Problem with Edge Transport Server - Microsoft Exchange 2007

Recently, I added an edge transport server in the dmz.  This server was configured using edgeSync and all the connectors were added successfully. I can test synchronization by using test-edge... cmdlet and I can verify the accepted domains as well.  So I know its working fine...
However
 I can receive email from the outside world, which is picked up by the edge server and forwarded to the hub for delivery.  That works well.  On the other hand, when I try to email an external email, the hub transport forwards it to the edge, and there, it remains in queue.  The error that is being generated is:

451 4.4.0 Primary Target IP address responded 421 4.2.1 unable to connect.   Attempted failover to alternate host, but that did not succeed.  Either there are no alternate hosts or delivery failed to the all alternate host.


If I manually add a (internet) send connector on the hub transport server, I can email directly from the hub server, but I do not want to do this. I have both of the servers added in each of the hosts file and dns works fine.  I have logging enabled if anyone wants to view a specific log.

Any ideas?
itsccocAsked:
Who is Participating?
 
SurajCommented:
there is no relation of certificate and Outbound mail flow....
check the event viewer if you got any certificate error ...

do this...
telnet maila.microsoft.com 25
ehlo

whats the ip address showing up with ehlo?
0
 
SurajCommented:
nicely explained..
OK.. so you mean the mails are stuck in the queue of the Edge server.
now do the following:
1. on edge.. open command prompt and do this..
nslookup
set q=mx
hotmail.com or any remotedomain.com

do you get the MX record of them?

2. do telnet MX/IP 25
do you get the banner of the remote domain??

let me know the results....

0
 
itsccocAuthor Commented:
Thanks for the comment.  Nslookup works fine, we're able to view MX records and we can also telnet to other smtp servers via port 25 no problem from the Edge (and hub transport server).  I recently installed a digital certificate (2 weeks prior to doing the edge subscription)  on the HUB transport server reflecting the hub transport servers' name.  Should the edge transport be added to the digital cert too and imported on both?  The edge is using the auto self-signed cert.  Didn't know if that mattered or not.

0
 
itsccocAuthor Commented:
Sam, you were right.  I forgot I had an acl preventing outbound connections on port 25 except for our current mail provider.  By testing the domain you provided me pointed me in the direction of a network connectivity problem thus realizing it was related to an acl.

Thanks!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.