最近接了一个CASE,搞定有点郁闷,研究了2天才找到问题原因,今天就给大家分享下:
Exchange版本:Exhange2013 CU7
操作系统版本:WindowsServer 2008 R2企业版 SP1
问题描述:部分POP3客户端无法连接到Exchange邮件服务器
症状
======
特定CAS服务器无法完成POP3连接
1.TELNET 110 端口服务无响应
2.配置账户失败
抓包分析
==========
根据抓包,我发现TELNET的包,到CAS-01都是有被收到的。但是SESSION直接被finished。
10384 3:39:10 PM 5/6/2015 10.0902274 BJ-DC-02 bj-cas-01 TCP TCP:Flags=CE....S., SrcPort=51371, DstPort=POP 3(110), PayloadLen=0,Seq=1885023159, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) =8192 {TCP:5238, IPv4:2189}
10385 3:39:10 PM 5/6/2015 10.0905016 bj-cas-01 BJ-DC-02 TCP TCP:Flags=...A..S., SrcPort=POP 3(110), DstPort=51371, PayloadLen=0,Seq=895363624, Ack=1885023160, Win=8192 ( Negotiated scale factor 0x8 ) =2097152 {TCP:5238, IPv4:2189}
10386 3:39:10 PM 5/6/2015 10.0908833 BJ-DC-02 bj-cas-01 TCP TCP:Flags=...A...., SrcPort=51371, DstPort=POP 3(110), PayloadLen=0,Seq=1885023160, Ack=895363625, Win=256 (scale factor 0x8) = 65536 {TCP:5238, IPv4:2189}
10387 3:39:10 PM 5/6/2015 10.0922646 bj-cas-01 BJ-DC-02 TCP TCP:Flags=...A...F, SrcPort=POP 3(110), DstPort=51371, PayloadLen=0,Seq=895363625, Ack=1885023160, Win=256 (scale factor 0x8) = 65536 {TCP:5238, IPv4:2189}
10388 3:39:10 PM 5/6/2015 10.0923369 BJ-DC-02 bj-cas-01 TCP TCP:Flags=...A...., SrcPort=51371, DstPort=POP 3(110), PayloadLen=0,Seq=1885023160, Ack=895363626, Win=256 (scale factor 0x8) = 65536 {TCP:5238, IPv4:2189}
10389 3:39:10 PM 5/6/2015 10.0947774 BJ-DC-02 bj-cas-01 TCP TCP:Flags=...A...F, SrcPort=51371, DstPort=POP 3(110), PayloadLen=0,Seq=1885023160, Ack=895363626, Win=256 (scale factor 0x8) = 65536 {TCP:5238, IPv4:2189}
10390 3:39:10 PM 5/6/2015 10.0949663 bj-cas-01 BJ-DC-02 TCP TCP:Flags=...A...., SrcPort=POP 3(110), DstPort=51371, PayloadLen=0,Seq=895363626, Ack=1885023161, Win=256 (scale factor 0x8) = 65536 {TCP:5238, IPv4:2189}
因此,建议客户检查
1.确保POP3 LOGGING 已经开启,需要准备一台测试用CLIENT 配合我们做账号配置
2.收集POP3 SETTING
Get-PopSettings |fl >>C:\pop3.txt ;请提供MBX-02 的IP 地址
收集ComponentState信息
Get-ServerComponentState -identity “bj-cas-01” >>C:\comp.txt
3.收集SDP日志包:
在CAS01服务器端收集SDP
1. Click on the link below.
2. Click on the Run button (recommended) to start the diagnosticprocess.
3. Follow the onscreen instructions to run the diagnostic on thiscomputer, or on a different computer.
Please note that you can submit diagnostics results back toMicrosoft 10 time(s) until: 2015-06-05.
For frequently asked questions about diagnostic data collection anduploading tools click the link below:
问题原因
==========
1.前端服务器 POPPROXY 组件处于INACTIVE状态
2.认证模式处于SecureLogin 需要加密再完成认证
解决办法
==========
1.将Requester 设为HealthAPI 运行 Set-ServerComponentState -IdentityBJ-CAS-01 -Component PopProxy -Requester HealthAPI -State Active
2.使用PlainTextLogin 模式 set-popsettings -server BJ-CAS-01-LoginType PlainTextLogin
本文出自 “Juck Zhang” 博客,谢绝转载!