none
URGENT Exchange error 421 4.4.1 with SMTP Receive RRS feed

  • Question

  • Hi,

    About a week ago my customer called me telling me it is taking a few hours to receive some email they were expecting. Taking a quick look on the server nothing seemed out of the ordinary so dismissed that as an issue with the senders ISP. A few days later however I get called up again saying hardly anyone in the organisation are receiving email. Again event logs etc didn't reveal any clues. Nothing has been done on this server for over a month. Contacting the ISP informs me that there have been no drop outs reported but did notice a LOT of deferred mail coming from my customers Exchange server.

    The ISP collects the email that is then passed onto Exchange kind of like a backup in the event of a power failure. Customer is running SBS2008 virtual machine on a VMware Host with another virtual machine running 2008 Server used for Terminal Services. Sending email is fast and trouble free, the POP connector is used for 2 ISP based email addresses and works fine. No settings have been adjusted on the server, network or ISP for several months. I changed the SMTP Receive logging to Verbose and this is what comes up.

    ,>,421 4.4.1 Connection timed out,
    ,-,,Local
    ,>,421 4.4.1 Connection timed out,
    ,-,,Local
    ,+,,
    ,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
    ,>,"220 remote.************.com.au Microsoft ESMTP MAIL Service ready at Wed, 16 Nov 2011 11:11:37 +1100",
    ,+,,
    ,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
    ,>,"220 remote.************.com.au Microsoft ESMTP MAIL Service ready at Wed, 16 Nov 2011 11:11:37 +1100",
    ,>,421 4.4.1 Connection timed out,
    ,-,,Local
    ,>,421 4.4.1 Connection timed out,
    ,-,,Local

    It seems about every 2 hours, give or take an hour, 2 or 3 email comes through. I have looked at DNS, tried restarting the VM, tried shutting down the VM and Hypervisor and restarting the entire server. I have tried restarting routers, network switches and checked cable connections. Internal exchange messages transfer fast, transferring large files to and from the server is fast with no problems. I have tried TELNET to the server and it connects every time but when you go to issue a command, even just pressing ENTER. It gives the response 421 4.4.1 Connection timed out, however after about 20 or 30 connects it connects, pressing ENTER gives the response 500 5.5.1 Unrecognized command, trying again times out. I tried doing the same to my local ISP and it give the 500 5.5.1 response every time. I have even tried disabling firewall and Anti-Virus protection with no success. As a last resort and test I asked the ISP to send all those email via the POP connector and 5 minutes later they all come through to the 1 person with the job of sorting and forwarding.

    One last note that may help, though everything else seems perfectly normal I did notice connecting via LogMeIn Free connects to the server perfectly but when I click on Remote Control I am met with a Connecting Window followed immediately after with a Disconnect 'Connection timed out' window. I have had to connect anywhere from 2 to 20 times for it to eventually connect. I am not sure the 2 are related however both LogMeIn and Exchange seem to have the same problem.

    Thursday, November 17, 2011 10:42 PM

Answers

  • There are a few things that can be changed with networking regarding VMWare however in the end I did discover the problem.

    It turned out that while both VMWare has its own NTP server settings for syncing and Windows has its own. Both were configured which is fine in most cases. The problem was they were out of sync by a large margin and the time was constantly getting changed. This is what was causing the instant connection timed out message. Every few seconds the hypervisor and Windows were changing the time. Visually looking at this I didn't pick it up however there was mention of it in the event viewer.

    It never occurred to me this whole problem with Exchange was a simple time sync issue. Hope this info helps anyone else trying to sort out an similar issues regarding VMWare.

    Tuesday, November 22, 2011 8:52 AM

All replies

  • Hi,

     

    From the problem description, I understand that some people received emails with delay. I suggest that you could review the message header to verify the routing of the mail flow.

     

    We need to verify which point stuck the email so that cause the slow mail receiving. Since it’s for the internet email, at the same time, we could do the test via the website tool (Microsoft Remote Connectivity Analyzer) to verify the mail flow.

     

    Note: Please select the Internet E-mail Tests to verify the issue.

     

    Regards,

    James
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, November 18, 2011 9:12 AM
    Moderator
  • James,

    Looking at the message header there doesn't seem to be anything out of the ordinary. I compared it to an email received from the same person 2 weeks ago when the server was running fine and its almost identical.

    Running the Microsoft Remote Connectivity Analyzer comes back saying everything is correct with no errors what so ever. There is an intermediate server that was setup years ago which all the email get routed to then is forwarded to this company's Exchange server. What is happening speaking to the guy that monitors that server is he is saying my customers Exchange server is differeing nearly all the email back to the intermediate server, every 15 minutes it trys to send it again with ALL messages coming back but at random intervals it will let a few go through and some may have been sent 2 hours ago and some 4 days ago. I have received several MRCA emails as I have ran several tests with everything coming  back as ok. Even the event viewer doesn't prove to be of any help.

    Message path

    Senders PC -> Senders ISP -> Random Internet Servers -> ISP's intermediate Server -> My customers Exchange Server

    How it is really going

    Senders PC -> Senders ISP -> Random Internet Servers -> ISP's intermediate Server -> My customers Exchange Server -> ISP's intermediate Server -> My customers Exchange Server -> ISP's intermediate Server -> My customers Exchange Server , etc.

    It seems to be bouncing back and have also tried disabling Anti-Spam and that didn't seem to make any difference. I think the messages are getting differed because Exchange seems to be instantly timing out once a connection is made which LogMeIn has also started doing. Connects ok, but when going to remote control the server it says connecting, the instantly connection tined out.

    Friday, November 18, 2011 11:40 AM
  • chasing a similar error with a friend 2 causes were suggested:

    1) SMTP filtering at the router/firewall. Particularly, there's a fair bit of discussion about Cisco devices.

    2) Advanced networking pack features.

    What sort of edge device are you using?

    I know little (almost nothing) about any control of advanced networking features under ESX (ie. in regard to the physical NICs) but you will have control over such in the SBS virtual machine. Worth a look, I suggest.

    Friday, November 18, 2011 12:48 PM
  • There are a few things that can be changed with networking regarding VMWare however in the end I did discover the problem.

    It turned out that while both VMWare has its own NTP server settings for syncing and Windows has its own. Both were configured which is fine in most cases. The problem was they were out of sync by a large margin and the time was constantly getting changed. This is what was causing the instant connection timed out message. Every few seconds the hypervisor and Windows were changing the time. Visually looking at this I didn't pick it up however there was mention of it in the event viewer.

    It never occurred to me this whole problem with Exchange was a simple time sync issue. Hope this info helps anyone else trying to sort out an similar issues regarding VMWare.

    Tuesday, November 22, 2011 8:52 AM
  • HUGE upvote.

    exchange 421 4.4.1 errors for us (queue'd in our barracuda), turned out to be ESXi 4.1 NTP was broken and not keeping time. (was off by several hours)

    Changed esxi 4.1 to proper time and ensured exchange server time was good (which it already was) and we recieved all of our emails!!

    Thanks ChrisNB, I'm drinking a beer for you.

    Friday, August 17, 2012 6:46 PM