locked
Emails originating from Exchange 2010 Server will not send to mailboxes on Exchange 2007 Server RRS feed

  • Question

  • I am deploying a new Exchange 2010 server to a network with Exchange 2007. I have much of it set up, but when I send an email from a mailbox on the 2010 server, it never goes through. Emails from mailboxes on 2007 will go through to the mailbox on 2010.  It is stuck in the outbound queue with the following message:

    451 4.4.0 Primary target IP address responded with: "421 4.4.2 Connection dropped due to SocketError." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

    I have tried disabling all visible send and receive connectors, and everything under the sun to troubleshoot this, but nothing is working. I have no reason to believe that there is an issue with the network cards or network infrastructure since all other communication is working fine. Below are the protocol logs from both servers for this transaction. Any help would be appreciated so I don't have to burn one of my calls to MS.

    2010 Server Sending Log:

    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,0,,X.X.X.251:25,*,,attempting to connect
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,1,X.X.X.250:59113,X.X.X.251:25,+,,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,2,X.X.X.250:59113,X.X.X.251:25,<,"220 2007server.contoso.com Microsoft ESMTP MAIL Service ready at Mon, 9 Jul 2012 08:27:55 -0400",
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,3,X.X.X.250:59113,X.X.X.251:25,>,EHLO 2010server.contoso.com,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,4,X.X.X.250:59113,X.X.X.251:25,<,250-2007server.contoso.com Hello [X.X.X.250],
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,5,X.X.X.250:59113,X.X.X.251:25,<,250-SIZE,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,6,X.X.X.250:59113,X.X.X.251:25,<,250-PIPELINING,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,7,X.X.X.250:59113,X.X.X.251:25,<,250-DSN,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,8,X.X.X.250:59113,X.X.X.251:25,<,250-ENHANCEDSTATUSCODES,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,9,X.X.X.250:59113,X.X.X.251:25,<,250-STARTTLS,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,10,X.X.X.250:59113,X.X.X.251:25,<,250-X-ANONYMOUSTLS,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,11,X.X.X.250:59113,X.X.X.251:25,<,250-AUTH NTLM,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,12,X.X.X.250:59113,X.X.X.251:25,<,250-X-EXPS GSSAPI NTLM,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,13,X.X.X.250:59113,X.X.X.251:25,<,250-8BITMIME,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,14,X.X.X.250:59113,X.X.X.251:25,<,250-BINARYMIME,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,15,X.X.X.250:59113,X.X.X.251:25,<,250-CHUNKING,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,16,X.X.X.250:59113,X.X.X.251:25,<,250-XEXCH50,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,17,X.X.X.250:59113,X.X.X.251:25,<,250 XRDST,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,18,X.X.X.250:59113,X.X.X.251:25,>,X-ANONYMOUSTLS,
    2012-07-09T12:28:36.669Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,19,X.X.X.250:59113,X.X.X.251:25,<,220 2.0.0 SMTP server ready,
    2012-07-09T12:28:36.684Z,Intra-Organization SMTP Send Connector,08CF2B240D5C9444,20,X.X.X.250:59113,X.X.X.251:25,-,,Remote

    Protocol Log from Receiving 2007 Server:

    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,0,X.X.X.251:25,X.X.X.250:59121,+,,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,1,X.X.X.251:25,X.X.X.250:59121,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,2,X.X.X.251:25,X.X.X.250:59121,>,"220 2007server.contoso.com Microsoft ESMTP MAIL Service ready at Mon, 9 Jul 2012 08:28:54 -0400",
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,3,X.X.X.251:25,X.X.X.250:59121,<,EHLO OSAMAIL01.onesa.com,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,4,X.X.X.251:25,X.X.X.250:59121,>,250-2007server.contoso.com Hello [X.X.X.250],
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,5,X.X.X.251:25,X.X.X.250:59121,>,250-SIZE,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,6,X.X.X.251:25,X.X.X.250:59121,>,250-PIPELINING,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,7,X.X.X.251:25,X.X.X.250:59121,>,250-DSN,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,8,X.X.X.251:25,X.X.X.250:59121,>,250-ENHANCEDSTATUSCODES,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,9,X.X.X.251:25,X.X.X.250:59121,>,250-STARTTLS,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,10,X.X.X.251:25,X.X.X.250:59121,>,250-X-ANONYMOUSTLS,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,11,X.X.X.251:25,X.X.X.250:59121,>,250-AUTH NTLM,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,12,X.X.X.251:25,X.X.X.250:59121,>,250-X-EXPS GSSAPI NTLM,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,13,X.X.X.251:25,X.X.X.250:59121,>,250-8BITMIME,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,14,X.X.X.251:25,X.X.X.250:59121,>,250-BINARYMIME,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,15,X.X.X.251:25,X.X.X.250:59121,>,250-CHUNKING,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,16,X.X.X.251:25,X.X.X.250:59121,>,250-XEXCH50,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,17,X.X.X.251:25,X.X.X.250:59121,>,250 XRDST,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,18,X.X.X.251:25,X.X.X.250:59121,<,X-ANONYMOUSTLS,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,19,X.X.X.251:25,X.X.X.250:59121,>,220 2.0.0 SMTP server ready,
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,20,X.X.X.251:25,X.X.X.250:59121,*,,Sending certificate
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,21,X.X.X.251:25,X.X.X.250:59121,*,CN=2007server,Certificate subject
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,22,X.X.X.251:25,X.X.X.250:59121,*,CN=2007server,Certificate issuer name
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,23,X.X.X.251:25,X.X.X.250:59121,*,A03CC34456C373954F692B156DF24108,Certificate serial number
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,24,X.X.X.251:25,X.X.X.250:59121,*,3636AE2F47FB03C1B71C6557CE46057E3DD3EC58,Certificate thumbprint
    2012-07-09T12:28:56.051Z,2007server\Default 2007server,08CF29CCB474A515,25,X.X.X.251:25,X.X.X.250:59121,*,2007server,Certificate alternate names
    2012-07-09T12:28:56.082Z,2007server\Default 2007server,08CF29CCB474A515,26,X.X.X.251:25,X.X.X.250:59121,-,,Local

    Monday, July 9, 2012 12:41 PM

All replies

  • Hi there,

     

    Could you ensure that you have connectivity between both servers (nothing is blocked (e.g. Firewall)).

    Secondly, could you provide details on your receive connectors in Exchange 2007?

     

    Thanks!

    Michael


    Michael Van Horenbeeck
    Check out my blog or find me on twitter

    Monday, July 9, 2012 1:31 PM
  • Hi Michael,

    There are no firewalls in between them. I can give you these details, but I have disabled all but the default as part of my troublshooting so I don't think that it's part of the problem.

    Default Connector:

    -Receives from all IP addresses on port 25
    -Supports TLS (But not Mutual TLS)
    -Supports Basic Auth after starting TLS
    -Accepts Exchange Server Authentication
    -Accepts Integrated Windows authentication
    -The following permission groups are allowed to use it: Anonymous(plan to disable this after migration, Exchange users, Exchange Servers, and Legacy Exchange Servers.

    Client Connector:

    -Accepts from all IP addresses on port 587
    -AcceptsTLS, Basic after TLS, and Integrated Windows Authentication
    -Exchange Users have permission to use it.

    Postini Connector:

    -Receives on port 25 only from emails originating from Postini
    -Externally Secured Authentication
    -Anonymous, Exchange Users, and Exchange servers are allowed to use it

    Monday, July 9, 2012 1:42 PM
  • Check your certificates on both servers. it looks like the 2007 side is sending it's cert to establish a TLS connection but I did not see that in the 2010 side of things. Also you may want to validate that the Exchange servers are all in the Exchange servers group in AD.

    Mitch Roberson MCM Exchange 2010|MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003

    Monday, July 9, 2012 1:43 PM
  • Thanks Mitch,

    I have recreated the server certificate multiple times in my troubleshooting and have even reinstalled the Hub Transport role. I have now confirmed that both servers are in the Exchange Servers group.

    Monday, July 9, 2012 1:47 PM
  • Are the certificates both from the Same Certificate authority? or is this the default Exchange certificate? And just want to be sure are both Exchange servers part of the same Active directory forest, as well as the same Exchange ORG? I am assuming yes but want to be sure. Also are the Exchange 2007 Hub transports in the Same AD site as the 2010 Hub transports?

    Mitch Roberson MCM Exchange 2010|MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003

    Monday, July 9, 2012 1:53 PM
  • The SocketError almost always points out to be a network-related issue...

     

    Are you using NIC teaming? Is there a router between the servers?

    I've seen (rare) occasions where increasing the MTU size on the server solved the issue. Is the windows firewall running? Is there perhaps a 3rd-party tool on the server that might reject connections?

     

    What about using telnet? Does that work?


    Michael Van Horenbeeck
    Check out my blog or find me on twitter

    Monday, July 9, 2012 1:54 PM
  • This is the default exchange certificate. They are both in the same forest, same domain, same org, and same site.
    Monday, July 9, 2012 1:55 PM
  • I was using NIC teaming, I disabled it as part of troubleshooting. Doing so made no improvement. There is no router between the switches, they are on the same subnet. Windows firewall is not running. The 2010 server is a fresh install. SEP is running, currently disabled, on the 2007 server. Telnet works, as does moving mailboxes back and forth.
    Monday, July 9, 2012 1:59 PM
  • Did you disable the firewall service on the Exchange 2010 server? of so you need to turn it back on.  and then turn off the firewall through the firewall management console.

    Mitch Roberson MCM Exchange 2010|MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003

    Monday, July 9, 2012 2:02 PM
  • Hmmm,

     

    A long shot: could you try to increase the MTU size an see if that proves helpful?

     

    This is the key you need:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\
    Interfaces\[Adapter ID]
    Data Type: DWORD

    Michael Van Horenbeeck
    Check out my blog or find me on twitter

    Monday, July 9, 2012 2:03 PM
  • Also have you turned up Event logging to expert on the transport?

    Mitch Roberson MCM Exchange 2010|MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003

    Monday, July 9, 2012 2:03 PM
  • I disabled Windows Firewall using the control panel applet. I did turn up the logging, but didn't notice anything. Michael, are you suggesting that I turn up the MTU on the 2010 server, the 2007 server, or both?
    Monday, July 9, 2012 2:54 PM
  • Hello,

    The issue may occur when the “Exchange Servers” group option under “Permission Groups” is not checked in the affected receive connector. Please double confirm with this point.

    Thanks,

    Simon

    Tuesday, July 10, 2012 5:31 AM
  • I confirmed it again, it is checked.
    Tuesday, July 10, 2012 12:18 PM