Friday, December 19, 2014

Exchange 2013 Authenticated Relay Possible Gotcha

This might never happen to anyone else, but just in case, I wanted to save someone lots of time troubleshooting the problem.

Background: Upgrading from Exchange 2007 to Exchange 2013, one task was to point our email relay DNS name from the Exchange 2007 environment to Exchange 2013. This handled authenticated relay as well as anonymous relay.

Problem: Once we moved the DNS name, authenticated relay from our printer/fax/scanner systems stopped functioning. We received a generic SMTP error. Unchecking authentication in the configuration and using anonymous relay worked fine when we added the IP address.

Solution: I discovered the account being used on the problem devices was a generic user account without a mailbox. The username was something like scan@domain.com, while the devices were configured for noreply@domain.com. This worked fine in our Exchange 2007 environment, but to get it to function in Exchange 2013, I had to mail enable the user account, then add the specific noreply@domain.com as a proxy address to the mailbox.

Note: It would have certainly been possible to reconfigure the devices to use a different account, or a different send from email address, or even switch them to anonymous relay.  However, in a large migration with many of these devices, it is easy to miss some. I wanted to ensure a smooth transition and address reconfiguring these devices later.

No comments:

Post a Comment