Exchange 2007, IMAP Authentication/Login Problem
Hi All, I have an Exchange 2007 server, running IMAP in plaintextlogin mode. All user accounts are IMAP enabled. I have also created a service account in Active Directory, and granted that account complete access to all mailboxes in the first Storage group via the following shell command... Add-ADPermission -Identity "First Storage Group" -user "serviceaccount" -ExtendedRights "Receive as" Iam able to use the account to open other mailboxes through OWA, Outlook etc. The service account appears to have proper access to other mailboxes. The problem arises when I try to use the serviceaccount to login to other mailboxes via IMAP. Typically, I could test thingsare working by telneting to IMAP/143 on the Exchange server and entering ? login domainname/serviceaccount/usersmailbox serviceaccountpassword This syntax no longer seems to be working in Exchange 2007? I know this question is pretty obscure, but can any of the experts here recommend anything to me? Am I applying the permissions to the Storage Group properly? Has something changed with 2007 that is not allowing me to login like this? Cheers,
February 2nd, 2007 7:15pm

I can success login user mailbox via IMAP who have receive-as adpermission user account. UserA have receive-as adpermission for UserB mailbox. Login UserA and create outlook profile(outlook 2007,IMAP) User Information: Name: UserB Email:UserB@corp.com Logon Information: Name:UserA Password:UserA account password After finish configure UserA can open UserB Mailbox via IMAP outlook profile
Free Windows Admin Tool Kit Click here and download it now
February 5th, 2007 10:40am

Hi Jammy, Thanks alot for your response! I have some follow up questions for you if that is ok. - what type of Authentication is your IMAP server currently using? Plaintextlogin, PlaintextAuthentication or SecureLogin? - Can you explain to me how you are configuring Outlook exactly? When I set the User Information and Logon information as you outline, I still get logged into User A's mailbox (i.e. I am logged into the mailbox based on Logon Information, not User Information. Any help would be greatly appreciated. cheers!
February 5th, 2007 8:45pm

Hi Saltin, I'v test successful in all login type(Plaintextlogin, PlaintextAuthentication & SecureLogin) But, I not give UserA mailbox store level Receive-As permission. The UserA have Receive-As AD ExtemdedeRight permission only in UserB mailbox. cmdlet is: Add-adpermission -identity "UserB" -User "UserA" -ExtendedRights Receive-As Then,login as UserA open Outlook 2007 create IMAP profile, in User information : type UserB display name, and user B email address Logon information : type UserA login name and password Note: UserA computer is member of domain. If issue still here , please use Test Account Setting button get more information. Hopefully, it's make something different.
Free Windows Admin Tool Kit Click here and download it now
February 6th, 2007 10:04am

Hi All, Jammy and I spoke privately, and when I explained the scenario more completely to him he realized he is unable to login either. Basically, there seems to be a problem when using the traditional IMAP login string ? login domain\account\mailboxalias account_password Where domain is the flat domain name, account is the account that has been granted full access to all mailboxes and mailbox alias is the alias of the mailbox I am trying to login to. I have also tried using the UPN format ? login account@domain.co\mailboxalias account_password Either format worked well with ealier versions of Exchange, but is a no go with 2k7. Any input would be greatly appreciated. Here is a link to the Exchange Team Blog where they detail IMAP login string syntax. It is several years old. I have a feeling something has changed in 2k7. http://msexchangeteam.com/archive/2004/03/31/105275.aspx
February 9th, 2007 11:18pm

I found that I was not able to get IMAP working without connecting over port 993. Have you tried connecting over an SSL connection yet? I think that non-SSL IMAP may be broken in E2k7, but I didn't bother looking since I don't offer port 143 outside of my LAN anyways. Let us know how that works for you...
Free Windows Admin Tool Kit Click here and download it now
February 11th, 2007 3:00pm

Hi Aaron, Thanks for the response. I do not have any issues with IMAP working on TCP 143 (i.e. non SSL). The server is up and running and will accept logins when the account logging in is the owner of the mailbox. My issue is that I cannot use a "service account" which has been granted full control over userA's mailbox to login to UserA's mailbox over IMAP. It doesnt seem to take the login string the way previous versions did, as I outline above. Cheers, JW
February 13th, 2007 10:21pm

I also have this issue if you are able to figure out what the problem is....Thanks, Mike
Free Windows Admin Tool Kit Click here and download it now
February 20th, 2007 7:59pm

I was told that the domain\username\mailbox name for IMAP and POP authentication was no longer supported.
April 18th, 2007 5:26pm

Where did you hear this? If true it would have serious implications for our products.
Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2007 10:45pm

That's not true. IMAP4 and POP3 are still support in Exchange 2007. The only difference is you have to enable via cmdlet. That's it.. However, the administrator account is not able to log on via IMAP4 or POP3, the same thing applies for guest user.. They're hard coded blocked by default. VRodrigues
April 24th, 2007 3:14am

Hi All, In this KB article http://support.microsoft.com/default.aspx?scid=kb;en-us;937359 Say Exchange Server 2007 no longer supports the ability to log on to another users mailbox by using POP3 or IMAP4. If you want to log on to another users mailbox by using different credentials, you must use Microsoft Outlook or Microsoft Office Outlook Web Access.
Free Windows Admin Tool Kit Click here and download it now
July 22nd, 2007 7:38pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics