XCON: Message Delivery Failures Using the Internet Mail Service with NTLM Authentication/Encryption

• Microsoft Exchange Server, version 5.5

SYMPTOMS

When you receive e-mail over an Internet Mail Service that is configured to use NTLM Authentication and Encryption, mail service stops working intermittently, and the following event may be logged in the application Event Log.

Event ID: 4131
Source: MSExchangeIMC
Type: Information
Category: Internal Processing

Description:
An unexpected error occurred in the Internet Mail Service. Information about this error is stored in the data portion of this event.

Data: * Bytes O Words
0000: f3 03 15 00 0f 03 09 80

CAUSE

Data is being received in blocks from the remote server and each block is being decrypted as it is received. In rare cases, two blocks may be received by the server and read in a single IO operation. In these cases, the second block is not processed. When the next block arrives, the Windows NT security components recognize a problem (missing data) in the encryption stream and return an error of SEC_E_MESSAGE_ALTERED.

RESOLUTION

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Microsoft Exchange Server version 5.5 service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp

STATUS

Microsoft has confirmed this to be a problem in Microsoft Exchange Server version 5.5.

Additional query words:

Keywords : exc55
Version : winnt:5.5
Platform : winnt
Issue type : kbbug