none
EXCHANGE2016服务器,所有的用户在公网上无法使用POP3配置客户端 RRS feed

  • 问题

  • 你好,我的EXCHANGE2016服务器,所有的用户在公网上无法使用POP3配置客户端,不过可以使用exchange来配置。

    我需要去哪里排查POP3是哪里出了问题?

    1、以下是在https://testconnectivity.microsoft.com上的测试结果

        Testing POP for user xxx@xxx.com.cn on host mail.xxx.com.cn:995:SSL.
         The POP test failed.
         
        Additional Details
         
    Elapsed Time: 3058 ms.
         
        Test Steps
         
        Attempting to resolve the host name mail.xxx.com.cn in DNS.
         The host name resolved successfully.
         
        Additional Details
        Testing TCP port 995 on host mail.xxx.com.cn to ensure it's listening and open.
         The port was opened successfully.
         
        Additional Details
        Testing the SSL certificate to make sure it's valid.
         The certificate passed all validation requirements.
         
        Additional Details
         
        Test Steps
        The POP service is being tested.
         There was an error testing the POP service.
         
        Additional Details
         
    Secured: CN=mail.XXXX.com.cn, OU=IT, O=XXXX, L=HeFei, S=AnHui, C=CN
    S: +OK The Microsoft Exchange POP3 service is ready.
    C: CAPA
    S: +OK
    TOP
    UIDL
    SASL PLAIN
    USER
    .
    C: USER xxx@xxx.com.cn
    S: +OK
    C: PASS <password>
    S: -ERR Logon failure: unknown user name or bad password.

    Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolException: -ERR Logon failure: unknown user name or bad password.
    在 Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.Pop3ProtocolTester.SendCommand(String command, String logString)
    在 Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.Pop3ProtocolTester.Login()
    在 Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.BaseProtocolTest.PerformTestReally()
    Elapsed Time: 1812 ms.

    2、[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List Thumbprint,Issuer,Subject,CertificateDomains,Services


    Thumbprint         : C744D497C708658B9CC37A3DC4CB1B1E5ADC64D1
    Issuer             : CN=ADCA, DC=XXXXXXXXX, DC=com, DC=cn
    Subject            : CN=mail.XXXXXXXXX.com.cn, OU=IT, O=XXXXXXXXX, L=HeFei, S=AnHui, C=CN
    CertificateDomains : {mail.XXXXXXXXX.com.cn, exchange-1.XXXXXXXXX.com.cn, AutoDiscover.XXXXXXXXX.com.cn, Exchange-1.XXXXXXXXX.com.cn}
    Services           : IMAP, POP, IIS, SMTP

    Thumbprint         : 2BEB77F088D36DE8823093E9EB26E231D434C7A9
    Issuer             : CN=Microsoft Exchange Server Auth Certificate
    Subject            : CN=Microsoft Exchange Server Auth Certificate
    CertificateDomains : {}
    Services           : SMTP

    Thumbprint         : 25C47A549AC79D746356BC5E4C36F0AFAF70775C
    Issuer             : CN=Exchange-1
    Subject            : CN=Exchange-1
    CertificateDomains : {Exchange-1, Exchange-1.XXXXXXXXX.com.cn}
    Services           : IIS, SMTP

    Thumbprint         : 7F4E3A05A71972D82567092920D678131CEFEC97
    Issuer             : CN=WMSvc-EXCHANGE-1
    Subject            : CN=WMSvc-EXCHANGE-1
    CertificateDomains : {WMSvc-EXCHANGE-1}
    Services           : None

    3、[PS] C:\Windows\system32>Get-Service MSExchangePOP3; Get-Service MSExchangePOP3BE

    Status   Name               DisplayName
    ------   ----               -----------
    Running  MSExchangePOP3     Microsoft Exchange POP3
    Running  MSExchangePOP3BE   Microsoft Exchange POP3 后端


    [PS] C:\Windows\system32>Get-PopSettings | Format-List *ConnectionSettings,*Bindings,X509CertificateName


    InternalConnectionSettings : {mail.xxx.com.cn:110:TLS, mail.xxx.com.cn:995:SSL}
    ExternalConnectionSettings : {mail.xxx.com.cn:110:TLS, mail.xxx.com.cn:995:SSL}
    UnencryptedOrTLSBindings   : {[::]:110, 0.0.0.0:110}
    SSLBindings                : {[::]:995, 0.0.0.0:995}
    X509CertificateName        : mail.xxx.com.cn

    2019年1月17日 1:04

全部回复

  • 1. 在外网telnet mail.xxx.com.cn 110端口,看是否通?如不通请检查防火墙NAT策略发布

    2. 在exchange 2016 服务器上打开EMS命令行窗口,执行命令:get-exchangeserver |get-servercommentstate看一下popproxy的组件状态是否为:active,如popproxy组件的状态为:inactive请设置为active

    再次进行pop配置

    2019年1月17日 4:08
  • 1.telnet 110、995、25、993、587,都是通的

    2.状态正常

    Component                               State
    ---------                               -----
    ServerWideOffline                       Active
    HubTransport                            Active
    FrontendTransport                       Active
    Monitoring                              Active
    RecoveryActionsEnabled                  Active
    AutoDiscoverProxy                       Active
    ActiveSyncProxy                         Active
    EcpProxy                                Active
    EwsProxy                                Active
    ImapProxy                               Active
    OabProxy                                Active
    OwaProxy                                Active
    PopProxy                                Active
    PushNotificationsProxy                  Active
    RpsProxy                                Active
    RwsProxy                                Active
    RpcProxy                                Active
    UMCallRouter                            Active
    XropProxy                               Active
    HttpProxyAvailabilityGroup              Active
    ForwardSyncDaemon                       Inactive
    ProvisioningRps                         Inactive
    MapiProxy                               Active
    EdgeTransport                           Active
    HighAvailability                        Active
    SharedCache                             Active
    MailboxDeliveryProxy                    Active
    RoutingUpdates                          Active
    RestProxy                               Active
    DefaultProxy                            Active
    Lsass                                   Active
    RoutingService                          Active
    E4EProxy                                Active
    CafeLAMv2                               Active
    LogExportProvider                       Active

    客户端配置的时候,提示“无法验证您连接的服务器所使用的安全证书”

    然后就登录失败


    2019年1月17日 5:52