Posterous theme by Cory Watilo

Filed under: exchange

Enabling IMAP access in Exchange 2007

While trying to mail-enable Redmine for receiving mail, we added a new account to our Exchange 2007 server.
While IMAP access to the account quickly worked, the same could not be said for sending email to the account.  45 minutes later and some head scratching, we hadn’t found the way to force Global Address Book updates from the Exchange Management Console GUI, but had found the Exchange Management Shell command to do so, Update-GlobalAddressList.  Even this left us waiting 20 minutes without success.
Then, when we looked in Exchange Management Console at the Mailbox itself, we noticed it was listed as a Legacy Mailbox.  Huh?  Apparently we had manufactured the mailbox using Exchange 2003 active directory tools, which made an Exchange 2003 mailbox.
We deleted and recreated the mailbox using Exchange Management Console.  It showed up in the GAL!  I could send email to it!  But I couldn’t log in through IMAP anymore!  Bah.
After much gnashing of teeth and research, a few tools were necessary to do the troubleshooting.  First, using the Event Viewer to look for authentication events on the Exchange server was necessary.  It showed some Success Audits from my earlier logins with the 2003 mailbox but none (not even failures) for the 2007 mailbox.
Using telnet to go to port 143 (the default IMAP port) showed that the IMAP service was indeed running.  The Exhange Management Console also showed that IMAP access was enabled on our mailbox.
We then used the “Set-ImapSettings –LoginType PlainTextLogin” command to allow us to issue cleartext passwords through our login session.  From there, two important pieces of information clued us in.
The first was that using the “0 login <username> <password>” IMAP command to log into another existing mailbox worked.
The second was that we noticed a Success Audit in the Event Viewer for a logoff of the new mailbox when we hadn’t done anything.
The theory is that the old mailbox was still hanging around because of my prior IMAP login (or for whatever reason) and the name was blocking access to the new mailbox of the same name.
Bingo: delete the mailbox and make a new one with a different name.  Login through telnet works!  Set the logintype back to SecureLogin and login through an IMAP client works!  Sending email to the account works!
And only a couple hours spent.  Could have been worse I guess.