Search The ForumSearch   RegisterRegister  LoginLogin

MailBee.NET Objects
 AfterLogic Forum : MailBee.NET Objects
Subject Topic: Secure authentication on Exchange 2010 Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
AengusO
Newbie
Newbie
Avatar

Joined: 26 February 2010
Location: Ireland
Online Status: Offline
Posts: 22
Posted: 07 November 2013 at 2:42am | IP Logged Quote AengusO
We are using MailBee.Net objects successfully on a customer site. Customer uses IMAP, works fine with plain text authentication.

We are trying to get secure TLS authentication to work. The customer is using Exchange 2010 and selects option "Secure Logon. A tls connection is required for the client to authenticate to the server."

We have tried using many combinations for the parameters such as MailBee.Security.SecurityProtocol and
MailBee.Security.SslStartupMode in the Imap connection.

All have failed, for example here is the MailBee Log when we try using AuthenticationSecurityProtocol = Auto and SslStartUpMode = OnConnect and AuthenticationMethods = Auto

17:02:02.20] [INFO] Error: IOException occurred. InnerException message follows: The handshake failed due to an unexpected packet format.
[17:02:02.21] [INFO] Assembly version: 7.2.2.373.
[17:02:02.21] [INFO] Will resolve host "xxx.xx.xxx.ie".
[17:02:02.21] [INFO] Host "xxx.xx.xxx.ie" resolved to IP address(es) x.x.x.x.
[17:02:02.21] [INFO] Will connect to host "xxx.xx.xxx.ie" on port 143.
[17:02:02.21] [INFO] Socket connected to IP address x.x.x.x on port 143.
[17:02:02.21] [INFO] Error: Socket connection has been refused by remote host. InnerException message follows: The handshake failed due to an unexpected packet format.
[17:02:02.21] [INFO] Error: IOException occurred. InnerException message follows: The handshake failed due to an unexpected packet format.

What can we try to get this to work ?

Thanks,
Aengus
Back to Top View AengusO's Profile Search for other posts by AengusO
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
Posted: 07 November 2013 at 3:49am | IP Logged Quote Igor
Since you use non-SSL port 143, most likely you need to call StartTls method, or choose SslStartupMode.UseStartTls mode. OnConnect mode is usually used with dedicated port, that's 993 for IMAP.

--
Regards,
Igor, AfterLogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
AengusO
Newbie
Newbie
Avatar

Joined: 26 February 2010
Location: Ireland
Online Status: Offline
Posts: 22
Posted: 18 November 2013 at 6:37am | IP Logged Quote AengusO
Thanks for the reply Igor, we have got back to the customer and they have tried using UseStartTls, now the are getting the error "The server does not support STARTTLS (STLS for POP3) command" - it is an Exchange 2010 server - is there something else that needs to be enabled ?

Regards,
Aengus
Back to Top View AengusO's Profile Search for other posts by AengusO
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2206
Posted: 18 November 2013 at 6:41am | IP Logged Quote Alex
Is is possible to see the updated log?

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
AengusO
Newbie
Newbie
Avatar

Joined: 26 February 2010
Location: Ireland
Online Status: Offline
Posts: 22
Posted: 18 November 2013 at 8:02am | IP Logged Quote AengusO
Hi Igor

This is what we get when we try UseStartTls

[15:55:19.90] [INFO] Assembly version: 7.2.2.373.
[15:55:19.90] [INFO] Will resolve host "xxx.xx.xxxx.ie".
[15:55:19.90] [INFO] Host "xxx.xx.xxxx.ie" resolved to IP address(es) x.x.x.x.
[15:55:19.90] [INFO] Will connect to host "xxx.xx.xxxx.ie" on port 143.
[15:55:19.90] [INFO] Socket connected to IP address x.x.x.x on port 143.
[15:55:19.90] [RECV] * OK The Microsoft Exchange IMAP4 service is ready.\r\n [Total 53 bytes received.]
[15:55:19.90] [INFO] Get the list of IMAP4 capabilities via CAPABILITY command.
[15:55:19.90] [SEND] MBN00000001 CAPABILITY\r\n
[15:55:19.91] [RECV] * CAPABILITY IMAP4 IMAP4rev1 LOGINDISABLED UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+\r\n [Total 85 bytes received.]
[15:55:19.91] [RECV] MBN00000001 OK CAPABILITY completed.\r\n [Total 38 bytes received.]
[15:55:19.91] [INFO] Connected to mail service at host "xxx.xx.xxxx.ie" on port 143 and ready.
[15:55:19.91] [INFO] Error: The server does not support STARTTLS (STLS for POP3) command.
[15:55:19.91] [SEND] MBN00000002 LOGOUT\r\n
[15:55:19.91] [RECV] * BYE Microsoft Exchange Server 2010 IMAP4 server signing off.\r\n [Total 64 bytes received.]
[15:55:19.91] [RECV] MBN00000002 OK LOGOUT completed.\r\n [Total 34 bytes received.]
[15:55:19.91] [INFO] Will disconnect from host "xxx.xx.xxxx.ie".
[15:55:19.91] [INFO] Disconnected from host "xxx.xx.xxxx.ie".

Regards
Aengus
Back to Top View AengusO's Profile Search for other posts by AengusO
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2206
Posted: 18 November 2013 at 11:41am | IP Logged Quote Alex
Looks like SSL is disabled on the server. When it's enabled, STARTTLS appears in the list of capabilities. Or, maybe, SSL is enabled, but only SSL on 993 port, not SSL via STARTTLS. Try to use port 993 and OnConnect ssl mode.

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
AengusO
Newbie
Newbie
Avatar

Joined: 26 February 2010
Location: Ireland
Online Status: Offline
Posts: 22
Posted: 21 November 2013 at 4:56am | IP Logged Quote AengusO
Hi Alex / Igor

Thanks for help

Have got back to customer and they confirm they say that they can telnet to port 143 and STARTTLS works

Also they have SSL enabled port 993 and this is what they get when they try to connect with port 993 and "OnConnect" mode:

[12:17:31.24] [INFO] Assembly version: 7.2.2.373.
[12:17:31.24] [INFO] Will resolve host "xxx.xx.xxx.ie".
[12:17:31.24] [INFO] Host "xxxxx" resolved to IP address(es) XX.X.X.XXX.
[12:17:31.24] [INFO] Will connect to host "xxxxx" on port 993.
[12:17:31.24] [INFO] Socket connected to IP address XX.X.X.XXX on port 993.
[12:17:31.24] [INFO] Error: Socket connection has been refused by remote host. InnerException message follows: The handshake failed due to an unexpected packet format.
[12:17:31.25] [INFO] Error: IOException occurred. InnerException message follows: The handshake failed due to an unexpected packet format.

Regards,
Aengus
Back to Top View AengusO's Profile Search for other posts by AengusO
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
Posted: 21 November 2013 at 5:37am | IP Logged Quote Igor
You seem to use quite an old build of the DLL, see if you encounter the same problem with the latest v8 release. Also, consider tweaking Imap.SslProtocol value.

--
Regards,
Igor, AfterLogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
AengusO
Newbie
Newbie
Avatar

Joined: 26 February 2010
Location: Ireland
Online Status: Offline
Posts: 22
Posted: 21 November 2013 at 7:49am | IP Logged Quote AengusO
Thanks for reply Igor,

Have just renewed our maintenance contract, I sent a test version with V8 dll to our customer, unfortunately they got the same results again for both port 143 and port 993.

Also could you make this thread private or redact it as I left in IP address / server name in some posts which I probably shouldnt have.

Do you have any more suggestions ?

Regards
Aengus
Back to Top View AengusO's Profile Search for other posts by AengusO
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2206
Posted: 21 November 2013 at 8:38am | IP Logged Quote Alex
Use our HelpDesk to submit sensitive information.

Perhaps, the server does support STARTTLS but does not advertize this.

UPDATE: Oh, I see your HelpDesk post now.

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
AengusO
Newbie
Newbie
Avatar

Joined: 26 February 2010
Location: Ireland
Online Status: Offline
Posts: 22
Posted: 21 November 2013 at 8:58am | IP Logged Quote AengusO
Hi Alex

I will try using the helpdesk in future

What I was asking was - could you make this thread private or else delete it ?

Also where does it leave me with customer if server supports STARTTLS but is not advertising it ?

Thanks,
Anegus
Back to Top View AengusO's Profile Search for other posts by AengusO
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2206
Posted: 21 November 2013 at 9:20am | IP Logged Quote Alex
I removed any sensitive information from your posts.

> Also where does it leave me with customer if server supports STARTTLS but is not advertising it ?

I guess you wanted to provide us with the test access (through helpdesk) to let us check ourselves. I hope we'll be able to work this out then.

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
AengusO
Newbie
Newbie
Avatar

Joined: 26 February 2010
Location: Ireland
Online Status: Offline
Posts: 22
Posted: 21 November 2013 at 9:46am | IP Logged Quote AengusO
Thanks for that Alex will get back to about test

Regards
Aengus
Back to Top View AengusO's Profile Search for other posts by AengusO
 
AengusO
Newbie
Newbie
Avatar

Joined: 26 February 2010
Location: Ireland
Online Status: Offline
Posts: 22
Posted: 22 November 2013 at 3:39am | IP Logged Quote AengusO
Customer will not allow remote access, are there more detailed tests which we could carry out under your intructions ?

Thanks,
Aengus
Back to Top View AengusO's Profile Search for other posts by AengusO
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
Posted: 22 November 2013 at 3:48am | IP Logged Quote Igor
We're not sure at the moment, will think about options here. But can you confirm that you've tried all the combinations of ports, OnConnect/UseStartTls and Imap.SslProtocol valus - and none didn't work?

--
Regards,
Igor, AfterLogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
AengusO
Newbie
Newbie
Avatar

Joined: 26 February 2010
Location: Ireland
Online Status: Offline
Posts: 22
Posted: 22 November 2013 at 3:56am | IP Logged Quote AengusO
Yes. Our engineer was on site tried all combinations she could - no joy.
Regards
Aengus
Back to Top View AengusO's Profile Search for other posts by AengusO
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
Posted: 22 November 2013 at 4:14am | IP Logged Quote Igor
Then the question here is whether SSL is actually enabled on server. For now, looks like it's not. Try accessing the account with some IMAP client like Mozilla Thunderbird - but not Outlook, as it tends to use native Exchange protocols while we need IMAP here.

Also, we have a version of telnet tool which is designed to work with SSL, you can download it here. Its usage is quite straightforward, and if you run the tool it'll display the usage help.

--
Regards,
Igor, AfterLogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
AengusO
Newbie
Newbie
Avatar

Joined: 26 February 2010
Location: Ireland
Online Status: Offline
Posts: 22
Posted: 22 November 2013 at 7:10am | IP Logged Quote AengusO
OK thanks for that have asked customer to run tests with tool

Aengus
Back to Top View AengusO's Profile Search for other posts by AengusO
 
AengusO
Newbie
Newbie
Avatar

Joined: 26 February 2010
Location: Ireland
Online Status: Offline
Posts: 22
Posted: 25 November 2013 at 7:34am | IP Logged Quote AengusO
Issue was resolved - customer was missing an Ssl certificate on server. Thanks for your help,

Regards
Aengus
Back to Top View AengusO's Profile Search for other posts by AengusO
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump

Powered by Web Wiz Forums version 7.9
Copyright ©2001-2004 Web Wiz Guide