Multiple SMTP Virtual Servers for different ports inbound and outbound.

Do you have an SMTP Connector for both virtual servers?
If not, then you should.
You cannot control which SMTP virtual server that Exchange uses, so need to configure SMTP Connectors first.

I would setup the first connector to use the alternative port, with the value set to 1 for every domain listed.
Then configure the second connector with a value of 2, with the domain name set as *
That should route the email correctly.

Make sure that you have set the smart host correctly. It should be the remote server, not the local server, and only one of the SMTP virtual servers should be listed in each connector.

Simon.

Here is what I have:

Default SMTP Virtual Server (Setup to answer port 25 and to send out via port 25) - Rest of the settings default
(Connector) INTERNET - Setup with the "Default SMTP Virtual Server" as the only bridgehead, this uses DNS to route to each address space. Address space is * at a cost of 100

2525 SMTP Virtual Server (setup to answer port 2525 and to send out via port 2525) - Rest of the settings default
(Connector) kerhin.org - Setup with the "2525 SMTP Virutal Server" as the only bridgehead, this connector forwards mail through a smart host: mail.byteharmony.com and it has an advanced delivery settings for outbound security to send Basic Authentication username and password. The Address space has only one entry, the address kerhin.org at a cost of 1

If I test each outbound path independantly they will both work with out fault. I need both methods for this system at the same time though.

From what I know this "SHOULD" work, I don't know why it's failing.

Thanks for your quick responce.
BK

What message tracking say?
Does it show the message going out to the remote server?

Simon.

Here is a link to message tracking:

http://www2.byteharmony.com/~happy/delme/web_links/exchange_tracking.JPG

Looks like it' get's queued but then it quits.

????
BK

That would be an indication that the SMTP connector could be looping back on itself. I would have expected to see a remote server listed somewhere, based on the NDR that you have posted above.

You mentioned that you tested the outbound path in an earlier post. What exactly did you do?
Like you, I can't see where the problem is at the moment - you have done what I would have done.

Do you have the remote domain in your DNS records anywhere? Is there conflicting information in the DNS that the server can find and what you are trying to use?
For example, if the server was to do a DNS lookup on the remote domain, would it get back one IP address for delivery, but you are trying to send it to another?

Simon.

DNS: The sending domain doesn't exist on the internet ms.relknit.com is all private.
kerhin.org MX records are listed below, all go to POSTINI data centers then that relays to the proper server (in productions on 1xx clients)

;; ANSWER SECTION:
kerhin.org.             600     IN      MX      30 byteharmony.net.s7b1.psmtp.com.
kerhin.org.             600     IN      MX      40 byteharmony.net.s7b2.psmtp.com.
kerhin.org.             600     IN      MX      10 byteharmony.net.s7a1.psmtp.com.
kerhin.org.             600     IN      MX      20 byteharmony.net.s7a2.psmtp.com.

Here is a screen shot of the working example: Note that all I did to get this to work was to stop the Default SMTP Virtual Server via the exchange system manager.
http://www2.byteharmony.com/~happy/delme/web_links/exchange_tracking1.JPG

I found something interesting when generating this. Whichever virtual server is started first, it's the only one that can outbound messages.

In other words. If I stop both servers. Then start them one at a time. Which ever is started first is the one that outbounds email successfully.

BK

PS> This is feeling more and more like a Microsoft Bug...

Great idea Simon, you have found the crux of the problem, with out the ability to use 2 smtp virtual servers you have no control over ports.

The firewall rule would surely work. If nothing else pops up you are the winner.

I'm just shocked that exchange can't do this??  -- I think I've found proof of this from Bill:

"It should be noted that the aforementioned SMTP configuration should not be used for metrics gathering purposes on Exchange servers that host production mailboxes. When the Exchange server is shut down and restarted, the first SMTP virtual server to start will be associated with the local store’s Send queue that is used to submit messages from the Exchange store to transport. For e-mail originating from the mailboxes hosted on the server, there is no guarantee which SMTP virtual server will be used to process those messages. This may affect the validity of metrics for inbound versus outbound e-mail."

From:
http://www.microsoft.com/technet/itsolutions/msit/operations/smtpggatewaysnote.mspx
Under Figure 4.

The reason mine is failing is because I've got mailboxes hosted on this server.

Sad, this functionality would be really nice, with out it there really is not exchange solution for ports.

Thanks everyone.
BK

PS> If you find an exchange solution to this send me mail: brian (at) byteharmony.com

I have dropped a message on to a private MVPs message group which is also monitored by the Microsoft Exchange team. They may well come up with something.

Simon.

Great, thanks very much for your help Simon. Hope to run into you again. Keep us posted.

It should work I am told.

The SMTP Diag code is key...
I was told this:

That diag code means, the sending server is configured to send back to itself...

1. Either because its smarthosted to itself (on connector or VS)
2. A DNS or name resolution lookup for the remote domain points back to the local domain/server
3. The message is being passed between the two SMTP virtual servers, and they both have the same FQDN. They have to be different and unique. E.g vs1.domain.com , vs2.domain.com both registered in DNS, and in multi-server environments in AD as an SPN

Simon.

WOW, ok.

1 and 2 are not a problem.

3. is a bit more complicated.

I did not know that a SMTP Virtual Server FQDN (Fully Qualified Domain Name) setting was used for anything but identification text. - That I did.

I registered a new seperate unique name for the 2nd server on the DNS server that is stored in AD on this machine.

I have a single server environment so I don't think I need a seperate SPN (Service Principal Name), if I did I don't know how to generate one asside from adding the machine to the domain??

When I did this it still did the same thing?  Did I fail with the SPN or is there something I missed?  I stopped and started both servers before testing the config. One message went out, the other bounced, same as before.

BK

There is a way to set the SPN...
This is from an unpublished KB article:

Use the SETSPN.exe tool to add an SPN with the FQDN to the Active Directory object for your exchange server.
1. Install the Setspn.exe tool. To obtain the Setspn.exe tool, visit the following Microsoft Web site:

http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/setspn-o.asp 

The Microsoft Windows Server 2003 version of the Setspn.exe command-line tool is available in the Windows Server 2003 Support Tools that are included on your Windows Server 2003 CD. To install the Server 2003 Support Tools, double-click the Suptools.msi file in the Support/Tools folder.  
2. Start a command prompt, and then change to the directory where you installed Setspn.exe.  
3. At the command prompt, type the following commands. Press ENTER after the command:

setspn.exe -a SMTPSVC/mail.yourdomain.com YOURSERVERNAME

(please replace mail.yourdomain.com with your SMTP virtual server FQDN and YOURSERVERNAME with the name of the Exchange server)

Simon.

Wow, that's some windows information I've never had to know. I did as you said and used the -L command line for setspn.exe to list the entries to make sure I knew what I was doing and I could back out if I had a problem.

Still gave me the bounce even with the DNS, SPN and FQDN settings changed.

The big question here is why would the two SMTP servers be relaying the message back and forth. Also what is the purpose of the local bridgehead if the message is just going to go to the first SMTP server?? (per MS doc above).

This document:
http://www.microsoft.com/technet/prodtechnol/exchange/2000/maintain/12x2kadd.mspx

(Below) states that our original config should work (I think).... Still no good.

Bridgehead servers act as the communication relays for routing groups, and you define them locally and remotely. Local bridgehead servers serve as the originator of message traffic, and remote bridgehead servers serve as the destination for message traffic. Each connector has a slightly different way of handling bridgehead servers.

With routing group connectors, you can have multiple local bridgeheads but only a single remote bridgehead, and you can designate the bridgehead servers as described in Steps 6 and 7 of the section of this chapter entitled "Installing Routing Group Connectors."

With SMTP connectors, you can have one or more local bridgehead servers. These bridgeheads are identified using the SMTP virtual servers that are available on the local server for which you're configuring the connector. You don't specifically define remote bridgehead servers, however. Instead, you designate a smart host or use DNS MX records to locate remote mail servers in a specific routing group. These mail servers then act as remote bridgehead servers. To specify bridgeheads for SMTP connectors, follow Steps 5-8 in the section of this chapter entitled "Installing SMTP Connectors."

With X.400 connectors, you have one local bridgehead server and one remote bridgehead server. Because of this, you can build fault tolerance and load balancing into the connector configuration only by configuring multiple connectors. You specify bridgeheads for X.400 connectors through the local and remote X.400 names you designate for the connector.

States

Again, from Microsoft.
The key thing is the error code - 5.3.5.
It should work, the scenario is not unfamiliar.
For some reason, the server thinks it is sending back on itself. You need to look very carefully at the configuration, DNS and if possible the remote server to see what would cause that.

Simon.

Another question/suggestion from Microsoft is how you are specifying the smart host? Is it an IP address or a host name? If it is a host name then try an IP address.

They keep coming back to the fact that it should work, so there must be something about the environment that is causing the loop.

Simon.

OK. I used an IP address, this is not at all what we'd want because I'm sure the ISP is using a round to handle traffic.

That being said, I would be interested to hear if the MS guys could make it work instead of saying it should work. I say that because of what I think is the most interesting component of the failure:

1. Setup the first connector and SMTP (pretty much all default). Test it, it works.
2. Stop the SMTP server
3. Setup the new port 2525 SMTP server and connector
4. Test it, it works.
5. Turn them both on. Only one will work, the one that is turned on first.

The fact that they both work when working solo is what makes me think there is something configured wrong in exchange, not in the real world. When I send to my test domain (the one that has special connector address space) it's not hosted on exchange or anything to do with this email system. It's all independant.

BK