SPA (Secure Password Authentication) exchange server

Similar Messages

• Email Access with Secure Password Authentication [SPA]

  Hi All,
  I am sorry if this question is repeated.
  My company uses Secure Password Authentication [SPA] to access POP3/SMTP Email access. I was able to configure the email to my iPhone before Company forced SPA.
  Can anybody provide instructions to configure the SPA in iphone?
  Thanks for the help in advance.

  45 Views and No reply. Please help.

• Outlook 2010 cannot use Secure Password Authentication

  I am the administrator of the server running Microsoft Windows 2003 Server POP3 service since 2008. It hosts my email account. Nobody but me manages the settings of the server and the client side. Until the moment I decided to install Microsoft Outlook
  2010 as a client there was Secure Password Authentication working between Outlook 2003 and Windows 2003 Server. After installing of Outlook 2010, when I try to sync, the SPA authentication doesn't work. Nothing is changed on the server side.
  Enabling the SPA authentication on the both sides results a communicaton problem between Microsoft Windows 2003 Server POP3 service and Microsoft Outlook 2010 client. When I disable SPA on both sides the connection works but password is sent
  as plain text. Actually I started a discussion on
  http://answers.microsoft.com/en-us/office/forum/office_2010-outlook/outlook-2010-cannot-use-secure-password/66dafd66-1b00-43b5-96fb-b8a26254fc77 but I didn't receive an answer with a solution.

  Snefels,
  This is actually a known issue that Outlook 2010 doesn't work well with Windows Server 2003 POP services.
  Here is the blog post for the issue:
  http://blogs.msdn.com/b/jjameson/archive/2010/04/26/outlook-2010-does-not-work-with-windows-server-2003-pop3-service.aspx
  If you read the comments below, you'll found that some readers' shared some workaround/solutions, which reportedly works for others. So you might want to have a look.
  Disable SPA on the Windows 2003 POP3 server and do the same in Outlook 2010 POP setup.. using the full email address, "[email protected]" instead of just doug (if using the Secure Password Authentication).
  Aravindhan Battepati

• Security Update for exchange server 2013SP1 KB3011140 Stops all services and failes to install

  Hi All,
  Over the past 2 days this update has tried to run on the server in the evening but ends up failing. When it fails it is causing all of our exchange services to stop working and when we try to check e-mails the following day we find out the e-mail service
  has been offline since the update.
  Is there anything specific we need to do before running this update?
  Cheers,

  Hi,
  As what Hotaka says, this update is available from
  Windows Update. If it fails, we can also download and install the updates manually. The following stand-alone file is available for download from the Microsoft Download Center:
  Download the security update for Exchange 2013 Service Pack 1 package now.
  Download the security update for Exchange 2013 Cumulative Update 6 package now.
  Regards,
  Winnie Liang
  TechNet Community Support

• Securing your Email from SAP with security signatures from exchange server

  Hello
  I have been exploring a solution for the following requirement:
  Important Emails such as HR payslips which are being generated from SAP need to be encrypted using security signatures stored at an exchange server.
  I have looked at Secure email proxy but I believe that is a more standard functionality, the payslips are being generated, being converted into pdfs and are being sent as an attachment in emails,all custom coding.
  Is there a way to utilize the secure email proxy feature using custom code?
  Are there other ways to use the existing signatures at the exchange server. Help.sap.com also mentions a badi - SX_secure_email - would this suffice for my needs?
  Thank you

  Generating the request with a particular user who has the parameter set to on gets the trick done.

• Require Logon Using Secure Password Authentication does not work with plaintextlogin on the server side

  Hi All ;
  We are in the middle of a migration Project but we stuck with this pop3 setting. Most of the mailboxes uses pop3 to connect Exchange 2010 with the setting spa + port 110 on the client side. We want to give same authentication options for the pop3 settings
  on 2013 side but when spa is selected the pop3 rejects the connection with the following error.
  Your e-mail server rejected your login with SPA.
  So both settings for pop3 protocol is same but the client cannot connect from 2013 server.
  Where can i enable this feature from Exchange 2013 .

  Hi,
  Please make sure that we have enabled Outlook Anywhere and 2 pop3 services in Exchange 2013.
  More details in the following article:
  Enable POP3 in Exchange 2013
  http://technet.microsoft.com/en-us/library/bb124934(v=exchg.150).aspx
  Please make sure port 110, port 587, port 25 are available.
  Please try to disable the NTLM authentication on Exchange 2013 server for testing.
  Please also try to run Outlook client under safe mode to avoid some AVs and add-ins.
  Please also try to re-create new profile to refresh the caches for testing.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Allocating and delegating permissions in Exchange Server 2010 between two AD security group.

  People,
  Can anyone please assist me in where and how to assign the following two AD security group in Exchange Server 2010?
  IT Admin group (Full access and permission for all AD and Exchange related).
  IT Helpdesk group (can only create mailbox and modify the mailbox properties including AD distribution group and contacts).
  Because in Exchange Server 2007, everything can be managed easily through the AD security group that is created during the installation such as
  Exchange Organization Administrators group for full access for IT Admin team and Exchange Recipient Administrators group for managing the mailbox user for Help Desk team.
  /* Server Support Specialist */

  Hi,
  Based on my knowledge, Exchange 2010 has an Organization Management group instead of the Exchange Organization Administrators group. Use the Recipient Management group instead of the Exchange Recipient Administrators group. In your case, you can add the
  IT Admin group to the Organization Management group, add the IT Helpdesk group to the Recipient Management group.
  Hope this can be helpful to you.
  Best regards,  
  Amy Wang
  TechNet Community Support
  Thanks, Amy,
  But for some reason I cannot see those built in AD security group in my ADUC?
  So should I recreate it manually by right clicking on the AD user and Console ?
  /* Server Support Specialist */

• Outlook 2010, 2013 on new 2010 exchange server get windows security popup for password

  We recently migrated exchange 2003 on 2003 server to Server 2008R2 and Exchange 2010 SP3.  The installation had multiple problems and we resorted to Microsoft technical support for the server resolution. On the server level it seems to function
  as expected.  Our problem is with outlook 2010 and 2013.  Some of these outlook 2010 installs existed prior to the exchange 2010 upgrade and worked as expected prior to the upgrade
  Now with new machines (never been connected to our Domain) and some existing windows 7 machines with outlook 2010 and 2013, we get a windows security popup requesting the password.
  We have spent a couple of weeks reading blogs, how two's  and guaranteed fixes that don't fix.  The best we can do is start outlook, get the folders to sync and shortly thereafter it will request the password.  You can enter the password and
  it comes right back requesting the password.  You can cancel the request and you will get needs password in the area where it shows connected to exchange server and then will not prompt for another password until you need an update from the server
  or you try to send and email.  The email will not send until provide a password and immediately press send.  Once in the outbox it will require the password again to send and then cancel the popup and repeat the process again.
  Outlook test, turn off discovery, remove all credentials do not help.  Outlook anywhere turned off.  So far nothing seems to help. 
  Does anybody have a solution to my dilemma?

  Hi,
  Please check the problematic users' Outlook settings by the following steps:
  1. Click File > Account Settings > Account Settings > Change > More settings.
  2. In Security tab, make sure "Encrypt data between Microsoft Outlook and Microsoft Exchange" option is checked, "Always prompt for logon credentials" is unchecked.
  3. Change the logon network security to Negotiate Authentication, and Apply > OK to set it.
  Restart Outlook to have a try. If the issue persists, please
  re-create Outlook profile to check whether the issue persists.
  Regards,
  Winnie Liang
  TechNet Community Support
  Thank you for the response.
  I did as you suggested and the problem persists

• Outlook 2013 repeatedly prompts for password when connecting to Exchange Server 2010

  I am trying to configure Outlook 2013 on a Windows 8.1 Pro client.  The exchange server is 2010 SP1 and works just fine with OL 2010.
  When I configure OL 2013, the configuration prompts for a password for the account repeatedly with both NTLM and Basic Authentication chosen.  OL 2013 tries to connect and then it disconnects with the password for the account repeatedly prompted. When
  the credentials are entered, the prompt reappears immediately.
  Might anyone help?
  Many thanks in advance
  Shuvo

  Hi Shuvo,
  Please check whether this user can access mailbox in OWA. Please manual setup this account in Control Panel to have a try. Make sure your
  Server name and User name are configured correctly. If you are configure the account in internal domain environment, please click
  More Settings, set Negotiate Authentication in
  Security tab and uncheck Connect to Microsoft Exchange using HTTP in Connection tab.
  If there is any updates, please feel free to let us know.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Exchange server 2013 proxy authentication

  Hi All,
  I wanted to know what is the recommended proxy authentication for exchange server 2013. 
  I have observed the following from different proxy authentications:
  1. Negotiate: By default, the proxy authentication is set to negotiate and uses anonymous as Log on network security(un-encrypted MAPI)
  2. Basic: It always prompts for the user credentials and uses encrypted MAPI.
  3. NTLM: Use negotiate at MAPI level by default
  Please provide me some information on different authentication mechanisms and the one which is recommended to use. 
  Thanks,
  Srinivas.

  Hi Srinivas,
  According to my knowledge, there are my views below:
  Basic authentication: If you select this authentication type, Outlook will prompt for username and password
  while attempting a connection with Exchange.
  NTLM authentication: If you select this authentication type, exchange does not prompt users for a user
  name and password. The current Windows user information on the client computer is supplied by the browser through a cryptographic exchange involving hashing with the Web server. If the authentication exchange initially fails to identify the user, the browser
  will prompt the user for a Windows user account user name and password. So, when Outlook is trying to connect to Exchange and if the machine is domain joined, there isn’t a need to provide password.
  Negotiate authentication: Enabled by default in Exchange 2013. This is a combination of Windows integrated
  authentication and Kerberos authentication. If we employ negotiate authentication, exchange will authenticate the client using NTLM authentication type and if unable to verify authenticity, will challenge the client to authenticate using a username and password.
  And you could set the authentication type like this:
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  The command below for your reference:
  Get-OutlookAnywhere | Set-OutlookAnywhere -InternalHostname "internalServer.contoso.com" -InternalClientAuthenticationMethod Ntlm -InternalClientsRequireSsl $true -ExternalHostname "externalServer.company.com" -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl $true -IISAuthenticationMethods Negotiate,NTLM,Basic
  If you have any further questions, please let me know.
  Best regards,
  Eric

• Login MS Exchange with secure password

  Hi guys,
  I'm trying to use JavaMail to log into MS Exchange Server (Microsoft Exchange IMAP4rev1 server version 5.5.2653.23).
  The MS Exchange is configured for authentication.
  When I try to connect them, then I get an exception:
  "javax.mail.AuthenticationFailedException: Clear text passwords have been disabled for this protocol"
  Is there any way to create secured passwords for the login, or other solutions?
  Please help me.
  Thanks

  can someone help on this topic? it seems important enough !

• How to access unread mails of all users in Exchange server without having Passwords and without giving mailbox access to other user.

  Hi all,
     I am using Exchange server 2013, my task is to create
  Service , that
  need's to  monitor continuously for new mails of all Mailboxes in
  my server. if any user got new mail i need to get that Mail Subject, Mail Body, Sender Email Address [From emailId] .  
  Limitation
  : I don't have Passwords of mailboxes , so i gave all mailbox access permission  to one user , then i completed this   service using below code.
   But now, Client
  not willing to give Mailbox Permissions to one user because of security problems.
  How can i do this without passwords and without giving permissions to other user ?
  i don't want all mailbox access , i just need only
  access Mail Subject , Body and Sender mail address .
  How can i achieve
  this ?
  Process i follow
  => I created new user in server , and then i gave full permissions of all Mailboxes to newly created user[ex: james] in database level.
       i use below command for giving permissions in database level.
  Get-MailboxDatabase -Identity <Database Name> | Add-ADPermission -User <User> -AccessRights GenericAll
   => using below code i am searching unread mails of all user Mailboxes and then getting Subject, body and Sender Email            address . here i am have list of users,
  ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013);
  service.Credentials = new WebCredentials("[email protected]", "password");
  service.AutodiscoverUrl("[email protected]");  foreach (Object obj in usersList) // here i have Mailbox users list in usersList
               { var userMailbox = new Mailbox(obj.user);
  var folderId = new FolderId(WellKnownFolderName.Inbox, userMailbox);
  SearchFilter.IsEqualTo filter1 = new SearchFilter.IsEqualTo(EmailMessageSchema.IsRead, false);
  var itemView = new ItemView(50);
  var userItems = service.FindItems(folderId, filter1, itemView);
  foreach (var item in userItems)
  item.Load();
  var senderEmail = ((EmailMessage)item).From;
  var subject = item.Subject;
  var body = item.Body;

  You would need to check that possibilities via WebServices but suggest you to post this in Development forum to get help from programmers....
  http://social.technet.microsoft.com/Forums/office/en-US/home?forum=exchangesvrdevelopment
  Blog |
  Get Your Exchange Powershell Tip of the Day from here

• Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user  denied

  Hi,
  when I want to start managed server :
  <Sep 5, 2014 4:56:12 PM GST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user  denied
  weblogic.security.SecurityInitializationException: Authentication for user  denied
          at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:966)
          at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
          at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
          at weblogic.security.SecurityService.start(SecurityService.java:141)
          at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
          Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User  javax.security.auth.login.LoginException: [Security:090301]Password Not Supplied
          at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
          at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
          at java.security.AccessController.doPrivileged(Native Method)
          at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          Truncated. see log file for complete stacktrace
  >
  <Sep 5, 2014 4:56:12 PM GST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Sep 5, 2014 4:56:12 PM GST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Sep 5, 2014 4:56:12 PM GST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  Thanks

  Never mind, the correct command is:
  wls:/nm/IDMDomain> pr=makePropertiesObject("username=weblogic;password=weblogic0");
  wls:/nm/IDMDomain> nmStart('AdminServer',props=pr);
  It would be interesting however to have a list of all names of environmental variables that we can possibly set.
  Cheers.

• Apparently 4.3.3 broke my exchange password authentication and is locking my work computer.  Can I restore previos IOS?

  Any help will be appreciated. I upgraded to 4.3.3 and it apparently broke the password authentication for my work exchange account. I can't get my iCal on my desktop after Lion and now this. Grrr. It continues to hit the server and locks me out so I can't get email from any computer. Does anyone have a fix? If not can I restore the previous version? It was working perfect.
  Thanks in advance.

  As far as I know, it is not possible to downgrade to a previous iOS. Apple doesn't support it.

• IPhone can connect to Exchange Server with incorrect password!

  I have changed my Active Directory password, but have not entered the new password into the Exchange account settings on my iPhone. Nevertheless, my iPhone can still connect and get mail from Exchange. Thinking that perhaps it was because the iPhone was still working with a connection that had been established before I changed my password, I turned it off and turned it back on again -- and it connected and got new mail!

  Don't blame the phone just yet.
  The server is where the problem is..... The Exchange Server/IIS front end is the gatekeeper to your email. If the password is sent wrong, the server will reject you. Conversely, if your Exchange server is not authenticating at all, it will let anyone in.
  What is probably happening is that your password has not synchronized from AD to Exchange. This is not unheard of, but if it persists you should let your Sys Admin know.
  My guess is that you can log into your OWA (Web mail) with your old password as well.