Can't communicate between 2 hub transport servers

Posted on 2010-11-13
Last Modified: 2012-08-14
We have installed a second domain (it is not a child domain) and have installed Exchange 2007 in a server of this second domain (call it seconddomain).  I am able to send emails out to the internet but not to addresses that reside in the Exchange server from my first domain.  I see that the meesages get stuck in the queue with error: 451 4.4.0 primary target IP address responded with "421.4.4.2 unable to connect."attempted failover to alternate host, but that did not succeed.Either there are no alternate hosts, or delivery failed to all alternate hosts.
If I click retry again, I then get error: 451 4.4.0 Primary target IP address responded with:"454 4.7.0 Temporary authentication failure"
I ran the Exchange Troubleshooter and get the followint error: Computer account for 'SMTPSVC\Exchangeserver.seconddomain' not found in Active Directory.  No computer account in Active Directory has 'ServicePrincipalName' set to 'SMTPSVC/Exchangeserver.seconddomain' .  This will result in Kerberos authentication failures when server Exchange server attempts to create an SMTP connection to another Hub Transport server.   Any tips or suggestions?  Thanks in advance!
Question by:TSAdmin8
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
LVL 13

Expert Comment

ID: 34128271
So you've got 2 separate domains/exchange organisations using the same domain name, and you want them to share this address space correctly?

Expert Comment

ID: 34129911
ensure that the port 25 is open between the two servers.
telnet 25
make sure that both teh servers reecive cnnectors have the following auth & permission

first one TLS
exchange servers
integ windows

exchange users
exchange servers
Legacy exchange

as the two servers are in the same network, create a send connector on both serves with teh following
address space tab should have address of remote servers email address domain name
network tab should have smarthost added (IP/FQDN of the remote server) & no auth

this should fix your issue

Author Comment

ID: 34137387
We have 2 domains withing the same forest...  Therefore there is only 1 Exchange Organization.
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.


Author Comment

ID: 34137405
lukepdsilva, I will try the settings you provided right now and will let you know!  Thanks!

Author Comment

ID: 34138646
Hi Luke, i wanted to let you know that I made the changes to the configureation on the receive connectors and yes, the 2 servers can telnet each other using port 25.  Before I make changes to the send connector, I just wanted to clarify something.  One of the exchange servers (connected to the firstdomain) is on the west coast and the second exchange server (seconddomain) is in the east coast. We have a dedicated tunnel between the 2 sites.  I have created Inter-site links.  Again, the second exchange server is in the seconddomain but both the firstdomain and seconddomain are part of the same forest so there is only 1 Exchange organization.  All the users from first or seconddomain will have firstdomain email addresses and the only difference is that users working in the west coast office will have their mailboxes hosted in the first exchange server while the others will have their mailboxes hosted by the second exchange server.  Do you foresee any problems with that kind of a set up?  Thanks in advance!

Author Comment

ID: 34151449
Hi Luke,
Sorry for not responding earlier but I felt pretty sick yesterday and did not work on the servers too much (and was very busy today).  I just have one more question...  If I create a Send connector for the 2 domains, will it mess up the email delivery to the other exchange servers that are in mydomain?  Please let me know.



Accepted Solution

TSAdmin8 earned 0 total points
ID: 34176977
Well, the answer turned out to be adding the DC IP addresses in the forwarder for each domain.  Once that happened, AD started to replicate and resolve the exchange servers in the mydomaineast.

Author Closing Comment

ID: 34203755
I found out how to solve a DNS problem which is how the problem got solved afterall.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question