Solved

Can't send mail from a secondary Exchange 2007

Posted on 2009-04-07
9
1,234 Views
Last Modified: 2012-08-17
I've an Exchange 2003 in a Windows 2003 server working correct. I've installed a Windows 2008 as a secondary domain controller and an Exchange 2007 SP1 in the same exchange organization.

I can create new user mailboxes in the new exchange server 2007 and can receive mails from the internet and mails from the exchange 2003. But I can't send mails from exchange 2007 to the exchange 2003 mailboxes and internet directions.

I've the error in the eventviewer:

Event ID 2017: No se pudo realizar la autenticación saliente debido al error WrongPrincipal para el conector de envío Conector de envío SMTP interno de la organización. El mecanismo de autenticación es Gssapi. El objetivo es SMTPSVC/mail.Secdor.com

Nombre de registro:Application
Origen:        MSExchangeTransport
Fecha:         07/04/2009 17:51:15
Id. del evento:2017
Categoría de la tarea:SmtpSend
Nivel:         Error
Palabras clave:Clásico
Usuario:       No disponible
Equipo:        exchange.Secdor.com
Descripción:
No se pudo realizar la autenticación saliente debido al error WrongPrincipal para el conector de envío Conector de envío SMTP interno de la organización. El mecanismo de autenticación es Gssapi. El objetivo es SMTPSVC/mail.Secdor.com.

System

  - Provider

   [ Name]  MSExchangeTransport
 
  - EventID 2017

   [ Qualifiers]  49156
 
   Level 2
 
   Task 2
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2009-04-07T15:51:15.000Z
 
   EventRecordID 1175
 
   Channel Application
 
   Computer exchange.Secdor.com
 
   Security
 

- EventData

   WrongPrincipal
   Conector de envío SMTP interno de la organización
   Gssapi
   SMTPSVC/mail.Secdor.com

The error is in spanish. Translation may be like this:
Can't realize autbound authentication because an error WrongPrincipal for the sender connector Conector de envío SMTP intern of organization. The authentication mechanism is Gssapi. The objective is SMTPSVC/mail.Secdor.com.

I think it would be a little option or something easy, but I don't know what.

Thank you!
0
Comment
Question by:xuti
  • 5
  • 3
9 Comments
 
LVL 4

Expert Comment

by:milikad
ID: 24089318
Run the following command and give result
Get-RoutingGroupConnector  
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24089489
Do you have an SMTP Connector on the Exchange 2003 server?
If so then Exchange 2007 will try and use that, which will mean that internet email would be going to the Exchange 2003 server first.
Therefore the same problem that is stopping internal email would cause the problem for outbound email.

Check that you do not have any restrictions on the SMTP virtual server in Exchange 2003, and ensure that all three authentication options are enabled.

Simon.
0
 
LVL 4

Expert Comment

by:milikad
ID: 24089692
It may be issue related AD.
Check if there is any time mismatch between exchange servers and domain controller.
0
 
LVL 1

Author Comment

by:xuti
ID: 24094703
Hello,

If I execute the command get-routinggroupconnector appears:

Name                      SourceRoutingGroup         TargetRoutingGroup
----                      ------------------         ------------------
EXCHANGE-DC3-SECDOR       Exchange Routing Group ... First Routing Group
DC3-SECDOR-EXCHANGE       First Routing Group        Exchange Routing Group ...

The exchange 2003 server is DC3-Secdor.
The exchange 2007 server is Exchange.

Yes Simon, we want to exchange 2003 send and receive all mails and exchange 2007 only has the mailboxes and OWA for web access. I don't find the options you are referring at. Where can I configure that restrictions?

I've checked errors in AD but it seems to be ok and no errors.

Thank you!
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 4

Expert Comment

by:milikad
ID: 24098003
Hi,
Run the following command:  Get-ExchangeCertificate

Check the FQDN name it is showing in the certificate and check the FQDN name in the default SMTP VS - Properties - Advanced and change it to exchange.secdor.com and restart the SMTP service and check if it work and let us know.
If this doesn't help then paste the output of Get-exchangeCertificate here.
Thanks,
Milikad (M)
 
0
 
LVL 4

Expert Comment

by:milikad
ID: 24098042
Hi,
One small change to earlier instruction, it seems that your exchange 2003 server name is DC3-Secdor. So change the FQDN name to DC3-Secdor.secdor.com. You have to enter your exchange 2003 servers FQDN name there.
Thanks,
Milikad
0
 
LVL 1

Author Comment

by:xuti
ID: 24099167
This is the get-exchangecertificate

Thumbprint                                Services   Subject
----------                                --------   -------
9A393699F8B09BFF121B7162B040C6FF3ADEBECF  IP.WS      CN=exchange


I don't know where to change FQDN :S

sorry, what can I do?

thank you
0
 
LVL 4

Accepted Solution

by:
milikad earned 350 total points
ID: 24116025
Hi
In exchange 2003, go to protocols - SMTP - Default SMTP VS - Properties - Delivery Tab and Select Advanced - Check the Fully Qualified Domain Name.
It should be FQDN name of Exchange 2003 server (e.g. yourE2K3server.secdor.com) and not something like mail.secdor.com
After changing it, go to windows services and restart SMTP and Exchange Routing Engine Service.
Then go to exchange 2007 and force the mails from the queue or simply restart Transport service.
milikad
0
 
LVL 1

Author Comment

by:xuti
ID: 24135892
Thank you for the accurate and easy explanation! Now, exchange 2007 can send mails inside and outside our organization!!
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
What exchange role handles the GAL 6 27
exchange 6 33
Email subject no showing 2 44
Exchange 2016 certificate 2 10
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now