Solved

Can't send mail from a secondary Exchange 2007

Posted on 2009-04-07
9
1,370 Views
Last Modified: 2012-08-17
I've an Exchange 2003 in a Windows 2003 server working correct. I've installed a Windows 2008 as a secondary domain controller and an Exchange 2007 SP1 in the same exchange organization.

I can create new user mailboxes in the new exchange server 2007 and can receive mails from the internet and mails from the exchange 2003. But I can't send mails from exchange 2007 to the exchange 2003 mailboxes and internet directions.

I've the error in the eventviewer:

Event ID 2017: No se pudo realizar la autenticación saliente debido al error WrongPrincipal para el conector de envío Conector de envío SMTP interno de la organización. El mecanismo de autenticación es Gssapi. El objetivo es SMTPSVC/mail.Secdor.com

Nombre de registro:Application
Origen:        MSExchangeTransport
Fecha:         07/04/2009 17:51:15
Id. del evento:2017
Categoría de la tarea:SmtpSend
Nivel:         Error
Palabras clave:Clásico
Usuario:       No disponible
Equipo:        exchange.Secdor.com
Descripción:
No se pudo realizar la autenticación saliente debido al error WrongPrincipal para el conector de envío Conector de envío SMTP interno de la organización. El mecanismo de autenticación es Gssapi. El objetivo es SMTPSVC/mail.Secdor.com.

System

  - Provider

   [ Name]  MSExchangeTransport
 
  - EventID 2017

   [ Qualifiers]  49156
 
   Level 2
 
   Task 2
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2009-04-07T15:51:15.000Z
 
   EventRecordID 1175
 
   Channel Application
 
   Computer exchange.Secdor.com
 
   Security
 

- EventData

   WrongPrincipal
   Conector de envío SMTP interno de la organización
   Gssapi
   SMTPSVC/mail.Secdor.com

The error is in spanish. Translation may be like this:
Can't realize autbound authentication because an error WrongPrincipal for the sender connector Conector de envío SMTP intern of organization. The authentication mechanism is Gssapi. The objective is SMTPSVC/mail.Secdor.com.

I think it would be a little option or something easy, but I don't know what.

Thank you!
0
Comment
Question by:xuti
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 4

Expert Comment

by:milikad
ID: 24089318
Run the following command and give result
Get-RoutingGroupConnector  
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24089489
Do you have an SMTP Connector on the Exchange 2003 server?
If so then Exchange 2007 will try and use that, which will mean that internet email would be going to the Exchange 2003 server first.
Therefore the same problem that is stopping internal email would cause the problem for outbound email.

Check that you do not have any restrictions on the SMTP virtual server in Exchange 2003, and ensure that all three authentication options are enabled.

Simon.
0
 
LVL 4

Expert Comment

by:milikad
ID: 24089692
It may be issue related AD.
Check if there is any time mismatch between exchange servers and domain controller.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 1

Author Comment

by:xuti
ID: 24094703
Hello,

If I execute the command get-routinggroupconnector appears:

Name                      SourceRoutingGroup         TargetRoutingGroup
----                      ------------------         ------------------
EXCHANGE-DC3-SECDOR       Exchange Routing Group ... First Routing Group
DC3-SECDOR-EXCHANGE       First Routing Group        Exchange Routing Group ...

The exchange 2003 server is DC3-Secdor.
The exchange 2007 server is Exchange.

Yes Simon, we want to exchange 2003 send and receive all mails and exchange 2007 only has the mailboxes and OWA for web access. I don't find the options you are referring at. Where can I configure that restrictions?

I've checked errors in AD but it seems to be ok and no errors.

Thank you!
0
 
LVL 4

Expert Comment

by:milikad
ID: 24098003
Hi,
Run the following command:  Get-ExchangeCertificate

Check the FQDN name it is showing in the certificate and check the FQDN name in the default SMTP VS - Properties - Advanced and change it to exchange.secdor.com and restart the SMTP service and check if it work and let us know.
If this doesn't help then paste the output of Get-exchangeCertificate here.
Thanks,
Milikad (M)
 
0
 
LVL 4

Expert Comment

by:milikad
ID: 24098042
Hi,
One small change to earlier instruction, it seems that your exchange 2003 server name is DC3-Secdor. So change the FQDN name to DC3-Secdor.secdor.com. You have to enter your exchange 2003 servers FQDN name there.
Thanks,
Milikad
0
 
LVL 1

Author Comment

by:xuti
ID: 24099167
This is the get-exchangecertificate

Thumbprint                                Services   Subject
----------                                --------   -------
9A393699F8B09BFF121B7162B040C6FF3ADEBECF  IP.WS      CN=exchange


I don't know where to change FQDN :S

sorry, what can I do?

thank you
0
 
LVL 4

Accepted Solution

by:
milikad earned 350 total points
ID: 24116025
Hi
In exchange 2003, go to protocols - SMTP - Default SMTP VS - Properties - Delivery Tab and Select Advanced - Check the Fully Qualified Domain Name.
It should be FQDN name of Exchange 2003 server (e.g. yourE2K3server.secdor.com) and not something like mail.secdor.com
After changing it, go to windows services and restart SMTP and Exchange Routing Engine Service.
Then go to exchange 2007 and force the mails from the queue or simply restart Transport service.
milikad
0
 
LVL 1

Author Comment

by:xuti
ID: 24135892
Thank you for the accurate and easy explanation! Now, exchange 2007 can send mails inside and outside our organization!!
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Powershell script include embedded images 10 46
Migration from Lotus Note to Exchange 4 28
EXCHANGE 8 28
Moving on from sbs 2008... 36 80
Find out what you should include to make the best professional email signature for your organization.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question