none
Exchange 2013 to Exchange 2007 migration unable to send mail to Exchange 2007

    Question

  • I have a Windows Server 2012 Server with Exchange 2013 CU2, Revision 2.

    I can send mail from Exchange 2013 to users on Exchange 2013, I can send mail from Exchange 2013 to people on the Internet.

    I can send mail from Exchange 2007 to users on Exchange 2007, I can send mail from Exchange 2007 to users on Exchange 2013, I can send mail from Exchange 2007 to the Internet.

    I cannot send mail from Exchange 2013 users to Exchange 2007 users.  The message is stuck in SMTP Relay to Mailbox Delivery Group, and it receives a 421 4.4.2 Connection dropped due to socket error.

    I have verified that there are MX records for each server in the domain.  The two servers are next to one another and connected to the same Gigabit switch.

    Looking at the receive connector logs it gets to passing the allowed forms of Authentication, the Exchange 2013 server sends back X-ANONYMOUSTLS - the Exchange 2007 server passes the certificate, last line shows - LOCAL and that is all. I can see 3 attempts in the log during each retry to send the mail from Exchange 2013.

    I have tried to enable Verbose logging on the Exchange 2013 Send connector, and have not been able to see a log created for this delivery from Exchange 2013 to Exchange 2007.

    Exchange 2013, has been upgraded to CU1, CU2, and CU2 Revision 2. Exchange 2007 has the latest SP and updates.

    I created a self signed certificate and assigned that to SMTP on Exchange 2013 in case it did not like one of the names of that server being missing from the Certificate created during install.  That did not help.


    • Edited by SpiceM Friday, August 02, 2013 6:26 PM
    Friday, August 02, 2013 6:25 PM

Answers

  • For the error "421 4.4.2 Connection dropped due to socket error", try this on your Exchange 2007 server:

    Goto the following Registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

    Create a new DWORD Value SendTrustedIssuerList and set the value to "0".

    Once done, restart the transport service on Exchnage 2007 server.

    More info: http://support.microsoft.com/kb/2464556

    -PSS

    • Marked as answer by SpiceM Saturday, October 05, 2013 7:17 PM
    Friday, September 06, 2013 11:02 PM

All replies

  • Verify the servers are in the allowed senders area on the send connectors.

    Dame Luthas | thelifestrategist.wordpress.com

    Success is Something you Attract by the Person you Become

    If this post is useful, please hit the green arrow on the left & if this is the answer hit "mark as answer"


    Friday, August 02, 2013 9:24 PM
  • Does the receive connector on the Exchange 2007 has the correct permissions? Does it have Exchange servers checked?

    Rajith Enchiparambil | http://www.howexchangeworks.com |

    HowExchangeWorks.Com

    Friday, August 02, 2013 9:34 PM
  • The Exchange 2013 Send Connector has only the Exchange 2013 Server in it, and the Exchange 2007 send connector only has the Exchange 2007 server configured to use that send connector.

    The Exchange connector that is receiving the connection from the Exchange 2013 server is set to authenticate with Transport Layer Security checked, Basic Authentication checked, Offer Basic authentication only after starting TLS, Exchange Server authentication

    Permission Groups checked are Anonymous, Exchange users, Exchange servers, and Legacy Exchange Servers.

    The logging on the Exchange 2007 receive connector I know is using this connector, and I used a packet trace tool on the Exchange 2013 server, both show the HELO, the Offer of Services, the X-ANONYMOUSTLS choice, the certificate provided by the Exchange 2007 server, and the last line in the communication is -LOCAL and then it stops there.

    Friday, August 02, 2013 11:04 PM
  • Copy of receive log on Exchange 2007

    0,192.168.1.10:25,192.168.1.5:35607,+,,
    1,192.168.1.10:25,192.168.1.5:35607,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
    2,192.168.1.10:25,192.168.1.5:35607,>,"220 host1.site.local Microsoft ESMTP MAIL Service ready at Mon, 12 Aug 2013 21:09:01 -0500",
    3,192.168.1.10:25,192.168.1.5:35607,<,EHLO host2.site.local,
    4,192.168.1.10:25,192.168.1.5:35607,>,250-host1.site.local Hello [192.168.1.5],
    5,192.168.1.10:25,192.168.1.5:35607,>,250-SIZE,
    6,192.168.1.10:25,192.168.1.5:35607,>,250-PIPELINING,
    7,192.168.1.10:25,192.168.1.5:35607,>,250-DSN,
    8,192.168.1.10:25,192.168.1.5:35607,>,250-ENHANCEDSTATUSCODES,
    9,192.168.1.10:25,192.168.1.5:35607,>,250-STARTTLS,
    10,192.168.1.10:25,192.168.1.5:35607,>,250-X-ANONYMOUSTLS,
    11,192.168.1.10:25,192.168.1.5:35607,>,250-AUTH,
    12,192.168.1.10:25,192.168.1.5:35607,>,250-X-EXPS GSSAPI NTLM,
    13,192.168.1.10:25,192.168.1.5:35607,>,250-8BITMIME,
    14,192.168.1.10:25,192.168.1.5:35607,>,250-BINARYMIME,
    15,192.168.1.10:25,192.168.1.5:35607,>,250-CHUNKING,
    16,192.168.1.10:25,192.168.1.5:35607,>,250-XEXCH50,
    17,192.168.1.10:25,192.168.1.5:35607,>,250 XRDST,
    18,192.168.1.10:25,192.168.1.5:35607,<,X-ANONYMOUSTLS,
    19,192.168.1.10:25,192.168.1.5:35607,>,220 2.0.0 SMTP server ready,
    20,192.168.1.10:25,192.168.1.5:35607,*,,Sending certificate
    21,192.168.1.10:25,192.168.1.5:35607,*,"CN=host1.site.local, OU=Domain Control Validated, O=host1.site.local",Certificate subject
    22,192.168.1.10:25,192.168.1.5:35607,*,"SERIALNUMBER=0111111, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O=""GoDaddy.com, Inc."", L=Scottsdale, S=Arizona, C=US",Certificate issuer name
    23,192.168.1.10:25,192.168.1.5:35607,*,2222222222222222,Certificate serial number
    24,192.168.1.10:25,192.168.1.5:35607,*,88888888888888888888888888888888888888,Certificate thumbprint
    25,192.168.1.10:25,192.168.1.5:35607,*,mail.site.local;host1.site.local;autodiscover.site.local;,Certificate alternate names
    26,192.168.1.10:25,192.168.1.5:35607,-,,Local

    Tuesday, August 13, 2013 2:27 AM
  • I took a look at the postings from Indunil and Supawat Rungsarityotin on http://social.technet.microsoft.com/Forums/en-US/e7bed849-5cc4-4876-bff4-53a2fd1334f8/cannot-send-mail-from-exchange-2013-to-exchange-2007  - I tried both suggestions.

    The first one from Indunil of creating a new receive connector with no Authentication options checked and Permission Groups, only Anonymous checked provided me with a 451 5.7.3 Cannot Achieve Exchange Server Authentication.  I do not have any receive connectors on Exchange 2013.  I changed the Send Connector on Exchange 2013 from MX lookup to smart host and set to the Exchange 2007 server.

    The second option from Supawat Rungsarityotin  to remove any receive connectors with the address of Exchange 2013 in the range or implicitly and then I am back to the 421 4.4.2 Connection dropped due to socket error. The Send Connector for Exchange 2013 is set for MX lookup again.

    I restarted waited 15 minutes making sure each time the queue on Exchange 2013 was empty during the change and restart.

    If I create a new connector and add Exchange Server authentication and Anonymous as the Permission Group I go back to 421 4.4.2 Connection dropped due to socket error. With Smart Host or MX Send Connector on Exchange 2013.

    Thank you for sharing this Indunil it has me puzzled am I missing something from what you suggested?

    Thursday, August 22, 2013 8:54 PM
  • Check the recive connectors again. Indunil and Supawat Rungsarityotin has a Point and it helped me.


    Michael Wiskman

    Friday, August 23, 2013 8:50 PM
  • I can send mail to other locations on the Internet through this receive connector on Exchange 2007.  But if I send mail from Exchange 2013 to a user on Exchange 2007 I get the following.

    Queue:  site:default-first-site-name;version:8

    451 5.7.3 Cannot achieve Exchange Server authentication. 

    If I enable Exchange Server Authentication then I go back to 421 4.4.2 Connection dropped due to socket error. 

    So any variation of Exchange 2013 send and Exchange 2007 receive connectors I have not been able to send to users on Exchange 2007.  But Exchange 2007 can send to users on Exchange 2013.

    Tuesday, August 27, 2013 3:03 AM
  • For the error "421 4.4.2 Connection dropped due to socket error", try this on your Exchange 2007 server:

    Goto the following Registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

    Create a new DWORD Value SendTrustedIssuerList and set the value to "0".

    Once done, restart the transport service on Exchnage 2007 server.

    More info: http://support.microsoft.com/kb/2464556

    -PSS

    • Marked as answer by SpiceM Saturday, October 05, 2013 7:17 PM
    Friday, September 06, 2013 11:02 PM
  • This change suggested in KB2464556 resolved the issue.  Thank you for the recommendation.
    • Edited by SpiceM Saturday, October 05, 2013 7:22 PM
    Saturday, October 05, 2013 7:17 PM