Solved

Exchange 07 451 4.4.0 Primary Target IP address responded 421 4.2.1 unable to connect.

Posted on 2010-11-23
15
1,800 Views
Last Modified: 2012-05-10
SBS 08 Server routes all outbound mail via smarthost to Postini.  Mail delivery stopped today. The Exchange queue has the error 451 4.4.0 Primary Target IP address responded 421 4.2.1 unable to connect.  Confirmed with Postini that there are no issues and other clients using same setup are working fine.

I cannot telnet to port 25 at all from the server to any mail host. Firewall rules allow all outbound and nothing was changed prior to this happening. Rebooted router, firewall and server. If I remove the smarthost, delivery via DNS to recipient servers also fails (due to no outbound on port 25).  Web browsing works fine from server. DNS resolvers all work fine.  Inbound mail is working fine.  I am stumped.  
0
Comment
Question by:kjkamin
  • 4
  • 4
  • 3
  • +2
15 Comments
 
LVL 17

Expert Comment

by:Viral Rathod
ID: 34201812
Since you are unable to telent to port 25 ,Have you checked this with ISP ,ISP might have blocked the port 25 ?
0
 
LVL 17

Expert Comment

by:Viral Rathod
ID: 34201818
To check if port 25 is open

Go here
http://www.canyouseeme.org/

Check the status of Port 25 .
0
 

Author Comment

by:kjkamin
ID: 34201840
ISP is Time Warner.  Called them and they verified that their modem is functioning properly and NOT blocking any traffic.

Result:

Success: I can see your service on 69.193.x.x on port (25)
Your ISP is not blocking port 25
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 17

Expert Comment

by:Viral Rathod
ID: 34201885
Hmm ....You have also checked the firewall and the firewall is also not blocking the port.

When you telnet from outside 25 Port is not listing ?

Can you the following steps

--Restart the Exchnage Transport Service & Disabled the Antivirus software and then check if you are able to telent to 25 port

Letus know the results.
0
 

Author Comment

by:kjkamin
ID: 34202018
I've already tried both suggestions. Does not resolve.  Tomorrow we try a new firewall to see if that is the problem.
0
 
LVL 15

Expert Comment

by:getzjd
ID: 34202220
You can telnet from other machines on the same network outbound to the rest of the world?
0
 
LVL 15

Expert Comment

by:getzjd
ID: 34202221
On port 25 that is...
0
 

Author Comment

by:kjkamin
ID: 34202264
Thanks. I did not try that.  I am unable to telnet to WAN on port 25 from another computer on the LAN. That narrows it down to either the firewall or the ISP.
0
 
LVL 15

Expert Comment

by:getzjd
ID: 34202296
If you can get away with killing the internet connection for a few minutes.  Assign your WAN static IP to a laptop, plug it in , confirm internet connectivity  and try the telnet to another mail server again.  This will eliminate the Firewall possibility.   Not sure if I caught what type of firewall you have.  

p.s. with the time warner cable modem, you may have to cycle the power on it after unplugging it from the firewall and  before plugging it in to the laptop.  
0
 

Expert Comment

by:EmeritusAdmin
ID: 34203049
Having the exact same issue here, but we have a cisco 2800 router going into a ASA 5520 (100MB Time Warner Circuit).  Outbound SMTP fails anywhere it seems, but from my home PC I can get there OK (Comcast).  Was hoping you had the answer :)  I'll be calling them now to see whats up!
0
 

Expert Comment

by:EmeritusAdmin
ID: 34203302
My problem ended up being our front end exchange server (has multiple IPs on it so it can have multiple SSL certs) decided to start sending mail out a different IP today, not quite sure why.  This made our ASA start blocking it.  I did talk to TW (not sure if the same TW that does cable) and he mentioned they are in a no-change window right now, so nothing has been modified this week in there production, and they have no filtering going on.

Probably not your problem sadly, but good luck in your search!
0
 

Accepted Solution

by:
kjkamin earned 0 total points
ID: 34303900
This ended up being the Sonicwall.  We had to completely blow out the config and redo it to resolve the problem.  Very odd.  Some sort of corruption.
0
 
LVL 15

Expert Comment

by:getzjd
ID: 34303958
That's why I suggested to hook a machine directly up to the ISP bypassing the firewall :-)     We have 7 Sonicwalls at varioius sites and thankfully have not had any corruption like this on them.  This is good to know though going forward.

Glad you got it going!
0
 
LVL 33

Expert Comment

by:digitap
ID: 34470591
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question