Exchange 2007 temporary authentication error

Posted on 2011-04-28
Last Modified: 2012-05-11
We have 2 sites
Site A is HQ has single exchange 2007
Site B is sub-office with single exchange 2007
Site A & B connected by VPN.
Email flows from Site B to Site A over VPN then out to the world.
Email comes into site A travel over VPN to Site B
Was working fine then all of a sudden Mail stopped flowing to site B
Restarted exchange server went away
A week later it came back.
Queue filling up.
Site A could send email outside, but not to site B.
Queues reveal a  "4.7.0 Temporary Authentication Failure"
Restart site A server and problem vanished. Email flowed

To me it looks like Site B server is not not authenticating Site A, but not sure why it would do that.
Pretty much all I can find is when folk have big installs of exchange with roles spread onto different servers.
I did see soemthing about certification errors online, but would have thought that would just be a problem all the time.
A restart of Site A server seems to cure it so I can't see that being an issue.

Also not very sure on these receive connectors - exchange 2000 previously and this is very different,
so not quite sure how they work. Site A has 3 of them Client, Internalrelay & Site A Mail in, Site B has Client and Site B in
Both sites have Default disabled.

Any ideas?
Question by:Majicthise
    LVL 13

    Accepted Solution

    anything in the Event viewer related to authentication ?
    run EXBPA , any errors ?
    LVL 13

    Expert Comment

    also check this post regarding FQD on the recieve connectors.

    Author Comment

    I hang my head in shame.
    Was looking at WRONG EVENT VIEWER!!
    An internal transport certificate has expired.
    How much clearer does that need to be?
    LVL 13

    Expert Comment

    good luck :)
    LVL 12

    Expert Comment

    I know this issue is closed, but I had a similar issue (same error) but a different solution and wanted to share it in case anyone else runs into this and it isn't the certificate. In my case, it wound up that the time on the exchange server that was queueing up was 5 minutes off from the domain controllers. That is too large of a differential. I found that the exchange server was set to use NTP to a DC that no longe existed. I changed it to use NT5DS, restarted the w32time service and the issue resolved.

    To check the time service settings, you can do the following:

    From Regedit:
    Go to HKLM\SYSTEM\CurrentControlSet\services\W32Time\Parameters.
    Make sure the type is set to NT5DS.
    Close Regedit.
    From Command Prompt, type Net stop W32Time && Net Start W32Time.

    At this point you should see the time change on the server to the same time as the domain controller. You may need to restart your AD Topology service to get mail flowing again after doing this.

    Hope this helps for those who are having this same issue.

    Featured Post

    Why do Marketing keep bothering you?

    Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

    Join & Write a Comment

    Use email signature images to promote corporate certifications and industry awards.
    Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
    This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now