Remove From My Forums

FIXED - Exchange 2013 - Can I Recreate Default Frontend Receive Connector SAFELY?

Question
0

Sign in to vote
Hi

I'm need of some urgent assistance please.

I had a fully functional Exchange 2013 server and decided to create a receive connector for a photocopier/scanner to included its static IP port number 25.

I accidentally chose Hub Transport role and not FrontEndTransport role which appears to have messed up port 25 connectivity on mail coming in from the internet. When I stopped and restarted the Transport Service within services.msc I then got this error.
Source: MSExchangeTransport
Event ID: 1036

Task Category: SmtpReceive

Level: Error

Description: Inbound direct trust authentication failed for certificate %1. The source IP address of the server that tried to authenticate to Microsoft Exchange is [%2]. Make sure EdgeSync is running properly.

I proceeded to delete the offending Receive connector for the scanner/photocopier and restart the server, the transport service started ok this time but still I cant receive mail from the outside world.

My question: Can I delete the automatically created default Frontend "servername" connector which contains the proper settings then recreate it again with the same settings and NOT harm/delete all the users emails or the mailstore or anything bad for that matter?

I have the details on how to create the connector but just wanted to check that's its ok to remove it and re-add it again now that everything was setup and running fine. I'm hoping the recreated Connector will fix what I broke.

Appears what I have done has broken my connectivity to telnet to port 25 to the exchange server from the outside world although oddly I can telnet to the server from a command prompt on the exchange server (telnet "servername" 25) and getpresented with the exchange server responding. The tickbox for anonymous is ticked already. Port 25 already is forwarded from the firewall to the exchange server and was working fine till I made the error.

Any help is greatly appreciated. Thankyou.
- Edited by NEOband Sunday, November 2, 2014 7:03 PM
Sunday, November 2, 2014 9:40 AM

Answers

0

Sign in to vote
OK so I found some more details online and decided to take the plunge (after a backup was taken) and my problem is now fixed. Although thank you to the 40 people that atleast looked at my query.

This worked for me, please read, backup and decide yourself if you wish to follow my steps.

1. I Read this to understand more on how I broke it in the first place  :

First section of this......

https://exchangemaster.wordpress.com/tag/smtp/

then

http://support.microsoft.com/kb/2958036

2. Deleted the Default Frontend "servername" Receive connector

3. Recreated it using these guidelines below. (I included them all for your ref). Source https://social.technet.microsoft.com/Forums/exchange/en-US/32e13998-a84e-4f10-8557-3f7ce6fdb824/2013-default-receive-connectors:
[PS] C:\>Get-ReceiveConnector | fl Name,AuthMechanism,RemoteIPRanges,TransportRole,permissiongroups,MaxMessageSize

Name             : Default EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : HubTransport
PermissionGroups : ExchangeUsers, ExchangeServers, ExchangeLegacyServers
MaxMessageSize   : 35 MB (36,700,160 bytes)

Name             : Client Proxy EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : HubTransport
PermissionGroups : ExchangeUsers, ExchangeServers
MaxMessageSize   : 35 MB (36,700,160 bytes)

Name             : Default Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : AnonymousUsers, ExchangeServers, ExchangeLegacyServers
MaxMessageSize   : 36 MB (37,748,736 bytes)

Name             : Outbound Proxy Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : AnonymousUsers, ExchangeServers
MaxMessageSize   : 36 MB (37,748,736 bytes)

Name             : Client Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : ExchangeUsers
MaxMessageSize   : 35 MB (36,700,160 bytes)

4. Recreated the Receive connector for my photocopier/scanner but this time choose Frontend Transport role and Not the default Hubtransport. Restarted the server, crossed my fingers and everything worked!! (Apparently restarting both transport services is sufficient, but hey I just want to be sure it works from reboot in future.

Exchange SP1 will break any custom receive connectors that you have made prior to installing the update (nor even warn you that you're about to create an addition hub transport connector on port 25 after the SP1 update, there should be only one hubtransport on port 25 as I understand it, its ok for Frontend transport) . The transport service will not start, so to save you the hassle of deleting your custom connector just run this command from an elevated exchange powershell command to change the custom connector from hubtransport to Frontend Transport then start the transport service. ( you may have to kill the Transport service .exe process in task manager, then start the transport services after this amendment from the services.msc panel)

Set-ReceiveConnector –Identity "Your Receive connector name" –TransportRole FrontendTransport

Alternatively, delete and re-create the receive connector and set its role to FrontendTransport and NOT HUBTRANSPORT !!!!!!!!!!!

This issue occurs if there is a receive connector of Transport type HubTransport that has the binding set to port 25 on the affected Exchange 2013 server. On an Exchange 2013 server that has both back-end and front-end roles, only the FrontendTransport server-type receive connector should have the binding set to port 25.

To fix this issue, run the following cmdlet to change the connector type from HubTransport to FrontendTransport:

Source: http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2013/ManagementAdministration/exchange-server-2013-sp1-transport-service-stops-and-does-not-restart.html
- Marked as answer by NEOband Sunday, November 2, 2014 6:56 PM
- Edited by NEOband Sunday, November 2, 2014 7:02 PM
Sunday, November 2, 2014 6:56 PM

All replies

0

Sign in to vote
OK so I found some more details online and decided to take the plunge (after a backup was taken) and my problem is now fixed. Although thank you to the 40 people that atleast looked at my query.

This worked for me, please read, backup and decide yourself if you wish to follow my steps.

1. I Read this to understand more on how I broke it in the first place  :

First section of this......

https://exchangemaster.wordpress.com/tag/smtp/

then

http://support.microsoft.com/kb/2958036

2. Deleted the Default Frontend "servername" Receive connector

3. Recreated it using these guidelines below. (I included them all for your ref). Source https://social.technet.microsoft.com/Forums/exchange/en-US/32e13998-a84e-4f10-8557-3f7ce6fdb824/2013-default-receive-connectors:
[PS] C:\>Get-ReceiveConnector | fl Name,AuthMechanism,RemoteIPRanges,TransportRole,permissiongroups,MaxMessageSize

Name             : Default EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : HubTransport
PermissionGroups : ExchangeUsers, ExchangeServers, ExchangeLegacyServers
MaxMessageSize   : 35 MB (36,700,160 bytes)

Name             : Client Proxy EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : HubTransport
PermissionGroups : ExchangeUsers, ExchangeServers
MaxMessageSize   : 35 MB (36,700,160 bytes)

Name             : Default Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : AnonymousUsers, ExchangeServers, ExchangeLegacyServers
MaxMessageSize   : 36 MB (37,748,736 bytes)

Name             : Outbound Proxy Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : AnonymousUsers, ExchangeServers
MaxMessageSize   : 36 MB (37,748,736 bytes)

Name             : Client Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : ExchangeUsers
MaxMessageSize   : 35 MB (36,700,160 bytes)

4. Recreated the Receive connector for my photocopier/scanner but this time choose Frontend Transport role and Not the default Hubtransport. Restarted the server, crossed my fingers and everything worked!! (Apparently restarting both transport services is sufficient, but hey I just want to be sure it works from reboot in future.

Exchange SP1 will break any custom receive connectors that you have made prior to installing the update (nor even warn you that you're about to create an addition hub transport connector on port 25 after the SP1 update, there should be only one hubtransport on port 25 as I understand it, its ok for Frontend transport) . The transport service will not start, so to save you the hassle of deleting your custom connector just run this command from an elevated exchange powershell command to change the custom connector from hubtransport to Frontend Transport then start the transport service. ( you may have to kill the Transport service .exe process in task manager, then start the transport services after this amendment from the services.msc panel)

Set-ReceiveConnector –Identity "Your Receive connector name" –TransportRole FrontendTransport

Alternatively, delete and re-create the receive connector and set its role to FrontendTransport and NOT HUBTRANSPORT !!!!!!!!!!!

This issue occurs if there is a receive connector of Transport type HubTransport that has the binding set to port 25 on the affected Exchange 2013 server. On an Exchange 2013 server that has both back-end and front-end roles, only the FrontendTransport server-type receive connector should have the binding set to port 25.

To fix this issue, run the following cmdlet to change the connector type from HubTransport to FrontendTransport:

Source: http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2013/ManagementAdministration/exchange-server-2013-sp1-transport-service-stops-and-does-not-restart.html
- Marked as answer by NEOband Sunday, November 2, 2014 6:56 PM
- Edited by NEOband Sunday, November 2, 2014 7:02 PM
Sunday, November 2, 2014 6:56 PM
0

Sign in to vote

Hi NEOband,

Thank you for sharing the detailed troubleshooting steps and final solution for us. This is valuable.

Thanks,

If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com
Simon Wu
TechNet Community Support

Tuesday, November 11, 2014 7:12 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

FIXED - Exchange 2013 - Can I Recreate Default Frontend Receive Connector SAFELY?

Question

Answers

All replies