Hi, I try to configure Pop3 to be used by some user but it was not successfull.

I have 1 CAS sever and 2 MBX in dag mode.

When I try to connect to pop3 with Telnet casserver 110

I always get login error.

I active pop3 logging for debugging and here is the results in the log file

-ERR Logon failure: unknown user name or bad password."";Msg=Proxy:A-exchmbx-02.CRL.int:9955:SSL;ErrMsg=ProxyNotAuthenticated"

I try the login with

DOMAIN\user

user

user@upnsuffix

Nothing works.

I follow all the doc to enable pop and backend, internalconnectionsettings, external... All the good port is open in firewall.

What can be the problem?

What "above login error" are you referring to?

I the user enabled for POP3?

Please post exactly and completely what you're trying to do and exactly what happens.

Here is the test

[PS] C:\Windows\System32>Get-CASMailbox guillaume

Name                 ActiveSyncEnabled OWAEnabled           PopEnabled          ImapEnabled         MapiEnabled
----                 ----------------- ----------           ----------          -----------         -----------
guillaume Testpop    True              True                 True                True                True

Telnet mycasserver 110

+OK The Microsoft Exchange POP3 service is ready.
user CRL\guillaume
+OK
pass *******
-ERR Logon failure: unknown user name or bad password.

And the log file in the cas server

2015-07-08T18:37:05.975Z,0000000000000351,0,206.167.76.117:110,172.20.50.10:54028,,1,0,51,OpenSession,,
2015-07-08T18:37:10.976Z,0000000000000351,1,206.167.76.117:110,172.20.50.10:54028,crl/guillaume,1,18,5,user,crl\guillaume,R=ok
2015-07-08T18:37:14.991Z,0000000000000351,2,206.167.76.117:110,172.20.50.10:54028,guillaume,49,10,56,pass,*****,"R=""-ERR Logon failure: unknown user name or bad password."";Msg=Proxy:A-exchmbx-02.CRL.int:9955:SSL;ErrMsg=ProxyNotAuthenticated"
2015-07-08T18:37:17.293Z,0000000000000351,3,206.167.76.117:110,172.20.50.10:54028,guillaume,1,4,61,quit,,R=ok
2015-07-08T18:37:20.777Z,0000000000000353,0,127.0.0.1:995,127.0.0.1:30328,,22,0,51,OpenSession,,
2015-07-08T18:37:20.777Z,0000000000000353,1,127.0.0.1:995,127.0.0.1:30328,,1,4,37,capa,,R=ok
2015-07-08T18:37:20.777Z,0000000000000353,2,127.0.0.1:995,127.0.0.1:30328,,0,0,0,CloseSession,,

My goal is to get pop working, because some of my application make a pop connection to a mailbox and get email and input it in a help desk system.

Enter this command:

Get-PopSettings | FL

I suspect that LoginType is set to SecureLogin.  Change it.

https://technet.microsoft.com/en-us/library/aa997154(v=exchg.150).aspx

Ils set to plaintext i change it from secure to plaintext I dont know if its normal when i run test-popconnectivity ans i specify my cas server i got an error that the server specified its not a cas. It i enter nothing its try to connect to one of my mbx server

What "above login error" are you referring to?

Is the user enabled for POP3?

Please post exactly and completely what you're trying to do and exactly what ha

Hi,

Please run the following command to collect your POP settings in your Exchange server:

Get-PopSettings | fl

Please share the setting here and make sure the 'ProxyTargetPort' is set to 9955. Additionally, please check the Exchange certificate which is assigned with POP and IMAP service:

Get-ExchangeCertificate | fl

Make sure the X509CertificateName in the POP settings is included in your certificate.

Regards,

Here is the results if I run the command on the cas server

RunspaceId                        : c8ba064b-d30f-4336-bce8-782998a01099
Name                              : 1
ProtocolName                      : POP3
MaxCommandSize                    : 512
MessageRetrievalSortOrder         : Ascending
UnencryptedOrTLSBindings          : {[::]:110, 0.0.0.0:110}
SSLBindings                       : {[::]:995, 0.0.0.0:995}
InternalConnectionSettings        : {A-exchmbx-02.CRL.int:995:SSL, A-exchmbx-02.CRL.int:110:TLS}
ExternalConnectionSettings        : {}
X509CertificateName               : moncourrier.cegep-lanaudiere.qc.ca
Banner                            : The Microsoft Exchange POP3 service is ready.
LoginType                         : PlainTextLogin
AuthenticatedConnectionTimeout    : 00:30:00
PreAuthenticatedConnectionTimeout : 00:01:00
MaxConnections                    : 2147483647
MaxConnectionFromSingleIP         : 2147483647
MaxConnectionsPerUser             : 16
MessageRetrievalMimeFormat        : BestBodyFormat
ProxyTargetPort                   : 9955
CalendarItemRetrievalOption       : iCalendar
OwaServerUrl                      :
EnableExactRFC822Size             : False
LiveIdBasicAuthReplacement        : False
SuppressReadReceipt               : False
ProtocolLogEnabled                : False
EnforceCertificateErrors          : False
LogFileLocation                   : C:\Program Files\Microsoft\Exchange Server\V15\Logging\Pop3
LogFileRollOverSettings           : Daily
LogPerFileSizeQuota               : 0 B (0 bytes)
ExtendedProtectionPolicy          : None
EnableGSSAPIAndNTLMAuth           : True
Server                            : A-EXCHMBX-02
AdminDisplayName                  :
ExchangeVersion                   : 0.10 (14.0.100.0)
DistinguishedName                 : CN=1,CN=POP3,CN=Protocols,CN=A-EXCHMBX-02,CN=Servers,CN=Exchange Administrative
                                    Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=CRL,CN=Microsoft
                                    Exchange,CN=Services,CN=Configuration,DC=CRL,DC=int
Identity                          : A-EXCHMBX-02\1
Guid                              : 2f3dbe54-1e67-4efa-9e5e-ef7a4ac19251
ObjectCategory                    : CRL.int/Configuration/Schema/ms-Exch-Protocol-Cfg-POP-Server
ObjectClass                       : {top, protocolCfg, protocolCfgPOP, protocolCfgPOPServer}
WhenChanged                       : 2015-07-08 09:27:42
WhenCreated                       : 2015-05-11 11:59:53
WhenChangedUTC                    : 2015-07-08 13:27:42
WhenCreatedUTC                    : 2015-05-11 15:59:53
OrganizationId                    :
Id                                : A-EXCHMBX-02\1
OriginatingServer                 : R-ADS-01.CRL.int
IsValid                           : True
ObjectState                       : Unchanged

Is it normal that he pointing to one of my MBX server?

If I run the same command but I specify the parameter -server <mycasserver>

Here is the results

RunspaceId                        : c8ba064b-d30f-4336-bce8-782998a01099
Name                              : 1
ProtocolName                      : POP3
MaxCommandSize                    : 512
MessageRetrievalSortOrder         : Ascending
UnencryptedOrTLSBindings          : {[::]:110, 0.0.0.0:110}
SSLBindings                       : {[::]:995, 0.0.0.0:995}
InternalConnectionSettings        : {R-exchcas-01.CRL.int:995:SSL, R-exchcas-01.CRL.int:110:TLS}
ExternalConnectionSettings        : {moncourrier.cegep-lanaudiere.qc.ca:995:SSL}
X509CertificateName               : moncourrier.cegep-lanaudiere.qc.ca
Banner                            : The Microsoft Exchange POP3 service is ready.
LoginType                         : PlainTextLogin
AuthenticatedConnectionTimeout    : 00:30:00
PreAuthenticatedConnectionTimeout : 00:01:00
MaxConnections                    : 2147483647
MaxConnectionFromSingleIP         : 2147483647
MaxConnectionsPerUser             : 16
MessageRetrievalMimeFormat        : BestBodyFormat
ProxyTargetPort                   : 9955
CalendarItemRetrievalOption       : iCalendar
OwaServerUrl                      :
EnableExactRFC822Size             : False
LiveIdBasicAuthReplacement        : False
SuppressReadReceipt               : False
ProtocolLogEnabled                : True
EnforceCertificateErrors          : False
LogFileLocation                   : C:\Program Files\Microsoft\Exchange Server\V15\Logging\Pop3
LogFileRollOverSettings           : Daily
LogPerFileSizeQuota               : 0 B (0 bytes)
ExtendedProtectionPolicy          : None
EnableGSSAPIAndNTLMAuth           : True
Server                            : R-EXCHCAS-01
AdminDisplayName                  :
ExchangeVersion                   : 0.10 (14.0.100.0)
DistinguishedName                 : CN=1,CN=POP3,CN=Protocols,CN=R-EXCHCAS-01,CN=Servers,CN=Exchange Administrative
                                    Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=CRL,CN=Microsoft
                                    Exchange,CN=Services,CN=Configuration,DC=CRL,DC=int
Identity                          : R-EXCHCAS-01\1
Guid                              : d3d6e8bb-e7b2-4b2e-a230-44656efd1a48
ObjectCategory                    : CRL.int/Configuration/Schema/ms-Exch-Protocol-Cfg-POP-Server
ObjectClass                       : {top, protocolCfg, protocolCfgPOP, protocolCfgPOPServer}
WhenChanged                       : 2015-07-08 11:16:42
WhenCreated                       : 2015-03-24 16:00:58
WhenChangedUTC                    : 2015-07-08 15:16:42
WhenCreatedUTC                    : 2015-03-24 20:00:58
OrganizationId                    :
Id                                : R-EXCHCAS-01\1
OriginatingServer                 : R-ADS-01.CRL.int
IsValid                           : True
ObjectState                       : Unchanged

For the commande get-exchangeCertificate | fl

AccessRules        :
CertificateDomains : {A-exchmbx-02, A-exchmbx-02.CRL.int}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=A-exchmbx-02
NotAfter           : 2020-05-11 11:52:43
NotBefore          : 2015-05-11 11:52:43
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 5B55AD0BC4E050B04C548F741C6CE262
Services           : IIS, SMTP
Status             : Valid
Subject            : CN=A-exchmbx-02
Thumbprint         : 87A4A89F8C1BD9CBCF7880AE88036613EF9DE6A3

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-A-EXCHMBX-02}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-A-EXCHMBX-02
NotAfter           : 2025-05-08 11:06:26
NotBefore          : 2015-05-11 11:06:26
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 14D5DEE8777745974F28B1F288C20FE9
Services           : None
Status             : Valid
Subject            : CN=WMSvc-A-EXCHMBX-02
Thumbprint         : 958BE3049DDBC794F219ADA4CFA2B5F9369D4867

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Federation}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Federation
NotAfter           : 2020-04-16 13:47:21
NotBefore          : 2015-04-16 13:47:21
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 5D2493613A931CB74EB7219EEC09E6FA
Services           : SMTP, Federation
Status             : Valid
Subject            : CN=Federation
Thumbprint         : 2DE2F35E316FEC2B240C65F44671AB6B20389CA4

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Microsoft Exchange Server Auth Certificate
NotAfter           : 2020-02-25 09:38:35
NotBefore          : 2015-03-23 10:38:35
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 434E99FF3B11239A4F3DC135BB30A304
Services           : SMTP
Status             : Valid
Subject            : CN=Microsoft Exchange Server Auth Certificate
Thumbprint         : 73A473A930BEE9F3C6315AB904778D3559A5B641

The same command with the -server specified

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Federation}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Federation
NotAfter           : 2020-04-16 13:47:21
NotBefore          : 2015-04-16 13:47:21
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 5D2493613A931CB74EB7219EEC09E6FA
Services           : SMTP
Status             : Valid
Subject            : CN=Federation
Thumbprint         : 2DE2F35E316FEC2B240C65F44671AB6B20389CA4

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {*.cegep-lanaudiere.qc.ca, cegep-lanaudiere.qc.ca}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/,
                     O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 2018-04-02 09:35:39
NotBefore          : 2015-04-02 11:29:38
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : 1E930BF9BA9059DC
Services           : IIS, SMTP
Status             : Valid
Subject            : CN=*.cegep-lanaudiere.qc.ca, OU=Domain Control Validated
Thumbprint         : BAD38E09F42649B3F03F1A71B27DE6EF0AC9F804

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {R-exchcas-01, R-exchcas-01.CRL.int}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=R-exchcas-01
NotAfter           : 2020-03-24 15:59:42
NotBefore          : 2015-03-24 15:59:42
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 3A16A0BFBD1ED0BA451697BDB360BD17
Services           : IIS, SMTP
Status             : Valid
Subject            : CN=R-exchcas-01
Thumbprint         : 7D5D7CA7EB4ED0FB4601E38246247B7E130F80A3

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-R-EXCHCAS-01}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-R-EXCHCAS-01
NotAfter           : 2025-03-20 13:29:45
NotBefore          : 2015-03-23 13:29:45
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 4F23B904592A729C4360FBA2DA0EAFC8
Services           : None
Status             : Valid
Subject            : CN=WMSvc-R-EXCHCAS-01
Thumbprint         : F2141227DE2B4C6B0C4DFC3F6452D5A51AD1AAE4

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule,
                     System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Microsoft Exchange Server Auth Certificate
NotAfter           : 2020-02-25 09:38:35
NotBefore          : 2015-03-23 10:38:35
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 434E99FF3B11239A4F3DC135BB30A304
Services           : SMTP
Status             : Valid
Subject            : CN=Microsoft Exchange Server Auth Certificate
Thumbprint         : 73A473A930BEE9F3C6315AB904778D3559A5B641

I use a wildcard certificate for all the exchange service.

Thanks for your help