This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tom_Cripps
Advisor
‎2018-03-16 09:28 AM

Checkpoint R80.10 Management Failing to Auth to Microsoft Exchange

Hi all,

We're looking into getting reports sent through email through SmartEvent. We're just having failed auth's on Exchange when we initiate a connection to send the email. Before I open a TAC case anyone seen this kind of behaviour? I've checked routing to the Mail Server, that's all fine, it's as is the MD5 hash isn't correct from what we can see in the logs?

Any help is appreciated guys! Smiley Happy

9 Replies
Vladimir
Champion
Champion
‎2018-03-16 02:24 PM

Have you tried running smtp commands from the SmartEvent serer using same credentials?

0 Kudos
Tom_Cripps
Advisor
‎2018-03-19 02:34 AM
In response to Vladimir

Hi Vladimir, 

I'm not 100% sure what commands you could from the SmartEvent server? I wasn't aware there was any?

0 Kudos
Vladimir
Champion
Champion
‎2018-03-19 06:36 AM
In response to Tom_Cripps

Just ssh into SmartEvent server and attempt to telnet into your Exchange on port 25 using its name.

Use commands described here to compose and send a test message:

How to Test SMTP AUTH using Telnet [Wiki] | NDCHost 

FYI: do Not use backspace while typing SMTP commands, it'll nullify them. If you've made a mistake, end the telnet session and retry again from the beginning.

0 Kudos
Tom_Cripps
Advisor
‎2018-03-19 07:33 AM
In response to Vladimir

Just had it connect successfully with CLI using that method Vladimir, I've now tried using the Base64 encoded phrases as my credentials on the GUI to see if that works. Are you aware of any difference between CLI and the GUI in how it presents the username and password to the mail server?

0 Kudos
Vladimir
Champion
Champion
‎2018-03-19 07:39 AM
In response to Tom_Cripps

Nope, sorry, that would be a question for TAC.

But at least you have the confirmation that there is nothing wrong with communication and authentication between your SmartEvent and Exchange, so this will help them to troubleshoot.

Include the results of your test in SR.

0 Kudos
Tom_Cripps
Advisor
‎2018-03-19 07:43 AM
In response to Vladimir

Just got them from my Exchange Administrator, my presumption is that how it presents itself to the mail server through the GUI is different compared to the CLI with my results.

Tom_Cripps
Advisor
‎2018-04-09 05:26 AM
In response to Vladimir

So, we've ran some Wireshark Traces and it looks like doing it through the CLI compared to the GUI encodes the username and password differently? 

 

Anyone else seen this behaviour?

Preview file
91 KB
Preview file
18 KB
Preview file
73 KB
Preview file
27 KB
PhoneBoy
Admin
Admin
‎2018-03-16 03:40 PM

Shot in the dark, but may want to review your password to see if it has characters not on this list:

List of allowed ASCII characters for passwords on Gaia OS 

May need to involve the TAC also.

0 Kudos
Tom_Cripps
Advisor
‎2018-03-19 02:37 AM
In response to PhoneBoy

Hi Dameon,

Just checked and the characters of our password are all in the ASCII  table so will look to get in touch with our support contact unless you have any other ideas to try?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events