Error SMTP 5.0.0 Exchange 2010 migration

Hi, all mail to my domain just receives NDR 5.0.0 without any more detail. I have migrated to exchange 2010 from 2003, and it has worked fine until I tried to uninstall the old 2003 server. I have moved everything from the old server, but I believe that the OAB and Free/busy++ etc didn't replicate over.

I tried to uninstall, but it failed during, and now it is only partially installed... There are no routing group connectors anymore, wich I think is part of the problem. Try to create and get an AD-error "Name reference is invalid".

Little stuck here, and no incoming mail.....

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SekodataAuthor Commented:
BTW it's transitioning, not migration
First off, you need to change your external firewall so that it directs email to the new Exchange 2010 server. As the old server is no longer fully installed, it's no longer accepting mail and therefore mail is getting bounced.

Make sure that you configure a receive connector on Exchange 2010 to accept internet mail (Go to Server configuration, Client Access Server, then your server and you'll see receive connectors). Create a new receive connector that is configured for 'anonymous authentication' so that it will accept mail from anywhere.

As for the old server, it's difficult to say what needs to be done as it's unclear how much of the server has been uninstalled? Either Exchange is still installed or it's not?
SekodataAuthor Commented:
Thanks, done all that and tested ok.

I believe that the 2010 server tries to contact the 2003 server for something when new mail arrives, but not sure what....
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

I'm not sure I understand, you say 'done all that and tested ok'.

If it tested ok, you should be receiving mail! Exchange 2010 will not try to communicate with any other Exchange servers when accepting mail. Providing that the mail that it is accepting is to a domain that is listed in the accepted domains list and the receive connector that is in use is configured to accept mail with anonymous authentication, you should be ok.

Are you sure the inbound connections from external are actually reaching your Exchange server? (you can check to see what response you get by testing from an external source. Using an external internet connection, telnet to the value of your MX record e.g. if your MX record is try running 'telnet 25'. If it times out, the connection isn't even making it past the firewall or the firewall is NATTING the connection to the old Ex2003 server and it's not listening on port 25 any longer).

Tell us more about your configuration, do you have a single firewall? do you have any mail scanning appliances that sit in the DMZ that could be performing message filtering first before then being routed to Exchange?
Firmin FrederickSenior IT ConsultantCommented:
Hi there - firstly please forgive me if my answer is rough and misses the mark wildly, I haven't had my coffee and I'm a bit rusty.  I am also making huge assumptions!

You transitioned from 2003 to 2010 - in 2003 Exchange relies on IIS and SMTP and that be tied in to the routing etc.  In 2010 esnding and receiving is done in two parts, hub transport server and backend mail - or in poorer situations like mine, hub transport is done on the same server as the mail.  As I have yet to work on a hub transport installation, my answer stems from the latter (and I ask someone with dedicated hub transport server exp. to jump in here).

Check 2008 server has smtp:25 allowed, usually during Exchange install it should set the right exceptions for you in the firewall rules.  Unless there was a problem.

Active directory "Sites and Services" - under inter-site transport, SMTP, is there an entry that points to your old server?

On your firewall(s) are you using open port or port redirection for SMTP and is it pointing to your new server?

Install hub transport and an smtp "internet" connector on new server - I believe this is done via the wizard at the time of installation of Exchange, if not, add one and ensure port 25 is available in the connector properties.

In Organisation Configuration, Hub Transport, specify "remote domains" allowed to send to your connector i.e. all (external).  Specify "accepted domains" (allowed domains) i.e. the domains for which you are responsible for receiving mail on including your internal domain if this isn't already listed - hub transports, accepted domains.

And then finally try the connectivity tester:

I hope this helps in some way...mmm coffee
SekodataAuthor Commented:
Sorry for the short answer.

This is what I meant: I've telnet'ed from the outside and the 2010 server answers. When I send mail through the telnet session everything is fine, and it is delivered for queue. Problem is that I just get a NDR with 5.0.0 back regardless of the user I send to.
SekodataAuthor Commented:
All roles on one server, firewall routes smtp directly to server, no DMZ.
Ok, that is a strange one. Anything in the application event log on the Exchange server?

Apart from the 5.0.0 error code, what else is in the NDR?
Firmin FrederickSenior IT ConsultantCommented:
OOH mail flow settings come to mind - so the server determines that the sending domain and the recipient email all checks out, queues for delivery and then rejects it - either mail flow or 3rd party scanner.

I'd start with checking both internal and external email addresses are present for the clients (aliases etc) and check there are no restrictions like mailbox size, email delivery size, forwarders, etc. enabled, and again accepted or allowed domains configured to include both your internal server domain and your external domain are present.

Sorry I ramble
Firmin FrederickSenior IT ConsultantCommented:
JaredJ1 makes a good point - normally there is a little more info in NDR but you did say there was nothing.  ho gets the NDR internally e.g. admin@ or administrator@, can you check NDR delivery to them?  Or enable NDR delivery to such an account?
I'm also assuming you've made a bunch of changes to the transport settings. Have you restarted the Exchange transport service? I've had that fix numerous strange and wacky issues before.
Firmin FrederickSenior IT ConsultantCommented:
Hey maybe I should restart my transport service as my spelling and writing is awful at the moment :(
SekodataAuthor Commented:
This is all in NDR: #< #5.0.0> #SMTP#

The rest in the mail is only headerinfo.

Application log: The transport service can't find route to mailbox database on "old server", and recipients won't be routed to this store
Have all of the mailboxes from 2003 been migrated to 2010?
SekodataAuthor Commented:
Yes, all mailboxes are moved. There were a systemmailbox that didn't want to, but had to remove homeserver from the user in adsiedit (technet).

Restarted server and services numerous times
SekodataAuthor Commented:
This is interesting, just in from the applog:

The Microsoft Exchange Mail Submission service is currently unable to contact any Hub Transport servers in the local Active Directory site. The servers may be too busy to accept new connections at this time.
That could be the Exchange server experiencing backpressure - lots of inbound SMTP connections are probably retrying to send mail.

Can you restart the server? I'd also try removing the routing group connectors (before the restart):

Get-RoutingGroupConnector | Remove-RoutingGroupConnector

Note: this command will remove all routing group connectors - it's unlikely you'll have more than the default ones that were created when you installed Exchange 2010. To be on the safe side, run 'get-routinggroupconnector |fl' and make note of all the details.

Also, on one of the recipient mailboxes that you've been testing with, run a Get-Mailbox username |fl and check that the database listed is actually the 2010 DB.
SekodataAuthor Commented:
Yes, it seemed like a performance issue, realized that one of the disks on the server just went bad and is rebuilding. This is the best day ever.

The RGC's were deleted yesterday, as I was trying to uninstall the old 2003 server. The mailboxes are on the 2010 server, ref get-mailbox
Can you run the Best Practice Analyzer to see if anything is flagged? Seems like there is something incorrect in AD for that error to be logged in the event log ( The transport service can't find route to mailbox database on "old server", and recipients won't be routed to this store)

I would expect that to only be logged if mail was addressed to a mailbox that hadn't been moved - but you've stated that all mailboxes were moved (with exception of a system mailbox which is fine (and expected)).
Firmin FrederickSenior IT ConsultantCommented:
I'm intrigued, the server accepts a message based on destination client and gives it to mail submission, mail submission then reports that it then cannot find the return transport mechanism to deliver the mail internally.  It sounds like DNS but...

I had an issue once that led me to create an additional smtp connector in addition to the internet facing one because internal mail was not being delivered.

On this connector, much like the default on SMTP:25, I had to define an internal port number 587 and restrict it to internal "Exchange users" only.
It is very odd isn't it?

Could you do a Get-SendConnector |fl
and a Get-ReceiveConnector |fl and post the results here?
SekodataAuthor Commented:
AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         :
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : 2008EXCHANGE
Identity                     : Mail Ut
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : 100 MB (104,857,600 bytes)
Name                         : Mail Ut
Port                         : 25
ProtocolLoggingLevel         : None
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              :
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {2008EXCHANGE}
TlsAuthLevel                 :
TlsDomain                    :
UseExternalDNSServersEnabled : False

RunspaceId                              : 77522c40-fa46-4a8d-ad78-6822f9b58c8c
AuthMechanism                           : Tls
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
BareLinefeedRejectionEnabled            : False
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    :
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 60
MaxLocalHopCount                        : 12
MaxLogonFailures                        : 3
MaxMessageSize                          : 100 MB (104,857,600 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 200
PermissionGroups                        : AnonymousUsers
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : Verbose
RemoteIPRanges                          : {}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : False
ExtendedProtectionPolicy                : None
LiveCredentialEnabled                   : False
TlsDomainCapabilities                   : {}
Server                                  : 2008EXCHANGE
SizeEnabled                             : Enabled
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : Internett
DistinguishedName                       : CN=Internett,CN=SMTP Receive Connectors,CN=Protocols,CN=2008EXCHANGE,CN=Serve
                                          rs,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Group
                                          s,CN=x,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=x,DC=no
Identity                                : 2008EXCHANGE\Internett
Guid                                    : f1c83520-f2ab-4084-8e93-7953af5279b4
ObjectCategory                          :
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 26.03.2012 11:15:24
WhenCreated                             : 26.03.2012 10:53:06
WhenChangedUTC                          : 26.03.2012 09:15:24
WhenCreatedUTC                          : 26.03.2012 08:53:06
OrganizationId                          :
OriginatingServer                       :
IsValid                                 : True
SekodataAuthor Commented:
I've also now created an internal receive connector with the local subnet and with exchange users.

Should also mention:

the local domain name is the same as the official (wasn't med setting it up...;-)

When trying to create a new RGC, get follwoing error:

Active Directory operation failed on xx.xx.xx. This error is not retriable. Additional information: The name reference is invalid.
This may be caused by replication latency between Active Directory domain controllers.
Active directory response: 000020B5: AtrErr: DSID-03152395, #1:
    0: 000020B5: DSID-03152395, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 5e2530e2 (msExchTargetBridgeheadServers
    + CategoryInfo          : NotSpecified: (0:Int32) [New-RoutingGroupConnector], ADConstraintViolationException
    + FullyQualifiedErrorId : F13E6590,Microsoft.Exchange.Management.SystemConfigurationTasks.NewRoutingGroupConnector
SekodataAuthor Commented:
BPA says nothing that I can see has anything with this issue
Firmin FrederickSenior IT ConsultantCommented:
There seems to be a common thread in your logs and observations dude something not being found, "name reference is invalid", "Mail Submission service is currently unable to contact any Hub Transport".  I also spotted in the "get receive" output result that your smtp inbound connector was not bound to an IP address: Bindings: {} - or that it wasn't bound to 1 IP address (use any available).

If your server has more than 1 IP address it may be worth specifying which to use.

When you say the FQDN and the official are the same are you suggesting that the internal name ends with a .com or something?  Is DNS working OK on your domain?  I.E. roots hints, nslookup and ping -a all resolve local and external addresses to IP addresses?

Just some thoughts
SekodataAuthor Commented:
Thanks, but this is such a complex case, (have just went through all dns settings), and can have multiple errorsources, so right now I'm trying a restore of the old 2003 server. Maybe a systemstate restore.

Will let you know how it goes...
Firmin FrederickSenior IT ConsultantCommented:
No problem man, keep us posted and good luck
SekodataAuthor Commented:
Restore from backup on both the 2003 server and system state/AD saved the day. I think the 2003 server bought itself a permanent life in our environment....

Thanks for your effort guys!

/Sig(h)ning off....

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SekodataAuthor Commented:
Not solved
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.