Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1980
  • Last Modified:

Cannot send mail internally between Exchange 2003 and Exchange 2010 servers

Hello.

I recently installed Exchange 2010 into my Exchange 2003 organization and, sadly, am unable to send mail internally.

The installation completed successfully, and I can send and receive external mail with mailboxes on each server, but I am not able to send mail from a mailbox on the 2003 server to a mailbox on the 2010 server, and vice versa.  I can send mail to other mailboxes within the same server.

When looking at the queue on the 2010 server the message says "451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication."”

On the 2003 server, I watch the mail go into the routing group connector queue, and then it ends up in the “Messages with an unreachable destination” queue.

My MX record is the 2003 server, so somehow mail does make it from the 2003 server to the 2010 server if it comes in externally.

I am running anti-spam software (MailMarshal) on each server that sits in front of Exchange and listens on port 25 as the smart host.

On the 2003 server, the SMTP protocol default SMTP virtual server is set to use port 26, and the routing group connector is set to use the smart host.

On the 2010 server, the receive connector is configured to use port 26, and the send connector is set to use the smart host.

Both servers have the routing group connector that was created at installation and each have the appropriate remote bridghead configuration.

External mail is received by the smart host on the 2003 server and is then routed to Exchange, where it ultimately makes it to mailboxes on the 2003 or the 2010 server.  It is just failing when I try to send internally between these servers.

Not sure if this helps, but when I view the staus on the 2003 server, everything shows available, except the 2010 server itself.  The connectors from the 2010 server do display and show as available, however.

I suspect this requires some sort of routing connector, or something, but I am staring at a brick wall right now.

Does anyone have advice on where I should begin, please?

Thanks in advance for your generous assistance!
-      Joe
0
JOE-BULLITT
Asked:
JOE-BULLITT
  • 10
  • 9
  • 4
1 Solution
 
AkhaterCommented:
first for
"When looking at the queue on the 2010 server the message says "451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication."

On your Exchange 2003 server check the properties of the SMTP virtual server:  Under the "Access" tab and then "Authentication" is "Integrated Windows Authentication" checked?
0
 
AkhaterCommented:
for
"On the 2003 server, I watch the mail go into the routing group connector queue, and then it ends up in the “Messages with an unreachable destination” queue.

open EMS and run get-routinggroupconnector and paste the results
0
 
JOE-BULLITTAuthor Commented:
Thanks for the help Akhater!

Yes, the Authentication is set to Integrated Windows Authentication on the SMTP virtual server.

Here is the results of the get-routinggroupconnector command:


Name            SourceRoutingGroup                        TargetRoutingGroup
----            ------------------                        ------------------
Interop RGC      Exchange Routing Group (DWBGZMFD01QNBJR)      first routing group
Interop RGC      first routing group                        Exchange Routing Group (DWBGZMFD01QNBJR)
rgc.txt
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
AkhaterCommented:
Any firewall between the 2 servers?
0
 
JOE-BULLITTAuthor Commented:
The only firewall between them is on the 2010 Exchange server, which is running Server 2008 R2.
I tried to disable it entirely, but that did not help.
0
 
AkhaterCommented:
Give exbpa a shot it might help with the error
0
 
endital1097Commented:
here is your problem
On the 2003 server, the SMTP protocol default SMTP virtual server is set to use port 26, and the routing group connector is set to use the smart host.


exchange 2010 is listening on port 25
0
 
JOE-BULLITTAuthor Commented:
On the 2010 server, the receive connector is configured to use port 26.  Is there another place to change this perhaps?
0
 
endital1097Commented:
2003 and 2010 route mail thru the routing group connector not a receive connector
there is no option for setting the port on a routing group connector
because these servers are members of the same organization and your domain (contoso.com) is most likely authoritative, it will not use send and smtp connectors
0
 
endital1097Commented:
why are you using port 26 for smtp?
you can create a second smtp virtual server on the 2003 server to use port 26
then create a smtp connector that uses this smtp vs to deliver to smart host
0
 
JOE-BULLITTAuthor Commented:
so the routing group connector uses the same port 25?
0
 
endital1097Commented:
yes, only uses port 25

you'll also want to remove the smart host setting on the default smtp
0
 
JOE-BULLITTAuthor Commented:
"you can create a second smtp virtual server on the 2003 server to use port 26, then create a smtp connector that uses this smtp vs to deliver to smart host"

Yes, this is exactly what is configured and is working with external mail, just not internal mail between the two.
0
 
endital1097Commented:
you didn't mention a second smtp virtual server
is the default set to 25
0
 
JOE-BULLITTAuthor Commented:
Ah.  My bad.

No, there is just the one, which is set to port 26.  Should I add a second?

My concern is if I remove the smart host, mail will not go through my spam filter.
0
 
endital1097Commented:
create the second smtp virtual server to use port 26
update your smtp connector to use the new smtp vs
make sure the smtp connector uses the smart host
update the default smtp to use port 25 and no smart host

this is the best practice for mail routing
0
 
JOE-BULLITTAuthor Commented:
The problem is that the smart host sits in front of my Exchange Server, and it is listeing on port 25.  If I set the SMTP connector to port 25 mail will go straight to Exchange and not filter.
Right?
0
 
endital1097Commented:
no, your firewall should be directing traffic on port 25 to your smart host
then your filter sends it to exchange
0
 
JOE-BULLITTAuthor Commented:
Essential it does, except the filter is on the same machine as Exchange, which is why the Exchange server ports need to be modified.

Maybe I'll need to explore port triggering on the firewall, or something.  I understand what you are saying here, just need to think a little bit.

I'm a little confused, however, because the two servers must be talking to each other because I am able to receive external mail on the Exchange 2003 server, and it does make it to a mailbox on the Exchange 2010 server.
0
 
endital1097Commented:
yes, 2010 is listening on 25 so your 2003 server will deliver via the rgc over 25
when 2010 attempts to send it is trying to connect to your 2003 server on port 25 which fails

can you assign a second internal ip address that you could use for this?
assign the secondary ip address to the default smtp vs with port 25
leave the other smtp vs alone
0
 
JOE-BULLITTAuthor Commented:
I'll try your suggestion this weekend.
It sounds like it may be easier to move the filter to another machine.  :-)
0
 
endital1097Commented:
if you do decide to add the second ip address, you probably want to update the hosts file on the 2010 server with that ip address to ensure it goes to the correct smtp vs

let me know how it goes
0
 
JOE-BULLITTAuthor Commented:
Thanks for your help!  I added the second NIC and separated the smart host and Exchange, and mail flows right now.
I appreciate the assistance very much!
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 10
  • 9
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now