Link to home
Create AccountLog in
Avatar of IQ_IT
IQ_ITFlag for United States of America

asked on

After Exchange 2010 installation, no mail flow to existing Exchange 2003 server

I just deployed a new Exchange 2010 server into my existing domain that had an Exchange 2003 server.

-  Completed all the requirements to install Exchange 2010 and successfully installed it with no errors.
-  During install I configured a bridge to the 2003 server.
-  I can move mailboxes to the new 2010 server from 2003 but cannot flow mail internally.
-  I have a smarthost ON the 2003 server using port 25 (so that mail is going from Exchange on 24).
-  Ran the mailflow analyzer (IQEXCH is 2010) and got this "The 'Remote delivery' queue (IQEXCH\4) on server IQEXCH is in retry status. Number of message(s) in the queue: 1. Last error information: 451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts."

Any suggestions?  I've checked that SMTP on 2003 does have Integrated Auth checked.
Avatar of IQ_IT
IQ_IT
Flag of United States of America image

ASKER

Just noticed this too:  "Missing SMTP virtual server FQDN in SMTPSVC service principal name:  
The computer account for Exchange server iqmx.iqms.com does not appear to contain the fully-qualified domain name of Exchange SMTP virtual server 'Default SMTP Virtual Server'. This may cause Kerberos authentication to fail when sending messages between servers. The tool expected to find 'SMTPSVC/mail.domainname(faked).com' in the ServicePrincipalName.

AND

"Remote server mail.iqms.com failed the mail acceptance test. MAIL FROM command: Respond = 503 HELO or EHLO required"

Keep in mind that the 2003 is still sending/recieving mail normally.
Avatar of Kirti_Singh
Kirti_Singh

a smarthost ON the 2003 server using port 25 (so that mail is going from Exchange on 24).
451 5.7.3 Cannot achieve Exchange Server authentication
Missing SMTP virtual server FQDN in SMTPSVC

Configure E2k3, properties of Default SMTP Vs,
1. Delivery tab, if you have smarthost then Remove smarthost, and create a SMTP connector and configure the smarthost there
2. Copy the E2k3 machine name and paste in FQDN
3.  Relay tab, check whether in IP range, if you have added the Ip of the newly installed server's IP, if yes remove, it
and reset IIs service or SMTP service

Avatar of IQ_IT

ASKER

@ Kirti -
1.  I did see a smarthose configured here "localhost" and so I removed that.
2.  I did have a connector already setup with the FQDN (I changed that last week).
3.  I reset IIS and SMTP services.

This partially worked.  Now I have mailflow from the E2k3 to the E2010 but not FROM the E2010 to the E2k3.  Re-ran the troubleshoot wizard and it gave the same "451 5.7.3 Cannot achive Exchange Server Authentication" error.

I cannot seem to see the issue here, all of my research points to enabling Integrated Authentication but that is already enabled.  I was reading about Edge Transport servers and I do not have this role on this server.  Based on its description I do not need this role as there is not going to be multiple Exchange 2010 servers.
Avatar of IQ_IT

ASKER

I just realized that I had not installed Exchange 2010 SP1 yet so that was completed with no errors.
However, still have no mailflow from Exch2010 to Exch2k3.
I've even deleted and recreated the routing group to both servers and it still did not resolve this.
Avatar of Glen Knight
Can you check the SMTP virtual server on the 2003 server as per my guide here: https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Exchange-Server-Mail-Flow.html
ASKER CERTIFIED SOLUTION
Avatar of IQ_IT
IQ_IT
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Shame :) didn't include routing group configuration in my article :( I feel an update coming along
Avatar of IQ_IT

ASKER

Fortunately I was able to get a refund for my Microsoft ticket because it was a limitation with the software and not a configuration issue on my servers.