Solved

Error SMTP 5.0.0 Exchange 2010 migration

Posted on 2012-03-26
29
900 Views
Last Modified: 2012-03-31
Hi, all mail to my domain just receives NDR 5.0.0 without any more detail. I have migrated to exchange 2010 from 2003, and it has worked fine until I tried to uninstall the old 2003 server. I have moved everything from the old server, but I believe that the OAB and Free/busy++ etc didn't replicate over.

I tried to uninstall, but it failed during, and now it is only partially installed... There are no routing group connectors anymore, wich I think is part of the problem. Try to create and get an AD-error "Name reference is invalid".

Little stuck here, and no incoming mail.....

Thanks
0
Comment
Question by:Sekodata
  • 14
  • 8
  • 7
29 Comments
 

Author Comment

by:Sekodata
Comment Utility
BTW it's transitioning, not migration
0
 
LVL 10

Expert Comment

by:JaredJ1
Comment Utility
First off, you need to change your external firewall so that it directs email to the new Exchange 2010 server. As the old server is no longer fully installed, it's no longer accepting mail and therefore mail is getting bounced.

Make sure that you configure a receive connector on Exchange 2010 to accept internet mail (Go to Server configuration, Client Access Server, then your server and you'll see receive connectors). Create a new receive connector that is configured for 'anonymous authentication' so that it will accept mail from anywhere.

As for the old server, it's difficult to say what needs to be done as it's unclear how much of the server has been uninstalled? Either Exchange is still installed or it's not?
0
 

Author Comment

by:Sekodata
Comment Utility
Thanks, done all that and tested ok.

I believe that the 2010 server tries to contact the 2003 server for something when new mail arrives, but not sure what....
0
 
LVL 10

Expert Comment

by:JaredJ1
Comment Utility
I'm not sure I understand, you say 'done all that and tested ok'.

If it tested ok, you should be receiving mail! Exchange 2010 will not try to communicate with any other Exchange servers when accepting mail. Providing that the mail that it is accepting is to a domain that is listed in the accepted domains list and the receive connector that is in use is configured to accept mail with anonymous authentication, you should be ok.

Are you sure the inbound connections from external are actually reaching your Exchange server? (you can check to see what response you get by testing from an external source. Using an external internet connection, telnet to the value of your MX record e.g. if your MX record is smtp.domain.com try running 'telnet smtp.domain.com 25'. If it times out, the connection isn't even making it past the firewall or the firewall is NATTING the connection to the old Ex2003 server and it's not listening on port 25 any longer).

Tell us more about your configuration, do you have a single firewall? do you have any mail scanning appliances that sit in the DMZ that could be performing message filtering first before then being routed to Exchange?
0
 
LVL 6

Expert Comment

by:SHIELD1
Comment Utility
Hi there - firstly please forgive me if my answer is rough and misses the mark wildly, I haven't had my coffee and I'm a bit rusty.  I am also making huge assumptions!

You transitioned from 2003 to 2010 - in 2003 Exchange relies on IIS and SMTP and that be tied in to the routing etc.  In 2010 esnding and receiving is done in two parts, hub transport server and backend mail - or in poorer situations like mine, hub transport is done on the same server as the mail.  As I have yet to work on a hub transport installation, my answer stems from the latter (and I ask someone with dedicated hub transport server exp. to jump in here).

Check 2008 server has smtp:25 allowed, usually during Exchange install it should set the right exceptions for you in the firewall rules.  Unless there was a problem.

Active directory "Sites and Services" - under inter-site transport, SMTP, is there an entry that points to your old server?

On your firewall(s) are you using open port or port redirection for SMTP and is it pointing to your new server?

Install hub transport and an smtp "internet" connector on new server - I believe this is done via the wizard at the time of installation of Exchange, if not, add one and ensure port 25 is available in the connector properties.

In Organisation Configuration, Hub Transport, specify "remote domains" allowed to send to your connector i.e. all (external).  Specify "accepted domains" (allowed domains) i.e. the domains for which you are responsible for receiving mail on including your internal domain if this isn't already listed - hub transports, accepted domains.

And then finally try the connectivity tester:

https://www.testexchangeconnectivity.com/


I hope this helps in some way...mmm coffee
0
 

Author Comment

by:Sekodata
Comment Utility
Sorry for the short answer.

This is what I meant: I've telnet'ed from the outside and the 2010 server answers. When I send mail through the telnet session everything is fine, and it is delivered for queue. Problem is that I just get a NDR with 5.0.0 back regardless of the user I send to.
0
 

Author Comment

by:Sekodata
Comment Utility
All roles on one server, firewall routes smtp directly to server, no DMZ.
0
 
LVL 10

Expert Comment

by:JaredJ1
Comment Utility
Ok, that is a strange one. Anything in the application event log on the Exchange server?

Apart from the 5.0.0 error code, what else is in the NDR?
0
 
LVL 6

Expert Comment

by:SHIELD1
Comment Utility
OOH mail flow settings come to mind - so the server determines that the sending domain and the recipient email all checks out, queues for delivery and then rejects it - either mail flow or 3rd party scanner.

I'd start with checking both internal and external email addresses are present for the clients (aliases etc) and check there are no restrictions like mailbox size, email delivery size, forwarders, etc. enabled, and again accepted or allowed domains configured to include both your internal server domain and your external domain are present.

Sorry I ramble
0
 
LVL 6

Expert Comment

by:SHIELD1
Comment Utility
JaredJ1 makes a good point - normally there is a little more info in NDR but you did say there was nothing.  ho gets the NDR internally e.g. admin@ or administrator@, can you check NDR delivery to them?  Or enable NDR delivery to such an account?
0
 
LVL 10

Expert Comment

by:JaredJ1
Comment Utility
I'm also assuming you've made a bunch of changes to the transport settings. Have you restarted the Exchange transport service? I've had that fix numerous strange and wacky issues before.
0
 
LVL 6

Expert Comment

by:SHIELD1
Comment Utility
Hey maybe I should restart my transport service as my spelling and writing is awful at the moment :(
0
 

Author Comment

by:Sekodata
Comment Utility
This is all in NDR: #< #5.0.0> #SMTP#

The rest in the mail is only headerinfo.

Application log: The transport service can't find route to mailbox database on "old server", and recipients won't be routed to this store
0
 
LVL 10

Expert Comment

by:JaredJ1
Comment Utility
Have all of the mailboxes from 2003 been migrated to 2010?
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:Sekodata
Comment Utility
Yes, all mailboxes are moved. There were a systemmailbox that didn't want to, but had to remove homeserver from the user in adsiedit (technet).

Restarted server and services numerous times
0
 

Author Comment

by:Sekodata
Comment Utility
This is interesting, just in from the applog:

The Microsoft Exchange Mail Submission service is currently unable to contact any Hub Transport servers in the local Active Directory site. The servers may be too busy to accept new connections at this time.
0
 
LVL 10

Expert Comment

by:JaredJ1
Comment Utility
That could be the Exchange server experiencing backpressure - lots of inbound SMTP connections are probably retrying to send mail.

Can you restart the server? I'd also try removing the routing group connectors (before the restart):

Get-RoutingGroupConnector | Remove-RoutingGroupConnector

Note: this command will remove all routing group connectors - it's unlikely you'll have more than the default ones that were created when you installed Exchange 2010. To be on the safe side, run 'get-routinggroupconnector |fl' and make note of all the details.

Also, on one of the recipient mailboxes that you've been testing with, run a Get-Mailbox username |fl and check that the database listed is actually the 2010 DB.
0
 

Author Comment

by:Sekodata
Comment Utility
Yes, it seemed like a performance issue, realized that one of the disks on the server just went bad and is rebuilding. This is the best day ever.

The RGC's were deleted yesterday, as I was trying to uninstall the old 2003 server. The mailboxes are on the 2010 server, ref get-mailbox
0
 
LVL 10

Expert Comment

by:JaredJ1
Comment Utility
Can you run the Best Practice Analyzer to see if anything is flagged? Seems like there is something incorrect in AD for that error to be logged in the event log ( The transport service can't find route to mailbox database on "old server", and recipients won't be routed to this store)

I would expect that to only be logged if mail was addressed to a mailbox that hadn't been moved - but you've stated that all mailboxes were moved (with exception of a system mailbox which is fine (and expected)).
0
 
LVL 6

Expert Comment

by:SHIELD1
Comment Utility
I'm intrigued, the server accepts a message based on destination client and gives it to mail submission, mail submission then reports that it then cannot find the return transport mechanism to deliver the mail internally.  It sounds like DNS but...

I had an issue once that led me to create an additional smtp connector in addition to the internet facing one because internal mail was not being delivered.

On this connector, much like the default on SMTP:25, I had to define an internal port number 587 and restrict it to internal "Exchange users" only.
0
 
LVL 10

Expert Comment

by:JaredJ1
Comment Utility
It is very odd isn't it?

Could you do a Get-SendConnector |fl
and a Get-ReceiveConnector |fl and post the results here?
0
 

Author Comment

by:Sekodata
Comment Utility
GET-SEND:
AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         : xxx.xxx.xxx
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : 2008EXCHANGE
Identity                     : Mail Ut
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : 100 MB (104,857,600 bytes)
Name                         : Mail Ut
Port                         : 25
ProtocolLoggingLevel         : None
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {2008EXCHANGE}
TlsAuthLevel                 :
TlsDomain                    :
UseExternalDNSServersEnabled : False


GET-RECEIVE:
RunspaceId                              : 77522c40-fa46-4a8d-ad78-6822f9b58c8c
AuthMechanism                           : Tls
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {0.0.0.0:25}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
BareLinefeedRejectionEnabled            : False
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    : xxx.xxx.xxx
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 60
MaxLocalHopCount                        : 12
MaxLogonFailures                        : 3
MaxMessageSize                          : 100 MB (104,857,600 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 200
PermissionGroups                        : AnonymousUsers
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : Verbose
RemoteIPRanges                          : {0.0.0.0-255.255.255.255}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : False
ExtendedProtectionPolicy                : None
LiveCredentialEnabled                   : False
TlsDomainCapabilities                   : {}
Server                                  : 2008EXCHANGE
SizeEnabled                             : Enabled
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : Internett
DistinguishedName                       : CN=Internett,CN=SMTP Receive Connectors,CN=Protocols,CN=2008EXCHANGE,CN=Serve
                                          rs,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Group
                                          s,CN=x,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=x,DC=no
Identity                                : 2008EXCHANGE\Internett
Guid                                    : f1c83520-f2ab-4084-8e93-7953af5279b4
ObjectCategory                          : myrdahl-sveen.no/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 26.03.2012 11:15:24
WhenCreated                             : 26.03.2012 10:53:06
WhenChangedUTC                          : 26.03.2012 09:15:24
WhenCreatedUTC                          : 26.03.2012 08:53:06
OrganizationId                          :
OriginatingServer                       : xxx.xxx.xxx
IsValid                                 : True
0
 

Author Comment

by:Sekodata
Comment Utility
I've also now created an internal receive connector with the local subnet and with exchange users.

Should also mention:

the local domain name is the same as the official (wasn't med setting it up...;-)

When trying to create a new RGC, get follwoing error:

Active Directory operation failed on xx.xx.xx. This error is not retriable. Additional information: The name reference is invalid.
This may be caused by replication latency between Active Directory domain controllers.
Active directory response: 000020B5: AtrErr: DSID-03152395, #1:
    0: 000020B5: DSID-03152395, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 5e2530e2 (msExchTargetBridgeheadServers
DN)
    + CategoryInfo          : NotSpecified: (0:Int32) [New-RoutingGroupConnector], ADConstraintViolationException
    + FullyQualifiedErrorId : F13E6590,Microsoft.Exchange.Management.SystemConfigurationTasks.NewRoutingGroupConnector
0
 

Author Comment

by:Sekodata
Comment Utility
BPA says nothing that I can see has anything with this issue
0
 
LVL 6

Expert Comment

by:SHIELD1
Comment Utility
There seems to be a common thread in your logs and observations dude something not being found, "name reference is invalid", "Mail Submission service is currently unable to contact any Hub Transport".  I also spotted in the "get receive" output result that your smtp inbound connector was not bound to an IP address: Bindings: {0.0.0.0:25} - or that it wasn't bound to 1 IP address (use any available).

If your server has more than 1 IP address it may be worth specifying which to use.

When you say the FQDN and the official are the same are you suggesting that the internal name ends with a .com or something?  Is DNS working OK on your domain?  I.E. roots hints, nslookup and ping -a all resolve local and external addresses to IP addresses?

Just some thoughts
0
 

Author Comment

by:Sekodata
Comment Utility
Thanks, but this is such a complex case, (have just went through all dns settings), and can have multiple errorsources, so right now I'm trying a restore of the old 2003 server. Maybe a systemstate restore.

Will let you know how it goes...
0
 
LVL 6

Expert Comment

by:SHIELD1
Comment Utility
No problem man, keep us posted and good luck
0
 

Accepted Solution

by:
Sekodata earned 0 total points
Comment Utility
Restore from backup on both the 2003 server and system state/AD saved the day. I think the 2003 server bought itself a permanent life in our environment....

Thanks for your effort guys!

/Sig(h)ning off....
0
 

Author Closing Comment

by:Sekodata
Comment Utility
Not solved
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now