locked
E2K7 to E2K10 migration - 2007 to 2010 mail flow issues RRS feed

  • Question

  •   I have been looking at this issue for several days and cannot seem to get it resolved.  We recently installed a new E2K10 server and have moved one mailbox and testing public folder replication for testing.  E-mail From E2K7 to E2K10 perfect, however, e-mail and public replication from E2K10 to to E2K7 does not work.  In the Queue Viewer I see

    451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Server authentication"  Atempt......  I also see that same error in the connectivity logs.

      After baning around this groups and several other I still have not had any success and wonder what is it.  I have cehcked the Default Receive Connection on E2K7 and on Authentication Tab I have TLS and not the sub section, basic AUth and its sub section, Exchange Server, and Integrated Windows all checked.  ON the Permission Tab I have anonymous, Exchange users, Exchange servers, and Legacy Exchange Servers all selected.  I have tried several combination on all of these on both servers with no luck. 
      Any other ideas to try?  I am all ears, well eyes in this case.

     

    TIA

    Jim

    Monday, September 19, 2011 6:31 PM

Answers

  •  Have you ever had the classic left hand not talking to the right hand.  Well this was the problem.  We have always been company.com, well out network team added a company.net and didn't tell me.  It also showed an error in DNS which was not properly replicating.  So fixed replication added a proper MX for the new company.net and presto mail flow is now working.  I feel like such a smuck.
      I thank everyone for their assisatance and ideas?

    Jim

    • Marked as answer by Jim Raykowski Wednesday, September 21, 2011 4:06 PM
    Wednesday, September 21, 2011 4:06 PM

All replies

  • Hello Jim

    This could be a problem with the TLS negotiate.  Please check the application log for any transport TLS errors and post if you find any.

    Thanks Tony

    Monday, September 19, 2011 6:52 PM
  •   Good catch.  There was one and I have resolved it.  Restarted trasnport service on both systems and still have the same error.  Anymore ideas?  I am all out.

     

    TIA

    Jim

     

    Monday, September 19, 2011 7:04 PM
  • Please post the output of the following command: get-receiveconnector |fl

    Also, please run the mailflow troubleshooter which is found in the  "toolbox". 

    Please could you supply some further information about the environment.  How many servers, AD sites etc.

    Monday, September 19, 2011 7:53 PM
  • Try solution here same issue as yours 2010 can't send to 2007.

    Ensure that Transport Layer Security (TLS) check box and the Exchange Server authentication check box are only enabled and uncheck all others

    "451 5.7.3 Cannot achieve Exchange Server Authentication"

    http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/033c6218-9e8a-4bde-aa43-04ca59351501


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
    Tuesday, September 20, 2011 2:17 PM
  •   Sorry for the dealy,  we had 33 servers, 3 DC/GC, 2 mail 1 E2K7 and 1 E2K10 with the plan of migrating to E2K10.  I ran the mailflow troubleshooter on E2K10 and here are the results

    -Information Items are all blue
    -Remote delivery queue fails
    -Direct connection to e2k7 works
    -E2K10 DNS Availability pass
    -E2K10 Area DNS REcords pass
    -Remote SMTP status fails - No Hosts record found for server e2k7.  I can ping it by name from e2k10 and it is successful
    -Area Remote SMTP Status to e2k7 Yellow packets needs to be fragmented
    -No SMTP instance configuration found
    -Remote SMTP Status MSExchange Transport on e2k7 is running
    -No relevant message tracking log entires were found
    -Area Remote SMTP Status mail acceptance fails to e2k7
    -Receive Connector Analysis remote server e2k7 has HT role installed
    -No thrid party apps
    -SMTP Queue status - remote deliver queue (e2k10\118) is in retry

    Output of command
    RunspaceId                              : f83c7a6b-cecd-413c-8c6c-a4169f621d33
    AuthMechanism                           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
    Banner                                  : 220 mail.company.net ESMPT Ready
    BinaryMimeEnabled                       : True
    Bindings                                : {192.168.10.54:25, :::25, 0.0.0.0:25}
    ChunkingEnabled                         : True
    DefaultDomain                           :
    DeliveryStatusNotificationEnabled       : True
    EightBitMimeEnabled                     : True
    BareLinefeedRejectionEnabled            : False
    DomainSecureEnabled                     : False
    EnhancedStatusCodesEnabled              : True
    LongAddressesEnabled                    : False
    OrarEnabled                             : False
    SuppressXAnonymousTls                   : False
    AdvertiseClientSettings                 : False
    Fqdn                                    : amse2k7.company.com
    Comment                                 :
    Enabled                                 : True
    ConnectionTimeout                       : 00:10:00
    ConnectionInactivityTimeout             : 00:05:00
    MessageRateLimit                        : unlimited
    MessageRateSource                       : IPAddress
    MaxInboundConnection                    : 5000
    MaxInboundConnectionPerSource           : unlimited
    MaxInboundConnectionPercentagePerSource : 100
    MaxHeaderSize                           : 64 KB (65,536 bytes)
    MaxHopCount                             : 30
    MaxLocalHopCount                        : 8
    MaxLogonFailures                        : 3
    MaxMessageSize                          : 50 MB (52,428,800 bytes)
    MaxProtocolErrors                       : 5
    MaxRecipientsPerMessage                 : 5000
    PermissionGroups                        : AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers
    PipeliningEnabled                       : True
    ProtocolLoggingLevel                    : Verbose
    RemoteIPRanges                          : {0.0.0.0-255.255.255.255, ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff}
    RequireEHLODomain                       : False
    RequireTLS                              : False
    EnableAuthGSSAPI                        : False
    ExtendedProtectionPolicy                : None
    LiveCredentialEnabled                   : False
    TlsDomainCapabilities                   : {}
    Server                                  : AMSE2K7
    SizeEnabled                             : EnabledWithoutValue
    TarpitInterval                          : 00:00:05
    MaxAcknowledgementDelay                 : 00:00:30
    AdminDisplayName                        :
    ExchangeVersion                         : 0.1 (8.0.535.0)
    Name                                    : Default AMSE2K7
    DistinguishedName                       : CN=Default AMSE2K7,CN=SMTP Receive Connectors,CN=Protocols,CN=AMSE2K7,CN=Serv
                                              ers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                              ps,CN=ASSET,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company,DC=com
    Identity                                : AMSE2K7\Default AMSE2K7
    Guid                                    : 77663922-54a1-40c5-bc28-6992d5168273
    ObjectCategory                          : company.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
    ObjectClass                             : {top, msExchSmtpReceiveConnector}
    WhenChanged                             : 9/19/2011 11:17:10 AM
    WhenCreated                             : 8/13/2009 2:16:07 PM
    WhenChangedUTC                          : 9/19/2011 6:17:10 PM
    WhenCreatedUTC                          : 8/13/2009 9:16:07 PM
    OrganizationId                          :
    OriginatingServer                       : AMSDC01.company.com
    IsValid                                 : True

    RunspaceId                              : f83c7a6b-cecd-413c-8c6c-a4169f621d33
    AuthMechanism                           : Tls, Integrated, ExchangeServer
    Banner                                  : 220 mail.company.net ESMTP Ready
    BinaryMimeEnabled                       : True
    Bindings                                : {:::587, 0.0.0.0:587}
    ChunkingEnabled                         : True
    DefaultDomain                           :
    DeliveryStatusNotificationEnabled       : True
    EightBitMimeEnabled                     : True
    BareLinefeedRejectionEnabled            : False
    DomainSecureEnabled                     : False
    EnhancedStatusCodesEnabled              : True
    LongAddressesEnabled                    : False
    OrarEnabled                             : False
    SuppressXAnonymousTls                   : False
    AdvertiseClientSettings                 : False
    Fqdn                                    : amse2k7.company.com
    Comment                                 :
    Enabled                                 : True
    ConnectionTimeout                       : 00:10:00
    ConnectionInactivityTimeout             : 00:05:00
    MessageRateLimit                        : 600
    MessageRateSource                       : IPAddress
    MaxInboundConnection                    : 5000
    MaxInboundConnectionPerSource           : 20
    MaxInboundConnectionPercentagePerSource : 2
    MaxHeaderSize                           : 64 KB (65,536 bytes)
    MaxHopCount                             : 30
    MaxLocalHopCount                        : 8
    MaxLogonFailures                        : 3
    MaxMessageSize                          : 50 MB (52,428,800 bytes)
    MaxProtocolErrors                       : 5
    MaxRecipientsPerMessage                 : 200
    PermissionGroups                        : AnonymousUsers, ExchangeUsers, ExchangeServers
    PipeliningEnabled                       : True
    ProtocolLoggingLevel                    : Verbose
    RemoteIPRanges                          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
    RequireEHLODomain                       : False
    RequireTLS                              : False
    EnableAuthGSSAPI                        : True
    ExtendedProtectionPolicy                : None
    LiveCredentialEnabled                   : False
    TlsDomainCapabilities                   : {}
    Server                                  : AMSE2K7
    SizeEnabled                             : Enabled
    TarpitInterval                          : 00:00:05
    MaxAcknowledgementDelay                 : 00:00:30
    AdminDisplayName                        :
    ExchangeVersion                         : 0.1 (8.0.535.0)
    Name                                    : Client AMSE2K7
    DistinguishedName                       : CN=Client AMSE2K7,CN=SMTP Receive Connectors,CN=Protocols,CN=AMSE2K7,CN=Serve
                                              rs,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Group
                                              s,CN=ASSET,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company,DC=com
    Identity                                : AMSE2K7\Client AMSE2K7
    Guid                                    : ee298680-c843-4a16-a969-7cdea7b63033
    ObjectCategory                          : company.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
    ObjectClass                             : {top, msExchSmtpReceiveConnector}
    WhenChanged                             : 9/19/2011 10:59:29 AM
    WhenCreated                             : 8/13/2009 2:16:07 PM
    WhenChangedUTC                          : 9/19/2011 5:59:29 PM
    WhenCreatedUTC                          : 8/13/2009 9:16:07 PM
    OrganizationId                          :
    OriginatingServer                       : AMSDC01.company.com
    IsValid                                 : True

    RunspaceId                              : f83c7a6b-cecd-413c-8c6c-a4169f621d33
    AuthMechanism                           : ExternalAuthoritative
    Banner                                  :
    BinaryMimeEnabled                       : True
    Bindings                                : {0.0.0.0:25}
    ChunkingEnabled                         : True
    DefaultDomain                           :
    DeliveryStatusNotificationEnabled       : True
    EightBitMimeEnabled                     : True
    BareLinefeedRejectionEnabled            : False
    DomainSecureEnabled                     : False
    EnhancedStatusCodesEnabled              : True
    LongAddressesEnabled                    : False
    OrarEnabled                             : False
    SuppressXAnonymousTls                   : False
    AdvertiseClientSettings                 : False
    Fqdn                                    : amse2k7.company.com
    Comment                                 :
    Enabled                                 : True
    ConnectionTimeout                       : 00:10:00
    ConnectionInactivityTimeout             : 00:05:00
    MessageRateLimit                        : unlimited
    MessageRateSource                       : IPAddress
    MaxInboundConnection                    : 5000
    MaxInboundConnectionPerSource           : 20
    MaxInboundConnectionPercentagePerSource : 2
    MaxHeaderSize                           : 64 KB (65,536 bytes)
    MaxHopCount                             : 30
    MaxLocalHopCount                        : 8
    MaxLogonFailures                        : 3
    MaxMessageSize                          : 50 MB (52,428,800 bytes)
    MaxProtocolErrors                       : 5
    MaxRecipientsPerMessage                 : 200
    PermissionGroups                        : AnonymousUsers, ExchangeServers
    PipeliningEnabled                       : True
    ProtocolLoggingLevel                    : None
    RemoteIPRanges                          : {192.168.10.58}
    RequireEHLODomain                       : False
    RequireTLS                              : False
    EnableAuthGSSAPI                        : False
    ExtendedProtectionPolicy                : None
    LiveCredentialEnabled                   : False
    TlsDomainCapabilities                   : {}
    Server                                  : AMSE2K7
    SizeEnabled                             : Enabled
    TarpitInterval                          : 00:00:05
    MaxAcknowledgementDelay                 : 00:00:30
    AdminDisplayName                        :
    ExchangeVersion                         : 0.1 (8.0.535.0)
    Name                                    : fax.ams
    DistinguishedName                       : CN=fax.ams,CN=SMTP Receive Connectors,CN=Protocols,CN=AMSE2K7,CN=Servers,CN=E
                                              xchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=AS
                                              SET,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company,DC=com
    Identity                                : AMSE2K7\fax.ams
    Guid                                    : 189d5797-93e9-4f8f-9486-e2b0099fda70
    ObjectCategory                          : company.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
    ObjectClass                             : {top, msExchSmtpReceiveConnector}
    WhenChanged                             : 1/5/2011 10:52:45 AM
    WhenCreated                             : 11/19/2009 1:22:45 PM
    WhenChangedUTC                          : 1/5/2011 6:52:45 PM
    WhenCreatedUTC                          : 11/19/2009 9:22:45 PM
    OrganizationId                          :
    OriginatingServer                       : AMSDC01.company.com
    IsValid                                 : True

     

    See the reset in the next post

    Tuesday, September 20, 2011 2:58 PM
  •   Here is the rest

    RunspaceId                              : f83c7a6b-cecd-413c-8c6c-a4169f621d33
    AuthMechanism                           : Tls, ExternalAuthoritative
    Banner                                  :
    BinaryMimeEnabled                       : True
    Bindings                                : {192.168.10.54:25}
    ChunkingEnabled                         : True
    DefaultDomain                           :
    DeliveryStatusNotificationEnabled       : True
    EightBitMimeEnabled                     : True
    BareLinefeedRejectionEnabled            : False
    DomainSecureEnabled                     : False
    EnhancedStatusCodesEnabled              : True
    LongAddressesEnabled                    : False
    OrarEnabled                             : False
    SuppressXAnonymousTls                   : False
    AdvertiseClientSettings                 : False
    Fqdn                                    : amse2k7.company.com
    Comment                                 :
    Enabled                                 : True
    ConnectionTimeout                       : 00:10:00
    ConnectionInactivityTimeout             : 00:05:00
    MessageRateLimit                        : unlimited
    MessageRateSource                       : IPAddress
    MaxInboundConnection                    : 5000
    MaxInboundConnectionPerSource           : 20
    MaxInboundConnectionPercentagePerSource : 2
    MaxHeaderSize                           : 64 KB (65,536 bytes)
    MaxHopCount                             : 30
    MaxLocalHopCount                        : 8
    MaxLogonFailures                        : 3
    MaxMessageSize                          : 50 MB (52,428,800 bytes)
    MaxProtocolErrors                       : 5
    MaxRecipientsPerMessage                 : 200
    PermissionGroups                        : AnonymousUsers, ExchangeServers
    PipeliningEnabled                       : True
    ProtocolLoggingLevel                    : None
    RemoteIPRanges                          : {192.168.10.50, 192.168.10.32, 192.168.10.31, 192.168.10.24, 172.16.2.21, 192
                                              .168.11.235, 192.168.11.234, 192.168.10.98, 192.168.10.16, 192.168.10.20, 192
                                              .168.10.84, 172.16.2.25, 172.16.2.24, 172.16.2.19, 172.16.2.20, 172.16.2.26..
                                              .}
    RequireEHLODomain                       : False
    RequireTLS                              : False
    EnableAuthGSSAPI                        : False
    ExtendedProtectionPolicy                : None
    LiveCredentialEnabled                   : False
    TlsDomainCapabilities                   : {}
    Server                                  : AMSE2K7
    SizeEnabled                             : Enabled
    TarpitInterval                          : 00:00:05
    MaxAcknowledgementDelay                 : 00:00:30
    AdminDisplayName                        :
    ExchangeVersion                         : 0.1 (8.0.535.0)
    Name                                    : Allow Relay
    DistinguishedName                       : CN=Allow Relay,CN=SMTP Receive Connectors,CN=Protocols,CN=AMSE2K7,CN=Servers,
                                              CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,C
                                              N=ASSET,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company,DC=com
    Identity                                : AMSE2K7\Allow Relay
    Guid                                    : 51d3e722-6f46-4204-982a-01147b59500f
    ObjectCategory                          : company.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
    ObjectClass                             : {top, msExchSmtpReceiveConnector}
    WhenChanged                             : 9/19/2011 12:00:49 PM
    WhenCreated                             : 11/20/2009 7:43:21 AM
    WhenChangedUTC                          : 9/19/2011 7:00:49 PM
    WhenCreatedUTC                          : 11/20/2009 3:43:21 PM
    OrganizationId                          :
    OriginatingServer                       : AMSDC01.company.com
    IsValid                                 : True

    RunspaceId                              : f83c7a6b-cecd-413c-8c6c-a4169f621d33
    AuthMechanism                           : Tls, ExchangeServer
    Banner                                  :
    BinaryMimeEnabled                       : True
    Bindings                                : {:::25, 0.0.0.0:25}
    ChunkingEnabled                         : True
    DefaultDomain                           :
    DeliveryStatusNotificationEnabled       : True
    EightBitMimeEnabled                     : True
    BareLinefeedRejectionEnabled            : False
    DomainSecureEnabled                     : False
    EnhancedStatusCodesEnabled              : True
    LongAddressesEnabled                    : False
    OrarEnabled                             : False
    SuppressXAnonymousTls                   : False
    AdvertiseClientSettings                 : False
    Fqdn                                    : E2K10.company.com
    Comment                                 :
    Enabled                                 : True
    ConnectionTimeout                       : 00:10:00
    ConnectionInactivityTimeout             : 00:05:00
    MessageRateLimit                        : unlimited
    MessageRateSource                       : IPAddress
    MaxInboundConnection                    : 5000
    MaxInboundConnectionPerSource           : unlimited
    MaxInboundConnectionPercentagePerSource : 100
    MaxHeaderSize                           : 64 KB (65,536 bytes)
    MaxHopCount                             : 60
    MaxLocalHopCount                        : 12
    MaxLogonFailures                        : 3
    MaxMessageSize                          : 10 MB (10,485,760 bytes)
    MaxProtocolErrors                       : 5
    MaxRecipientsPerMessage                 : 5000
    PermissionGroups                        : ExchangeUsers, ExchangeServers, ExchangeLegacyServers
    PipeliningEnabled                       : True
    ProtocolLoggingLevel                    : None
    RemoteIPRanges                          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
    RequireEHLODomain                       : False
    RequireTLS                              : False
    EnableAuthGSSAPI                        : False
    ExtendedProtectionPolicy                : None
    LiveCredentialEnabled                   : False
    TlsDomainCapabilities                   : {}
    Server                                  : E2K10
    SizeEnabled                             : EnabledWithoutValue
    TarpitInterval                          : 00:00:05
    MaxAcknowledgementDelay                 : 00:00:30
    AdminDisplayName                        :
    ExchangeVersion                         : 0.1 (8.0.535.0)
    Name                                    : Default E2K10
    DistinguishedName                       : CN=Default E2K10,CN=SMTP Receive Connectors,CN=Protocols,CN=E2K10,CN=Servers,
                                              CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,C
                                              N=ASSET,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company,DC=com
    Identity                                : E2K10\Default E2K10
    Guid                                    : ab86704b-fef2-4c95-8332-5dc2f361f4a6
    ObjectCategory                          : company.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
    ObjectClass                             : {top, msExchSmtpReceiveConnector}
    WhenChanged                             : 9/19/2011 10:56:04 AM
    WhenCreated                             : 9/14/2011 9:48:11 AM
    WhenChangedUTC                          : 9/19/2011 5:56:04 PM
    WhenCreatedUTC                          : 9/14/2011 4:48:11 PM
    OrganizationId                          :
    OriginatingServer                       : AMSDC01.company.com
    IsValid                                 : True

    RunspaceId                              : f83c7a6b-cecd-413c-8c6c-a4169f621d33
    AuthMechanism                           : Tls, ExchangeServer
    Banner                                  :
    BinaryMimeEnabled                       : True
    Bindings                                : {:::587, 0.0.0.0:587}
    ChunkingEnabled                         : True
    DefaultDomain                           :
    DeliveryStatusNotificationEnabled       : True
    EightBitMimeEnabled                     : True
    BareLinefeedRejectionEnabled            : False
    DomainSecureEnabled                     : False
    EnhancedStatusCodesEnabled              : True
    LongAddressesEnabled                    : False
    OrarEnabled                             : False
    SuppressXAnonymousTls                   : False
    AdvertiseClientSettings                 : False
    Fqdn                                    : e2k10.company.com
    Comment                                 :
    Enabled                                 : True
    ConnectionTimeout                       : 00:10:00
    ConnectionInactivityTimeout             : 00:05:00
    MessageRateLimit                        : 5
    MessageRateSource                       : User
    MaxInboundConnection                    : 5000
    MaxInboundConnectionPerSource           : 20
    MaxInboundConnectionPercentagePerSource : 2
    MaxHeaderSize                           : 64 KB (65,536 bytes)
    MaxHopCount                             : 60
    MaxLocalHopCount                        : 12
    MaxLogonFailures                        : 3
    MaxMessageSize                          : 10 MB (10,485,760 bytes)
    MaxProtocolErrors                       : 5
    MaxRecipientsPerMessage                 : 200
    PermissionGroups                        : ExchangeUsers, ExchangeServers
    PipeliningEnabled                       : True
    ProtocolLoggingLevel                    : None
    RemoteIPRanges                          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
    RequireEHLODomain                       : False
    RequireTLS                              : False
    EnableAuthGSSAPI                        : True
    ExtendedProtectionPolicy                : None
    LiveCredentialEnabled                   : False
    TlsDomainCapabilities                   : {}
    Server                                  : E2K10
    SizeEnabled                             : Enabled
    TarpitInterval                          : 00:00:05
    MaxAcknowledgementDelay                 : 00:00:30
    AdminDisplayName                        :
    ExchangeVersion                         : 0.1 (8.0.535.0)
    Name                                    : Client E2K10
    DistinguishedName                       : CN=Client E2K10,CN=SMTP Receive Connectors,CN=Protocols,CN=E2K10,CN=Servers,C
                                              N=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN
                                              =ASSET,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company,DC=com
    Identity                                : E2K10\Client E2K10
    Guid                                    : 945034a3-bdd5-44af-94d0-c9596d2affc1
    ObjectCategory                          : company.com/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
    ObjectClass                             : {top, msExchSmtpReceiveConnector}
    WhenChanged                             : 9/19/2011 10:56:33 AM
    WhenCreated                             : 9/14/2011 9:48:11 AM
    WhenChangedUTC                          : 9/19/2011 5:56:33 PM
    WhenCreatedUTC                          : 9/14/2011 4:48:11 PM
    OrganizationId                          :
    OriginatingServer                       : AMSDC01.assetmarketingsystems.com
    IsValid                                 : True

    TIA

    Jim

    Tuesday, September 20, 2011 2:59 PM
  • Try creating a new receive connector as below on your 2007.

    • Network: Receive mail from a specific IP of Exchange 2010 Hub
    • Authentication: TLS, Exchange Server Authentication
    • Permission Groups: Exchange Servers

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
    Tuesday, September 20, 2011 3:16 PM
  • Jamestechman,
      Thanks for the idea's and tried both with no issue.  Using the mail flow analyzer on E2K10 I find one curious error  When it tried the Remote delivery Queue(s) DNS Record Analysis it fails with No "Host" record found for server e2k7.company.com.  If I go the command prompt on e2k10 and try to ping the other server by name everything is fine.  Also when it tried to direct connect and see if Remote SMTP Services are running everyhting checks out fine.

      I added a entry into the hosts fine on e2k10 for e2k7 and then re-ran the mail flow analyzer and it still failed.  So it appeares to be a DNS issue I just cannot figure out where.


    TIA,

    Jim

    Tuesday, September 20, 2011 5:44 PM
  • On your 2010 send connector, network tab are you using "use the external dns lookup..." option? Also have you tried bouncing the transport service?

    Also on the 2010 server run nslookup against each dns server you have configured

    nslookup

    server 10.x.x.x (your first dns server)

    2007servername

    then repeat for second dns server to eliminate possibly one dns is not working correctly. If not and you get query refused bounce the dns server service on the DC and restart transport service.

     


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
    Tuesday, September 20, 2011 6:26 PM
  •   No I am not using use the external dns lookup option at this time, although I did try it.  Each time I make a change to a connector send or receive I restart the transport service.  Ran the nslookup test while logged into esk10 and switch dsn servers and both came back with the corect answer.
      While its seems like a simple problem is has been a good one.  I am still looking for other options.

    TIA,

    Jim

    Tuesday, September 20, 2011 6:41 PM
  • Can you check your default receive connector on 2007 and see if windows integrated is checked in auth tab?


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
    Tuesday, September 20, 2011 7:08 PM
  •   Ok TLS, Basic Authentication, Offer Basic authentication only after starting TLS, Exchange Server Authenication, Integrated Windows authentication are all checked the rest are not.

     

    TIA

    Jim

     

    Tuesday, September 20, 2011 11:59 PM
  • Hi,

    Try doing a Telnet to the server and drop an email to exchange 2007.

    Check certificates on both server for SMTP service. Is it valid?

    Only enable Default receive connector.

    Enable verbose logging on Default Receive connector.

    Also enabled the logging on the server on Intra-Organization-Connector by running the command

    Set-TransportServer <Server_Name> -IntraOrganizationConnectorProtocolLoggingLevel Verbose.

    Force the queues - Checked the log

    Check the protocol log on the 2007 server


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, September 21, 2011 2:41 AM
  •   Ok, tried telnet and it failed from e2k10 to e2k7, both certs are valid used get-exchangecertificate |fl and both data are in 2012, enabeled logging what am I looking for, I have no Intra-Organization-Connector that I can find when I ran the command if failed to find the connector.

    TIA

    Jim

     

    Wednesday, September 21, 2011 3:46 AM
  •   Here is the entry from the connectivity log on e2k10

    2011-09-21T00:19:22.035Z,08CE45DE603CBFC7,MAPI,it,+,Delivery;QueueLength=1;DatabaseHealth=-1;MailboxServer=E2K10.assetmarketingsystems.com
    2011-09-21T00:19:22.035Z,08CE45DE603CBFC7,MAPI,it,>,Starting delivery
    2011-09-21T00:19:22.051Z,08CE45DE603CBFC7,MAPI,it,>,Connecting to server E2K10.assetmarketingsystems.com session type Mailbox
    2011-09-21T00:19:22.082Z,08CE45DE603CBFC7,MAPI,it,-,Messages: 1 Bytes: 2532 Recipients: 1
    2011-09-21T00:22:15.188Z,08CE45DE603CBFC8,SMTP,hub version 8,+,SmtpRelayWithinAdSite 61027a30-e9a9-4c2d-acb5-c1efc96d5d8b;QueueLength=93
    2011-09-21T00:22:15.188Z,08CE45DE603CBFC8,SMTP,hub version 8,>,amse2k7.assetmarketingsystems.com[192.168.10.54]
    2011-09-21T00:22:15.188Z,08CE45DE603CBFC8,SMTP,hub version 8,>,Established connection to 192.168.10.54
    2011-09-21T00:22:15.188Z,08CE45DE603CBFC8,SMTP,hub version 8,-,Messages: 0 Bytes: 0 (Retry : Cannot achieve Exchange Server authentication)

     

    Jim

    Wednesday, September 21, 2011 2:57 PM
  •  Have you ever had the classic left hand not talking to the right hand.  Well this was the problem.  We have always been company.com, well out network team added a company.net and didn't tell me.  It also showed an error in DNS which was not properly replicating.  So fixed replication added a proper MX for the new company.net and presto mail flow is now working.  I feel like such a smuck.
      I thank everyone for their assisatance and ideas?

    Jim

    • Marked as answer by Jim Raykowski Wednesday, September 21, 2011 4:06 PM
    Wednesday, September 21, 2011 4:06 PM