| Event Id | 7010 |
| Source | MSExchangeTransport |
| Description | This is an SMTP protocol log for virtual server ID |
| Event Information | Cause : This event is logged when the Exchange server sends an SMTP command to a remote server and receives a response that is not valid. The virtual server ID indicates which SMTP virtual server issued the command. The remote host indicates the fully qualified domain name of the remote server that responded to the command. The actual command issued, and the response received, are also mentioned in the event. Possible causes for this event include faulty network card drivers and network cards that are configured incorrectly. Resolution : To resolve this error, try one or more of the following:
To troubleshoot this issue, follow these steps :1. Verify that Integrated Windows Authentication is enabled on the SMTP virtual servers on the Exchange Server computers in your organization. If it is not enabled, follow these steps: -- a. In Exchange System Manager, expand Administrative Groups, expand Servers, expand Exchange Server Name, expand Protocols, and then expand SMTP. --b. Right-click the SMTP virtual server. (By default, this is named Default SMTP Virtual Server.) --c. Click Properties, click the Access tab, and then click Authentication. Make sure that the Integrated Windows Authentication check box is selected. 2. If Integrated Windows Authentication is enabled, but the events persist, the sending server in the 7004 event or in the 7010 event may lack or be denied the SendAs right on the receiving server. If the sending server and the receiving server are experiencing these events, the servers may lack the SendAs rights on each other. The SendAs right is not set explicitly. The SendAs right is typically inherited through membership in the Exchange Domain Servers (EDS) group. If the EDS does not have this DENY access control entry (ACE) , the affected server may be nested in another group that has the DENY ACE, or the EDS may be nested in some other groups that have the DENY ACE. To succeed, the XEXCH50 command has to have the SendAs right for servers in the Exchange organization. 3. Check to see whether you are using Transport Layer Security (TLS) and a security channel between servers in the Exchange organization. In this scenario, the STARTTLS transport event sinks fire before the AUTH command. The XEXCH50 command fails later in the session because of lack of the AUTH command. 4. If Exchange Protocol Security (EXPS) authentication is not working correctly between servers, the XEXCH50 command will not work. 5. Verify whether there is a firewall or a virus wall between servers in th |
| Reference Links | How
to troubleshoot the "504 need to authenticate first" SMTP protocol
error Considerations on installing Symantec or Norton AntiVirus Corporate Edition on mail servers Best practices for Symantec AntiVirus Corporate Edition 9.x Auto-Protect on a Microsoft Exchange server Microsoft product: Exchange Version: 6.5.7638.0 Event Source: MSExchangeTransport Event ID: 7010 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.