Event ID - 7010

Event Id7010
DescriptionThis is an SMTP protocol log for virtual server ID , connection #.The client at "" sent a "" command, and the SMTP server responded with "".The full command sent was "". This will probably cause the connection to fail.
Event Information Cause :
This event is logged when the Exchange server sends an SMTP command to a remote server and receives a response that is not valid. The virtual server ID indicates which SMTP virtual server issued the command. The remote host indicates the fully qualified domain name of the remote server that responded to the command. The actual command issued, and the response received, are also mentioned in the event.

Possible causes for this event include faulty network card drivers and network cards that are configured incorrectly.

Resolution :

To resolve this error, try one or more of the following:
  • Make sure that the latest network card drivers and firmware are installed.
  • Run any network diagnostics software that was supplied with the network cards to verify that the network cards are functioning correctly.
  • If the network cards are configured to automatically detect the speed of the connected network, change the configuration to use a specific speed setting.
To troubleshoot this issue, follow these steps
:1. Verify that Integrated Windows Authentication is enabled on the SMTP virtual servers on the Exchange Server computers in your organization. If it is not enabled, follow these steps:
-- a. In Exchange System Manager, expand Administrative Groups, expand Servers, expand Exchange Server Name, expand Protocols, and then expand SMTP.
--b. Right-click the SMTP virtual server. (By default, this is named Default SMTP Virtual Server.)
--c. Click Properties, click the Access tab, and then click Authentication. Make sure that the Integrated Windows Authentication check box is selected.

2. If Integrated Windows Authentication is enabled, but the events persist, the sending server in the 7004 event or in the 7010 event may lack or be denied the SendAs right on the receiving server. If the sending server and the receiving server are experiencing these events, the servers may lack the SendAs rights on each other. The SendAs right is not set explicitly. The SendAs right is typically inherited through membership in the Exchange Domain Servers (EDS) group. If the EDS does not have this DENY access control entry (ACE) , the affected server may be nested in another group that has the DENY ACE, or the EDS may be nested in some other groups that have the DENY ACE. To succeed, the XEXCH50 command has to have the SendAs right for servers in the Exchange organization.

3. Check to see whether you are using Transport Layer Security (TLS) and a security channel between servers in the Exchange organization. In this scenario, the STARTTLS transport event sinks fire before the AUTH command. The XEXCH50 command fails later in the session because of lack of the AUTH command.

4. If Exchange Protocol Security (EXPS) authentication is not working correctly between servers, the XEXCH50 command will not work.

5. Verify whether there is a firewall or a virus wall between servers in th
Reference LinksHow to troubleshoot the "504 need to authenticate first" SMTP protocol error

Considerations on installing Symantec or Norton AntiVirus Corporate Edition on mail servers

Best practices for Symantec AntiVirus Corporate Edition 9.x Auto-Protect on a Microsoft Exchange server

Microsoft product: Exchange Version: 6.5.7638.0 Event Source: MSExchangeTransport Event ID: 7010

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.