locked
One exchange 2007 server unable to send mail to one exchange 2010 server RRS feed

  • Question

  • I've got a mixed Exchange environment with a mix of Exchange 2007 and Exchange 2010.  Several servers of each version in a single AD domain with multiple AD sites in different geographical locations.  This morning we started to have a very strange issue with one of our mail queues.  Here is the scenario:

    Site ZRH:
    Exchange 2007 server: ALT06

    Site DRN:
    Exchange 2010 server: DRN01

    Mail flow issue description:

    Server ALT06 is unable to process the mail queue for message destined for site DRN to server DRN01.  Mail queues for the DRN site on server ALT06.  The error is 4.5.1 4.4.0 and a huge string of gobbledy gook that is not coherent at all.  Telnet SMTP tests on port 25 work perfectly fine both ways.  Mail from MAPI users and public folder replication get stuck in the queue.  Only in this one direction ALT06 to DRN01.  

    I am able to send mail from DRN01 to ALT06 without a problem, although I'm not entirely sure these messages are being processed through ALT06, as there is another Exchange 2007 server in that site and its possible its failing over to that one to process the messages from DRN01.  No other server in any of our sites has a problem sending mail to DRN01.  

    We've got the latest service pack and update rollups installed for Exchange 2007, server OS is Windows Server 2008 R2 also up to date.  I ran the best practices wizard and its now showing any problems on either server.  I ran the mail flow troubleshooter and it complains about ping fragmentation and BDAT command problems.  However I've tried to disable this feature on both servers and that doesn't seem to be the issue.  

    I enabled kerberos logging and see some errors but nothing indicating a specific issue with these two servers.  

    I don't know what else to try and plan to open a support case with Microsoft tomorrow morning if all else fails.  I've done everything I can think of to try and resolve the issue.  Its strange how it had been working fine for years and now suddenly its a problem.  I checked certificates and SPN entries, all that seems fine.  

    Anyone have any ideas of something else I can try? 


    Joe


    Wednesday, April 9, 2014 12:15 AM

Answers

  • Microsoft support services resolved the issue by recommending I install two hotfixes.  One on my Exchange servers and one on the domain controllers.  These hotfixes update kerberos on the servers and resolve the authentication issues I was having.  

    Hotfix for Exchange: from KB 2615570

    Hotfix for Domain Controllers: from KB 2845626


    Joe

    • Marked as answer by thisbejoe777 Thursday, April 10, 2014 2:29 PM
    Thursday, April 10, 2014 2:29 PM