Is CDFW.local in your accepted domains list? I wager it is. You need to choose a completely unrelated source domain.
From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] Sent: Monday, March 18, 2013 9:54 AM To: MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail Michael, Any thoughts on the below log entry? From: Joseph Heaton [mailto:joseph.hea...@wildlife.ca.gov] Sent: Thursday, March 14, 2013 8:59 AM To: Heaton, Joseph@Wildlife; MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail I did find an entry with the @CDFW.local, with the same information as below. So it looks like it gets past authentication, but when it starts sending the data, it then errors out? From: Joseph Heaton [mailto:joseph.hea...@wildlife.ca.gov] Sent: Wednesday, March 13, 2013 4:13 PM To: Heaton, Joseph@Wildlife; MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail Actually, I just noticed that this log snippet doesn't reflect the change I made for the From: address. It should read TeamFoundationServer@CDFW.local<mailto:TeamFoundationServer@CDFW.local>, not @wildlife.ca.gov. I just asked the developer to verify the setting to what I want it, and to send another test. Now that I have logging bumped up for all 3 servers, I should be able to find it. From: Joseph Heaton [mailto:joseph.hea...@wildlife.ca.gov] Sent: Wednesday, March 13, 2013 4:00 PM To: Heaton, Joseph@Wildlife; MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail Ok, I have 3 HT servers. The first two already had protocol logging level set to verbose. The third has it set now. I also have 3 Receive Connectors on each server: Default, Client, and the Application Relay. I only set/checked logging level on the default. Here's what I found in the smtpreceive log of my HT2, which already had verbose set: 2013-03-12T21:55:49.854Z,HQHTCS2\Default HQHTCS2,08CFD9D3E95CDF86,21,10.249.35.21:25,10.249.35.22:31706,*,SMTPSubmit SMTPAcceptAnyRecipient BypassAntiSpam AcceptRoutingHeaders,Set Session Permissions 2013-03-12T21:55:49.854Z,HQHTCS2\Default HQHTCS2,08CFD9D3E95CDF86,22,10.249.35.21:25,10.249.35.22:31706,*,AD\HQTFS1$,authenticated 2013-03-12T21:55:49.854Z,HQHTCS2\Default HQHTCS2,08CFD9D3E95CDF86,23,10.249.35.21:25,10.249.35.22:31706,>,235 2.7.0 Authentication successful, 2013-03-12T21:55:49.854Z,HQHTCS2\Default HQHTCS2,08CFD9D3E95CDF86,24,10.249.35.21:25,10.249.35.22:31706,<,MAIL FROM:<teamfoundationser...@wildlife.ca.gov<mailto:teamfoundationser...@wildlife.ca.gov>>, 2013-03-12T21:55:49.854Z,HQHTCS2\Default HQHTCS2,08CFD9D3E95CDF86,25,10.249.35.21:25,10.249.35.22:31706,*,08CFD9D3E95CDF86;2013-03-12T21:55:49.838Z;1,receiving message 2013-03-12T21:55:49.854Z,HQHTCS2\Default HQHTCS2,08CFD9D3E95CDF86,26,10.249.35.21:25,10.249.35.22:31706,>,250 2.1.0 Sender OK, 2013-03-12T21:55:49.854Z,HQHTCS2\Default HQHTCS2,08CFD9D3E95CDF86,27,10.249.35.21:25,10.249.35.22:31706,<,RCPT TO:<ericmil...@wildlife.ca.gov<mailto:eric.mil...@wildlife.ca.gov>>, 2013-03-12T21:55:49.854Z,HQHTCS2\Default HQHTCS2,08CFD9D3E95CDF86,28,10.249.35.21:25,10.249.35.22:31706,>,250 2.1.5 Recipient OK, 2013-03-12T21:55:49.854Z,HQHTCS2\Default HQHTCS2,08CFD9D3E95CDF86,29,10.249.35.21:25,10.249.35.22:31706,<,DATA, 2013-03-12T21:55:49.854Z,HQHTCS2\Default HQHTCS2,08CFD9D3E95CDF86,30,10.249.35.21:25,10.249.35.22:31706,>,354 Start mail input; end with <CRLF>.<CRLF>, 2013-03-12T21:55:49.854Z,HQHTCS2\Default HQHTCS2,08CFD9D3E95CDF86,31,10.249.35.21:25,10.249.35.22:31706,>,550 5.7.1 Client does not have permissions to send as this sender, 2013-03-12T21:55:49.854Z,HQHTCS2\Default HQHTCS2,08CFD9D3E95CDF86,32,10.249.35.21:25,10.249.35.22:31706,-,,Remote From: Michael B. Smith [mailto:michael@smithconscom<mailto:mich...@smithcons.com>] Sent: Wednesday, March 13, 2013 12:27 PM To: Heaton, Joseph@Wildlife; MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail Sorry. On the Default Receive connector. :) Set it to Verbose from the default of None. From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] Sent: Wednesday, March 13, 2013 2:39 PM To: MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail Looking at Diagnostic Logging Properties, I'm not sure which one(s) you want me to increase Do you want just the Transport Service, or smtp send and receive, or something else? From: Michael B. Smith [mailto:michael@smithconscom<mailto:mich...@smithcons.com>] Sent: Wednesday, March 13, 2013 10:55 AM To: Heaton, Joseph@Wildlife; MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail Turn up logging. Let me see the SMTP stream. From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] Sent: Wednesday, March 13, 2013 1:45 PM To: MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail Ok, so after making the From: address TeamFoundationServer@CDFW.local<mailto:TeamFoundationServer@CDFW.local> (definitely not our e-mail format), it still failed. The user is saying that the "TFSJobAgent runs as [NT Authority\NETWORK SERVICE] on hqtfs1 and there is no other identity configured for the email alerts." So, some service runs on the Team Foundation Server, to send e-mail. I have no idea how Team Foundation Server works, or what it is trying to e-mail. From: Joseph Heaton [mailto:joseph.hea...@wildlife.ca.gov] Sent: Tuesday, March 12, 2013 8:14 PM To: Heaton, Joseph@Wildlife; MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail It's a valid e-mail address format, but the account doesn't exist. I changed it to an invalid domain, and I'll have them test. From: Michael B. Smith [mailto:michael@smithconscom<mailto:mich...@smithcons.com>] Sent: Tuesday, March 12, 2013 4:33 PM To: Heaton, Joseph@Wildlife; MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail So, they are sending as a valid email address (the From: header) and they don't have Send-As permission. And since they are sending anonymously, they can't use a Send-As permission anyway. Don't do that. Use something stupid like this-is-a-return-addr...@to.an.invalid.domain<mailto:this-is-a-return-address@toan.invalid.domain> for the From: header and use a Reply-To: header to control where replies are actually sent. From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] Sent: Tuesday, March 12, 2013 6:07 PM To: MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail So, when testing, this is the error: "5.7.1 Client does not have permissions to send as this sender." From: Joseph Heaton [mailto:joseph.hea...@wildlife.ca.gov] Sent: Tuesday, March 12, 2013 1:30 PM To: Heaton, Joseph@Wildlife; MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail Here's the command I ran on HT1, and the resultant Warning: [PS] C:\Windows\system32>Get-ReceiveConnector "Application Server Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOU S LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient" WARNING: The appropriate access control entry is already present on the object "CN=Application Server Relay,CN=SMTP Receive Connectors,CN=Protocols,CN=HQHTCS1,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=DFG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=AD,DC=Dfg,DC=Ca,DC=Gov" for account "NT AUTHORITY\ANONYMOUS LOGON". Looks like it was already set? When I ran the command on HT2 and HT3, it seemed to perform correctly, so it seems that they weren't all set properly. I'm going to ask the user to test, and let me know. From: Michael B. Smith [mailto:michael@smithconscom<mailto:mich...@smithcons.com>] Sent: Tuesday, March 12, 2013 12:05 PM To: Heaton, Joseph@Wildlife; MS-Exchange Admin Issues Subject: RE: configuring Team Foundation Server to send mail Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient" http://technet.microsoft.com/en-us/library/bb232021(v=exchg.141).aspx From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] Sent: Tuesday, March 12, 2013 3:00 PM To: MS-Exchange Admin Issues Subject: configuring Team Foundation Server to send mail Ok guys, Please have mercy on me. I'm in the hospital with my daughter, and it's been a long night. But I need to get this figured out. I've never dealt with Team Foundation Server before, and I'm not the one configuring that part of it. However, we want Team Foundation Server to be able to e-mail. I have receive connectors set up on each of my HT servers, allowing certain IPs, but this has not resolved the issue. Do I need to create a service account for the Team Foundation Server to use, or is there another way of doing this? All Exchange 2010, by the way. Thanks, Joe Heaton Enterprise Server Support CA Department of Fish and Wildlife 1807 13th Street, Suite 201 Sacramento, CA 95811 Desk: (916) 557-3422 --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist