Solved

Mail Flow Issue w/ Edge Transport

Posted on 2012-03-26
20
2,212 Views
Last Modified: 2012-04-24
I'm currently trying to introduce the Edge Transport server into our Exchange environment. I've managed to sync the Edge server and can also telnet to the Edge, but I'm getting a #550 5.7.1 Unable to relay ##.  I was able to send/receive email before the Edge was introduced.

The Edge synchronization was also successful.

I currently have a receive connector configured on the Edge called 'Default internal receive connector EDGE'.  The status is enabled with the following settings:
-Transport Layer Security (TLS) is checked
-Enable Domain Security (Mutual Auth TLS)
-Exchange Server authentication is checked.

Any thoughts as to what could be causing the #550 5.7.1 Unable to relay error message?
0
Comment
Question by:sheld0r
  • 12
  • 5
  • 3
20 Comments
 
LVL 15

Expert Comment

by:GreatVargas
Comment Utility
Can you telnet on port 25 from the edge to the hub? also try the telnet with the fqdn specified on the default receive connector created to the edge.
0
 

Author Comment

by:sheld0r
Comment Utility
I'm unable to telnet on port 25 from the edge to the hub, but I can telnet with the fqdn of the default receive connector of the edge.
0
 
LVL 15

Expert Comment

by:GreatVargas
Comment Utility
For mail to come into the organization port 25 should be open between the edge and the hub. try to understand if that's because of a firewall rule between the two servers.
0
 

Author Comment

by:sheld0r
Comment Utility
I totally agree.  I reconfigured the ACL and I'm now able to telnet from edge to hub.  I sent another test email, but I'm still getting the 550 5.7.1 unable to relay error.
0
 
LVL 15

Expert Comment

by:GreatVargas
Comment Utility
the test e-mail was sent from the Internet? Run BPA on the Edge and on the HUB. Also look at the edge queue and see if you have queues on retry with the hub server name (mail to be delivered internally)
0
 

Author Comment

by:sheld0r
Comment Utility
That's correct, it was sent from the Internet.  Everything checks out on the HUB with BPA, but I'm not able to run BPA on the EDGE because it doesn't have access to AD.

I also see nothing in the Edge queue.

This is pretty frustrating, as everything looks right and should check out.
0
 

Author Comment

by:sheld0r
Comment Utility
Here is the bounce back I'm receiving when I try to send to the Edge from a different email account.

EDGE.company.local rejected your message to the following e-mail addresses:

'Jim Evans' (jim.evans@companyinc.com) <mailto:jim.evans@companyinc.com>


EDGE.company.local gave this error:
Unable to relay


Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.

Diagnostic information for administrators:

Generating server: EXCHSRV2010.OTHER_company.local

jim.evans@companyinc.com
EDGE.company.local #550 5.7.1 Unable to relay ##

Original message headers:

Received: from EXCHSRV2010.OTHER_company.local ([fe80::e5b6:a1be:6e98:802e]) by
 EXCHSRV2010.OTHER_company.local ([fe80::e5b6:a1be:6e98:802e%10]) with mapi id
 14.01.0339.001; Tue, 27 Mar 2012 14:22:32 -0700
From: Dan Ruben<dan@OTHER_companyinc.com>
To: 'Jim Evans' <jim.evans@companyinc.com>
Subject: RE: test4
Thread-Topic: test4
Thread-Index: Ac0MX7VwxHOyk6U5Q9W4OXu+lsOhNAAAAm5A
Date: Tue, 27 Mar 2012 21:22:32 +0000
Message-ID: <FDA5E1415031054C99EE0DBEF7AEBF6B172AA0CF@EXCHSRV2010.OTHER_company.local>
References: <CA06FF9F58044B4EB49232D4D13FD3DE043F7F8C@CyberExchTEST.company.local>
In-Reply-To: <CA06FF9F58044B4EB49232D4D13FD3DE043F7F8C@CyberExchTEST.company.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.96]
Content-Type: multipart/alternative;
      boundary="_000_FDA5E1415031054C99EE0DBEF7AEBF6B172AA0CFEXCHSRV2010OTHER_company_"
MIME-Version: 1.0
0
 
LVL 3

Expert Comment

by:Padamdeep
Comment Utility
Verify the accepted domain on Edge Transport Server.

Do you see the SMTP Address Domain of Recipient listed over there or not?

In above NDR, you need to check if you have "companyinc.com" listed in Accepted Domain of Edge Server or not.

Reply back if it's there and I'll tell you what to do next.

~ Singh
0
 

Author Comment

by:sheld0r
Comment Utility
I have company.local as an accepted domain, which is authoritative and default.  That's all I have under Accepted Domains.

As for the SMTP Address Domain of Recipient listed, I'm not sure.  Where exactly do I need to look?

I do not have companyinc.com listed in the Accepted Domain of the Edge.  If I add it, which one should it be? ...Authoritative Domain, Internal Domain, External Domain?  I've actually tried all three and now I don't get a bounce back, but the mail is never received on the other end since that change.
0
 
LVL 3

Expert Comment

by:Padamdeep
Comment Utility
That's the reason you are getting ndr. You need to add the accepted domain on hub and sync it with edge.
Make it Authoritative if you are not doing SMTP name space sharing.
If you are not getting ndr after adding it but message still not delivering then there is email flow issue b/w edge and hub.

- Singh
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:sheld0r
Comment Utility
I added the accepted domain to the hub and synced with the edge.  I'm no longer getting the #550 5.7.1 unable to relay message.  

The email still won't send, but at least we are making progress.

I just did a telnet test and I get the following error now: 451 4.7.0 Timeout waiting for client input.

So to test communication between edge and hub, what do you recommend?
0
 

Author Comment

by:sheld0r
Comment Utility
I forgot to mention I can still send email to the outside.
0
 

Author Comment

by:sheld0r
Comment Utility
So after sending quite a few test messages this morning, I'm finally getting NDR's.  New error message

#5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop
0
 
LVL 3

Expert Comment

by:Padamdeep
Comment Utility
Ok.. You are making progress now.

Messages are being accepted but getting into loop and eventually exceeding the maximum hops.

You are getting message loop which means there is something messed up in configuration. It could be user configuration or Exchange configuration.

identify One message for which you got the NDR "Hop Count Exceeded"

Track it down using Message Tracking and check what hops it is switching between.

Look at the user properties and see if there is any forwarder set.

Who has generated this NDR? There must be a Server Name in NDR details.

~ Singh
0
 

Author Comment

by:sheld0r
Comment Utility
Morning Singh,

Here is one of the NDR's I received

Diagnostic information for administrators:

Generating server: companyinc.com

jim.evans@companyinc.com
EDGE.companyinc.com #<EDGE.companyinc.com #5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop> #SMTP#

Original message headers:

Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 17:42:11 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 17:27:10 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 17:12:07 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:57:04 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:42:03 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:27:00 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:11:57 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:56:53 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:56:18 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:55:45 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:55:15 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:54:41 -0700
Received: from othercompany.domain.local (12.x.x.x) by
 edge.companyinc.com (192.168.7.70) with Microsoft SMTP Server id
 14.1.355.2; Wed, 28 Mar 2012 15:54:41 -0700
Received: from othercompany.domain.local ([fe80::e5b6:a1be:6e98:802e]) by
 othercompany.domain.local ([fe80::e5b6:a1be:6e98:802e%10]) with mapi id
 14.01.0339.001; Wed, 28 Mar 2012 15:54:32 -0700
From: tom.jones@othercompany.com
To: 'Jim Evans' <jim.evans@companyinc.com>
Subject: RE: test
Thread-Topic: test
Thread-Index: Ac0NLK3SHFgDg7j7S7WzJP7i2gwU2AACROzg
Date: Wed, 28 Mar 2012 22:54:32 +0000
Message-ID: <FDA5E1415031054C99EE0DBEF7AEBF6B172AAB0E@othercompany.domain.local>
References: <CA06FF9F58044B4EB49232D4D13FD3DE0440CF3B@CyberExchTEST.company.local>
In-Reply-To: <CA06FF9F58044B4EB49232D4D13FD3DE0440CF3B@CyberExchTEST.company.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.96]
Content-Type: multipart/alternative;
      boundary="_000_FDA5E1415031054C99EE0DBEF7AEBF6B172AAB0EEXCHSRV2010"
MIME-Version: 1.0
Return-Path: tom.jones@othercompany.com
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)

I'll need to export the message tracking logs and clean them up.  I'm having some trouble getting the format correct to make them easy to read.

As for the user properties, I don't see any forwarder set.

I believe the NDR is being generated by the companyinc Hub server.
0
 
LVL 3

Expert Comment

by:Padamdeep
Comment Utility
Message is looping within Edge Server.

Check the Inbound Send Connector On Edge Server which delivers the messages from Edge to Hub.

It looks like you have wrong IP address OR FQDN mentioned over there which is resolving to other IP address of Edge Server.

Put the IP address of Hub Transport Server over there and it should be fixed.

~ Singh
0
 

Author Comment

by:sheld0r
Comment Utility
Here is what I have Singh

EdgeSync - Inbound to Default-First-Site-Name
General
Specify the FQDN this connector will provide in response to HELO or EHLO: this is currently blank.
Address Space
Type: SMTP, Address: IP of Hub, Cost: 1
Network
Use domain name (dns) MX records to route mail automatically - is selected
Enable Domain Security (Mutual Auth TLS) - is selected
Source Server
Name: EDGE, site: company.local/Configuration/Sites/Default-First-Site-Name, Role: Edge Transport
0
 
LVL 3

Accepted Solution

by:
Padamdeep earned 500 total points
Comment Utility
That's a wrong Configuration. If you have Edge Subscription between Hub and Edge then do the following on "EdgeSync - Inbound to Default-First-Site-Name" on Hub Server and Sync it with Edge.

General  Tab - This  looks okay

Address Space: Change the Address Space to "--" without quotes.

Network: Don't use DNS, put IP address of Hub Transport Server

Source Server - It looks okay.

~ Singh
0
 

Author Comment

by:sheld0r
Comment Utility
Morning Singh,

I actually tried the configuration you have above, minus the "--" for the address space.  That did it!! It's working now!
Thank you very much for time and patience and for sticking through it with me.
0
 

Author Closing Comment

by:sheld0r
Comment Utility
Singh is awesome.  He sticks with you through the entire thread and doesn't leave you out to dry like many users do on the forums.  Singh definitely knows his Exchange 2010 stuff!!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Resolve DNS query failed errors for Exchange
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
This video discusses moving either the default database or any database to a new volume.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now