Solved

Migrating Exchange 2003 to 2010.

Posted on 2010-11-22
18
256 Views
Last Modified: 2013-11-05
We have installed a new 2008 Server and installed Exchange 2010 to replace Exchange 2003.  The AD is 2003.  Once the install was complete and we redirected the incoming port 25 on the firewall to the new server, we moved a couple of mailboxes for testing.  In that transition state, all incoming email was rejected (550 5.7.1 Unable to relay).  

If we changed the incoming firewall rule back to the 2003 server, mailboxes still on 03 could receive incoming, but not the mailboxes on 2010.  The 2010 could send email, but not 2003.  When a 2003 user tried to send outbound email, we noted on the 03 event logs that the new server was rejecting the email, again unable to relay.

Any ideas?
0
Comment
Question by:jim0816
  • 9
  • 6
18 Comments
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
sounds like you have not added an Accepted Domain to Exchange 2010?
Under organisation Configuration add an accepted domain.

You will also need to add under Server Configuration > Hub Transport on the Receive Connector that starts with DEFAULT on the permissions tab add a check in annonymous users.

You might also find there is a smarthost configured on the SMTP Virtual Server on the 2003 server, see my article here for details: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3044-Exchange-Server-Mail-Flow.html
0
 

Author Comment

by:jim0816
Comment Utility
Under organization configuration, "Use a default domain controller" is selected.  Should the domain and domain controller be specified?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
No, this is not required, it also has nothing to do with the accepted domain.

Have you added an accepted domain?
0
 

Author Comment

by:jim0816
Comment Utility
yes, the accepted domain has been added
0
 

Author Comment

by:jim0816
Comment Utility
just another note....if I do the telnet test to the 2010 server, I get the unable to relay response.  the mail from and rcpt to addresses are mailboxes are both on the 2010 server.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
From the Exchange Management Shell can you run the following please:

Get-AcceptedDomain

And post the results.

Have you setup an email address policy? Do the users have valid addresses on the email address tab?
0
 

Author Comment

by:jim0816
Comment Utility
Name                           DomainName                     DomainType                   Default

somedomain.com               somedomain.com               Authoritative                True

there is only the default policy, and it has not been applied
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
if nobody has got a valid email address then you will not be able to relay.
Check the users email addresses.

You will also need to create a email address policy
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:jim0816
Comment Utility
the users have valid email addresses
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
then, technically there is no reason why you shouldn't be allowed to relay.

Did you check the permission on the receive connector I mentioned in my first post?
0
 

Author Comment

by:jim0816
Comment Utility
yes, it is checked
0
 

Author Comment

by:jim0816
Comment Utility
I also ran another telnet test, this time i used "server.domain.com" on the rcpt to address, and did not get the "unable to relay" response
0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
jim,

your mx records are the following:

somedomain.com.1.xxxxxx.com	nnn.nnn.nnn.nnn


Looks like you have another "front-end" / "Middle-tier" application between internet against your exchange server ?

If that is the case you should contact the vendor hosting this to configure the application or whatever to accept the mails for your domain,

Or I might have be totally wrong..
0
 

Author Comment

by:jim0816
Comment Utility
that is a spam filtering service, they just relay email to the public IP of our server
0
 

Accepted Solution

by:
jim0816 earned 0 total points
Comment Utility
The problem turned out to be the SMTP service was installed and enabled.  Disabling the service then restarting the Exchange Transport service solved the problem.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now