Mail Flow Issue w/ Edge Transport

I'm currently trying to introduce the Edge Transport server into our Exchange environment. I've managed to sync the Edge server and can also telnet to the Edge, but I'm getting a #550 5.7.1 Unable to relay ##.  I was able to send/receive email before the Edge was introduced.

The Edge synchronization was also successful.

I currently have a receive connector configured on the Edge called 'Default internal receive connector EDGE'.  The status is enabled with the following settings:
-Transport Layer Security (TLS) is checked
-Enable Domain Security (Mutual Auth TLS)
-Exchange Server authentication is checked.

Any thoughts as to what could be causing the #550 5.7.1 Unable to relay error message?
sheld0rAsked:
Who is Participating?
 
PadamdeepConnect With a Mentor Commented:
That's a wrong Configuration. If you have Edge Subscription between Hub and Edge then do the following on "EdgeSync - Inbound to Default-First-Site-Name" on Hub Server and Sync it with Edge.

General  Tab - This  looks okay

Address Space: Change the Address Space to "--" without quotes.

Network: Don't use DNS, put IP address of Hub Transport Server

Source Server - It looks okay.

~ Singh
0
 
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
Can you telnet on port 25 from the edge to the hub? also try the telnet with the fqdn specified on the default receive connector created to the edge.
0
 
sheld0rAuthor Commented:
I'm unable to telnet on port 25 from the edge to the hub, but I can telnet with the fqdn of the default receive connector of the edge.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
For mail to come into the organization port 25 should be open between the edge and the hub. try to understand if that's because of a firewall rule between the two servers.
0
 
sheld0rAuthor Commented:
I totally agree.  I reconfigured the ACL and I'm now able to telnet from edge to hub.  I sent another test email, but I'm still getting the 550 5.7.1 unable to relay error.
0
 
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
the test e-mail was sent from the Internet? Run BPA on the Edge and on the HUB. Also look at the edge queue and see if you have queues on retry with the hub server name (mail to be delivered internally)
0
 
sheld0rAuthor Commented:
That's correct, it was sent from the Internet.  Everything checks out on the HUB with BPA, but I'm not able to run BPA on the EDGE because it doesn't have access to AD.

I also see nothing in the Edge queue.

This is pretty frustrating, as everything looks right and should check out.
0
 
sheld0rAuthor Commented:
Here is the bounce back I'm receiving when I try to send to the Edge from a different email account.

EDGE.company.local rejected your message to the following e-mail addresses:

'Jim Evans' (jim.evans@companyinc.com) <mailto:jim.evans@companyinc.com>


EDGE.company.local gave this error:
Unable to relay


Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.

Diagnostic information for administrators:

Generating server: EXCHSRV2010.OTHER_company.local

jim.evans@companyinc.com
EDGE.company.local #550 5.7.1 Unable to relay ##

Original message headers:

Received: from EXCHSRV2010.OTHER_company.local ([fe80::e5b6:a1be:6e98:802e]) by
 EXCHSRV2010.OTHER_company.local ([fe80::e5b6:a1be:6e98:802e%10]) with mapi id
 14.01.0339.001; Tue, 27 Mar 2012 14:22:32 -0700
From: Dan Ruben<dan@OTHER_companyinc.com>
To: 'Jim Evans' <jim.evans@companyinc.com>
Subject: RE: test4
Thread-Topic: test4
Thread-Index: Ac0MX7VwxHOyk6U5Q9W4OXu+lsOhNAAAAm5A
Date: Tue, 27 Mar 2012 21:22:32 +0000
Message-ID: <FDA5E1415031054C99EE0DBEF7AEBF6B172AA0CF@EXCHSRV2010.OTHER_company.local>
References: <CA06FF9F58044B4EB49232D4D13FD3DE043F7F8C@CyberExchTEST.company.local>
In-Reply-To: <CA06FF9F58044B4EB49232D4D13FD3DE043F7F8C@CyberExchTEST.company.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.96]
Content-Type: multipart/alternative;
      boundary="_000_FDA5E1415031054C99EE0DBEF7AEBF6B172AA0CFEXCHSRV2010OTHER_company_"
MIME-Version: 1.0
0
 
PadamdeepCommented:
Verify the accepted domain on Edge Transport Server.

Do you see the SMTP Address Domain of Recipient listed over there or not?

In above NDR, you need to check if you have "companyinc.com" listed in Accepted Domain of Edge Server or not.

Reply back if it's there and I'll tell you what to do next.

~ Singh
0
 
sheld0rAuthor Commented:
I have company.local as an accepted domain, which is authoritative and default.  That's all I have under Accepted Domains.

As for the SMTP Address Domain of Recipient listed, I'm not sure.  Where exactly do I need to look?

I do not have companyinc.com listed in the Accepted Domain of the Edge.  If I add it, which one should it be? ...Authoritative Domain, Internal Domain, External Domain?  I've actually tried all three and now I don't get a bounce back, but the mail is never received on the other end since that change.
0
 
PadamdeepCommented:
That's the reason you are getting ndr. You need to add the accepted domain on hub and sync it with edge.
Make it Authoritative if you are not doing SMTP name space sharing.
If you are not getting ndr after adding it but message still not delivering then there is email flow issue b/w edge and hub.

- Singh
0
 
sheld0rAuthor Commented:
I added the accepted domain to the hub and synced with the edge.  I'm no longer getting the #550 5.7.1 unable to relay message.  

The email still won't send, but at least we are making progress.

I just did a telnet test and I get the following error now: 451 4.7.0 Timeout waiting for client input.

So to test communication between edge and hub, what do you recommend?
0
 
sheld0rAuthor Commented:
I forgot to mention I can still send email to the outside.
0
 
sheld0rAuthor Commented:
So after sending quite a few test messages this morning, I'm finally getting NDR's.  New error message

#5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop
0
 
PadamdeepCommented:
Ok.. You are making progress now.

Messages are being accepted but getting into loop and eventually exceeding the maximum hops.

You are getting message loop which means there is something messed up in configuration. It could be user configuration or Exchange configuration.

identify One message for which you got the NDR "Hop Count Exceeded"

Track it down using Message Tracking and check what hops it is switching between.

Look at the user properties and see if there is any forwarder set.

Who has generated this NDR? There must be a Server Name in NDR details.

~ Singh
0
 
sheld0rAuthor Commented:
Morning Singh,

Here is one of the NDR's I received

Diagnostic information for administrators:

Generating server: companyinc.com

jim.evans@companyinc.com
EDGE.companyinc.com #<EDGE.companyinc.com #5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop> #SMTP#

Original message headers:

Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 17:42:11 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 17:27:10 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 17:12:07 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:57:04 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:42:03 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:27:00 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:11:57 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:56:53 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:56:18 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:55:45 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:55:15 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:54:41 -0700
Received: from othercompany.domain.local (12.x.x.x) by
 edge.companyinc.com (192.168.7.70) with Microsoft SMTP Server id
 14.1.355.2; Wed, 28 Mar 2012 15:54:41 -0700
Received: from othercompany.domain.local ([fe80::e5b6:a1be:6e98:802e]) by
 othercompany.domain.local ([fe80::e5b6:a1be:6e98:802e%10]) with mapi id
 14.01.0339.001; Wed, 28 Mar 2012 15:54:32 -0700
From: tom.jones@othercompany.com
To: 'Jim Evans' <jim.evans@companyinc.com>
Subject: RE: test
Thread-Topic: test
Thread-Index: Ac0NLK3SHFgDg7j7S7WzJP7i2gwU2AACROzg
Date: Wed, 28 Mar 2012 22:54:32 +0000
Message-ID: <FDA5E1415031054C99EE0DBEF7AEBF6B172AAB0E@othercompany.domain.local>
References: <CA06FF9F58044B4EB49232D4D13FD3DE0440CF3B@CyberExchTEST.company.local>
In-Reply-To: <CA06FF9F58044B4EB49232D4D13FD3DE0440CF3B@CyberExchTEST.company.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.96]
Content-Type: multipart/alternative;
      boundary="_000_FDA5E1415031054C99EE0DBEF7AEBF6B172AAB0EEXCHSRV2010"
MIME-Version: 1.0
Return-Path: tom.jones@othercompany.com
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)

I'll need to export the message tracking logs and clean them up.  I'm having some trouble getting the format correct to make them easy to read.

As for the user properties, I don't see any forwarder set.

I believe the NDR is being generated by the companyinc Hub server.
0
 
PadamdeepCommented:
Message is looping within Edge Server.

Check the Inbound Send Connector On Edge Server which delivers the messages from Edge to Hub.

It looks like you have wrong IP address OR FQDN mentioned over there which is resolving to other IP address of Edge Server.

Put the IP address of Hub Transport Server over there and it should be fixed.

~ Singh
0
 
sheld0rAuthor Commented:
Here is what I have Singh

EdgeSync - Inbound to Default-First-Site-Name
General
Specify the FQDN this connector will provide in response to HELO or EHLO: this is currently blank.
Address Space
Type: SMTP, Address: IP of Hub, Cost: 1
Network
Use domain name (dns) MX records to route mail automatically - is selected
Enable Domain Security (Mutual Auth TLS) - is selected
Source Server
Name: EDGE, site: company.local/Configuration/Sites/Default-First-Site-Name, Role: Edge Transport
0
 
sheld0rAuthor Commented:
Morning Singh,

I actually tried the configuration you have above, minus the "--" for the address space.  That did it!! It's working now!
Thank you very much for time and patience and for sticking through it with me.
0
 
sheld0rAuthor Commented:
Singh is awesome.  He sticks with you through the entire thread and doesn't leave you out to dry like many users do on the forums.  Singh definitely knows his Exchange 2010 stuff!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.