Mail flows one way from one 2007 box, but not vice versa

Posted on 2011-03-09
Medium Priority
Last Modified: 2012-05-11

I currently have two exchange servers in two sites. The plan is to move all mailboxes from Site A to Site B so we can decomission the server, but this is a project that will take a few months to complete so both servers need to send mail back and forth depending on where users mailboxes are.

Site A is old site, Site B is the new.

Site A has User A in its mailbox DB
Site B has User B in its mailbox DB

User A can send mail to User B, external can send to User B
User B cannot send to anyone at Site A, but can to others at Site B

The messages sit in the queue and report "4.4.0 Primary target IP address responded with: “454.4.7.0 Temporary authentication failure.”  Attempted failover to alternate host, but that did not succeed.  Either there are no alternate hosts or deliver failed to all alternate hosts. "

In the eventlogs the Transport Service throws Error 2017 "Outbound authentication failed with error TargetUnknown for Send connector Intra-Organization SMTP Send Connector. The authentication mechanism is ExchangeAuth. The target is SMTPSVC/externalFQDN.domain.com"

externalFQDN.domain.com is what users use for connecting to OWA etc so has been changed for security.

What I dont understand is why it appears to want to go the external route, and not through the internal route to server.domain.local at Site A.

Any help that anyone can suggest would be greatly appreciated as this is holding up a project.

Question by:richardp19787
  • 2
  • 2
LVL 11

Expert Comment

ID: 35107763
In Site A  Please check the permission on default receive connectors on each Hub Servers.

Get-ReceiveConnector -Identity "SERVERNAME\Default SERVERNAME" | fl PermissionGroups

Make sure "Exchange servers" are listed in the permissionGroups.

PermissionGroups : AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers, Custom

Author Comment

ID: 35126829

In site A on the Exchange server permission are Anonymous, Exchange users, Exchange Servers, Exchange Legacy Servers.

Site B is Exchange Users, Exchange Servers, Exchange Legacy Servers.

So both have Exchange servers set in permissions.

LVL 11

Accepted Solution

Sudhirchauhan3 earned 2000 total points
ID: 35140321

Author Comment

ID: 35216644
I had to create a new recieve connector. The link certainly helped guide me in the right direction and now all is well.

Thanks for your help.

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
After a recent Outlook migration from a 2007 to 2010 environment, some issues with Distribution List owners were realized. In this article, I explain how that was rectified.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question