Solved

Removing internal connectors between Exchange 2003 and 2010 servers

Posted on 2011-09-28
11
664 Views
Last Modified: 2012-05-12
We have some new exchange 2010 sp1 servers (3 hub/cas and 3 mbx). We also have one old exchange 2003 server that is currently in use. And then finally, we have one more exchange 2003 frontend server that we want to remove. If I remove the network cable for this old frontend server, all mail between the exchange 2010 and 2003 server is not reaching its destination. And all mail sent from other sites do not reach the exchange 2010 server.

So I look at the connectors on the 2010 server, one of the connectors are an internal connector that is set up to point to the correct 2003 server. And then we have a SMTP connector that send the email directly to our spam server on the way out of the organization, and finally there is a 3rd connector that also is a SMTP connector that is pointing from the old 2003 server (that are in use), and this also point to the spam server going out of the organization. On our exchange 2010 server we cannot find any connectors that point to the old frontend server.

Then I go to the 2003 frontend server, and I see a connector that is grayed out, and looks like it has been created by a later version of exchange. This connector is a connector between the frontend server and the exchange 2010 server. I find one for both directions. This connector I find in ADSI Edit, and there I can do some changes, so I change it to Cost 2.

Now  I remove the network cable for this old frontend server again, and  all mail is going as normal, except when we send mail from an account on the 2010 to the 2003 that is in use. We can send mail from 2010 to mail address outside our organization, and the users on the 2003 server can send mail to the users on the 2010 server. So it looks like this connector can be deleted, except that it seems that it still makes some problems for my internal connector between the 2010 server and 2003 server.

Are there any tools I can use to find out what is happening to the mail flow? Can I uninstall this old frontend?
0
Comment
Question by:NAF-Data
  • 6
  • 4
11 Comments
 
LVL 10

Expert Comment

by:gaurav05
ID: 36715123
Hi,


check this Mail Flow Troubleshooter in Exchange Troubleshooting Assistant (ExTRA)

http://blogs.technet.com/b/exchange/archive/2006/08/07/3394688.aspx

and also give us event log and system log of both the server.

-Gaurav
0
 

Author Comment

by:NAF-Data
ID: 36715202
I get one error message when running the mail flow trouble shooter:

No computer account in Active Directory has 'ServicePrincipalName' set to 'SMTPSVC/NDA-VM-HUB.domain.local'. This will result in Kerberos authentication failures when server nda-vm-hub.apotek.local attempts to create an SMTP connection to another Hub Transport server.

NDA-VM-HUB.domain.local is the 1st of 3 HUB/CAS servers on the 2010 platform.

On this server, the Event viewer has no errors.
0
 
LVL 11

Expert Comment

by:TheGeezer2010
ID: 36716114
When you installed the FIRST Exchange 2010 CAS/HT server (presume this was the first server to install ?), which Exchange 2003 server did you select as the bridgehead for the RGC ?
0
 

Author Comment

by:NAF-Data
ID: 36716146
The installation was done by an external consultant and the documentation he gave us dont say. But I think it was set to the 2003 server that we still use, and not the frontend server.
0
 
LVL 11

Expert Comment

by:TheGeezer2010
ID: 36716653
Mail between E2K3 and E2K10 should only be using this legacy connector, any other connectors should be removed. If this was created on the E2K10 side you will need to run

Get-SendConnector

From this you should be able to tell which is the send connector you need to remove using

Remove-SendConnector

HTH
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:NAF-Data
ID: 36716703
I did run the Get-SendConnector and the result shows:

Internal - {SMTP:Contoso.com;1} Enabled
Internet Mail SMTP Connector (E2K3servername) - {SMTP:*;3} Enabled
SMTP Internet - {SMTP:*;1} Enabled

The first og these is the connector from our E2K10 server to the E2K3 server, if Im not misstaking.
The second looks like its the SMTP connector for the E2K3 server
The third is the E2K10 connector for sending mail out to the internet if Im not misstaking.

If I log on to our E2K3 server I can see these connectors:

Frontend-E2K10-servername
Internal
Internet SMTP

Now, the first of these connectors is not possible to edit. If I try I get the message: ESM version 8.0.30535.0 or greater is required to edit this object.

But this connector is not visible on the E2K10 servers. But I can see it in ADSI Edit. The question is, can I delete this without experienceing any problems? And is it this connetor that is creating my problem?
0
 
LVL 11

Expert Comment

by:TheGeezer2010
ID: 36716805
Your default RGC should look something like this

"Exchange Administrative Group (FYDIBOHF23SPDLT)\Exchange Routing Group (DWBGZMFD01QNBJR)\Ex2010 to Ex2003 RGC"

What is the second of your connectors ? looks like it is a connector for externally routed smtp traffic from your E2K3 servers - you should ONLY be using the E2K10 to send mail externally now so I believe this connector is not needed.

Also, the first send connector - what is this for ? Is this your default RGC ? If this is then you should be good to go. Maybe restart Transport and topology services on your E2K10 HT servers, and the corresponding E2K3 service and see if this fixes the issue.

If you are co existing and still using the e2K3 FES you should by now have Legacy DNS names configured ?
0
 

Author Comment

by:NAF-Data
ID: 36716885
The second connector is for the E2K3 server to send directly to our outgoing spam server. And this E2K3 server will still be alive for a couple of more months (we have almost 2.000 accounts on this server that I will move to the new E2K10 server).

The second connector is the one Im expecting E2K10 server to use to send mail internally to the E2K3 server. But it looks like it isnt being used.

If I log onto the E2K3 server, I expand Administrative Groups and there I find FYDIB... then there I find Routing groups like you mention (DWBGZMFD01QNBJR). There I have listet these connectors:

1. Internal
2. E2K10HUBserver - E2K3Frontendserver
3. SMTP Internet

And this 2nd connector is not created by me, I think this is generated when the E2K10 server was installed. This connector cannot be edited outside ADSI. And I 'think' that if I erase this connector, the mail will flow normal between the E2K3 and E2K10, but Im not sure about this.
0
 
LVL 11

Expert Comment

by:TheGeezer2010
ID: 36716939
I think you are at a point where you will have to try and see. You can always create another two-way RGC if mail stops flowing. Is there any information to be gleaned about which connector is which from the queues on both environments. use the

Get-Queue | Format-List

to view the E2K10, if you have more than one HT server you can use

Get-TransportServer | Get-Queue | Format-List
0
 

Accepted Solution

by:
NAF-Data earned 0 total points
ID: 36923984
This article describe how to change routing groups, and this is what I ended up doing. And it solved my problem. My old Frontend server is now not a part of the routing.

http://harun.se/blog/?p=49

0
 

Author Closing Comment

by:NAF-Data
ID: 36947349
This article solved my problem
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now