Punniyakotti
asked on
mailflow between India HUB transport and US HUb Transport not working, both the ways
I am having an issue wherein one of my location is not able to to send and receive emails from US Location.
India HO Location >>> US - Canada Location
India Servers
2 HUB Transport servers running Windows 2003 SP2
Canada Location
2 HUB Transport servers running Windows 2008 SP2
When we are sending emails from India Noida location Exchange servers they are getting queued in Remote delivery queue with Last error as 451 4.4.0 Primary target IP address responded with: "454 4.7.0 Temporary authentication failure.
Getting 2 event ids:
========================== ========== ========== ========== ========== =====
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: SmtpSend
Event ID: 2003
Date: 9/10/2010
Time: 8:30:14 PM
User: N/A
Computer: XXX-N1
Description:
Send connector Intra-Organization SMTP Send Connector has failed to authenticate with 172.18.102.95:25. The response from the remote site is 454 4.7.0 Temporary authentication failure
========================== ========== ========== ========== ==========
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: SmtpReceive
Event ID: 1035
Date: 9/10/2010
Time: 8:45:32 PM
User: N/A
Computer: XXXXX-N1
Description:
Inbound authentication failed with error IllegalMessage for Receive connector Default XXXX-N1. The authentication mechanism is ExchangeAuth. The source IP address of the client who tried to authenticate to Microsoft Exchange is [172.18.102.95]
========================== ========== ========== ========== ========== =========
Troubleshooting steps carried out
1) Time is in sync with DC's
2) No duplicate SPN
3) Ports are opened
4) While pinging both the HUb Transport servers with setting MTU size of 1472 is not working, ping response comes by setting 530 bytes
ping servername -f -l 530
5) 968389 uninstalled this hotfix from all Hub Transport servers
6) There was one receive connector for relaying application servers emails in which Exchange IP addresses were listed, removed them.
7) Disabled Client receive connector and other receive connectors only kept Default receive connector, still the same issue
8) Default DC policy is having everyone, administrators and authenticated users listed for allow this computer from network
9) In smtpreceive connector logs I am seeing that whenever connection is coming from Remote that is US Exchagne servers it showing the below error:
========================== ========== ========== ========== ========== =====
180.190.3.11:25,172.18.102 .96:36696, <,X-EXPS EXCHANGEAUTH,
2010-09-11T08:31:35.795Z,H OEXCH-HC-N 2\Default HOEXCH-HC-N2,08CD1F8766FE7 2F5,41,180 .190.3.11: 25,172.18. 102.96:366 96,*,,Inbo und ExchangeAuth negotiation failed because of IllegalMessage
2010-09-11T08:31:40.795Z,X XXX-N2\Def ault XXXX-N2,08CD1F8766FE72F5,4 2,180.190. 3.11:25,17 2.18.102.9 6:36696,>, 454 4.7.0 Temporary authentication failure,
========================== ========== ========== ========== ========== =======
Please help on this I am running out of ideas, seems like there is some problem with the authentication set on default receive connectors.
Regards,
PK
India HO Location >>> US - Canada Location
India Servers
2 HUB Transport servers running Windows 2003 SP2
Canada Location
2 HUB Transport servers running Windows 2008 SP2
When we are sending emails from India Noida location Exchange servers they are getting queued in Remote delivery queue with Last error as 451 4.4.0 Primary target IP address responded with: "454 4.7.0 Temporary authentication failure.
Getting 2 event ids:
==========================
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: SmtpSend
Event ID: 2003
Date: 9/10/2010
Time: 8:30:14 PM
User: N/A
Computer: XXX-N1
Description:
Send connector Intra-Organization SMTP Send Connector has failed to authenticate with 172.18.102.95:25. The response from the remote site is 454 4.7.0 Temporary authentication failure
==========================
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: SmtpReceive
Event ID: 1035
Date: 9/10/2010
Time: 8:45:32 PM
User: N/A
Computer: XXXXX-N1
Description:
Inbound authentication failed with error IllegalMessage for Receive connector Default XXXX-N1. The authentication mechanism is ExchangeAuth. The source IP address of the client who tried to authenticate to Microsoft Exchange is [172.18.102.95]
==========================
Troubleshooting steps carried out
1) Time is in sync with DC's
2) No duplicate SPN
3) Ports are opened
4) While pinging both the HUb Transport servers with setting MTU size of 1472 is not working, ping response comes by setting 530 bytes
ping servername -f -l 530
5) 968389 uninstalled this hotfix from all Hub Transport servers
6) There was one receive connector for relaying application servers emails in which Exchange IP addresses were listed, removed them.
7) Disabled Client receive connector and other receive connectors only kept Default receive connector, still the same issue
8) Default DC policy is having everyone, administrators and authenticated users listed for allow this computer from network
9) In smtpreceive connector logs I am seeing that whenever connection is coming from Remote that is US Exchagne servers it showing the below error:
==========================
180.190.3.11:25,172.18.102
2010-09-11T08:31:35.795Z,H
2010-09-11T08:31:40.795Z,X
==========================
Please help on this I am running out of ideas, seems like there is some problem with the authentication set on default receive connectors.
Regards,
PK
can you make sure that both receive connector have Exchange server permissions configured
ASKER
Thanks for the prompt response
On all the Exchange servers - Exchange server permissions are configured
On all the Exchange servers - Exchange server permissions are configured
please check that both have connectivity to AD and that time is synchronized between the machines
ASKER
Yes. Time is in sync.
check this KB
http://support.microsoft.com/kb/979174
http://support.microsoft.com/kb/979174
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Busbar thanks alot for your prompt response.
ASKER
Issue resolved
ASKER
Please close