Tuesday , November 19 2019

Disabling AuthGSSAPI on Receive Connector of Exchange Server

Submitting Messages on Port 587 from F5 SMTP Mailer failing with AUTH GSSAPI Remote(SocketError)

when i bypass F5 load balancer its submitting messages directly to the exchange server without any issues.

image

When i am submitting via F5 . I can see its initiating AUTH GSSAPI protocol from the listed supported protocols and fails to Submit the Message.

Default log location

%ExchangeInstallPath%TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive

2019-08-19T08:38:51.744Z,EXCH1\Client Frontend EXCH1,234255E01EE2EF03,2,172.21.11.231:587,172.21.1.10:39534,<,EHLO F5DMZ, 2019-08-19T08:38:51.744Z,EXCH1\Client Frontend EXCH1,234255E01EE2EF03,3,172.21.11.231:587,172.21.1.10:39534,>,250 EXCH1.azure365pro.com Hello [172.21.1.10] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS AUTH GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING,
2019-08-19T08:38:51.746Z,EXCH1\Client Frontend EXCH1,234255E01EE2EF03,4,172.21.11.231:587,172.21.1.10:39534,<,AUTH GSSAPI, 2019-08-19T08:38:51.747Z,EXCH1\Client Frontend EXCH1,234255E01EE2EF03,5,172.21.11.231:587,172.21.1.10:39534,>,334 ,
2019-08-19T08:38:52.797Z,EXCH1\Client Frontend EXCH1,234255E01EE2EF03,6,172.21.11.231:587,172.21.1.10:39534,-,,Remote(SocketError)

Disabled GSSAPI from Listed Available Protocols – Setting EnableAuthGSSAPI to $false

Set-ReceiveConnector "EXCH1\Client Frontend EXCH1" -EnableAuthGSSAPI $false

To Check 

Get-ReceiveConnector "EXCH1\Client Frontend EXCH1" | fl *binding*,*GSS*

image

Applied the same for all members in the pool of Exchange Servers

Once Disabled. It submitted the message without any issues.

To Revert Back –

Set-ReceiveConnector "EXCH1\Client Frontend EXCH1" -EnableAuthGSSAPI $true

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Azure365pro.com. Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

DNS Prerequisites for Cross Forest Migration

Lets see how to create a conditional Forwarder in Microsoft DNS and inflobox to Create ...

Leave a Reply

Your email address will not be published.