locked
i want to transfer my old cas to another CAS array - after swaping tha nat i got an error and mails are not going to outside RRS feed

  • Question

  • i insatlled 2 new hub/cas servers with cas array, i added all exchagne DBs to new CAS array

    the old HUB/CAS server is also a 2010

    so i wanted to remove the old server and use my new 2 arrayed servers

    so i removed the NAT from the old server to my public mail ip and i replaced it with a nat to my cas array ip

    mails are coming in but sending mails to outside is not wroking

    i get this error

    primary target ip address responded with:"451 5.7.3 cannot achieve exchange server authintication"

    i also have edge 2010 - new and is was working fine before this move

    so is it and edge configration problem

    the queue is in the hub/cas server

    Tuesday, August 14, 2012 12:40 PM

Answers

  • ok i got it solved

    looks like i had a problem with the edge & FF server installation

    what i did is i reinstalled a new 2010 edge and forefront for exchange on a new machine

    did the subscription and things started working perfectly

    • Marked as answer by MAHER0 Saturday, August 25, 2012 9:19 AM
    Saturday, August 25, 2012 9:19 AM

All replies

  • Check your receive connector on edge and see if you put any ip restrictions allowing only your old exchange server ip and update it.

    Step 4: Create a Receive connector configured to only accept messages from the Exchange organization

    You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Receive connectors - Edge Transport" entry in the Transport Permissions topic.

    This Receive connector requires the following configuration:

    • Name   From Internal Org
    • Usage type   Internal
    • Local network bindings   Internal network-facing network adapter
    • Remote network settings   IP address of one or more Hub Transport servers in the Exchange organization
    • Authentication method   Basic authentication over TLS

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Tuesday, August 14, 2012 3:09 PM
  • thanks

    i will check that once i am back to office <o:p></o:p>

    i did some more troubleshooting - <o:p></o:p>

    old setup :<o:p></o:p>

    CAS/HUB
    single server and Edge 2007 on DMZ - booth have 2 NICs one for local and another for dmz<o:p></o:p>

    new setup :<o:p></o:p>

    EDGE 2010
    on DMZ - done and working fine i removed the IPs from the old and assigned it here <o:p></o:p>

    now here is the puzzle :<o:p></o:p>

    new CAS and HUB severs running as CAS array (2 servers) my network team nated the mail
    public ip on the cas VIP and i think this is not enough because will this CAS
    VIP have access to the DMZ so it can send and receive normally - please let me know if i have a point here

    keeping in mind that I had a problem in sending internet mail only

    now what i have done is i shut down the old cas and one of my new cas and removed the cas
    array NLB configuration - and i used the same ip configuration form the old cas
    on one of my new cas and things started working - i was about to get killed today :)

    now i need to try the right setup again only when i am 100% sure about what i am doing



    • Edited by MAHER0 Tuesday, August 14, 2012 7:31 PM
    Tuesday, August 14, 2012 4:07 PM
  • This problem occurs because the Exchange server cannot authenticate with the remote Exchange server. Authentication is required for Exchange servers to route internal e-mail messages between them. Please refer to the KB979175. Hope helps.


    Noya Lau

    TechNet Community Support

    Thursday, August 16, 2012 8:14 AM
  • ok i got it solved

    looks like i had a problem with the edge & FF server installation

    what i did is i reinstalled a new 2010 edge and forefront for exchange on a new machine

    did the subscription and things started working perfectly

    • Marked as answer by MAHER0 Saturday, August 25, 2012 9:19 AM
    Saturday, August 25, 2012 9:19 AM