Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

5.7.1 Unable to relay; Mailbox Unavailable; new domains; Exchange 2003

Posted on 2009-07-08
7
Medium Priority
?
4,827 Views
Last Modified: 2013-11-30
Hello Experts!

I have two Exchange 2003 Servers hosting mailboxes for about 40 domains.  I recently tried to add another domain and began having delivery problems.  After much troubleshooting I stepped back and setup a TEST account and domain (a completely different domain from the one we started) and noticed that the issues continued.    I rather not bore you guys with details and jump right to my last step that had left me scratching my head:

- If I OPEN Relay on both exchange servers, all mail delivery for new domains is successful.  If I CLOSE Relays on both exchange servers (as we want and have had for the past 5 years) delivery to the NEW domains fails with the errors below.

- I used http://www.testexchangeconnectivity. com to generate the error in the Code Snippet. I also have my NDR below to show you the issue.

- The problem occurs when mail is sent from any server EXCEPT internal (internal mail flows through fine).  

- Recipient Policies (obviously I hope) have the new domains in them and the changes propagate out.

- The last time we added a domain was about 3 months ago, and had no issues.  


Delivery to the following recipient failed permanently:

    test@testing.chiozzalaw.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.7.1 Unable to relay for test@testing.chiozzalaw.com (state 14).
Server returned status code 550 - Mailbox unavailable. The server response was: 5.7.1 Unable to relay for test@testing.chiozzalaw.com
Exception Details:
Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay for test@testing.chiozzalaw.com
Type: System.Net.Mail.SmtpFailedRecipientException
Stack Trace:
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()

Open in new window

0
Comment
Question by:TrialWorks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 9

Expert Comment

by:dexIT
ID: 24804696
Has the server been patched recently?

Have you used the Best Practice Analyzer yet?
http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-4BEE-4943-AC22-E2DDBD258DF3&displaylang=en
0
 
LVL 2

Author Comment

by:TrialWorks
ID: 24804804
Patches - yes, we do updates about 1ce per month. So that's something that has been on the back of my mind, but we're talking about 3 months worth of patches (or more) possibly.  So, feel l that's a gray area.

I have ran the BPA on these servers in the past few months before, but not for this issue. I'll run them right now and see what it turns out.    Here i thought I covered all the basics but that's one big one I missed.  I'll report back shortly.
0
 
LVL 2

Author Comment

by:TrialWorks
ID: 24804899
I am running the BPA checks now, but wondered if you can answer one quasi-related question. We have been on a back/forth debate about a setting In exchange > SMTP > Virtual Server > Delivery > Advanced > FQDM.    Should that value, under the circumstnaces of having many domain names, be "server.domain.local"  or   "a-record.domain.com"   (local vs. public) ?    I know that the BPA will bring up that value but we could never settle the agreement on what choice is best; it seems that both work.  
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:TrialWorks
ID: 24805365
So I ran the Exchange BPA and the Exchange Troubleshooter.  In BPA I did a basic health check and connectivity.   That was fine.  In Troubleshooter  I did several tests for Mail Flow.  One came back with a suggestion for error 5.7.1 (after actually picking it as the error) which I exhausted.  It does not apply here.  Then I went through and did mail flow tests, all of which successfully delivered mail - but we know that, because internally there are no problems.   All tests were successful and test messages arrived from the TroubleShooting assistant.  The problem continues from the outside.     The Exchange TA is now examining the tracking logs, but regardless of what it finds, the messages are returned almost instantly.    I did a manual track for the test email address and did not locate the failures on either server, they are bounced before the even enter the queues.  help... :(
0
 
LVL 9

Expert Comment

by:dexIT
ID: 24807281
"I am running the BPA checks now, but wondered if you can answer one quasi-related question. We have been on a back/forth debate about a setting In exchange > SMTP > Virtual Server > Delivery > Advanced > FQDM.    Should that value, under the circumstnaces of having many domain names, be "server.domain.local"  or   "a-record.domain.com"   (local vs. public) ?    I know that the BPA will bring up that value but we could never settle the agreement on what choice is best; it seems that both work.  "

I personally think .local is for best practice,  more anonymous.


How are your relay restrictions setup for this server?
In Delivery do you have anonymous access?
0
 
LVL 2

Author Comment

by:TrialWorks
ID: 24807468
Relay blocks all access EXCEPT for list, and it allows anyone who successfully authenticates to relay. The really bizarre thing is only the new domain(s) added to the policy are subject to the problem, all the others move through. I don't get why swapping relay settings to "allow all except denied list" solves the issue but clearly that's not a solution we want.  And again, only newly added domains.  

Been working on the issue pretty much all day and still nowhere :(  
I did reboot my servers hoping that it may be the solution, but no go.
0
 
LVL 2

Accepted Solution

by:
TrialWorks earned 0 total points
ID: 24843316
Ok - it's fixed.

So, I focused in on a lot of stuff in this, but here is the proper fix.

telnet localhost 25 from the Exchange server.  Do a mail test to the affected domain:
-ehlo
-mail from:whatever@something.com
-rcpt to:test@affecteddomain.com  
UNABLE TO RELAY

That's the focus point.  I initially focused on on the
-relays
-antivirus
-reboots
-recipient policies
-etc... they are all distractions.  Your core issue is that the exchange server cannot figure out where to mail stuff to on its own (how it managed to deliver mail from OL client to the external domain name is beyond me, but that is the error to go on).

So, from there, you know the metabase is corrupt.   You know this because according to KB 895853 , page 4 of 8, there is a bullet point that reads DS2MB metabase key is corrupted (out of the many possibilities for SMTP error 5.7.1).    

Microsoft has a tool, called ExMetabaseCheck which will run, find errors, and near the end it will let you reset both the key and SMTP. Just let it do it.  That's it. Fixed.

Thanks for all of you who contributed... although really this post was more like a blog.  Hope it helps in the future.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is Usenet? There are many different opinions on exactly what Usenet is an isn't. Many opinions are incorrect simply out of ignorance. The Wikipedia listing about Usenet does a good job of explaining it, so instead of repeating it all here I wi…
Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question