Receive Connector IP Subnet

I've created an internal relay with the Authentication of (TLS, Basic, Integrated Window) and permission of (Anonymous, & Exchange users).  So I can receive mail from an entire subnet I've added 10.0.0.0/8 to both servers.  When I do this mail will not flow between the two servers, they just build up in the queues, but the example shows that I can and I should be able to.  Any ideas
Puke FooAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Puke FooAuthor Commented:
Sorry I wasn't clear, I've got the connector working, it's only when I try and add an entire subnet that it doesn't work.
Ragu RamachandranCommented:
Where is the message building up, on the sending server?
If you want to relay from specific servers, try enabling TLS and anonymous authentication
I am not sure what is the reason to create the relay access to an entire network. This is very risky as any PC/Server in the network if compromised, it will be very difficult to isolate the PC...
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

Ragu RamachandranCommented:
Are you able to add the subnet 10.0.0.0/8 to the list? Are  you getting any error?
If you are able to add the subnet without any problem, then you can try telnet the Exchange server from any of the PC in the subnet and let us know what you get?
Puke FooAuthor Commented:
The queues on the exchange 2010 servers, and the queue name is "smtp relay to remote active directory site"


451.4.4.0 Primary target IP address responded with: "451.5.7.3 Cannot achieve Exchange Server authentication


I've run these commands so servers can relay through the connector and they can if I put them in as a single IP.

a.       Get-ReceiveConnector "Internal Relay" | Add-ADPermission -User "AU" -ExtendedRights "ms-Exch-SMTP-Accept-Authoritative-Domain-Sender"

b.      Get-ReceiveConnector "Internal Relay" | Add-ADPermission -User "NT Authority\Anonymous Logon" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

I can telnet and send mail via telnet once the queue starts to build up which is odd.
JuusoConnectaCommented:
THe command that you had in b. is correct(Get-ReceiveConnector "Relay Connector" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient")

If you have added the whole subnet, first make sure that you do NOT have any of those ip addresses included in your other receive connectors, this will create a conflict.

Also, you said "When I do this mail will not flow between the two servers", what do you exactly mean ? Is it two application servers (or other) that are trying to mail each other relaying thru exchange ?
If you send mail relaying thru exchange server you need to define the end-point of where the mail will get received, a "mailbox" on a mail server of any kind. (Kindly specify what your trying to accomplish here =] )

During some cases you should uncheck integrated windows authentication, but I do not understand at the moment what your trying to accomplish so I dont know weither you should do this or not,

cheers
Puke FooAuthor Commented:
mail will not flow between the two 2010 exchange servers
JuusoConnectaCommented:
batstrading,

what are you trying to accomplish here when you say "When I do this mail will not flow between the two servers", Why does two exchange servers need to mail each other ? That is the way your describing the issue..

Are you referring to that users who have their mailbox on one exchange 2010 server and are unable to send mail to users who are on your other exchange 2010 server ?
Puke FooAuthor Commented:
I'll try to explain a bit further.

I have two exchange 2010 mail servers, one in site A and one in site B, they are at different locations.  If I have mail from site B attempting to deliver to a mailboxs in site A, they will backup in the queue on mail server B.  Also there's public folder replication which is backed.  This only happens when I add the entire subnet.  If I add the individual ip's it works fine.  The only problem with that is I have hundreds and hundreds of servers.
JuusoConnectaCommented:
I understand your scenario now,

I take it that bouth exchange server has the HUB, CAS and mailbox role installed on respective ?

The two exchange servers are they located on two different forests or subdomains ?
Puke FooAuthor Commented:
same domain, same forest, different sites
Puke FooAuthor Commented:
yes they have hub, cas, and mailbox
JuusoConnectaCommented:
If it is in the same forest, same domain, you dont need a receive connector between the two exchange servers, If a user who's mailbox resides on exchange server A send a mail to a user who's mailbox resides on exchange server B, mail should be delivered automatically.

Bouth Exchange server are within the same exchange organization, to double check this you can see in EMC -> Organization configuration and see the two exchange servers, you should not need any receive connectors in this scenario when it comes to internal mail flow between users whos mailbox is residing on one of the exchange servers
Puke FooAuthor Commented:
I know that's what's odd about this, I'm using the internal receive connector for my linux hosts to relay through the mail server, but when I try and add an entire subnet such as 10.0.0.0/8, then mail stops flowing between the two mail servers.
JuusoConnectaCommented:
Well, are the clients on that site on that subnet or a different subnet in that site ?

If your client computers are on same subnet as your linux hosts that are trying to relay, there might be a conflict, since the clients have "two options" now to send mail.

Though client computer should always use MAPI connections by default (and by design), what you could try to see if its the subnet on the receive connector that is causing this issue, is to set a client computers outlook to use RPC over HTTP, so it connects to the exchange server thru the web and not the internal LAN connection and see if it works.

I strongly suspect that this is where the issue lies (that your adding the whole subnet where the client computers are located), but I cannot say for sure...

cheers
Puke FooAuthor Commented:
thanks for you're input, I'll keep trying
MayogroupCommented:
I have had the same issue.
Mail sent from mailboxes hosted on our new 2010 server to not hit mailboxes on our old 2007 server.
Changing send/receive connectors on the exchange servers does nothing.
The issue seems to point to no relay connector setup on the DC. Will keep you posted.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.