Solved

Users in remote Exchange 2010 site get 550 5.7.1 Unable to relay

Posted on 2011-09-12
25
451 Views
Last Modified: 2012-06-27
Hi,
Some of our users in our remote branches are getting a 550 5.7.1 Unable to relay. We have two Exchange sites. Site A hosts HQ’s mailboxes. Site B is the site that hosts the branches. Site B mostly services clients that are configured as SMTP and POP3.  There are 4 servers in each site, 2 HUB/CAS servers and 2 mailbox servers.
Some users running in site B get 550 5.7.1 Unable to relay errors from time to time. So the only way I can get the mail to flow again is to configure one receive connector to “Exchange Server authentication” in site A and one in site B. The other remaining connector must then be configured to “Externally Secured”(See Pic 1). Only then does the mail flow externally . But this configuration does not work for long. After a while the errors are back. I have tried a few config’s. If I put all 4 servers receive connector to “Externally Secured I get the following error: Cannot achieve Exchange server authentication. “ Attempted failover to alternative host, but that did not succeed.” Either there are no alternate hosts, or delivery failed to all alternate hosts. The permissions group on all receive connectors (Client and Default) are all selected except Partners.
It seems like only users that have an SMTP and POP3 configuration are impacted. Web App users and Exchange online mode are not affected.

Pic-1.PNG
0
Comment
Question by:ablsysadmin
  • 13
  • 10
  • +1
25 Comments
 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
this might be a stupid question, but outlook is configured to use authentication on the outgoing server?
0
 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
also, can you deliver mail using telnet on the server that does not want to relay?
0
 

Author Comment

by:ablsysadmin
Comment Utility
hi, will check the setting again if i find a user that has this issue. will report back asap. What are the default settings on the receive connectors?
0
 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
default would be :
under authentication:
TLS/Basic/Integrated windows/Exchange server

Permission groups:

Anonymous
exchange users
exchange servers
legacy exchange

0
 
LVL 4

Expert Comment

by:ctc1900
Comment Utility
It sounds like you have more than one receive connector bound to the same IP, thus you are seeing different results at different times.  Verify your receive connectors are bound to distinct IP addresses.
0
 

Author Comment

by:ablsysadmin
Comment Utility
@setasoujiro: Thanks for the reply. Should these settings be set on site A or site B?
@ctc1900:. Also...thanks for the reply. all bound to the same IP...
0
 

Author Comment

by:ablsysadmin
Comment Utility
@setasoujiro: your setting are not solving the issue.

i got it working as per screen shot on one CAS server in each site. This setting was set on both client and default receive connectors. Screen Shot
0
 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
you need the other ones as well in order to have normal outlook clients+outlook anywhere clients connect. That's why i said the default would be like that :)
0
 

Author Comment

by:ablsysadmin
Comment Utility
No outlook anywhere clients just yet. .....ok so just to make sure here. should i have all 4 CAS/HUB servers set as the screnshot above?
0
 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
no only the CAS servers at the sites where people need to send mail that way...
unless it's in all sites ofcourse
0
 

Author Comment

by:ablsysadmin
Comment Utility
ok, now they can send mail but not receiving anything
0
 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
that's because you need to set the "basic authentication" i think
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 

Author Comment

by:ablsysadmin
Comment Utility
ok, let me try
0
 

Author Comment

by:ablsysadmin
Comment Utility
ok wait. should this be set on the remote CAS servers because it can't be set on the servers with the external secure setting
0
 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
on the ones where outlook tries to do pop3 to...
to be honest i'm not following entirely with your several machines anymore :)
so i'll try my best
0
 

Author Comment

by:ablsysadmin
Comment Utility
not working. I am running out of idea's i have now set it back to the original settings. seems like everythinig is working again but the question is for how long. its getting late so i will have to call it a night now. I will update again when i get the issue. one thing is that i can even log a call with MS because we run these servers on vmware
0
 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
so it's not a problem when running on vmware afaik...
vmware is a supported platform...
But i will too call it a night and read everything again tomorrow fresh and revived :)
0
 

Author Comment

by:ablsysadmin
Comment Utility
thanks for the assistance. speak soon
0
 
LVL 23

Expert Comment

by:Malli Boppe
Comment Utility
I don't why you creating receive connectors the default conenctors should be sufficient to receive emails.

Can you tell me at each site what exchange servers do you have ?
Do you have send connectors at each site  for sending external email.

"Some users running in site B get 550 5.7.1 Unable to relay errors from time to time " when do you get this message. Is it when using any application to raly emails or when using outlook.
0
 

Author Comment

by:ablsysadmin
Comment Utility
hi, i am not creating receive connectors. These are the default ones created when you install. The users get this error if the receive connectors are all configured as Exchange Server Authentication

The users getting this error when sending use outlook config'ed as smtp/pop3
0
 

Author Comment

by:ablsysadmin
Comment Utility
When the same users log on to webapp and try to send mail every mail gets sent
0
 

Author Comment

by:ablsysadmin
Comment Utility
0
 
LVL 14

Accepted Solution

by:
setasoujiro earned 500 total points
Comment Utility
i don't get it, this is the same thing that i said a couiple posts earlier...
0
 

Author Comment

by:ablsysadmin
Comment Utility
ooh crap...sorry dude. was late last night nad i did not update the setting on the client side. but tx for the help.
0
 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
no problem , glad to help :)
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
This video discusses moving either the default database or any database to a new volume.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now