Solved

Cannot send mail internally between Exchange 2003 and Exchange 2010 servers

Posted on 2010-09-10
23
1,920 Views
Last Modified: 2012-05-10
Hello.

I recently installed Exchange 2010 into my Exchange 2003 organization and, sadly, am unable to send mail internally.

The installation completed successfully, and I can send and receive external mail with mailboxes on each server, but I am not able to send mail from a mailbox on the 2003 server to a mailbox on the 2010 server, and vice versa.  I can send mail to other mailboxes within the same server.

When looking at the queue on the 2010 server the message says "451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication."”

On the 2003 server, I watch the mail go into the routing group connector queue, and then it ends up in the “Messages with an unreachable destination” queue.

My MX record is the 2003 server, so somehow mail does make it from the 2003 server to the 2010 server if it comes in externally.

I am running anti-spam software (MailMarshal) on each server that sits in front of Exchange and listens on port 25 as the smart host.

On the 2003 server, the SMTP protocol default SMTP virtual server is set to use port 26, and the routing group connector is set to use the smart host.

On the 2010 server, the receive connector is configured to use port 26, and the send connector is set to use the smart host.

Both servers have the routing group connector that was created at installation and each have the appropriate remote bridghead configuration.

External mail is received by the smart host on the 2003 server and is then routed to Exchange, where it ultimately makes it to mailboxes on the 2003 or the 2010 server.  It is just failing when I try to send internally between these servers.

Not sure if this helps, but when I view the staus on the 2003 server, everything shows available, except the 2010 server itself.  The connectors from the 2010 server do display and show as available, however.

I suspect this requires some sort of routing connector, or something, but I am staring at a brick wall right now.

Does anyone have advice on where I should begin, please?

Thanks in advance for your generous assistance!
-      Joe
0
Comment
Question by:JOE-BULLITT
  • 10
  • 9
  • 4
23 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 33651287
first for
"When looking at the queue on the 2010 server the message says "451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication."

On your Exchange 2003 server check the properties of the SMTP virtual server:  Under the "Access" tab and then "Authentication" is "Integrated Windows Authentication" checked?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33651375
for
"On the 2003 server, I watch the mail go into the routing group connector queue, and then it ends up in the “Messages with an unreachable destination” queue.

open EMS and run get-routinggroupconnector and paste the results
0
 

Author Comment

by:JOE-BULLITT
ID: 33651430
Thanks for the help Akhater!

Yes, the Authentication is set to Integrated Windows Authentication on the SMTP virtual server.

Here is the results of the get-routinggroupconnector command:


Name            SourceRoutingGroup                        TargetRoutingGroup
----            ------------------                        ------------------
Interop RGC      Exchange Routing Group (DWBGZMFD01QNBJR)      first routing group
Interop RGC      first routing group                        Exchange Routing Group (DWBGZMFD01QNBJR)
rgc.txt
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33651448
Any firewall between the 2 servers?
0
 

Author Comment

by:JOE-BULLITT
ID: 33651455
The only firewall between them is on the 2010 Exchange server, which is running Server 2008 R2.
I tried to disable it entirely, but that did not help.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33651468
Give exbpa a shot it might help with the error
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33651471
here is your problem
On the 2003 server, the SMTP protocol default SMTP virtual server is set to use port 26, and the routing group connector is set to use the smart host.


exchange 2010 is listening on port 25
0
 

Author Comment

by:JOE-BULLITT
ID: 33651500
On the 2010 server, the receive connector is configured to use port 26.  Is there another place to change this perhaps?
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33651516
2003 and 2010 route mail thru the routing group connector not a receive connector
there is no option for setting the port on a routing group connector
because these servers are members of the same organization and your domain (contoso.com) is most likely authoritative, it will not use send and smtp connectors
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33651525
why are you using port 26 for smtp?
you can create a second smtp virtual server on the 2003 server to use port 26
then create a smtp connector that uses this smtp vs to deliver to smart host
0
 

Author Comment

by:JOE-BULLITT
ID: 33651538
so the routing group connector uses the same port 25?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 32

Expert Comment

by:endital1097
ID: 33651540
yes, only uses port 25

you'll also want to remove the smart host setting on the default smtp
0
 

Author Comment

by:JOE-BULLITT
ID: 33651546
"you can create a second smtp virtual server on the 2003 server to use port 26, then create a smtp connector that uses this smtp vs to deliver to smart host"

Yes, this is exactly what is configured and is working with external mail, just not internal mail between the two.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33651566
you didn't mention a second smtp virtual server
is the default set to 25
0
 

Author Comment

by:JOE-BULLITT
ID: 33651572
Ah.  My bad.

No, there is just the one, which is set to port 26.  Should I add a second?

My concern is if I remove the smart host, mail will not go through my spam filter.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33651590
create the second smtp virtual server to use port 26
update your smtp connector to use the new smtp vs
make sure the smtp connector uses the smart host
update the default smtp to use port 25 and no smart host

this is the best practice for mail routing
0
 

Author Comment

by:JOE-BULLITT
ID: 33651611
The problem is that the smart host sits in front of my Exchange Server, and it is listeing on port 25.  If I set the SMTP connector to port 25 mail will go straight to Exchange and not filter.
Right?
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33651624
no, your firewall should be directing traffic on port 25 to your smart host
then your filter sends it to exchange
0
 

Author Comment

by:JOE-BULLITT
ID: 33651656
Essential it does, except the filter is on the same machine as Exchange, which is why the Exchange server ports need to be modified.

Maybe I'll need to explore port triggering on the firewall, or something.  I understand what you are saying here, just need to think a little bit.

I'm a little confused, however, because the two servers must be talking to each other because I am able to receive external mail on the Exchange 2003 server, and it does make it to a mailbox on the Exchange 2010 server.
0
 
LVL 32

Accepted Solution

by:
endital1097 earned 500 total points
ID: 33651672
yes, 2010 is listening on 25 so your 2003 server will deliver via the rgc over 25
when 2010 attempts to send it is trying to connect to your 2003 server on port 25 which fails

can you assign a second internal ip address that you could use for this?
assign the secondary ip address to the default smtp vs with port 25
leave the other smtp vs alone
0
 

Author Comment

by:JOE-BULLITT
ID: 33651747
I'll try your suggestion this weekend.
It sounds like it may be easier to move the filter to another machine.  :-)
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33651780
if you do decide to add the second ip address, you probably want to update the hosts file on the 2010 server with that ip address to ensure it goes to the correct smtp vs

let me know how it goes
0
 

Author Closing Comment

by:JOE-BULLITT
ID: 33703285
Thanks for your help!  I added the second NIC and separated the smart host and Exchange, and mail flows right now.
I appreciate the assistance very much!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now