Windows server 2008 + Mercury

posted Jul 16 '09 at 8:02 pm

I hope you can help because this stuff goes beyond my knowledge and
it's going to take lots of time for me to solve this, if ever.

The lack of connection to port 110 can be caused by:

1. MercuryP is not running and bound to port 110.

2. Port 110 to the local system is being blocked by the Windows firewall. Turn off the firewall and try again to test.

3. MercuryP is blocking the IP address. Allow the local addresses in the MercuryP connection control and whitelist them.

<blockquote>I hope you can help because this stuff goes beyond my knowledge and it's going to take lots of time for me to solve this, if ever.</blockquote>The lack of connection to port 110 can be caused by:1.&nbsp;&nbsp; MercuryP is not running and bound to port 110. 2. &nbsp; Port 110 to the local system is being blocked by the Windows firewall.&nbsp; Turn off the firewall and try again to test. 3.&nbsp;&nbsp; MercuryP is blocking the IP address.&nbsp; Allow the local addresses in the MercuryP connection control and whitelist them.&nbsp;&nbsp;&nbsp;

Jim Pow

posted Apr 28 '09 at 12:56 pm

First of all, I want to thank all moderators and people involved with this forum for finding solutions to all of our problems. It's amazing how fast you guys respond to help us.

I have installed and set up the latest Mercury to work with thunderbird on our local windows 2008 server (30 clients). After trying to log onto the server with thunderbird, the damn thing always says I'm unable to connect to the server. In a previous post this question also arose where it turned out to be a firewall issue. Since the firewall is completely down, rules have been allowed for mercury and clients, ports 143-110-25 stay open, and there's no other virus software, I strongly doubt this is the problem.

I've also been able to run the telnet command successfully, where the client has even giving me the version of mercury as output.

The DNS-server is configured correctly since I can access all shares and run everything without a problem except thunderbird (also latest version).

I am missing something here, but after a long time I still don't know what it is.

Another problem is that I'm installing Windows Server 2008 in the same computer case as Windows Server 2003 is running now in the office, so I won't be able to try suggestions until all employees are out.

regards,

Jim

First of all, I want to thank all moderators and people involved with this forum for finding solutions to all of our problems.&nbsp; It's amazing&nbsp;how fast you guys respond to help us.&nbsp; I have installed and set up the latest Mercury to work with thunderbird on our local windows 2008 server (30 clients).&nbsp; After trying to log onto the server with thunderbird, the damn thing always says I'm unable to connect to the server.&nbsp; In a previous post this question also arose where it turned out to be a firewall issue.&nbsp; Since the firewall is completely down, rules have been allowed for mercury and clients, ports 143-110-25 stay open,&nbsp;and there's no other virus software, I strongly doubt this is the problem.&nbsp; I've also been able to run the telnet command successfully, where the client&nbsp;has even&nbsp;giving me the version of mercury as output. The DNS-server is configured correctly since I can access all shares and run everything without a problem except thunderbird (also latest version). I am missing something here, but after a long time I still don't know what it is. &nbsp;Another problem is that I'm installing Windows Server 2008 in the same computer case as Windows Server 2003 is running now in the office, so I won't be able to try suggestions until&nbsp;all employees are out. &nbsp;regards, Jim &nbsp;

dilberts_left_nut

posted Apr 28 '09 at 5:33 pm

From what you have said, the Merc console window for whichever protocol you are testing should show the telnet connection but not the thunderbird attempt.

Did you telnet to the same server name as in the thunderbird config? (not by IP address)

[quote]The DNS-server is configured correctly since I can access all shares

and run everything without a problem except thunderbird (also latest

version).[/quote]

Not necessarily, windows shares use NETBIOS lookups before resorting to DNS lookups only if that fails.

[quote]Since the firewall is completely down, rules have been allowed for

mercury and clients, ports 143-110-25 stay open, and there's no other

virus software, I strongly doubt this is the problem. [/quote]

I strongly suspect this IS the problem. [:P]

Anyway, the answer lies in the difference between your telnet & thunderbird on the client, as anything blocking on the server would not be able to tell the difference.

From what you have said, the Merc console window for whichever protocol you are testing should show the telnet connection but not the thunderbird attempt.Did you telnet to the same server name as in the thunderbird config? (not by IP address)[quote]The DNS-server is configured correctly since I can access all shares and run everything without a problem except thunderbird (also latest version).[/quote]Not necessarily, windows shares use NETBIOS lookups before resorting to DNS lookups only if that fails. [quote]Since the firewall is completely down, rules have been allowed for mercury and clients, ports 143-110-25 stay open,&nbsp;and there's no other virus software, I strongly doubt this is the problem. [/quote]I strongly suspect this IS the problem.&nbsp;[:P]Anyway, the answer lies in the difference between your telnet &amp; thunderbird on the client, as anything blocking on the server would not be able to tell the difference.

Jim Pow

posted Apr 28 '09 at 6:23 pm

Thx for the reply

You seem to know stuff :)

I tried telnet with putty before but it didn't seem to work. I must be missing something here as well.

Can the DHCP-server work flawlessly with a badly configured DNS-server?

In Thunderbird my server name is configured by IP-address. Should I try telnetting by name, would that make any difference?

Any hints?

Thx for the reply You seem to know stuff :) I tried telnet with&nbsp;putty before but it didn't&nbsp;seem to work.&nbsp; I must be missing something here as well.&nbsp; Can&nbsp;the DHCP-server work flawlessly with a badly configured DNS-server?&nbsp;&nbsp; In Thunderbird&nbsp;my server name is&nbsp;configured by IP-address.&nbsp; Should I try telnetting by name, would that make any difference? Any hints?

Thomas R. Stephenson

posted Apr 28 '09 at 7:05 pm

[quote user="Jim Pow"]Thx for the reply You seem to know stuff :)
I tried telnet with putty before but it didn't seem to work. I must be missing something here as well.

Start | Run | telnet <IP address> 110 should work as a test. If this works and t-bird does not it really looks like a firewall is blocking t-bird.

Can the DHCP-server work flawlessly with a badly configured DNS-server?

Yes, no and maybe. The badly configured DNS may not be badly configured for DCHP. If you use the IP address it should not even be looking at the DNS system to make the connection.

In Thunderbird my server name is configured by IP-address. Should I try telnetting by name, would that make any difference?

IP address should work just fine. That said an IP address pointing to a local LAN address (192.168.x.x) and one pointed to an external address do have a lot of differences in the route to host.

Any hints?
[/quote]

<blockquote>[quote user="Jim Pow"]Thx for the reply You seem to know stuff :)I tried telnet with&nbsp;putty before but it didn't&nbsp;seem to work.&nbsp; I must be missing something here as well.&nbsp;</blockquote>Start | Run | telnet &lt;IP address&gt; 110 should work as a test.&nbsp; If this works and t-bird does not it really looks like a firewall is blocking t-bird. <blockquote>Can&nbsp;the DHCP-server work flawlessly with a badly configured DNS-server?&nbsp;&nbsp;</blockquote>Yes, no and maybe.&nbsp; The badly configured DNS may not be badly configured for DCHP.&nbsp; If you use the IP address it should not even be looking at the DNS system to make the connection. <blockquote>In Thunderbird&nbsp;my server name is&nbsp;configured by IP-address.&nbsp; Should I try telnetting by name, would that make any difference?</blockquote>IP address should work just fine.&nbsp; That said an IP address pointing to a local LAN address (192.168.x.x) and one pointed to an external address do have a lot of differences in the route to host. &nbsp; <blockquote>Any hints?[/quote]</blockquote>

Jim Pow

posted Apr 29 '09 at 3:26 pm

Ok, I appreciate this.

It will take a while before I can try this on the system.

If this still doesn't work next time I can try to back my problem up with some screens.

Ok, I appreciate this. &nbsp; It will take a while before I can try this on the system.&nbsp; If&nbsp;this still&nbsp;doesn't work next time&nbsp;I can&nbsp;try to&nbsp;back my problem&nbsp;up with some screens.&nbsp;

Jim Pow

posted Jul 16 '09 at 6:31 pm

Hi guys,

Finally found the time to work on the new server again.

Trying this:

(=dutch, means connection is being made to...) didn't do anything, it just stayed like this without a respond.

same here...

This one below works:

This screen here shows the firewall is set off and when it was still on I've unblocked connections to port 110, 24 ,143...

I have a few errors on some of the functions of the server, maybe someone knows if they have anything to do with the telnet problem. I'm experiencing great difficulties in understanding them. These come up when I push the 'Online Help' button, the original message is in Dutch.

Event ID 2886 — LDAP signing
Updated: July 1, 2009

Applies To: Windows Server 2008 R2

To enhance the security of directory servers, you can configure both Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS) to require signed Lightweight Directory Access Protocol (LDAP) binds.

Unsigned network traffic is susceptible to replay attacks, in which an intruder intercepts an authentication attempt and the issue of a ticket. The intruder can reuse the ticket to impersonate the legitimate user. In addition, unsigned network traffic is susceptible to man-in-the-middle attacks, in which an intruder captures packets between the client computer and the server, modifies the packets, and then forwards them to the server. When this behavior occurs on an LDAP server, an attacker can cause a server to make decisions that are based on forged requests from the LDAP client.

Consider enhancing the security of your domain controllers by configuring them to reject simple LDAP bind requests and other bind requests that do not include LDAP signing.

Event ID 4007 — DNS Server Active Directory Integration
Updated: November 13, 2007

Applies To: Windows Server 2008

You can configure the DNS Server service to use Active Directory Domain Services (AD DS) to store zone data. This makes it possible for the DNS server to rely on directory replication, which enhances security, reliability, and ease of administration.

I hope you can help because this stuff goes beyond my knowledge and it's going to take lots of time for me to solve this, if ever.

thank you

Hi guys, Finally found the time to work on the new server again. Trying this: <IMG src="http://www.ostendpowers.be/downloads/error.jpg" mce_src="http://www.ostendpowers.be/downloads/error.jpg"> (=dutch, means connection is being made to...) didn't do anything, it just stayed like this without a respond.&nbsp; <IMG src="http://www.ostendpowers.be/downloads/error1.jpg" mce_src="http://www.ostendpowers.be/downloads/error1.jpg"> same here... This one below&nbsp;works: <IMG src="http://www.ostendpowers.be/downloads/error4.jpg" mce_src="http://www.ostendpowers.be/downloads/error4.jpg"> &nbsp;This screen here shows the firewall is set off and when it was still on I've unblocked connections to port 110, 24 ,143... <IMG src="http://www.ostendpowers.be/downloads/error2.jpg" mce_src="http://www.ostendpowers.be/downloads/error2.jpg"> &nbsp; I have a few errors on some of the functions of the server, maybe someone knows if they have anything to do with the telnet problem.&nbsp; I'm experiencing great difficulties in understanding them.&nbsp; These come up when I push the 'Online Help' button, the original message is in Dutch. &nbsp; Event ID 2886 — LDAP signing Updated: July 1, 2009 Applies To: Windows Server 2008 R2 To enhance the security of directory servers, you can configure both Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS) to require signed Lightweight Directory Access Protocol (LDAP) binds. Unsigned network traffic is susceptible to replay attacks, in which an intruder intercepts an authentication attempt and the issue of a ticket. The intruder can reuse the ticket to impersonate the legitimate user. In addition, unsigned network traffic is susceptible to man-in-the-middle attacks, in which an intruder captures packets between the client computer and the server, modifies the packets, and then forwards them to the server. When this behavior occurs on an LDAP server, an attacker can cause a server to make decisions that are based on forged requests from the LDAP client. Consider enhancing the security of your domain controllers by configuring them to reject simple LDAP bind requests and other bind requests that do not include LDAP signing. &nbsp; Event ID 4007 — DNS Server Active Directory Integration Updated: November 13, 2007 Applies To: Windows Server 2008 You can configure the DNS Server service to use Active Directory Domain Services (AD DS) to store zone data. This makes it possible for the DNS server to rely on directory replication, which enhances security, reliability, and ease of administration. &nbsp; I hope you can help because this stuff goes beyond my knowledge and it's going to take lots of time for me to solve this, if ever. &nbsp;thank you

Rolf Lindby

posted Jul 16 '09 at 7:59 pm

This should not be an Active Directory or LDAP issue, but something is obviously blocking access to port 110 on your server. There has been lots of changes in Server 2008 regarding networking, and even if the firewall is deactivated there could still be for instance IPsec rules that block ports. This Technet document gives additional information:

http://technet.microsoft.com/en-us/library/cc766312(WS.10).aspx

/Rolf

This should not be an Active Directory or LDAP issue, but something is obviously blocking access to port 110 on your server. There has been lots of changes in Server 2008 regarding networking, and even if the firewall is deactivated there could still be for instance IPsec rules that block ports. This Technet document gives additional information:<a href="http://technet.microsoft.com/en-us/library/cc766312(WS.10).aspx">http://technet.microsoft.com/en-us/library/cc766312(WS.10).aspx</a>&nbsp;/Rolf&nbsp;

Related Topics

Pending draft

Confirm move posts

Insufficient permissions

Select a different topic

Edit history