none
Inbound Email Delayed from Edge Server to Internal CAS-MBX Server; No errors or delay messages

    Question

  • Email from the internet is delayed between 0-10 minutes. I can see the message come in on the Edge server in ProtocolLogs-->SmtpReceive. I can see it depart the Edge server (for the internal server) in ProtocolLogs-->SmtpSend... but sometimes there is a delay between the Recieve and Send logs. And I see no reason why.

    Both servers are Exchange 2013 CU11 on Win2k12R2.  CPU is sitting at like 1% and memory at 1.9GB/6.0GB used.

    Sometimes the mail is instant, others it is delayed a few minutes. Nothing bad.  I never hear of anyone getting an automated "Your mail is delayed" message.  But in this world of everything instant, they're asking for instant email.

    Org is very small, like 10 people.  Internal server is a single multi-role server. No DAG.

    I see no errors in the Event Viewer and I never catch anything in a queue (Get-Queue).

    Tuesday, January 26, 2016 6:28 PM

All replies

  • Try

    Set-ReceiveConnector "ConnectorName" -MaxAcknowledgementDelay 00:00:00 -tarpitinterval 00:00:00
    Tuesday, January 26, 2016 6:39 PM
  • I'm assuming you mean on the Internal server (not the Edge).  Probably on the Receive Connector "Default Frontend SERVERNAME" (The one that answers on Port 25 that receives email from the Edge Server's Send connector named "EdgeSync - Inbound to Default-First-Site-Name"?

    Tuesday, January 26, 2016 7:59 PM
  • Yes, on receive connector that receives mail from Edge and on edge receive connector too.
    Tuesday, January 26, 2016 8:35 PM
  • Hi Bob,

    Thank you for your question.

    Did this issue occur on outbound message?

    Please post email head information to us for troubleshooting. 

    Then check the related trace message logging in the following path:

    C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking 

    Please run the following command on muti-role server and Edge server to make sure all components are active:

    Get-ServerComponentstate –identity <servername>

    For testing, please disable A/V software on Edge to check if the issue persist. 

    Best Regard,

    Jim Xu

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    Wednesday, January 27, 2016 5:29 AM
    Moderator
  • I think I see the (or a) problem.  When I don't receive an email, I noticed the message in the queue from the Edge server to the internal Multi-Role server. The two symptoms were

    • The LastError was:  {LED=441 4.4.1 Error encountered while communicating with primary target IP address: "421 4.4.2 Connection dropped due to ConnectionReset." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was                   192.168.1.18:25};{FQDN=mail2.domain.com};{IP=192.168.1.18}]
    • When attempting to telnet from the Edge server to the internal Multi-Role server on Port 25, the connection is made, but no SMTP banner is displayed and the session responds to no SMTP commands (or any gobbly gook that I type in.)

    A few moments later, the message will clear and I could again Telnet with a proper SMTP banner being replied.

    I don't see anything interesting in the EventViewer on the Internal Mult-Role server, except:

    • MSExchangeTransport:22004:ShadowRedundancy:  Lost heartbeat with Edge server (NOTE: This is not always with a failure. Sometimes the failure occurs without this message)
    • MSExchangeTransportDelivery:16028:Configuration
    • MSExchangeFrontendTransport:16028:Configuration
    • MSExchangeFrontendTransport:16028:Configuration
    • MSExchangeTransportSubmission:16028:Configuration

    The 16028 events seem to be normal and occur all the time, even without the problem.

    • Both servers are on the same subnet with no Firewall between them
    • Both servers have a single NIC
    • Both servers are Hyper-V virtual machines (on separate Hosts);  Hosts are running Windows Server 2012
    • No client-reported issues, even the one that is in non-cached mode


    There is no third party anti-virus software running on either machine.
    • Edited by Bob Peck Wednesday, January 27, 2016 8:20 PM
    Wednesday, January 27, 2016 8:18 PM
  • What is listed for:

    Get-ReceiveConnector -Server <multi-role server> |FL bindings, *authmec*, *permission*, *ip*


    Blog:    Twitter:   


    Wednesday, January 27, 2016 8:29 PM
  • Identity                : MAIL2\Default MAIL2
    Bindings                : {0.0.0.0:2525, [::]:2525}
    AuthMechanism           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
    PermissionGroups        : ExchangeUsers, ExchangeServers, ExchangeLegacyServers
    MaxRecipientsPerMessage : 5000
    PipeliningEnabled       : True
    RemoteIPRanges          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

    Identity                : MAIL2\Client Proxy MAIL2
    Bindings                : {[::]:465, 0.0.0.0:465}
    AuthMechanism           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
    PermissionGroups        : ExchangeUsers, ExchangeServers
    MaxRecipientsPerMessage : 200
    PipeliningEnabled       : True
    RemoteIPRanges          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

    Identity                : MAIL2\Default Frontend MAIL2
    Bindings                : {[::]:25, 0.0.0.0:25}
    AuthMechanism           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
    PermissionGroups        : AnonymousUsers, ExchangeServers, ExchangeLegacyServers
    MaxRecipientsPerMessage : 200
    PipeliningEnabled       : True
    RemoteIPRanges          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

    Identity                : MAIL2\Outbound Proxy Frontend MAIL2
    Bindings                : {[::]:717, 0.0.0.0:717}
    AuthMechanism           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
    PermissionGroups        : ExchangeServers
    MaxRecipientsPerMessage : 200
    PipeliningEnabled       : True
    RemoteIPRanges          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

    Identity                : MAIL2\Client Frontend MAIL2
    Bindings                : {[::]:587, 0.0.0.0:587}
    AuthMechanism           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
    PermissionGroups        : ExchangeUsers
    MaxRecipientsPerMessage : 200
    PipeliningEnabled       : True
    RemoteIPRanges          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

    Identity                : MAIL2\InternetMail
    Bindings                : {0.0.0.0:2526}
    AuthMechanism           : Tls
    PermissionGroups        : AnonymousUsers
    MaxRecipientsPerMessage : 200
    PipeliningEnabled       : True
    RemoteIPRanges          : {0.0.0.0-255.255.255.255}

    Wednesday, January 27, 2016 8:42 PM
  • Identity                : MAIL2\Default MAIL2
    Bindings                : {0.0.0.0:2525, [::]:2525}
    AuthMechanism           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
    PermissionGroups        : ExchangeUsers, ExchangeServers, ExchangeLegacyServers
    MaxRecipientsPerMessage : 5000
    PipeliningEnabled       : True
    RemoteIPRanges          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

    Identity                : MAIL2\Client Proxy MAIL2
    Bindings                : {[::]:465, 0.0.0.0:465}
    AuthMechanism           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
    PermissionGroups        : ExchangeUsers, ExchangeServers
    MaxRecipientsPerMessage : 200
    PipeliningEnabled       : True
    RemoteIPRanges          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

    Identity                : MAIL2\Default Frontend MAIL2
    Bindings                : {[::]:25, 0.0.0.0:25}
    AuthMechanism           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
    PermissionGroups        : AnonymousUsers, ExchangeServers, ExchangeLegacyServers
    MaxRecipientsPerMessage : 200
    PipeliningEnabled       : True
    RemoteIPRanges          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

    Identity                : MAIL2\Outbound Proxy Frontend MAIL2
    Bindings                : {[::]:717, 0.0.0.0:717}
    AuthMechanism           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
    PermissionGroups        : ExchangeServers
    MaxRecipientsPerMessage : 200
    PipeliningEnabled       : True
    RemoteIPRanges          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

    Identity                : MAIL2\Client Frontend MAIL2
    Bindings                : {[::]:587, 0.0.0.0:587}
    AuthMechanism           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
    PermissionGroups        : ExchangeUsers
    MaxRecipientsPerMessage : 200
    PipeliningEnabled       : True
    RemoteIPRanges          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

    Identity                : MAIL2\InternetMail
    Bindings                : {0.0.0.0:2526}
    AuthMechanism           : Tls
    PermissionGroups        : AnonymousUsers
    MaxRecipientsPerMessage : 200
    PipeliningEnabled       : True
    RemoteIPRanges          : {0.0.0.0-255.255.255.255}

    Whats this connector for?

    Identity                : MAIL2\InternetMail
    Bindings                : {0.0.0.0:2526}
    AuthMechanism           : Tls
    PermissionGroups        : AnonymousUsers
    MaxRecipientsPerMessage : 200
    PipeliningEnabled       : True
    RemoteIPRanges          : {0.0.0.0-255.255.255.255}


    Blog:    Twitter:   

    Wednesday, January 27, 2016 9:53 PM
  • Temporary and now unused.  I was replacing the Exchange 2010 Edge server with an Exchange 2013 Edge server.  Since this is something I'm doing on the side, during the day, I didn't want mailflow to be stopped during my procedure.  I left it there in case of an emergency (losing the Edge server's Host server, for example).  So, I:

    • Installed Antispam agents on the CAS-MBX server
    • Created this InternetMail ReceiveConnector
    • Configured the Firewall to send Port25 mail from the outside to Port 2526 on this inside (forcing it to this ReceiveConnector
    • Created a temporary SendConnector to the internet (weight 70)
    • [This allowed mail flow as I replaced the Edge server]
    • Tore down the Exchange 2010 Edge server
    • Built an Exchange 2013 Edge server
    • Requested from an internal Certificate Authority a cert;  Applied it to SMTP;  Exported and Imported the cert into the CAS-MBX server
    • Established the Edge subscription
    • Set the weight to the automatically created Outbound Edge SendConnector to 50 (essentially moving the outbound traffic from the temporary SendConenctor (above) to the Edge server
    • Removed Anti-Spam agents from the CAS-MBX server
    • Created a ReceiveConnector on the Edge server
    • Configured the Firewall to go to the Edge server

    This completed the transition to the Edge server.  But I left the temporary Send and Receive connectors in case of emergency.  But I can tear them down.

    NOTE:  This problem occurred in the Exchange 210 Edge server, too.  And with a different Exchange 2010 and Exchange 2013 CAS-MBX internal servers. 





    • Edited by Bob Peck Thursday, January 28, 2016 11:32 AM
    Thursday, January 28, 2016 11:22 AM