Link to home
Start Free TrialLog in
Avatar of kjkamin
kjkaminFlag for United States of America

asked on

Exchange 07 451 4.4.0 Primary Target IP address responded 421 4.2.1 unable to connect.

SBS 08 Server routes all outbound mail via smarthost to Postini.  Mail delivery stopped today. The Exchange queue has the error 451 4.4.0 Primary Target IP address responded 421 4.2.1 unable to connect.  Confirmed with Postini that there are no issues and other clients using same setup are working fine.

I cannot telnet to port 25 at all from the server to any mail host. Firewall rules allow all outbound and nothing was changed prior to this happening. Rebooted router, firewall and server. If I remove the smarthost, delivery via DNS to recipient servers also fails (due to no outbound on port 25).  Web browsing works fine from server. DNS resolvers all work fine.  Inbound mail is working fine.  I am stumped.  
Avatar of Viral Rathod
Viral Rathod
Flag of India image

Since you are unable to telent to port 25 ,Have you checked this with ISP ,ISP might have blocked the port 25 ?
To check if port 25 is open

Go here
http://www.canyouseeme.org/

Check the status of Port 25 .
Avatar of kjkamin

ASKER

ISP is Time Warner.  Called them and they verified that their modem is functioning properly and NOT blocking any traffic.

Result:

Success: I can see your service on 69.193.x.x on port (25)
Your ISP is not blocking port 25
Hmm ....You have also checked the firewall and the firewall is also not blocking the port.

When you telnet from outside 25 Port is not listing ?

Can you the following steps

--Restart the Exchnage Transport Service & Disabled the Antivirus software and then check if you are able to telent to 25 port

Letus know the results.
Avatar of kjkamin

ASKER

I've already tried both suggestions. Does not resolve.  Tomorrow we try a new firewall to see if that is the problem.
Avatar of getzjd
You can telnet from other machines on the same network outbound to the rest of the world?
On port 25 that is...
Avatar of kjkamin

ASKER

Thanks. I did not try that.  I am unable to telnet to WAN on port 25 from another computer on the LAN. That narrows it down to either the firewall or the ISP.
If you can get away with killing the internet connection for a few minutes.  Assign your WAN static IP to a laptop, plug it in , confirm internet connectivity  and try the telnet to another mail server again.  This will eliminate the Firewall possibility.   Not sure if I caught what type of firewall you have.  

p.s. with the time warner cable modem, you may have to cycle the power on it after unplugging it from the firewall and  before plugging it in to the laptop.  
Avatar of EmeritusAdmin
EmeritusAdmin

Having the exact same issue here, but we have a cisco 2800 router going into a ASA 5520 (100MB Time Warner Circuit).  Outbound SMTP fails anywhere it seems, but from my home PC I can get there OK (Comcast).  Was hoping you had the answer :)  I'll be calling them now to see whats up!
My problem ended up being our front end exchange server (has multiple IPs on it so it can have multiple SSL certs) decided to start sending mail out a different IP today, not quite sure why.  This made our ASA start blocking it.  I did talk to TW (not sure if the same TW that does cable) and he mentioned they are in a no-change window right now, so nothing has been modified this week in there production, and they have no filtering going on.

Probably not your problem sadly, but good luck in your search!
ASKER CERTIFIED SOLUTION
Avatar of kjkamin
kjkamin
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
That's why I suggested to hook a machine directly up to the ISP bypassing the firewall :-)     We have 7 Sonicwalls at varioius sites and thankfully have not had any corruption like this on them.  This is good to know though going forward.

Glad you got it going!
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.