Link to home
Create AccountLog in
Avatar of TSAdmin8
TSAdmin8

asked on

Can't communicate between 2 hub transport servers

We have installed a second domain (it is not a child domain) and have installed Exchange 2007 in a server of this second domain (call it seconddomain).  I am able to send emails out to the internet but not to addresses that reside in the Exchange server from my first domain.  I see that the meesages get stuck in the queue with error: 451 4.4.0 primary target IP address responded with "421.4.4.2 unable to connect."attempted failover to alternate host, but that did not succeed.Either there are no alternate hosts, or delivery failed to all alternate hosts.
If I click retry again, I then get error: 451 4.4.0 Primary target IP address responded with:"454 4.7.0 Temporary authentication failure"
I ran the Exchange Troubleshooter and get the followint error: Computer account for 'SMTPSVC\Exchangeserver.seconddomain' not found in Active Directory.  No computer account in Active Directory has 'ServicePrincipalName' set to 'SMTPSVC/Exchangeserver.seconddomain' .  This will result in Kerberos authentication failures when server Exchange server attempts to create an SMTP connection to another Hub Transport server.   Any tips or suggestions?  Thanks in advance!
Avatar of Mark Damen
Mark Damen
Flag of United Kingdom of Great Britain and Northern Ireland image

So you've got 2 separate domains/exchange organisations using the same domain name, and you want them to share this address space correctly?
ensure that the port 25 is open between the two servers.
telnet remote.server.name 25
make sure that both teh servers reecive cnnectors have the following auth & permission

authentication
first one TLS
exchange servers
integ windows

Permission
anonymous
exchange users
exchange servers
Legacy exchange

as the two servers are in the same network, create a send connector on both serves with teh following
address space tab should have address of remote servers email address domain name
network tab should have smarthost added (IP/FQDN of the remote server) & no auth

this should fix your issue
Avatar of TSAdmin8
TSAdmin8

ASKER

We have 2 domains withing the same forest...  Therefore there is only 1 Exchange Organization.
lukepdsilva, I will try the settings you provided right now and will let you know!  Thanks!
Hi Luke, i wanted to let you know that I made the changes to the configureation on the receive connectors and yes, the 2 servers can telnet each other using port 25.  Before I make changes to the send connector, I just wanted to clarify something.  One of the exchange servers (connected to the firstdomain) is on the west coast and the second exchange server (seconddomain) is in the east coast. We have a dedicated tunnel between the 2 sites.  I have created Inter-site links.  Again, the second exchange server is in the seconddomain but both the firstdomain and seconddomain are part of the same forest so there is only 1 Exchange organization.  All the users from first or seconddomain will have firstdomain email addresses and the only difference is that users working in the west coast office will have their mailboxes hosted in the first exchange server while the others will have their mailboxes hosted by the second exchange server.  Do you foresee any problems with that kind of a set up?  Thanks in advance!
Hi Luke,
Sorry for not responding earlier but I felt pretty sick yesterday and did not work on the servers too much (and was very busy today).  I just have one more question...  If I create a Send connector for the 2 domains, will it mess up the email delivery to the other exchange servers that are in mydomain?  Please let me know.

Thanks,

Allie
ASKER CERTIFIED SOLUTION
Avatar of TSAdmin8
TSAdmin8

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I found out how to solve a DNS problem which is how the problem got solved afterall.