Sunday, April 29, 2012

Exchange POP Your e-mail Server Rejected Your User Name

By default Microsoft Exchange 2010 requires you to use TLS Encryption "Secure POP" for authentication to work.  If your organisation does not require Secure POP then by default your users will not be able to login.  They will receive the following error when attempting to access POP3 services through Outlook.

Log onto incoming mail server (POP3): Your e-mail server rejected your user name.  Verify your user name for this account in Account Settings.  The server responded: -ERR Command is not valid in this state.


To allow POP3 to authenticate using standard POP3 you must change teh authentication level as per:


The default setting is "SecureLogon".  Below are the various settings:

This example allows Basic authentication on an unsecured port if you won't be using TLS encryption.

Set-PopSettings -LoginType PlainTextLogin
This example restricts Basic authentication to use only secured ports if you won't be using TLS encryption.

Set-PopSettings -LoginType PlainTextAuthentication
This example allows authentication after you use TLS encryption.

Set-PopSettings -LoginType SecureLogin

If you configure use PlainTextLogin users can send their Active Directory password over the internet unencrypted.

If you plan on not using TLS, I always recommend using PlainTextAuthentication which allows users to send the password over the internet without using TLS.  This however does require your users configuring "Require logon using Secure Password Authentication (SPA)" under Outlook.



After you change your Pop settings your users will now be able to authenticate over TCP110.



Important: If you have a user account that is an Administrator in your Exchange environment they will NOT be able to login.  This is due to security, POP3 authentication is not deemed as Secure by Microsoft and as a result Microsoft have prevented Administrative users from authenticating over the internet using POP to avoid administrative credentials leeking.

Important: You must restart the POP3 service for configuration changes to take effect.

10 comments:

  1. How fortunate I am that I was able to read this post. I got a lot of knowledge I’ve been looking for. Thanks a lot for posting this.
    bulk email server

    ReplyDelete
  2. Thank you veryy veryy much for the information.

    The great point in your thread was the information about Admin accounts. I was using an admin account to teste pop connections but i didn't know that this kind of accounts was not able to logon through pop.

    Thank you

    ReplyDelete
  3. Thanks for imparting your knowledge on these technical applications. By the way, you might want to share your ideas on anti-spam applications as well?

    ReplyDelete
  4. i got a clue to this admin restriction when i looked at the pop3 log
    it said "well known account"

    ReplyDelete
  5. Email servers are indeed a very important communication tool.

    ReplyDelete
  6. Gmail is the best service in the world. It is excellent. Good keep it up. Thnx!! Gmail Technical Support You can reach Acetecsupport at their Call Toll Free No +1-800-296-4296 For US/CA.

    ReplyDelete
  7. You are BOSS ;)


    Thanks
    Regards

    ReplyDelete
  8. Very Nice. It took me 2 days trying to figure out why and why !!!
    Problem fixed when I got to this page.
    Thanks much
    Loc

    ReplyDelete
  9. along with over 100 million calendar events and 25 million contacts. gmail sign

    ReplyDelete