Error connecting to pop3 server from a domain joined PC (win10 20H2) using Active Directory (W2012 R2) Users but Local PC users do connect OK

Question

I’m migrating to a new Win2012 R2 Datacenter Active Directory Domain (I have to support some legacy WXP PCs) and I have a mail (SMTP/POP3) server.

I installed a new PC with a bare Windows 10 20H2 Enterprise and joined the domain. And something funny happens: The Mail App only works with local PC user accounts, but it doesn’t work with ANY domain accounts (not even "administrator"). When you try to create the mail account, the Mail app just make you believe it's trying to connect, but after a while it silently fails the account creation and revert to the account creation window.

On the mail server side (POP3) logs, there is NO CONNECTION ATTEMPT from the PC. I confirmed this later using a network sniffer (wireshark). The PCs don’t even try to connect (no packets). It just silently fails at account creation (Tried later using outlook 2019 and it just keeps asking for a password, but there is no connection attempt either). No packets at all to port 110 at mail server. Server logs show just the same.

Telnet OTOH connects to port 110 (both local and domain) and I can see the POP3 greeting message and the corresponding log entry.

I haven’t installed anything else. There is no Antivirus installed other than Windows Defender. I have tried both ways (enabled and disabled) and it’s the same.

Does anybody know what’s happening here?

(More information as requested)

1. The PC, the ADS server and the mail server are on the same SWITCH. Server IP (x.y.z.1), mail server IP (x.y.z.2) PC IP (x.y.z.37)
2. It's a Linux mail server (postfix/dovecot)
3. I can ping every PC from each with no problem at all.
4. No, there is no problem with SMTP. In fact there are many people using it already (more bellow)

Let me tell the whole story: I have an old Win2012 R2 AD domain (installed years before I started working here). But the server is in need of a reinstall for too many reasons:

• It has the wrong fqdn (I know I can rename the AD domain but...)
• Is not updated AT ALL (I can try to update it but...)
• Some programs don't run after install (of the top of my head: Raxco PerfectDisk Server Edition. But it is not the only one). Some others don't even install.
• Some services (DNS for instance) sometimes don't start correctly or fails after some time so from time to time I have to restart the service and sometimes the whole AD server.
• I have to change user's passwords from the server because if I try to change it from the user's PCs it won't work

... and so on

The funny this is, on the PCs in that old domain, email works irrespective of user kind (local or domain). If I add this PC to the old domain, then it works there too.

But I can't keep this old domain, so "I’m migrating to a new Win2012 R2 Datacenter Active Directory Domain..."

This one I took care to do things carefully, so all is working as it should be. I updated it manually -it's offline- to the fullest (this is maybe an important difference -some policy changed? some behavior? -)

Then this problem...

I should note that all users on PCs joined to the old domain are using this same SMTP/POP3 server, so there is no problem with it. It evens works on this same PC. If I use the user created during installation of the Win10 20H2 it works. If I use the BUILTIN\administrator (I enabled it just for this test) it works. I even created a LOCAL "test" user (non-admin) and it works too.

The problem is with the (new domain) accounts. I even added them to the PC's local admin group (for the purpose of this problem) and no change, it doesn't work.

So, I'm lost here. It all points to something in the new ADS server -some policy or something- but the other disconcerting thing is I HAVEN'T CHANGED ANY group policy. The new AD server is installed with the bare services needed (DNS, DHCP and ADS) and no other changes, no new group policy, no changed (from default) group policy.

Besides, WHAT CAN I DO IN one AD server that makes the mail client not to send packets to the server? If the client tries to connect then I have something to work with.

This all happens on account creation, in both office 2019 (16.0.13029.20460) and the mail app included in windows 10 (19042.746). In both cases account creation fails because it don't even attempts to connect.

Really, I'm lost here!!!

Answer 1

Hi,

Thank you for the detailed information you provided and the tests you did.

Please provide me with more details to narrow down the issue

1. Where is the mail server located? Is it a member in the domain?
2. Is the network connection between the Win 10 and the mail server OK? You can try ping mail server's/Win 10's IP address in cmd prompt.
3. POP3 is an incoming protocol while SMTP takes responsibility for outcoming. Maybe you can try to filter whether there are packets from SMTP ports. Here is a link about SMTP/POP3 ports. Please check whether there are activities on ports besides port 110.

If the network connection between the Win 10 and the mail server is OK but Win 10 still fails to connect to mail server, perhaps you can set outcoming and incoming rules on firewall for SMTP and POP3 ports.

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hi,

We have the same problem on our new Windows 10 up to date computers.

No solution for the moment.

best regards,
Martin

Answer 3

Hi

FYI

I opened a new thread domain-user-cannont-add-pop3-account-to-outlook-lo.htmlfor my problem and I found the solution on this post:

https://itmhelpdesk.rmagroup.net/knowledgebase.php?article=306

Best regards,
Martin