see what the
response would be)

 

220 server1.ThreeRivers.local Microsoft ESMTP MAIL Service, Version:
6.0.3790.21

1 ready at  Thu, 25 May 2006 08:49:46 -0500

ehlo mail1.scdcap.org

250-server1.ThreeRivers.local Hello [156.99.27.234]

250-TURN

250-SIZE

250-ETRN

250-PIPELINING

250-DSN

250-ENHANCEDSTATUSCODES

250-8bitmime

250-BINARYMIME

250-CHUNKING

250-VRFY

250-X-EXPS GSSAPI NTLM LOGIN

250-X-EXPS=LOGIN

250-AUTH GSSAPI NTLM LOGIN

250-AUTH=LOGIN

250-X-LINK2STATE

250-XEXCH50

250 OK

mail from:djensen@xxxxxxxxxxxxx

250 2.1.0 djensen@xxxxxxxxxxxxxxxxxxxxxxx OK

rcpt to:mollie.moyer@xxxxxxxxxxxxxxxxxx

250 2.1.5 mollie.moyer@xxxxxxxxxxxxxxxxxx
<mailto:mollie.moyer@xxxxxxxxxxxxxxxxxx> 

xexch50 1124 2504 Need to authenticate first

xexch50 1124 2 504 Need to authenticate first

data

354 Start mail input; end with <CRLF>.<CRLF>

Subject: This is a test (again)

Mollie, do you have a firewall installed and if so, is it a ISA Server?

I will call you shortly to ask.

Thanks

Doug

.

250 2.6.0 <SERVER1sQwY6YHkidcD00000125@xxxxxxxxxxxxxxxxxxxxxxxxx> Queued
mail fo

r delivery

 

In this transaction I am trying to do what Exchange it is supposed to do
but their server is misinterpreting my xexch50 1124 2 command which is
saying I am going to send 1124 bits of data and it wants to authenticate
first before accepting the data. I sent the XEXCH50 command twice. 

 

According to 818222, when I send xexch50 1124 2 the other exchange
server is supposed to respond with 354 but it is saying Need to
authenticate first.  Why??? Does it think we are part of its domain?

 

According to something I read, the xexch50 failure is not supposed to
stop the communication so I then sent the data command and followed with
the rest. Unless my exchange server ignores the 504 need... response and
sends the data command, it seems my server would give up just waiting
for their server to send the 354 Start response.

 

This goes through but it is much more difficult to send email this way
then to compose it in Outlook and send it through the exchange server.

 

Any ideas?

 

Douglas Jensen
Douglas.Jensen@xxxxxxxxxxxxx <mailto:Douglas.Jensen@xxxxxxxxxxxxx> 
Voice (952) 402-9821
Fax (952) 402-9815
Network Administrator
Scott Carver Dakota CAP Agency, Inc.
712 Canterbury Road
Shakopee, MN 55379 
www.capagency.org
<file:///C:/Documents%20and%20Settings/djensen.SCDCAP/Application%20Data
/Microsoft/Signatures/www.capagency.org>  

________________________________

From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Simon Whale
Sent: Wednesday, May 24, 2006 4:57 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: Event ID 7010 



http://www.eventid.net/display.asp?eventid=7010&eventno=3923&source=MSEx
changeTransport&phase=1

 

regards 

simon whale

 

________________________________

From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jensen, Douglas
Sent: 24 May 2006 22:21
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Event ID 7010 

 

I get event id 7010 similar to the following 

 

 

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7010
Date: 1/13/2004 
Time: 5:43:49 PM
User: N/A Computer: COMPUTERNAME
Description: This is an SMTP protocol log for virtual server ID 1,
connection #30. The client at "6.5.2.4" sent a "xexch50" command, and
the SMTP server responded with "504 Need to authenticate first ". The
full command sent was "xexch50 1092 2". This will probably cause the
connection to fail. 

I know that this was discussed about a month ago and I searched the
archive but could not find a resolution.

I have an exchange 2003 server on Windows 2003 server. I am sending mail
to another exchange server. This other exchange server is not in my
domain and we do not share a forest or anything else. There should be no
authentication that takes place.

I found on Microsoft some mention that the "xexch50 1092 2" tells the
other server the size of some file that is coming. Maybe the size of the
email being transported. The other server is supposed to respond with a
BLOB (binary large object?) but that might have failed between the
servers. Could be the ISA server firewall might have blocked it. 

I looked in my ISA server and found Event ID 15105 ISA server detected
an all port scan attack from IP .... and this IP address is the same
address as the exchange server I am trying to send the email messages
to. Could ISA be confusing the blob and a port scan attack? That doesn't
make since but I am not finding a Event ID 20031 unknown smtp command
error in ISA that Microsoft says should be there if this is the problem.

Did anyone resolve this issue already?

I did the reg hack that was supposed to turn off the xexch50 on my end
and set the SMTP server to say helo rather then ehlo so I would not
advertise the xexch50 service on my end but the email is still sitting
there in the outbound queue and not going anywhere. The message in the
exchange server manager for the Queue just says "The connection was
dropped by the remote host".

Douglas Jensen
Douglas.Jensen@xxxxxxxxxxxxx <mailto:Douglas.Jensen@xxxxxxxxxxxxx> 
Voice (952) 402-9821
Fax (952) 402-9815
Network Administrator
Scott Carver Dakota CAP Agency, Inc.
712 Canterbury Road
Shakopee, MN 55379 
www.capagency.org
<file:///C:\Documents%20and%20Settings\djensen.SCDCAP\Application%20Data
\Microsoft\Signatures\www.capagency.org>  

These events indicate that the XEXCH50 protocol sink fired, but the
exchange of the blobs failed between the servers listed in the events.

 

Other related posts: