UM Temporary authentication failure

  • Thread starter Chad A Ingram
  • Start date Views 3,353
Status
Not open for further replies.
C

Chad A Ingram

I am getting the following error out of the clear blue. I havent found much out there about this error.

I have tryed enabling TLS and creating a new recieve connector. Any Ideas?

On the transport server I get the following error

Inbound authentication failed with error TargetUnknown for Receive connector Default servername. The authentication mechanism is ExchangeAuth. The source IP address of the client who tried to authenticate to Microsoft Exchange is [xx.xx.xx.xx].

Thanks,

Chad

I get this error on the Um side.

A pipeline stage encountered the following error. Details : 'Microsoft.Exchange.UM.UMCore.SmtpSubmissionException: Submission to the Hub Transport server failed. The operation will be retried. ---> Microsoft.Exchange.Net.ExSmtpClient.UnexpectedSmtpServerResponseException: Unexpected SMTP server response. Expected: 235, actual: 454, whole response: 454 4.7.0 Temporary authentication failure

at Microsoft.Exchange.Net.ExSmtpClient.SmtpTalk.CheckResponse(ServerResponseInfo response, Int32 expectedCode)

at Microsoft.Exchange.Net.ExSmtpClient.SmtpTalk.Command(SmtpChunk[] chunks, SmtpCommandType command, Int32 expectedCode)

at Microsoft.Exchange.Net.ExSmtpClient.SmtpTalk.Authenticate(NetworkCredential networkCredential)

at Microsoft.Exchange.Net.ExSmtpClient.SmtpClient.Submit()

at Microsoft.Exchange.UM.UMCore.SmtpSubmitStage.SubmitMessage()

at Microsoft.Exchange.UM.UMCore.SmtpSubmitStage.InternalDoSynchronousWork()

--- End of inner exception stack trace -
Server stack trace:

at Microsoft.Exchange.UM.UMCore.SmtpSubmitStage.HandleTransientSmtpFailure(Exception e, InternalExchangeServer smtpServerToUse)

at Microsoft.Exchange.UM.UMCore.SmtpSubmitStage.InternalDoSynchronousWork()

at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)

at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)

Exception rethrown at [0]:

at System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase)

at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData)

at Microsoft.Exchange.UM.UMCore.SynchronousPipelineStageBase.SynchronousWorkDelegate.EndInvoke(IAsyncResult result)

at Microsoft.Exchange.UM.UMCore.SynchronousPipelineStageBase.EndSynchronousWork(IAsyncResult r)'
 
C

Chad A Ingram

We figured out the issue. Their where duplicate spns's for the service accounts in ad. We found them using this PS script

http://blog.powershell.no/2010/01/28/validate-spn-mappings-using-windows-powershell/

We were lead in this direction by this error message

A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 15:43:9.0000 5/20/2010 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended Error: 0xc0000035 KLIN(0)
Client Realm:
Client Name:
Server Realm: domain.org
Server Name: SMTPSVC/Exum.domain.org
Target Name: SMTPSVC/Exum.domain.org@domain.org
Error Text:
File: 9
Line: e2d
Error Data is in record data.

Once we ran the validator and saw the duplicate spns's we deleted them with ADSI edit. You have to find the user account you want to delete in ADSI that is assigned with that spn and right click the user account and scroll down until you see ServicePrincipalName attribute and delete it. Once that is done you must restart major exchange services on all servers involved.
 
B

Brett D Whittaker

Is there any reason you did not use SETSPN -D command to remove the duplicate SPN's ?

I have had the same issue, cleaned it up with " setspn" and just curious about the difference between ADSIedit method vs. setspn method.

B
 
Status
Not open for further replies.
Top