Buntyquest
asked on
Barcode emails are not been sent to user's mail box
Barcode emails are not been sent to user's mail box ?
Environment Exchange 2007 CCR ............
We found that the mails stuck in the queue of cleexhub1 server with the following error
“451 4.4.0 primary target IP address responded with : "235 000008xxxxxxx”
The internal mails destined for the sites NY, Academies, London and APAC are being stuck in cleexhub1 server. As checked the external mail flow is working. As checked the event log Event ID: 3, triggered on CLEEXHUB1. Computer: CLEEXHUB1.mydomain.org; Description: A Kerberos Error Message was received: on logon session mydomain.ORG\cleexhub1$
We have restarted the transport service and monitored the queues but still the queues are not decreased. As checked the server logon as shows DC as CLEDC1 and we have changed the logon DC as cle1360dc1
Environment Exchange 2007 CCR ............
We found that the mails stuck in the queue of cleexhub1 server with the following error
“451 4.4.0 primary target IP address responded with : "235 000008xxxxxxx”
The internal mails destined for the sites NY, Academies, London and APAC are being stuck in cleexhub1 server. As checked the external mail flow is working. As checked the event log Event ID: 3, triggered on CLEEXHUB1. Computer: CLEEXHUB1.mydomain.org; Description: A Kerberos Error Message was received: on logon session mydomain.ORG\cleexhub1$
We have restarted the transport service and monitored the queues but still the queues are not decreased. As checked the server logon as shows DC as CLEDC1 and we have changed the logon DC as cle1360dc1
ASKER
This is existing setup , its working previously fine .But issue came , last time we did some work around , but again issue came
Last Time Work around:
1. Mail flow was not working on Server CLEEXHUB1, Mails were queuing for remote hub server with error “235 long guid”, where long guid was authentication information.
2. Directory Service Team was involved to fix the Replication, Duplicate SPN, Time Sync and Kerberos Error
3. Gave Computer Account "CLEEXHUB1" full control on the Server object "ACADEXHUB1" and "ACADEXHUB2" through Adsiedit.msc
4. Checked the Local Security Policy -> User Right Assignment:
¿ Under Access this computer from the Network we have : Administrators and Authenticated Users.
¿ Under Manage Auditing and Security log we have : Administrators
5. Uninstalled the hotfix from the Server "CLEEXHUB1 KB968389 and rebooted the server. However issue still persisted.
6. Confirmed the time sync on the hub server and domain controllers in the site and remote site. There was no time difference found.
7. Ran transport service with Local system account instead of network service account and mail flow started working successfully.
8. Reset the computer account for hub server and disjoined and rejoined server to the domain.
9. It look nearly 30 minutes for mail flow to work and afterwards it worked successfully with “Network Service” account.
10. Monitored mail flow for 24 hours and it is working fine.
Last Time Work around:
1. Mail flow was not working on Server CLEEXHUB1, Mails were queuing for remote hub server with error “235 long guid”, where long guid was authentication information.
2. Directory Service Team was involved to fix the Replication, Duplicate SPN, Time Sync and Kerberos Error
3. Gave Computer Account "CLEEXHUB1" full control on the Server object "ACADEXHUB1" and "ACADEXHUB2" through Adsiedit.msc
4. Checked the Local Security Policy -> User Right Assignment:
¿ Under Access this computer from the Network we have : Administrators and Authenticated Users.
¿ Under Manage Auditing and Security log we have : Administrators
5. Uninstalled the hotfix from the Server "CLEEXHUB1 KB968389 and rebooted the server. However issue still persisted.
6. Confirmed the time sync on the hub server and domain controllers in the site and remote site. There was no time difference found.
7. Ran transport service with Local system account instead of network service account and mail flow started working successfully.
8. Reset the computer account for hub server and disjoined and rejoined server to the domain.
9. It look nearly 30 minutes for mail flow to work and afterwards it worked successfully with “Network Service” account.
10. Monitored mail flow for 24 hours and it is working fine.
ASKER
Exchange Server Error Message on queue : 451 4.4.0 Primary target IP address responded with: "454 4.7.0 Temporary authentication failure." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
KB Article : http://support.microsoft.com/kb/979174
While troubleshooting the issue we have found the Cleveland hub transport server computer account is disabling automatically except Cleveland DC all other sites the account is disabled state and last night we had enabled it from other sites and it got disabled again today. This might be reason the mails are not able to deliver to across the sites on same exchange org.
Cleveland computer account getting disabled automatically all the AD sites except Cleveland site, we had tried to enabled the account after couple of hours the account getting disabled automatically. Please check on the Active Directory why the account is getting disabled all the sites.
Resolution :
Rebooting the Directory Service Servers on Cleveland Site, The Cleveland Server able to establish the connection with Other Site HUB Server to deliver the internal email.
.
.
.
..
this is the 2nd time we r facing the issue ..........why it happening ..........is the error belongs to Exchange application or AD wide.......
KB Article : http://support.microsoft.com/kb/979174
While troubleshooting the issue we have found the Cleveland hub transport server computer account is disabling automatically except Cleveland DC all other sites the account is disabled state and last night we had enabled it from other sites and it got disabled again today. This might be reason the mails are not able to deliver to across the sites on same exchange org.
Cleveland computer account getting disabled automatically all the AD sites except Cleveland site, we had tried to enabled the account after couple of hours the account getting disabled automatically. Please check on the Active Directory why the account is getting disabled all the sites.
Resolution :
Rebooting the Directory Service Servers on Cleveland Site, The Cleveland Server able to establish the connection with Other Site HUB Server to deliver the internal email.
.
.
.
..
this is the 2nd time we r facing the issue ..........why it happening ..........is the error belongs to Exchange application or AD wide.......
Hrm is the account actually getting disabled, or locked out?
ASKER
Account get locked automatically .
I it possible that anyone may have this account added to a mobile device in order to monitor the mail activity off site?
COuld it be possible that the account setup for such a user has not had its password updated and is in turn locking out the account?
COuld it be possible that the account setup for such a user has not had its password updated and is in turn locking out the account?
ASKER
computer account getting disabled automatically all the AD sites except Cleveland site, we had tried to enabled the account after couple of hours the account getting disabled automatically. Please check on the Active Directory why the account is getting disabled all the sites.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for Buntyquest's comment #a38905278
for the following reason:
After rebooting of the server its working fine, but MS also not able to find the resolution
Accepted answer: 0 points for Buntyquest's comment #a38905278
for the following reason:
After rebooting of the server its working fine, but MS also not able to find the resolution
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
If Existing Setup was this working previously?