Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Can't send mail from a secondary Exchange 2007

Posted on 2009-04-07
9
Medium Priority
?
1,532 Views
Last Modified: 2012-08-17
I've an Exchange 2003 in a Windows 2003 server working correct. I've installed a Windows 2008 as a secondary domain controller and an Exchange 2007 SP1 in the same exchange organization.

I can create new user mailboxes in the new exchange server 2007 and can receive mails from the internet and mails from the exchange 2003. But I can't send mails from exchange 2007 to the exchange 2003 mailboxes and internet directions.

I've the error in the eventviewer:

Event ID 2017: No se pudo realizar la autenticación saliente debido al error WrongPrincipal para el conector de envío Conector de envío SMTP interno de la organización. El mecanismo de autenticación es Gssapi. El objetivo es SMTPSVC/mail.Secdor.com

Nombre de registro:Application
Origen:        MSExchangeTransport
Fecha:         07/04/2009 17:51:15
Id. del evento:2017
Categoría de la tarea:SmtpSend
Nivel:         Error
Palabras clave:Clásico
Usuario:       No disponible
Equipo:        exchange.Secdor.com
Descripción:
No se pudo realizar la autenticación saliente debido al error WrongPrincipal para el conector de envío Conector de envío SMTP interno de la organización. El mecanismo de autenticación es Gssapi. El objetivo es SMTPSVC/mail.Secdor.com.

System

  - Provider

   [ Name]  MSExchangeTransport
 
  - EventID 2017

   [ Qualifiers]  49156
 
   Level 2
 
   Task 2
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2009-04-07T15:51:15.000Z
 
   EventRecordID 1175
 
   Channel Application
 
   Computer exchange.Secdor.com
 
   Security
 

- EventData

   WrongPrincipal
   Conector de envío SMTP interno de la organización
   Gssapi
   SMTPSVC/mail.Secdor.com

The error is in spanish. Translation may be like this:
Can't realize autbound authentication because an error WrongPrincipal for the sender connector Conector de envío SMTP intern of organization. The authentication mechanism is Gssapi. The objective is SMTPSVC/mail.Secdor.com.

I think it would be a little option or something easy, but I don't know what.

Thank you!
0
Comment
Question by:xuti
  • 5
  • 3
9 Comments
 
LVL 4

Expert Comment

by:milikad
ID: 24089318
Run the following command and give result
Get-RoutingGroupConnector  
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24089489
Do you have an SMTP Connector on the Exchange 2003 server?
If so then Exchange 2007 will try and use that, which will mean that internet email would be going to the Exchange 2003 server first.
Therefore the same problem that is stopping internal email would cause the problem for outbound email.

Check that you do not have any restrictions on the SMTP virtual server in Exchange 2003, and ensure that all three authentication options are enabled.

Simon.
0
 
LVL 4

Expert Comment

by:milikad
ID: 24089692
It may be issue related AD.
Check if there is any time mismatch between exchange servers and domain controller.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:xuti
ID: 24094703
Hello,

If I execute the command get-routinggroupconnector appears:

Name                      SourceRoutingGroup         TargetRoutingGroup
----                      ------------------         ------------------
EXCHANGE-DC3-SECDOR       Exchange Routing Group ... First Routing Group
DC3-SECDOR-EXCHANGE       First Routing Group        Exchange Routing Group ...

The exchange 2003 server is DC3-Secdor.
The exchange 2007 server is Exchange.

Yes Simon, we want to exchange 2003 send and receive all mails and exchange 2007 only has the mailboxes and OWA for web access. I don't find the options you are referring at. Where can I configure that restrictions?

I've checked errors in AD but it seems to be ok and no errors.

Thank you!
0
 
LVL 4

Expert Comment

by:milikad
ID: 24098003
Hi,
Run the following command:  Get-ExchangeCertificate

Check the FQDN name it is showing in the certificate and check the FQDN name in the default SMTP VS - Properties - Advanced and change it to exchange.secdor.com and restart the SMTP service and check if it work and let us know.
If this doesn't help then paste the output of Get-exchangeCertificate here.
Thanks,
Milikad (M)
 
0
 
LVL 4

Expert Comment

by:milikad
ID: 24098042
Hi,
One small change to earlier instruction, it seems that your exchange 2003 server name is DC3-Secdor. So change the FQDN name to DC3-Secdor.secdor.com. You have to enter your exchange 2003 servers FQDN name there.
Thanks,
Milikad
0
 
LVL 1

Author Comment

by:xuti
ID: 24099167
This is the get-exchangecertificate

Thumbprint                                Services   Subject
----------                                --------   -------
9A393699F8B09BFF121B7162B040C6FF3ADEBECF  IP.WS      CN=exchange


I don't know where to change FQDN :S

sorry, what can I do?

thank you
0
 
LVL 4

Accepted Solution

by:
milikad earned 1400 total points
ID: 24116025
Hi
In exchange 2003, go to protocols - SMTP - Default SMTP VS - Properties - Delivery Tab and Select Advanced - Check the Fully Qualified Domain Name.
It should be FQDN name of Exchange 2003 server (e.g. yourE2K3server.secdor.com) and not something like mail.secdor.com
After changing it, go to windows services and restart SMTP and Exchange Routing Engine Service.
Then go to exchange 2007 and force the mails from the queue or simply restart Transport service.
milikad
0
 
LVL 1

Author Comment

by:xuti
ID: 24135892
Thank you for the accurate and easy explanation! Now, exchange 2007 can send mails inside and outside our organization!!
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question