Solved

Exchange 2003, Exchange 2007, and etrust SCM. its a party

Posted on 2008-10-02
7
383 Views
Last Modified: 2010-05-18
hello all:

i've been on a 24 hour binge of google and nada thus far, even though this topic has been hammered so many times.

So we have a exchange 2003 box with etrust Secure Content manager on it. All mail outbound, and inbound go through SCM. the SCM listens on port 25 (external and internal) and exchange 2003 listens on 2525 and sends on port 25.

the exchange 2007 (sp1) was installed using an excellent punch list (http://www.msexchange.org/tutorials/Transitioning-Exchange-2000-2003-Exchange-Server-2007-Part1.html) to the T with no problems along the way. moving mailboxes was fine (just moved a couple) but was getting the infamous "451 5.7.3 cannot acheive exchange server authentication". Quick google pointed to the intergrated windows auth. on the 2003 default SMTP virtual server, which i did. no change.

i rebuilt the routing connectors several times (currently have a interop rgc) which can be seen in the 2003 ESM.  and eventually email was able to go from exchange 2003 to 2007.

So, outside people can email to the one user on the 2007 server. Inside people on the 2003 can email to the user on the 2007. 2007 can send to people outside (using the smarthost on the 2003 SCM server), but cannot send to local users.

OWA does switch over (internally, haven't changed the outside DNS settings yet) for the 2007 user.

any suggestions?
0
Comment
Question by:deomega22
  • 4
  • 3
7 Comments
 

Author Comment

by:deomega22
Comment Utility
also, i did make a send connector for the email domain to send on port 2525 and it is currently set to use dns settings, not smarthost.
0
 
LVL 32

Expert Comment

by:gupnit
Comment Utility
Hi,
Great lets take it up step by step...I need some pointers !!
Are both 2k3 & 2k7 users in same domain. Single ORG right...as there is not mention of forests here..>!!
When you say that User in 2k7 cannot send to Internal Users, you mean to users on 2k3 box. right ? Well, can you recreate the Connector that shoots mails from 2k7 to 2k3 and tell me how has it been configured.
Thanks
Nitin
0
 

Author Comment

by:deomega22
Comment Utility
single domain

correct, 07 users cannot send to 03 users.

i have two send connectors on the 07 box. one is to internet ( smtp * 1) it's being routed to the smarthost.

the other is for internal (smtp mydomain.com 1). currently i have its using mx/dns records to route. i did try setting the ip of the exchange 2003 box in the smarthost and sending on port 2525. neither worked. though finding the server isn't the problem, it authentication.

here's a fl on the conectors:

[PS] U:\>Get-SendConnector | fl


AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : False
DomainSecureEnabled          : False
Enabled                      : True
ForceHELO                    : False
Fqdn                         : mail.mydomain.com
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : ex07
Identity                     : To internet
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : 10MB
Name                         : To internet
Port                         : 25
ProtocolLoggingLevel         : None
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {[192.168.150.10]}
SmartHostsString             : [192.168.150.10]
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {ex07}
UseExternalDNSServersEnabled : False

AddressSpaces                : {SMTP:mydomain.com;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ForceHELO                    : False
Fqdn                         : mail.mydomain.com
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : ex07
Identity                     : To Local
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : unlimited
Name                         : To Local
Port                         : 2525
ProtocolLoggingLevel         : None
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {ex07}
UseExternalDNSServersEnabled : False
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 32

Accepted Solution

by:
gupnit earned 500 total points
Comment Utility
Hi,
Yu do not need a seperate Connector from 2007 to 2003, create a new RG Connector between the RGs that will the birdirectional....!!
Leave the Internet SMTP Connector as it is
Here are steps: http://technet.microsoft.com/en-us/library/aa997292(EXCHG.80).aspx
Let me know
Cheers
Nitin
0
 

Author Comment

by:deomega22
Comment Utility
after the installation, and things were failing i went a google rampage. i wound up deleting the original rgc's that were made at install. i did find that article and copied it, replacing server names of course.

the rgc's show up in both the power shell and 2003 ESM.

do i need to get anything from the original install that i deleted?
0
 

Author Comment

by:deomega22
Comment Utility
Solution found, though it was never really lost....

there are no port settings on rgc's. so when my exchange2003 box was listening on port 2525 and sending on 25, it could send mail to exchange2007, but since exchange2007 was not communicating with port 25 it was failing.

Microsoft: if you are reading this, why was exchange 2007 saying that another exchange server was throwing the "451 5.7.3 cannot acheive exchange server authentication"? perhaps saying "no connection could be made" would be better. just a thought.

thank you gupnit for your efforts. points awarded.
0
 
LVL 32

Expert Comment

by:gupnit
Comment Utility
My Pleasure :-) !
Good to see you got it, actually sometime with no access it is diffcult to pin point exact configs
Thanks
Nitin
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now