SMTP completed authentication but could not determine the account name or security identifier (SID) for this authentication attempt

 

Topic Last Modified: 2007-11-16

The Microsoft Exchange Server 2007 Management Pack for Operations Manager monitors the Windows Application log on computers that are running Exchange Server 2007 and generates this alert when the event or events specified in the following Details table are logged.

To learn more about this event, do one or more of the following:

  • Review the description of the event that includes the variables specific to your environment. From the Operator Console, select this alert, and then click the Properties tab.

  • Review all events that have been logged that meet the criteria of this Operations Manager alert. From the Operator Console, click the Events tab, and then double-click the event in the list for which you want to review the event description.

Details

Product Name

Exchange

Product Version

8.0 (Exchange Server 2007)

Event ID

1030

Event Source

MSExchangeTransport

Alert Type

Critical Error

MOM Rule Path

Microsoft Exchange Server/Exchange 2007/Common Components/Hub Transport and Edge Transport/Transport

MOM Rule Name

SMTP completed authentication but could not determine the account name or security identifier (SID) for this authentication attempt.

Explanation

This Error event indicates that inbound authentication on a Receive connector was completed, but the account name or security identifier (SID) could not be determined. The reason for the problem is specified in the error message text.

The security settings for a Receive connector specify the permissions that are granted to sessions that connect to the Receive connector and the supported authentication mechanisms.

Receive connectors use permission groups to define the entities that can submit messages to the Receive connector and the permissions that are assigned to those groups. A permission group is a predefined set of permissions that is granted to well-known security principals and assigned to a Receive connector. Security principals include users, computers, and security groups.

The set of permission groups is predefined in Microsoft Exchange Server 2007. This means that you cannot create additional permission groups. Also, you cannot modify the permission group members or the associated permissions. For a complete description of the permission groups, and the associated security principals, see Receive Connectors.

The following authentication methods are available for inbound connectors on a Receive connector:

  • None

  • Transport Layer Security (TLS)

  • Mutual TLS authentication

  • Basic authentication

  • Basic Authentication only after starting TLS

  • Exchange Server authentication

  • Integrated Windows authentication

  • Externally Secured

In the Exchange Management Console, you set the accepted authentication methods for inbound connections on the Authentication tab of the Receive connector properties page.

In the Exchange Management Shell, you set the accepted authentication methods for inbound connections by using the following parameters on the Set-ReceiveConnector cmdlet:

  • AuthMechanism

  • DomainSecureEnabled

  • RequireTLS

User Action

To resolve this error, do one or more of the following:

  • Verify that the Receive connector has the correct permission groups assigned to it to correctly receive inbound messages.

  • Verify that the Receive connector and any remote hosts are configured with the correct credentials and required certificates.

For More Information

To search the Microsoft Knowledge Base articles based on criteria that generated this alert, visit the Search the Support Knowledge Base (KB) Web site.

To review Exchange 2007 event message articles that may not be represented by Exchange 2007 alerts, see the Events and Errors Message Center.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.