Error SMTP 5.0.0 Exchange 2010 migration

BTW it's transitioning, not migration

First off, you need to change your external firewall so that it directs email to the new Exchange 2010 server. As the old server is no longer fully installed, it's no longer accepting mail and therefore mail is getting bounced.

Make sure that you configure a receive connector on Exchange 2010 to accept internet mail (Go to Server configuration, Client Access Server, then your server and you'll see receive connectors). Create a new receive connector that is configured for 'anonymous authentication' so that it will accept mail from anywhere.

As for the old server, it's difficult to say what needs to be done as it's unclear how much of the server has been uninstalled? Either Exchange is still installed or it's not?

Thanks, done all that and tested ok.

I believe that the 2010 server tries to contact the 2003 server for something when new mail arrives, but not sure what....

I'm not sure I understand, you say 'done all that and tested ok'.

If it tested ok, you should be receiving mail! Exchange 2010 will not try to communicate with any other Exchange servers when accepting mail. Providing that the mail that it is accepting is to a domain that is listed in the accepted domains list and the receive connector that is in use is configured to accept mail with anonymous authentication, you should be ok.

Are you sure the inbound connections from external are actually reaching your Exchange server? (you can check to see what response you get by testing from an external source. Using an external internet connection, telnet to the value of your MX record e.g. if your MX record is smtp.domain.com try running 'telnet smtp.domain.com 25'. If it times out, the connection isn't even making it past the firewall or the firewall is NATTING the connection to the old Ex2003 server and it's not listening on port 25 any longer).

Tell us more about your configuration, do you have a single firewall? do you have any mail scanning appliances that sit in the DMZ that could be performing message filtering first before then being routed to Exchange?

Hi there - firstly please forgive me if my answer is rough and misses the mark wildly, I haven't had my coffee and I'm a bit rusty.  I am also making huge assumptions!

You transitioned from 2003 to 2010 - in 2003 Exchange relies on IIS and SMTP and that be tied in to the routing etc.  In 2010 esnding and receiving is done in two parts, hub transport server and backend mail - or in poorer situations like mine, hub transport is done on the same server as the mail.  As I have yet to work on a hub transport installation, my answer stems from the latter (and I ask someone with dedicated hub transport server exp. to jump in here).

Check 2008 server has smtp:25 allowed, usually during Exchange install it should set the right exceptions for you in the firewall rules.  Unless there was a problem.

Active directory "Sites and Services" - under inter-site transport, SMTP, is there an entry that points to your old server?

On your firewall(s) are you using open port or port redirection for SMTP and is it pointing to your new server?

Install hub transport and an smtp "internet" connector on new server - I believe this is done via the wizard at the time of installation of Exchange, if not, add one and ensure port 25 is available in the connector properties.

In Organisation Configuration, Hub Transport, specify "remote domains" allowed to send to your connector i.e. all (external).  Specify "accepted domains" (allowed domains) i.e. the domains for which you are responsible for receiving mail on including your internal domain if this isn't already listed - hub transports, accepted domains.

And then finally try the connectivity tester:

https://www.testexchangeconnectivity.com/


I hope this helps in some way...mmm coffee

Sorry for the short answer.

This is what I meant: I've telnet'ed from the outside and the 2010 server answers. When I send mail through the telnet session everything is fine, and it is delivered for queue. Problem is that I just get a NDR with 5.0.0 back regardless of the user I send to.

All roles on one server, firewall routes smtp directly to server, no DMZ.

Ok, that is a strange one. Anything in the application event log on the Exchange server?

Apart from the 5.0.0 error code, what else is in the NDR?

OOH mail flow settings come to mind - so the server determines that the sending domain and the recipient email all checks out, queues for delivery and then rejects it - either mail flow or 3rd party scanner.

I'd start with checking both internal and external email addresses are present for the clients (aliases etc) and check there are no restrictions like mailbox size, email delivery size, forwarders, etc. enabled, and again accepted or allowed domains configured to include both your internal server domain and your external domain are present.

Sorry I ramble

JaredJ1 makes a good point - normally there is a little more info in NDR but you did say there was nothing.  ho gets the NDR internally e.g. admin@ or administrator@, can you check NDR delivery to them?  Or enable NDR delivery to such an account?

I'm also assuming you've made a bunch of changes to the transport settings. Have you restarted the Exchange transport service? I've had that fix numerous strange and wacky issues before.

Hey maybe I should restart my transport service as my spelling and writing is awful at the moment :(

This is all in NDR: #< #5.0.0> #SMTP#

The rest in the mail is only headerinfo.

Application log: The transport service can't find route to mailbox database on "old server", and recipients won't be routed to this store

Have all of the mailboxes from 2003 been migrated to 2010?

Yes, all mailboxes are moved. There were a systemmailbox that didn't want to, but had to remove homeserver from the user in adsiedit (technet).

Restarted server and services numerous times

This is interesting, just in from the applog:

The Microsoft Exchange Mail Submission service is currently unable to contact any Hub Transport servers in the local Active Directory site. The servers may be too busy to accept new connections at this time.

That could be the Exchange server experiencing backpressure - lots of inbound SMTP connections are probably retrying to send mail.

Can you restart the server? I'd also try removing the routing group connectors (before the restart):

Get-RoutingGroupConnector | Remove-RoutingGroupConnector

Note: this command will remove all routing group connectors - it's unlikely you'll have more than the default ones that were created when you installed Exchange 2010. To be on the safe side, run 'get-routinggroupconnector |fl' and make note of all the details.

Also, on one of the recipient mailboxes that you've been testing with, run a Get-Mailbox username |fl and check that the database listed is actually the 2010 DB.

Yes, it seemed like a performance issue, realized that one of the disks on the server just went bad and is rebuilding. This is the best day ever.

The RGC's were deleted yesterday, as I was trying to uninstall the old 2003 server. The mailboxes are on the 2010 server, ref get-mailbox

Can you run the Best Practice Analyzer to see if anything is flagged? Seems like there is something incorrect in AD for that error to be logged in the event log ( The transport service can't find route to mailbox database on "old server", and recipients won't be routed to this store)

I would expect that to only be logged if mail was addressed to a mailbox that hadn't been moved - but you've stated that all mailboxes were moved (with exception of a system mailbox which is fine (and expected)).

I'm intrigued, the server accepts a message based on destination client and gives it to mail submission, mail submission then reports that it then cannot find the return transport mechanism to deliver the mail internally.  It sounds like DNS but...

I had an issue once that led me to create an additional smtp connector in addition to the internet facing one because internal mail was not being delivered.

On this connector, much like the default on SMTP:25, I had to define an internal port number 587 and restrict it to internal "Exchange users" only.

It is very odd isn't it?

Could you do a Get-SendConnector |fl
and a Get-ReceiveConnector |fl and post the results here?

GET-SEND:
AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         : xxx.xxx.xxx
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : 2008EXCHANGE
Identity                     : Mail Ut
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : 100 MB (104,857,600 bytes)
Name                         : Mail Ut
Port                         : 25
ProtocolLoggingLevel         : None
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {2008EXCHANGE}
TlsAuthLevel                 :
TlsDomain                    :
UseExternalDNSServersEnabled : False


GET-RECEIVE:
RunspaceId                              : 77522c40-fa46-4a8d-ad78-6822f9b58c8c
AuthMechanism                           : Tls
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {0.0.0.0:25}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
BareLinefeedRejectionEnabled            : False
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    : xxx.xxx.xxx
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 60
MaxLocalHopCount                        : 12
MaxLogonFailures                        : 3
MaxMessageSize                          : 100 MB (104,857,600 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 200
PermissionGroups                        : AnonymousUsers
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : Verbose
RemoteIPRanges                          : {0.0.0.0-255.255.255.255}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : False
ExtendedProtectionPolicy                : None
LiveCredentialEnabled                   : False
TlsDomainCapabilities                   : {}
Server                                  : 2008EXCHANGE
SizeEnabled                             : Enabled
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : Internett
DistinguishedName                       : CN=Internett,CN=SMTP Receive Connectors,CN=Protocols,CN=2008EXCHANGE,CN=Serve
                                          rs,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Group
                                          s,CN=x,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=x,DC=no
Identity                                : 2008EXCHANGE\Internett
Guid                                    : f1c83520-f2ab-4084-8e93-7953af5279b4
ObjectCategory                          : myrdahl-sveen.no/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 26.03.2012 11:15:24
WhenCreated                             : 26.03.2012 10:53:06
WhenChangedUTC                          : 26.03.2012 09:15:24
WhenCreatedUTC                          : 26.03.2012 08:53:06
OrganizationId                          :
OriginatingServer                       : xxx.xxx.xxx
IsValid                                 : True

I've also now created an internal receive connector with the local subnet and with exchange users.

Should also mention:

the local domain name is the same as the official (wasn't med setting it up...;-)

When trying to create a new RGC, get follwoing error:

Active Directory operation failed on xx.xx.xx. This error is not retriable. Additional information: The name reference is invalid.
This may be caused by replication latency between Active Directory domain controllers.
Active directory response: 000020B5: AtrErr: DSID-03152395, #1:
    0: 000020B5: DSID-03152395, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 5e2530e2 (msExchTargetBridgeheadServers
DN)
    + CategoryInfo          : NotSpecified: (0:Int32) [New-RoutingGroupConnector], ADConstraintViolationException
    + FullyQualifiedErrorId : F13E6590,Microsoft.Exchange.Management.SystemConfigurationTasks.NewRoutingGroupConnector

BPA says nothing that I can see has anything with this issue

There seems to be a common thread in your logs and observations dude something not being found, "name reference is invalid", "Mail Submission service is currently unable to contact any Hub Transport".  I also spotted in the "get receive" output result that your smtp inbound connector was not bound to an IP address: Bindings: {0.0.0.0:25} - or that it wasn't bound to 1 IP address (use any available).

If your server has more than 1 IP address it may be worth specifying which to use.

When you say the FQDN and the official are the same are you suggesting that the internal name ends with a .com or something?  Is DNS working OK on your domain?  I.E. roots hints, nslookup and ping -a all resolve local and external addresses to IP addresses?

Just some thoughts

Thanks, but this is such a complex case, (have just went through all dns settings), and can have multiple errorsources, so right now I'm trying a restore of the old 2003 server. Maybe a systemstate restore.

Will let you know how it goes...

No problem man, keep us posted and good luck

Not solved