Doug, Have you tried this article? http://support.microsoft.com/kb/843106/en-us HTH. Regards, Raj Periyasamy MCSE(Messaging), CCNA ________________________________ From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jensen, Douglas Sent: Thursday, May 25, 2006 12:42 PM To: exchangelist@xxxxxxxxxxxxx Cc: Jensen, Douglas Subject: [ExchangeList] Re: Event ID 7010 Thanks, Simon and Mahadevan. I had already looked at those web pages and either I don't understand or my exchange server doesn't understand. Note: I can not send email to their Exchange server but they can send email to my Exchange server. Their Exchange server is new. They had some other kind of box before and now (as of 2 days ago when these issues started) they have a new Exchange server. Here is the exact error I get: Event Type: Error Event Source: MSExchangeTransport Event Category: SMTP Protocol Event ID: 7010 Date: 5/25/2006 Time: 8:58:22 AM User: N/A Computer: MAILSHAKOPEE Description: This is an SMTP protocol log for virtual server ID 1, connection #50. The client at "18.104.22.168" sent a "xexch50" command, and the SMTP server responded with "504 Need to authenticate first ". The full command sent was "xexch50 1008 2". This will probably cause the connection to fail. For more information, click http://www.microsoft.com/contentredirect.asp <http://www.microsoft.com/contentredirect.asp> . It appears to me that my server thinks the client at 22.214.171.124 sent a xexch50 command (xexch 1008 2) and my SMTP server responded with the 504 need to auth.... This is not the order of things that Microsoft KB 81222 says things should happen. It says that after the RCPT TO command, If the remote host advertised support for XEXCH50, in response to EHLO, then my server would send XEXCH50 with the size of the file to be sent followed by a 2. It appears the Client (other server?) is sending this xexch50 1008 2 command and my server is responding 504 need to authenticate first. Am I reading these correctly? My server is currently is set (Microsoft KB 818222) to not send xexch50 commands outside our domain by configuring the SuppressExternal registry entry in the xexch50 section and it is configured to send a HELO instead of EHLO so the other server does not think it can send us xexch50 information BUT it appears the other server (client) is sending that xexch50 1008 2 information. Or am I misreading who is the server and who is the client? I have done the Telnet thing to their server and am able to send email that way. My commands are in red. I sent the ehlo to see what the response would be) 220 server1.ThreeRivers.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.21 1 ready at Thu, 25 May 2006 08:49:46 -0500 ehlo mail1.scdcap.org 250-server1.ThreeRivers.local Hello [126.96.36.199] 250-TURN 250-SIZE 250-ETRN 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-8bitmime 250-BINARYMIME 250-CHUNKING 250-VRFY 250-X-EXPS GSSAPI NTLM LOGIN 250-X-EXPS=LOGIN 250-AUTH GSSAPI NTLM LOGIN 250-AUTH=LOGIN 250-X-LINK2STATE 250-XEXCH50 250 OK mail from:djensen@xxxxxxxxxxxxx 250 2.1.0 djensen@xxxxxxxxxxxxxxxxxxxxxxx OK rcpt to:mollie.moyer@xxxxxxxxxxxxxxxxxx 250 2.1.5 mollie.moyer@xxxxxxxxxxxxxxxxxx <mailto:mollie.moyer@xxxxxxxxxxxxxxxxxx> xexch50 1124 2504 Need to authenticate first xexch50 1124 2 504 Need to authenticate first data 354 Start mail input; end with <CRLF>.<CRLF> Subject: This is a test (again) Mollie, do you have a firewall installed and if so, is it a ISA Server? I will call you shortly to ask. Thanks Doug . 250 2.6.0 <SERVER1sQwY6YHkidcD00000125@xxxxxxxxxxxxxxxxxxxxxxxxx> Queued mail fo r delivery In this transaction I am trying to do what Exchange it is supposed to do but their server is misinterpreting my xexch50 1124 2 command which is saying I am going to send 1124 bits of data and it wants to authenticate first before accepting the data. I sent the XEXCH50 command twice. According to 818222, when I send xexch50 1124 2 the other exchange server is supposed to respond with 354 but it is saying Need to authenticate first. Why??? Does it think we are part of its domain? According to something I read, the xexch50 failure is not supposed to stop the communication so I then sent the data command and followed with the rest. Unless my exchange server ignores the 504 need... response and sends the data command, it seems my server would give up just waiting for their server to send the 354 Start response. This goes through but it is much more difficult to send email this way then to compose it in Outlook and send it through the exchange server. Any ideas? Douglas Jensen Douglas.Jensen@xxxxxxxxxxxxx <mailto:Douglas.Jensen@xxxxxxxxxxxxx> Voice (952) 402-9821 Fax (952) 402-9815 Network Administrator Scott Carver Dakota CAP Agency, Inc. 712 Canterbury Road Shakopee, MN 55379 www.capagency.org <file:///C:/Documents%20and%20Settings/djensen.SCDCAP/Application%20Data /Microsoft/Signatures/www.capagency.org> ________________________________ From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Simon Whale Sent: Wednesday, May 24, 2006 4:57 PM To: exchangelist@xxxxxxxxxxxxx Subject: [ExchangeList] Re: Event ID 7010 http://www.eventid.net/display.asp?eventid=7010&eventno=3923&source=MSEx changeTransport&phase=1 regards simon whale ________________________________ From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jensen, Douglas Sent: 24 May 2006 22:21 To: exchangelist@xxxxxxxxxxxxx Subject: [ExchangeList] Event ID 7010 I get event id 7010 similar to the following Event Type: Error Event Source: MSExchangeTransport Event Category: SMTP Protocol Event ID: 7010 Date: 1/13/2004 Time: 5:43:49 PM User: N/A Computer: COMPUTERNAME Description: This is an SMTP protocol log for virtual server ID 1, connection #30. The client at "188.8.131.52" sent a "xexch50" command, and the SMTP server responded with "504 Need to authenticate first ". The full command sent was "xexch50 1092 2". This will probably cause the connection to fail. I know that this was discussed about a month ago and I searched the archive but could not find a resolution. I have an exchange 2003 server on Windows 2003 server. I am sending mail to another exchange server. This other exchange server is not in my domain and we do not share a forest or anything else. There should be no authentication that takes place. I found on Microsoft some mention that the "xexch50 1092 2" tells the other server the size of some file that is coming. Maybe the size of the email being transported. The other server is supposed to respond with a BLOB (binary large object?) but that might have failed between the servers. Could be the ISA server firewall might have blocked it. I looked in my ISA server and found Event ID 15105 ISA server detected an all port scan attack from IP .... and this IP address is the same address as the exchange server I am trying to send the email messages to. Could ISA be confusing the blob and a port scan attack? That doesn't make since but I am not finding a Event ID 20031 unknown smtp command error in ISA that Microsoft says should be there if this is the problem. Did anyone resolve this issue already? I did the reg hack that was supposed to turn off the xexch50 on my end and set the SMTP server to say helo rather then ehlo so I would not advertise the xexch50 service on my end but the email is still sitting there in the outbound queue and not going anywhere. The message in the exchange server manager for the Queue just says "The connection was dropped by the remote host". Douglas Jensen Douglas.Jensen@xxxxxxxxxxxxx <mailto:Douglas.Jensen@xxxxxxxxxxxxx> Voice (952) 402-9821 Fax (952) 402-9815 Network Administrator Scott Carver Dakota CAP Agency, Inc. 712 Canterbury Road Shakopee, MN 55379 www.capagency.org <file:///C:\Documents%20and%20Settings\djensen.SCDCAP\Application%20Data \Microsoft\Signatures\www.capagency.org> These events indicate that the XEXCH50 protocol sink fired, but the exchange of the blobs failed between the servers listed in the events.