Saturday , September 21 2019

Disabling AuthGSSAPI on Receive Connector of Exchange Server

Submitting Messages on Port 587 from F5 SMTP Mailer failing with AUTH GSSAPI Remote(SocketError)

when i bypass F5 load balancer its submitting messages directly to the exchange server without any issues.

image

When i am submitting via F5 . I can see its initiating AUTH GSSAPI protocol from the listed supported protocols and fails to Submit the Message.

Default log location

%ExchangeInstallPath%TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive

2019-08-19T08:38:51.744Z,EXCH1\Client Frontend EXCH1,234255E01EE2EF03,2,172.21.11.231:587,172.21.1.10:39534,<,EHLO F5DMZ, 2019-08-19T08:38:51.744Z,EXCH1\Client Frontend EXCH1,234255E01EE2EF03,3,172.21.11.231:587,172.21.1.10:39534,>,250 EXCH1.azure365pro.com Hello [172.21.1.10] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS AUTH GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING,
2019-08-19T08:38:51.746Z,EXCH1\Client Frontend EXCH1,234255E01EE2EF03,4,172.21.11.231:587,172.21.1.10:39534,<,AUTH GSSAPI, 2019-08-19T08:38:51.747Z,EXCH1\Client Frontend EXCH1,234255E01EE2EF03,5,172.21.11.231:587,172.21.1.10:39534,>,334 ,
2019-08-19T08:38:52.797Z,EXCH1\Client Frontend EXCH1,234255E01EE2EF03,6,172.21.11.231:587,172.21.1.10:39534,-,,Remote(SocketError)

Disabled GSSAPI from Listed Available Protocols – Setting EnableAuthGSSAPI to $false

Set-ReceiveConnector "EXCH1\Client Frontend EXCH1" -EnableAuthGSSAPI $false

To Check 

Get-ReceiveConnector "EXCH1\Client Frontend EXCH1" | fl *binding*,*GSS*

image

Applied the same for all members in the pool of Exchange Servers

Once Disabled. It submitted the message without any issues.

To Revert Back –

Set-ReceiveConnector "EXCH1\Client Frontend EXCH1" -EnableAuthGSSAPI $true

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Azure365pro.com. Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

Save Public IPs using F5 LTM Policies

F5 has different modules and one of them is LTM – Local Traffic Manager . ...

Leave a Reply

Your email address will not be published.