locked
Receive connector and Exchange server authentication RRS feed

  • Question

  • Hi

    I am on the process of migrating from my old Exchange Server 2010 to a new Exchange Server 2016 in a coexisting environment. I have installed the new Exchange Server 2016 server and test migrated a mailbox from 2010 server to 2016 server.

    I can send mail from 2010 to 2016 mailboxes but not the other way around. I have checked my Receive connector om my 2010 server and found that it must be that I have not enabled Exchange server authentication on this connector. When I try to enabled it I get the error: "You must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server <servername>, the NetBios name of the transport server <servername> or $null.

    As far as I can see I already have that value set. I really don't want to mess with my current mail flow. Would it be a valid approach to go and create an extra Receive connector on my 2010 server and enable Exchange server authentication or is there a better way to troubleshot this issue?

    The error code the Client on 2016 get is: 451 5.7.3 Cannot achieve Exchange server authentication.


    Thomas | MCP | http://www.techwork.dk


    Friday, February 10, 2017 11:07 AM

Answers

  • Hi

    Sorry that I been a bit slow with feedback about this issue. I am happy to inform you that I have resolved my issue. Insted of trying to fix the issue with my existing Connectors not accepting that I select "Exchange Server authentication", I created a new one as an Internal Connector, only accepting connections from my Exch2016 server IP address and with the "Exchange Server Authentication" enabled.

    Now mail flows in both direction between my servers. Thank you all for your input.


    Thomas | MCP | http://www.techwork.dk


    Wednesday, February 15, 2017 10:10 AM

All replies

  • Is this all on the same host, or are you seeing this message between your Edge Transport server and your Hub?
    Friday, February 10, 2017 11:19 PM
  • Hello Thomas,

    Base on your description, I know that the mail flow from Exchange 2010 to 2016 works, however failed with error "451 5.7.3 Cannot achieve Exchange server authentication" if send message from Exchange 2016 to 2010.

    This issue may be caused by incorrect settings in receive connector, and I suppose that there're some special receive connectors on Exchange 2010.
    If so, please remove Exchange 2016's IP from the remote IP ranger of those connectors (don’t forget to restart Microsoft Exchange Transport Service to take effect).

    Please run below command to list:
    Get-ReceiveConnector | fl Identity,RemoteIPRanges,PermissionGroups,Auth*

    Here's the default receive connector in an co-existence Exchange 2010 and Exchange 2016 environment:

    Note: Exch 2010 is Exchange 2010, DC2 is Exchange 2016 in my lab.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Allen_WangJF Wednesday, February 15, 2017 3:10 PM
    Monday, February 13, 2017 7:43 AM
  • Is this all on the same host, or are you seeing this message between your Edge Transport server and your Hub?

    Hi

    My Exchange Server 2010 is a single server setup and so are my Exch2016.


    Thomas | MCP | http://www.techwork.dk

    Monday, February 13, 2017 9:51 AM
  • your 2010 default receive connector looks good and is normal setup to receive from other exchange.

    Assume they both have valid certificate assigned to SMTP?

    Monday, February 13, 2017 9:57 AM
  • Hello Thomas,

    Any update with my suggestion?

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 14, 2017 5:57 AM
  • Hi

    Sorry that I been a bit slow with feedback about this issue. I am happy to inform you that I have resolved my issue. Insted of trying to fix the issue with my existing Connectors not accepting that I select "Exchange Server authentication", I created a new one as an Internal Connector, only accepting connections from my Exch2016 server IP address and with the "Exchange Server Authentication" enabled.

    Now mail flows in both direction between my servers. Thank you all for your input.


    Thomas | MCP | http://www.techwork.dk


    Wednesday, February 15, 2017 10:10 AM
  • Well done, thanks for your sharing and cooperation.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, February 15, 2017 3:10 PM