Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Error SMTP 5.0.0 Exchange 2010 migration

Posted on 2012-03-26
Medium Priority
Last Modified: 2012-03-31
Hi, all mail to my domain just receives NDR 5.0.0 without any more detail. I have migrated to exchange 2010 from 2003, and it has worked fine until I tried to uninstall the old 2003 server. I have moved everything from the old server, but I believe that the OAB and Free/busy++ etc didn't replicate over.

I tried to uninstall, but it failed during, and now it is only partially installed... There are no routing group connectors anymore, wich I think is part of the problem. Try to create and get an AD-error "Name reference is invalid".

Little stuck here, and no incoming mail.....

Question by:Sekodata
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 8
  • 7

Author Comment

ID: 37765069
BTW it's transitioning, not migration
LVL 10

Expert Comment

ID: 37765182
First off, you need to change your external firewall so that it directs email to the new Exchange 2010 server. As the old server is no longer fully installed, it's no longer accepting mail and therefore mail is getting bounced.

Make sure that you configure a receive connector on Exchange 2010 to accept internet mail (Go to Server configuration, Client Access Server, then your server and you'll see receive connectors). Create a new receive connector that is configured for 'anonymous authentication' so that it will accept mail from anywhere.

As for the old server, it's difficult to say what needs to be done as it's unclear how much of the server has been uninstalled? Either Exchange is still installed or it's not?

Author Comment

ID: 37765191
Thanks, done all that and tested ok.

I believe that the 2010 server tries to contact the 2003 server for something when new mail arrives, but not sure what....
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

LVL 10

Expert Comment

ID: 37765209
I'm not sure I understand, you say 'done all that and tested ok'.

If it tested ok, you should be receiving mail! Exchange 2010 will not try to communicate with any other Exchange servers when accepting mail. Providing that the mail that it is accepting is to a domain that is listed in the accepted domains list and the receive connector that is in use is configured to accept mail with anonymous authentication, you should be ok.

Are you sure the inbound connections from external are actually reaching your Exchange server? (you can check to see what response you get by testing from an external source. Using an external internet connection, telnet to the value of your MX record e.g. if your MX record is try running 'telnet 25'. If it times out, the connection isn't even making it past the firewall or the firewall is NATTING the connection to the old Ex2003 server and it's not listening on port 25 any longer).

Tell us more about your configuration, do you have a single firewall? do you have any mail scanning appliances that sit in the DMZ that could be performing message filtering first before then being routed to Exchange?

Expert Comment

by:Firmin Frederick
ID: 37765215
Hi there - firstly please forgive me if my answer is rough and misses the mark wildly, I haven't had my coffee and I'm a bit rusty.  I am also making huge assumptions!

You transitioned from 2003 to 2010 - in 2003 Exchange relies on IIS and SMTP and that be tied in to the routing etc.  In 2010 esnding and receiving is done in two parts, hub transport server and backend mail - or in poorer situations like mine, hub transport is done on the same server as the mail.  As I have yet to work on a hub transport installation, my answer stems from the latter (and I ask someone with dedicated hub transport server exp. to jump in here).

Check 2008 server has smtp:25 allowed, usually during Exchange install it should set the right exceptions for you in the firewall rules.  Unless there was a problem.

Active directory "Sites and Services" - under inter-site transport, SMTP, is there an entry that points to your old server?

On your firewall(s) are you using open port or port redirection for SMTP and is it pointing to your new server?

Install hub transport and an smtp "internet" connector on new server - I believe this is done via the wizard at the time of installation of Exchange, if not, add one and ensure port 25 is available in the connector properties.

In Organisation Configuration, Hub Transport, specify "remote domains" allowed to send to your connector i.e. all (external).  Specify "accepted domains" (allowed domains) i.e. the domains for which you are responsible for receiving mail on including your internal domain if this isn't already listed - hub transports, accepted domains.

And then finally try the connectivity tester:

I hope this helps in some way...mmm coffee

Author Comment

ID: 37765221
Sorry for the short answer.

This is what I meant: I've telnet'ed from the outside and the 2010 server answers. When I send mail through the telnet session everything is fine, and it is delivered for queue. Problem is that I just get a NDR with 5.0.0 back regardless of the user I send to.

Author Comment

ID: 37765228
All roles on one server, firewall routes smtp directly to server, no DMZ.
LVL 10

Expert Comment

ID: 37765246
Ok, that is a strange one. Anything in the application event log on the Exchange server?

Apart from the 5.0.0 error code, what else is in the NDR?

Expert Comment

by:Firmin Frederick
ID: 37765276
OOH mail flow settings come to mind - so the server determines that the sending domain and the recipient email all checks out, queues for delivery and then rejects it - either mail flow or 3rd party scanner.

I'd start with checking both internal and external email addresses are present for the clients (aliases etc) and check there are no restrictions like mailbox size, email delivery size, forwarders, etc. enabled, and again accepted or allowed domains configured to include both your internal server domain and your external domain are present.

Sorry I ramble

Expert Comment

by:Firmin Frederick
ID: 37765281
JaredJ1 makes a good point - normally there is a little more info in NDR but you did say there was nothing.  ho gets the NDR internally e.g. admin@ or administrator@, can you check NDR delivery to them?  Or enable NDR delivery to such an account?
LVL 10

Expert Comment

ID: 37765315
I'm also assuming you've made a bunch of changes to the transport settings. Have you restarted the Exchange transport service? I've had that fix numerous strange and wacky issues before.

Expert Comment

by:Firmin Frederick
ID: 37765319
Hey maybe I should restart my transport service as my spelling and writing is awful at the moment :(

Author Comment

ID: 37765320
This is all in NDR: #< #5.0.0> #SMTP#

The rest in the mail is only headerinfo.

Application log: The transport service can't find route to mailbox database on "old server", and recipients won't be routed to this store
LVL 10

Expert Comment

ID: 37765331
Have all of the mailboxes from 2003 been migrated to 2010?

Author Comment

ID: 37765338
Yes, all mailboxes are moved. There were a systemmailbox that didn't want to, but had to remove homeserver from the user in adsiedit (technet).

Restarted server and services numerous times

Author Comment

ID: 37765340
This is interesting, just in from the applog:

The Microsoft Exchange Mail Submission service is currently unable to contact any Hub Transport servers in the local Active Directory site. The servers may be too busy to accept new connections at this time.
LVL 10

Expert Comment

ID: 37765366
That could be the Exchange server experiencing backpressure - lots of inbound SMTP connections are probably retrying to send mail.

Can you restart the server? I'd also try removing the routing group connectors (before the restart):

Get-RoutingGroupConnector | Remove-RoutingGroupConnector

Note: this command will remove all routing group connectors - it's unlikely you'll have more than the default ones that were created when you installed Exchange 2010. To be on the safe side, run 'get-routinggroupconnector |fl' and make note of all the details.

Also, on one of the recipient mailboxes that you've been testing with, run a Get-Mailbox username |fl and check that the database listed is actually the 2010 DB.

Author Comment

ID: 37765389
Yes, it seemed like a performance issue, realized that one of the disks on the server just went bad and is rebuilding. This is the best day ever.

The RGC's were deleted yesterday, as I was trying to uninstall the old 2003 server. The mailboxes are on the 2010 server, ref get-mailbox
LVL 10

Expert Comment

ID: 37765443
Can you run the Best Practice Analyzer to see if anything is flagged? Seems like there is something incorrect in AD for that error to be logged in the event log ( The transport service can't find route to mailbox database on "old server", and recipients won't be routed to this store)

I would expect that to only be logged if mail was addressed to a mailbox that hadn't been moved - but you've stated that all mailboxes were moved (with exception of a system mailbox which is fine (and expected)).

Expert Comment

by:Firmin Frederick
ID: 37765687
I'm intrigued, the server accepts a message based on destination client and gives it to mail submission, mail submission then reports that it then cannot find the return transport mechanism to deliver the mail internally.  It sounds like DNS but...

I had an issue once that led me to create an additional smtp connector in addition to the internet facing one because internal mail was not being delivered.

On this connector, much like the default on SMTP:25, I had to define an internal port number 587 and restrict it to internal "Exchange users" only.
LVL 10

Expert Comment

ID: 37765816
It is very odd isn't it?

Could you do a Get-SendConnector |fl
and a Get-ReceiveConnector |fl and post the results here?

Author Comment

ID: 37765919
AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         :
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : 2008EXCHANGE
Identity                     : Mail Ut
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : 100 MB (104,857,600 bytes)
Name                         : Mail Ut
Port                         : 25
ProtocolLoggingLevel         : None
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              :
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {2008EXCHANGE}
TlsAuthLevel                 :
TlsDomain                    :
UseExternalDNSServersEnabled : False

RunspaceId                              : 77522c40-fa46-4a8d-ad78-6822f9b58c8c
AuthMechanism                           : Tls
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
BareLinefeedRejectionEnabled            : False
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    :
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 60
MaxLocalHopCount                        : 12
MaxLogonFailures                        : 3
MaxMessageSize                          : 100 MB (104,857,600 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 200
PermissionGroups                        : AnonymousUsers
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : Verbose
RemoteIPRanges                          : {}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : False
ExtendedProtectionPolicy                : None
LiveCredentialEnabled                   : False
TlsDomainCapabilities                   : {}
Server                                  : 2008EXCHANGE
SizeEnabled                             : Enabled
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : Internett
DistinguishedName                       : CN=Internett,CN=SMTP Receive Connectors,CN=Protocols,CN=2008EXCHANGE,CN=Serve
                                          rs,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Group
                                          s,CN=x,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=x,DC=no
Identity                                : 2008EXCHANGE\Internett
Guid                                    : f1c83520-f2ab-4084-8e93-7953af5279b4
ObjectCategory                          :
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 26.03.2012 11:15:24
WhenCreated                             : 26.03.2012 10:53:06
WhenChangedUTC                          : 26.03.2012 09:15:24
WhenCreatedUTC                          : 26.03.2012 08:53:06
OrganizationId                          :
OriginatingServer                       :
IsValid                                 : True

Author Comment

ID: 37765977
I've also now created an internal receive connector with the local subnet and with exchange users.

Should also mention:

the local domain name is the same as the official (wasn't med setting it up...;-)

When trying to create a new RGC, get follwoing error:

Active Directory operation failed on xx.xx.xx. This error is not retriable. Additional information: The name reference is invalid.
This may be caused by replication latency between Active Directory domain controllers.
Active directory response: 000020B5: AtrErr: DSID-03152395, #1:
    0: 000020B5: DSID-03152395, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 5e2530e2 (msExchTargetBridgeheadServers
    + CategoryInfo          : NotSpecified: (0:Int32) [New-RoutingGroupConnector], ADConstraintViolationException
    + FullyQualifiedErrorId : F13E6590,Microsoft.Exchange.Management.SystemConfigurationTasks.NewRoutingGroupConnector

Author Comment

ID: 37766063
BPA says nothing that I can see has anything with this issue

Expert Comment

by:Firmin Frederick
ID: 37766934
There seems to be a common thread in your logs and observations dude something not being found, "name reference is invalid", "Mail Submission service is currently unable to contact any Hub Transport".  I also spotted in the "get receive" output result that your smtp inbound connector was not bound to an IP address: Bindings: {} - or that it wasn't bound to 1 IP address (use any available).

If your server has more than 1 IP address it may be worth specifying which to use.

When you say the FQDN and the official are the same are you suggesting that the internal name ends with a .com or something?  Is DNS working OK on your domain?  I.E. roots hints, nslookup and ping -a all resolve local and external addresses to IP addresses?

Just some thoughts

Author Comment

ID: 37766958
Thanks, but this is such a complex case, (have just went through all dns settings), and can have multiple errorsources, so right now I'm trying a restore of the old 2003 server. Maybe a systemstate restore.

Will let you know how it goes...

Expert Comment

by:Firmin Frederick
ID: 37767004
No problem man, keep us posted and good luck

Accepted Solution

Sekodata earned 0 total points
ID: 37770277
Restore from backup on both the 2003 server and system state/AD saved the day. I think the 2003 server bought itself a permanent life in our environment....

Thanks for your effort guys!

/Sig(h)ning off....

Author Closing Comment

ID: 37790553
Not solved

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question