Solved

Mail Flow Issue w/ Edge Transport

Posted on 2012-03-26
20
2,234 Views
Last Modified: 2012-04-24
I'm currently trying to introduce the Edge Transport server into our Exchange environment. I've managed to sync the Edge server and can also telnet to the Edge, but I'm getting a #550 5.7.1 Unable to relay ##.  I was able to send/receive email before the Edge was introduced.

The Edge synchronization was also successful.

I currently have a receive connector configured on the Edge called 'Default internal receive connector EDGE'.  The status is enabled with the following settings:
-Transport Layer Security (TLS) is checked
-Enable Domain Security (Mutual Auth TLS)
-Exchange Server authentication is checked.

Any thoughts as to what could be causing the #550 5.7.1 Unable to relay error message?
0
Comment
Question by:sheld0r
  • 12
  • 5
  • 3
20 Comments
 
LVL 15

Expert Comment

by:GreatVargas
ID: 37770486
Can you telnet on port 25 from the edge to the hub? also try the telnet with the fqdn specified on the default receive connector created to the edge.
0
 

Author Comment

by:sheld0r
ID: 37770514
I'm unable to telnet on port 25 from the edge to the hub, but I can telnet with the fqdn of the default receive connector of the edge.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 37770540
For mail to come into the organization port 25 should be open between the edge and the hub. try to understand if that's because of a firewall rule between the two servers.
0
 

Author Comment

by:sheld0r
ID: 37770589
I totally agree.  I reconfigured the ACL and I'm now able to telnet from edge to hub.  I sent another test email, but I'm still getting the 550 5.7.1 unable to relay error.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 37770593
the test e-mail was sent from the Internet? Run BPA on the Edge and on the HUB. Also look at the edge queue and see if you have queues on retry with the hub server name (mail to be delivered internally)
0
 

Author Comment

by:sheld0r
ID: 37773854
That's correct, it was sent from the Internet.  Everything checks out on the HUB with BPA, but I'm not able to run BPA on the EDGE because it doesn't have access to AD.

I also see nothing in the Edge queue.

This is pretty frustrating, as everything looks right and should check out.
0
 

Author Comment

by:sheld0r
ID: 37773985
Here is the bounce back I'm receiving when I try to send to the Edge from a different email account.

EDGE.company.local rejected your message to the following e-mail addresses:

'Jim Evans' (jim.evans@companyinc.com) <mailto:jim.evans@companyinc.com>


EDGE.company.local gave this error:
Unable to relay


Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.

Diagnostic information for administrators:

Generating server: EXCHSRV2010.OTHER_company.local

jim.evans@companyinc.com
EDGE.company.local #550 5.7.1 Unable to relay ##

Original message headers:

Received: from EXCHSRV2010.OTHER_company.local ([fe80::e5b6:a1be:6e98:802e]) by
 EXCHSRV2010.OTHER_company.local ([fe80::e5b6:a1be:6e98:802e%10]) with mapi id
 14.01.0339.001; Tue, 27 Mar 2012 14:22:32 -0700
From: Dan Ruben<dan@OTHER_companyinc.com>
To: 'Jim Evans' <jim.evans@companyinc.com>
Subject: RE: test4
Thread-Topic: test4
Thread-Index: Ac0MX7VwxHOyk6U5Q9W4OXu+lsOhNAAAAm5A
Date: Tue, 27 Mar 2012 21:22:32 +0000
Message-ID: <FDA5E1415031054C99EE0DBEF7AEBF6B172AA0CF@EXCHSRV2010.OTHER_company.local>
References: <CA06FF9F58044B4EB49232D4D13FD3DE043F7F8C@CyberExchTEST.company.local>
In-Reply-To: <CA06FF9F58044B4EB49232D4D13FD3DE043F7F8C@CyberExchTEST.company.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.96]
Content-Type: multipart/alternative;
      boundary="_000_FDA5E1415031054C99EE0DBEF7AEBF6B172AA0CFEXCHSRV2010OTHER_company_"
MIME-Version: 1.0
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37775189
Verify the accepted domain on Edge Transport Server.

Do you see the SMTP Address Domain of Recipient listed over there or not?

In above NDR, you need to check if you have "companyinc.com" listed in Accepted Domain of Edge Server or not.

Reply back if it's there and I'll tell you what to do next.

~ Singh
0
 

Author Comment

by:sheld0r
ID: 37777483
I have company.local as an accepted domain, which is authoritative and default.  That's all I have under Accepted Domains.

As for the SMTP Address Domain of Recipient listed, I'm not sure.  Where exactly do I need to look?

I do not have companyinc.com listed in the Accepted Domain of the Edge.  If I add it, which one should it be? ...Authoritative Domain, Internal Domain, External Domain?  I've actually tried all three and now I don't get a bounce back, but the mail is never received on the other end since that change.
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37777957
That's the reason you are getting ndr. You need to add the accepted domain on hub and sync it with edge.
Make it Authoritative if you are not doing SMTP name space sharing.
If you are not getting ndr after adding it but message still not delivering then there is email flow issue b/w edge and hub.

- Singh
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:sheld0r
ID: 37778087
I added the accepted domain to the hub and synced with the edge.  I'm no longer getting the #550 5.7.1 unable to relay message.  

The email still won't send, but at least we are making progress.

I just did a telnet test and I get the following error now: 451 4.7.0 Timeout waiting for client input.

So to test communication between edge and hub, what do you recommend?
0
 

Author Comment

by:sheld0r
ID: 37778110
I forgot to mention I can still send email to the outside.
0
 

Author Comment

by:sheld0r
ID: 37778926
So after sending quite a few test messages this morning, I'm finally getting NDR's.  New error message

#5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37780121
Ok.. You are making progress now.

Messages are being accepted but getting into loop and eventually exceeding the maximum hops.

You are getting message loop which means there is something messed up in configuration. It could be user configuration or Exchange configuration.

identify One message for which you got the NDR "Hop Count Exceeded"

Track it down using Message Tracking and check what hops it is switching between.

Look at the user properties and see if there is any forwarder set.

Who has generated this NDR? There must be a Server Name in NDR details.

~ Singh
0
 

Author Comment

by:sheld0r
ID: 37783375
Morning Singh,

Here is one of the NDR's I received

Diagnostic information for administrators:

Generating server: companyinc.com

jim.evans@companyinc.com
EDGE.companyinc.com #<EDGE.companyinc.com #5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop> #SMTP#

Original message headers:

Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 17:42:11 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 17:27:10 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 17:12:07 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:57:04 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:42:03 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:27:00 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:11:57 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:56:53 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:56:18 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:55:45 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:55:15 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:54:41 -0700
Received: from othercompany.domain.local (12.x.x.x) by
 edge.companyinc.com (192.168.7.70) with Microsoft SMTP Server id
 14.1.355.2; Wed, 28 Mar 2012 15:54:41 -0700
Received: from othercompany.domain.local ([fe80::e5b6:a1be:6e98:802e]) by
 othercompany.domain.local ([fe80::e5b6:a1be:6e98:802e%10]) with mapi id
 14.01.0339.001; Wed, 28 Mar 2012 15:54:32 -0700
From: tom.jones@othercompany.com
To: 'Jim Evans' <jim.evans@companyinc.com>
Subject: RE: test
Thread-Topic: test
Thread-Index: Ac0NLK3SHFgDg7j7S7WzJP7i2gwU2AACROzg
Date: Wed, 28 Mar 2012 22:54:32 +0000
Message-ID: <FDA5E1415031054C99EE0DBEF7AEBF6B172AAB0E@othercompany.domain.local>
References: <CA06FF9F58044B4EB49232D4D13FD3DE0440CF3B@CyberExchTEST.company.local>
In-Reply-To: <CA06FF9F58044B4EB49232D4D13FD3DE0440CF3B@CyberExchTEST.company.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.96]
Content-Type: multipart/alternative;
      boundary="_000_FDA5E1415031054C99EE0DBEF7AEBF6B172AAB0EEXCHSRV2010"
MIME-Version: 1.0
Return-Path: tom.jones@othercompany.com
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)

I'll need to export the message tracking logs and clean them up.  I'm having some trouble getting the format correct to make them easy to read.

As for the user properties, I don't see any forwarder set.

I believe the NDR is being generated by the companyinc Hub server.
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37783458
Message is looping within Edge Server.

Check the Inbound Send Connector On Edge Server which delivers the messages from Edge to Hub.

It looks like you have wrong IP address OR FQDN mentioned over there which is resolving to other IP address of Edge Server.

Put the IP address of Hub Transport Server over there and it should be fixed.

~ Singh
0
 

Author Comment

by:sheld0r
ID: 37784069
Here is what I have Singh

EdgeSync - Inbound to Default-First-Site-Name
General
Specify the FQDN this connector will provide in response to HELO or EHLO: this is currently blank.
Address Space
Type: SMTP, Address: IP of Hub, Cost: 1
Network
Use domain name (dns) MX records to route mail automatically - is selected
Enable Domain Security (Mutual Auth TLS) - is selected
Source Server
Name: EDGE, site: company.local/Configuration/Sites/Default-First-Site-Name, Role: Edge Transport
0
 
LVL 3

Accepted Solution

by:
Padamdeep earned 500 total points
ID: 37785471
That's a wrong Configuration. If you have Edge Subscription between Hub and Edge then do the following on "EdgeSync - Inbound to Default-First-Site-Name" on Hub Server and Sync it with Edge.

General  Tab - This  looks okay

Address Space: Change the Address Space to "--" without quotes.

Network: Don't use DNS, put IP address of Hub Transport Server

Source Server - It looks okay.

~ Singh
0
 

Author Comment

by:sheld0r
ID: 37787828
Morning Singh,

I actually tried the configuration you have above, minus the "--" for the address space.  That did it!! It's working now!
Thank you very much for time and patience and for sticking through it with me.
0
 

Author Closing Comment

by:sheld0r
ID: 37787839
Singh is awesome.  He sticks with you through the entire thread and doesn't leave you out to dry like many users do on the forums.  Singh definitely knows his Exchange 2010 stuff!!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now