I’m migrating to a new Win2012 R2 Datacenter Active Directory Domain (I have to support some legacy WXP PCs) and I have a mail (SMTP/POP3) server.
I installed a new PC with a bare Windows 10 20H2 Enterprise and joined the domain. And something funny happens: The Mail App only works with local PC user accounts, but it doesn’t work with ANY domain accounts (not even "administrator"). When you try to create the mail account, the Mail app just make you believe it's trying to connect, but after a while it silently fails the account creation and revert to the account creation window.
On the mail server side (POP3) logs, there is NO CONNECTION ATTEMPT from the PC. I confirmed this later using a network sniffer (wireshark). The PCs don’t even try to connect (no packets). It just silently fails at account creation (Tried later using outlook 2019 and it just keeps asking for a password, but there is no connection attempt either). No packets at all to port 110 at mail server. Server logs show just the same.
Telnet OTOH connects to port 110 (both local and domain) and I can see the POP3 greeting message and the corresponding log entry.
I haven’t installed anything else. There is no Antivirus installed other than Windows Defender. I have tried both ways (enabled and disabled) and it’s the same.
Does anybody know what’s happening here?
(More information as requested)
- The PC, the ADS server and the mail server are on the same SWITCH. Server IP (x.y.z.1), mail server IP (x.y.z.2) PC IP (x.y.z.37)
- It's a Linux mail server (postfix/dovecot)
- I can ping every PC from each with no problem at all.
- No, there is no problem with SMTP. In fact there are many people using it already (more bellow)
Let me tell the whole story: I have an old Win2012 R2 AD domain (installed years before I started working here). But the server is in need of a reinstall for too many reasons:
- It has the wrong fqdn (I know I can rename the AD domain but...)
- Is not updated AT ALL (I can try to update it but...)
- Some programs don't run after install (of the top of my head: Raxco PerfectDisk Server Edition. But it is not the only one). Some others don't even install.
- Some services (DNS for instance) sometimes don't start correctly or fails after some time so from time to time I have to restart the service and sometimes the whole AD server.
- I have to change user's passwords from the server because if I try to change it from the user's PCs it won't work
... and so on
The funny this is, on the PCs in that old domain, email works irrespective of user kind (local or domain). If I add this PC to the old domain, then it works there too.
But I can't keep this old domain, so "I’m migrating to a new Win2012 R2 Datacenter Active Directory Domain..."
This one I took care to do things carefully, so all is working as it should be. I updated it manually -it's offline- to the fullest (this is maybe an important difference -some policy changed? some behavior? -)
Then this problem...
I should note that all users on PCs joined to the old domain are using this same SMTP/POP3 server, so there is no problem with it. It evens works on this same PC. If I use the user created during installation of the Win10 20H2 it works. If I use the BUILTIN\administrator (I enabled it just for this test) it works. I even created a LOCAL "test" user (non-admin) and it works too.
The problem is with the (new domain) accounts. I even added them to the PC's local admin group (for the purpose of this problem) and no change, it doesn't work.
So, I'm lost here. It all points to something in the new ADS server -some policy or something- but the other disconcerting thing is I HAVEN'T CHANGED ANY group policy. The new AD server is installed with the bare services needed (DNS, DHCP and ADS) and no other changes, no new group policy, no changed (from default) group policy.
Besides, WHAT CAN I DO IN one AD server that makes the mail client not to send packets to the server? If the client tries to connect then I have something to work with.
This all happens on account creation, in both office 2019 (16.0.13029.20460) and the mail app included in windows 10 (19042.746). In both cases account creation fails because it don't even attempts to connect.
Really, I'm lost here!!!