Solved

Users in remote Exchange 2010 site get 550 5.7.1 Unable to relay

Posted on 2011-09-12
25
452 Views
Last Modified: 2012-06-27
Hi,
Some of our users in our remote branches are getting a 550 5.7.1 Unable to relay. We have two Exchange sites. Site A hosts HQ’s mailboxes. Site B is the site that hosts the branches. Site B mostly services clients that are configured as SMTP and POP3.  There are 4 servers in each site, 2 HUB/CAS servers and 2 mailbox servers.
Some users running in site B get 550 5.7.1 Unable to relay errors from time to time. So the only way I can get the mail to flow again is to configure one receive connector to “Exchange Server authentication” in site A and one in site B. The other remaining connector must then be configured to “Externally Secured”(See Pic 1). Only then does the mail flow externally . But this configuration does not work for long. After a while the errors are back. I have tried a few config’s. If I put all 4 servers receive connector to “Externally Secured I get the following error: Cannot achieve Exchange server authentication. “ Attempted failover to alternative host, but that did not succeed.” Either there are no alternate hosts, or delivery failed to all alternate hosts. The permissions group on all receive connectors (Client and Default) are all selected except Partners.
It seems like only users that have an SMTP and POP3 configuration are impacted. Web App users and Exchange online mode are not affected.

Pic-1.PNG
0
Comment
Question by:ablsysadmin
  • 13
  • 10
  • +1
25 Comments
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36523000
this might be a stupid question, but outlook is configured to use authentication on the outgoing server?
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36523003
also, can you deliver mail using telnet on the server that does not want to relay?
0
 

Author Comment

by:ablsysadmin
ID: 36523061
hi, will check the setting again if i find a user that has this issue. will report back asap. What are the default settings on the receive connectors?
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36523112
default would be :
under authentication:
TLS/Basic/Integrated windows/Exchange server

Permission groups:

Anonymous
exchange users
exchange servers
legacy exchange

0
 
LVL 4

Expert Comment

by:ctc1900
ID: 36523221
It sounds like you have more than one receive connector bound to the same IP, thus you are seeing different results at different times.  Verify your receive connectors are bound to distinct IP addresses.
0
 

Author Comment

by:ablsysadmin
ID: 36525034
@setasoujiro: Thanks for the reply. Should these settings be set on site A or site B?
@ctc1900:. Also...thanks for the reply. all bound to the same IP...
0
 

Author Comment

by:ablsysadmin
ID: 36525222
@setasoujiro: your setting are not solving the issue.

i got it working as per screen shot on one CAS server in each site. This setting was set on both client and default receive connectors. Screen Shot
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36525253
you need the other ones as well in order to have normal outlook clients+outlook anywhere clients connect. That's why i said the default would be like that :)
0
 

Author Comment

by:ablsysadmin
ID: 36525334
No outlook anywhere clients just yet. .....ok so just to make sure here. should i have all 4 CAS/HUB servers set as the screnshot above?
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36525353
no only the CAS servers at the sites where people need to send mail that way...
unless it's in all sites ofcourse
0
 

Author Comment

by:ablsysadmin
ID: 36525451
ok, now they can send mail but not receiving anything
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36525476
that's because you need to set the "basic authentication" i think
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:ablsysadmin
ID: 36525509
ok, let me try
0
 

Author Comment

by:ablsysadmin
ID: 36525540
ok wait. should this be set on the remote CAS servers because it can't be set on the servers with the external secure setting
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36525550
on the ones where outlook tries to do pop3 to...
to be honest i'm not following entirely with your several machines anymore :)
so i'll try my best
0
 

Author Comment

by:ablsysadmin
ID: 36525651
not working. I am running out of idea's i have now set it back to the original settings. seems like everythinig is working again but the question is for how long. its getting late so i will have to call it a night now. I will update again when i get the issue. one thing is that i can even log a call with MS because we run these servers on vmware
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36525719
so it's not a problem when running on vmware afaik...
vmware is a supported platform...
But i will too call it a night and read everything again tomorrow fresh and revived :)
0
 

Author Comment

by:ablsysadmin
ID: 36525738
thanks for the assistance. speak soon
0
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 36527476
I don't why you creating receive connectors the default conenctors should be sufficient to receive emails.

Can you tell me at each site what exchange servers do you have ?
Do you have send connectors at each site  for sending external email.

"Some users running in site B get 550 5.7.1 Unable to relay errors from time to time " when do you get this message. Is it when using any application to raly emails or when using outlook.
0
 

Author Comment

by:ablsysadmin
ID: 36527581
hi, i am not creating receive connectors. These are the default ones created when you install. The users get this error if the receive connectors are all configured as Exchange Server Authentication

The users getting this error when sending use outlook config'ed as smtp/pop3
0
 

Author Comment

by:ablsysadmin
ID: 36527831
When the same users log on to webapp and try to send mail every mail gets sent
0
 

Author Comment

by:ablsysadmin
ID: 36528263
0
 
LVL 14

Accepted Solution

by:
setasoujiro earned 500 total points
ID: 36528395
i don't get it, this is the same thing that i said a couiple posts earlier...
0
 

Author Comment

by:ablsysadmin
ID: 36528402
ooh crap...sorry dude. was late last night nad i did not update the setting on the client side. but tx for the help.
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36528430
no problem , glad to help :)
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video discusses moving either the default database or any database to a new volume.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now