Solved

Exchange 07 451 4.4.0 Primary Target IP address responded 421 4.2.1 unable to connect.

Posted on 2010-11-23
15
1,788 Views
Last Modified: 2012-05-10
SBS 08 Server routes all outbound mail via smarthost to Postini.  Mail delivery stopped today. The Exchange queue has the error 451 4.4.0 Primary Target IP address responded 421 4.2.1 unable to connect.  Confirmed with Postini that there are no issues and other clients using same setup are working fine.

I cannot telnet to port 25 at all from the server to any mail host. Firewall rules allow all outbound and nothing was changed prior to this happening. Rebooted router, firewall and server. If I remove the smarthost, delivery via DNS to recipient servers also fails (due to no outbound on port 25).  Web browsing works fine from server. DNS resolvers all work fine.  Inbound mail is working fine.  I am stumped.  
0
Comment
Question by:kjkamin
  • 4
  • 4
  • 3
  • +2
15 Comments
 
LVL 16

Expert Comment

by:Viral Rathod
Comment Utility
Since you are unable to telent to port 25 ,Have you checked this with ISP ,ISP might have blocked the port 25 ?
0
 
LVL 16

Expert Comment

by:Viral Rathod
Comment Utility
To check if port 25 is open

Go here
http://www.canyouseeme.org/

Check the status of Port 25 .
0
 

Author Comment

by:kjkamin
Comment Utility
ISP is Time Warner.  Called them and they verified that their modem is functioning properly and NOT blocking any traffic.

Result:

Success: I can see your service on 69.193.x.x on port (25)
Your ISP is not blocking port 25
0
 
LVL 16

Expert Comment

by:Viral Rathod
Comment Utility
Hmm ....You have also checked the firewall and the firewall is also not blocking the port.

When you telnet from outside 25 Port is not listing ?

Can you the following steps

--Restart the Exchnage Transport Service & Disabled the Antivirus software and then check if you are able to telent to 25 port

Letus know the results.
0
 

Author Comment

by:kjkamin
Comment Utility
I've already tried both suggestions. Does not resolve.  Tomorrow we try a new firewall to see if that is the problem.
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
You can telnet from other machines on the same network outbound to the rest of the world?
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
On port 25 that is...
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:kjkamin
Comment Utility
Thanks. I did not try that.  I am unable to telnet to WAN on port 25 from another computer on the LAN. That narrows it down to either the firewall or the ISP.
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
If you can get away with killing the internet connection for a few minutes.  Assign your WAN static IP to a laptop, plug it in , confirm internet connectivity  and try the telnet to another mail server again.  This will eliminate the Firewall possibility.   Not sure if I caught what type of firewall you have.  

p.s. with the time warner cable modem, you may have to cycle the power on it after unplugging it from the firewall and  before plugging it in to the laptop.  
0
 

Expert Comment

by:EmeritusAdmin
Comment Utility
Having the exact same issue here, but we have a cisco 2800 router going into a ASA 5520 (100MB Time Warner Circuit).  Outbound SMTP fails anywhere it seems, but from my home PC I can get there OK (Comcast).  Was hoping you had the answer :)  I'll be calling them now to see whats up!
0
 

Expert Comment

by:EmeritusAdmin
Comment Utility
My problem ended up being our front end exchange server (has multiple IPs on it so it can have multiple SSL certs) decided to start sending mail out a different IP today, not quite sure why.  This made our ASA start blocking it.  I did talk to TW (not sure if the same TW that does cable) and he mentioned they are in a no-change window right now, so nothing has been modified this week in there production, and they have no filtering going on.

Probably not your problem sadly, but good luck in your search!
0
 

Accepted Solution

by:
kjkamin earned 0 total points
Comment Utility
This ended up being the Sonicwall.  We had to completely blow out the config and redo it to resolve the problem.  Very odd.  Some sort of corruption.
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
That's why I suggested to hook a machine directly up to the ISP bypassing the firewall :-)     We have 7 Sonicwalls at varioius sites and thankfully have not had any corruption like this on them.  This is good to know though going forward.

Glad you got it going!
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
how to add IIS SMTP to handle application/Scanner relays into office 365.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now