Exchange Mailflow
Hi,
I have a mailflow-issue that is giving me trouble.
We have an SBS2008 which we are trying to migrate to Exchange 2010 running on Windows 2008 R2. The new machine is set up, I migrated one test-user over.
Mail flows from 2010 to 2007, but not the other way.
I've had this often with 2003 <-> 2010, but never in this constellation.
All receive connectors have Exchange Server authentication active. Additional send connectors have been removed. All looks well.
Mail is stuck in the queue of 2007 with the error message "451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDo
Both receiving and sending user are in the same mail domain. Their addresses are correct. It works the other way.
The "next hop domain" in queue sais "hub version 14" - something I have never seen.
What is wrong?
Thanks,
Ralph
I have a mailflow-issue that is giving me trouble.
We have an SBS2008 which we are trying to migrate to Exchange 2010 running on Windows 2008 R2. The new machine is set up, I migrated one test-user over.
Mail flows from 2010 to 2007, but not the other way.
I've had this often with 2003 <-> 2010, but never in this constellation.
All receive connectors have Exchange Server authentication active. Additional send connectors have been removed. All looks well.
Mail is stuck in the queue of 2007 with the error message "451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDo
Both receiving and sending user are in the same mail domain. Their addresses are correct. It works the other way.
The "next hop domain" in queue sais "hub version 14" - something I have never seen.
What is wrong?
Thanks,
Ralph
Last Comment
Frank McCourry
Check the DNS Settings on the 2010 server. Make sure it can ping the 2007 server by name. The check your forward lookup zone and verify that there is an entry for both servers.
ASKER
Thanks for your answer. I verified that. Ping, telnet on port 25 and DNS resolving works both ways.
Hi,
First of all you need to verify from both the end.
As you said port 25 is opened and DNS is working well fine.
Make sure that port 25 should be open on both the server which is Exchange 2007 to 2010.
Please check it out whether you can able to send email by using telnet from Exchange 2007 to 2010.
Thank You!
First of all you need to verify from both the end.
As you said port 25 is opened and DNS is working well fine.
Make sure that port 25 should be open on both the server which is Exchange 2007 to 2010.
Please check it out whether you can able to send email by using telnet from Exchange 2007 to 2010.
Thank You!
ASKER
Thanks for your suggestion. I just verified: The behaviour is identical when using Telnet. Both hosts can reach each other. Mail is accepted in all cases. It is correctly delivered locally, and it is also relayed correctly from the new Server (2010) to the old server (2007).
Mail that is to be relayed from 2007 to 2010 ends up in the queue.
Any other ideas? This looks like it is something really stupid, but DNS looks ultra-clean.
Mail that is to be relayed from 2007 to 2010 ends up in the queue.
Any other ideas? This looks like it is something really stupid, but DNS looks ultra-clean.
Is your 2007 Server trying to do reverse lookups? If so is there a proper PTR record for the domain?
ASKER
It should not need to do reverse lookups. But the hostname of the new 2010-server resolves fine forward and backwards.
But I am just seeing something new: A Transport certificate seems to be expired. There are five certificates active in Exchange 2007. None of them are "real" as in bought. They are alle self-made. Can that be the issue?
I am seeing Event-ID 12015
But I am just seeing something new: A Transport certificate seems to be expired. There are five certificates active in Exchange 2007. None of them are "real" as in bought. They are alle self-made. Can that be the issue?
I am seeing Event-ID 12015
ASKER
Certificate does not seem to be the issue. Made a new one - same thing.
What were you saying about a PTR for the domain? There are of course PTRs for both mail servers. But do I need one for the domain?
What were you saying about a PTR for the domain? There are of course PTRs for both mail servers. But do I need one for the domain?
I mention this because you can set email to be rejected if reverse DNS test does not pass.
Now that I think of it, if you messages are sitting in the inbound queue, then it is not a DNS problem at all, rather a problem with your connector on the 2007 Server. Can the 2007 server send email to itself? Can it receive from sources other than your 2010 server?
I don't believe certificates would be the issue, because these are exchanged and validated between the servers before any mail is passed. The fact that the email makes it to the incoming Queue is evidence that certificates are not the problem.
Your problem lies on the 2007 Server getting messages from the inbound queue to the mailbox. It is not a transport problem between servers. Again, evidenced by the fact that messages are in the inbound queue.
Now that I think of it, if you messages are sitting in the inbound queue, then it is not a DNS problem at all, rather a problem with your connector on the 2007 Server. Can the 2007 server send email to itself? Can it receive from sources other than your 2010 server?
I don't believe certificates would be the issue, because these are exchanged and validated between the servers before any mail is passed. The fact that the email makes it to the incoming Queue is evidence that certificates are not the problem.
Your problem lies on the 2007 Server getting messages from the inbound queue to the mailbox. It is not a transport problem between servers. Again, evidenced by the fact that messages are in the inbound queue.
ASKER
My messages are stuck in the OUTbound queue.
The Server 2007 can mail to itself, it can mail out and it receives mail from outside. It is in full operation serving about 110 mailboxes.
The new 2010 Server is housing only one test-mailbox. This testbox can send out just fine. It can send to all useres of the old Server. My ONLY issue is that I cannot send from 2007 to 2010. It gets stuck in the outbound queue of the old server.
The Server 2007 can mail to itself, it can mail out and it receives mail from outside. It is in full operation serving about 110 mailboxes.
The new 2010 Server is housing only one test-mailbox. This testbox can send out just fine. It can send to all useres of the old Server. My ONLY issue is that I cannot send from 2007 to 2010. It gets stuck in the outbound queue of the old server.
ASKER
One more thing:
Turned the send connectors log level to verbose.
Mail to the other server does not appear in the log at all. Also no DNS lookup errors, no attempt. Is that by design? Does the send connector only log mail that goes out to the smarthost? Or is that my issue?
Turned the send connectors log level to verbose.
Mail to the other server does not appear in the log at all. Also no DNS lookup errors, no attempt. Is that by design? Does the send connector only log mail that goes out to the smarthost? Or is that my issue?
ASKER
I now created an additional internal send connector for "myexternalmaildomain.com"
Still: all mail within the users of the old server is fine, mail to the new server ends up in the same queue, the send connector is not logging anything.
This must be something BEFORE the mail even hits the send connector.
Still: all mail within the users of the old server is fine, mail to the new server ends up in the same queue, the send connector is not logging anything.
This must be something BEFORE the mail even hits the send connector.
Try this on your 201o receive connector.
Set-ReceiveConnector -Identity "Default <ServerName>" -PermissionGroups AnonymousUsers"
Set-ReceiveConnector -Identity "Default <ServerName>" -PermissionGroups AnonymousUsers"
Sorry about the confusion, I had assumed that the problem was reverse, as this is usually the case.
ASKER
Anonymous already is permitted on the 2010 receive connector.
I really do begin to believe it has something to do with AD or DNS. AD does not have an MX record. I double checked with other clients, and they do not either. Could this be an issue here? nslookup -q=mx internaldomain.local only submits this:
Server: oldserver.localdomain.loca
Address: 192.168.242.11
localdomain.local
primary name server = oldserver.localdomain.loca
responsible mail addr = hostmaster.localdomain.loc
serial = 763
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
I really do begin to believe it has something to do with AD or DNS. AD does not have an MX record. I double checked with other clients, and they do not either. Could this be an issue here? nslookup -q=mx internaldomain.local only submits this:
Server: oldserver.localdomain.loca
Address: 192.168.242.11
localdomain.local
primary name server = oldserver.localdomain.loca
responsible mail addr = hostmaster.localdomain.loc
serial = 763
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
ASKER
Okay - this is awkward to explain, but I think I might be one step further.
The customer is using - badly advised - the name mail.externalmaildomain.co
In order to be able to sync their smartphones, they are using mail.externalmaildomain.co
If you ask DNS for an MX, you get the answer from the external provider that hosts the domain. He has MX pointing to mail.externalmaildomain.co
This is my question:
If I send mail to a user within my own Exchange organisation but outside my own mailbox server, does that trigger a DNS-lookup for the MX of the recipient's mail domain (which is identical to my own)? If that was the case, this could cause trouble...
The other way it works of course - the entry would truly point to the destination.
Thanks,
Ralph
The customer is using - badly advised - the name mail.externalmaildomain.co
In order to be able to sync their smartphones, they are using mail.externalmaildomain.co
If you ask DNS for an MX, you get the answer from the external provider that hosts the domain. He has MX pointing to mail.externalmaildomain.co
This is my question:
If I send mail to a user within my own Exchange organisation but outside my own mailbox server, does that trigger a DNS-lookup for the MX of the recipient's mail domain (which is identical to my own)? If that was the case, this could cause trouble...
The other way it works of course - the entry would truly point to the destination.
Thanks,
Ralph
ASKER
Does not seem to be the issue. If I turn the configuration around, it still works for one and still does not work for the other.
ASKER
If I do a
test-mailflow -targetmailboxserver newmailserver
in Exchange Power Shell on the Exchange Server 2007, I get
Test-Mailflow : There were no mailbox databases found on NEWMAILSERVER to proceed with the test. Verify that the user has sufficient privileges to read Exchange configuration infromation from Active Direcotry.
Line:1 Character:14
+ Test-Mailflow <<<< -targetmailboxserver newmailserver
+ CategoryInfo : PermissionDenied: (:) [Test-Mailflow], NoMdbForO
perationException
+ FullyQualifiedErrorId : F5E41355,Microsoft.Exchang
low
That can't be good news...
If I do it the other way around (from 2010 to 2007), it goes:
[PS] C:\Windows\system32>test-m
RunspaceId : 5578b1e1-7801-43dc-a818-03
TestMailflowResult : *ERROR*
MessageLatencyTime : 00:00:00
IsRemoteTest : True
Identity :
IsValid : True
That goes to show... what exactly?
test-mailflow -targetmailboxserver newmailserver
in Exchange Power Shell on the Exchange Server 2007, I get
Test-Mailflow : There were no mailbox databases found on NEWMAILSERVER to proceed with the test. Verify that the user has sufficient privileges to read Exchange configuration infromation from Active Direcotry.
Line:1 Character:14
+ Test-Mailflow <<<< -targetmailboxserver newmailserver
+ CategoryInfo : PermissionDenied: (:) [Test-Mailflow], NoMdbForO
perationException
+ FullyQualifiedErrorId : F5E41355,Microsoft.Exchang
low
That can't be good news...
If I do it the other way around (from 2010 to 2007), it goes:
[PS] C:\Windows\system32>test-m
RunspaceId : 5578b1e1-7801-43dc-a818-03
TestMailflowResult : *ERROR*
MessageLatencyTime : 00:00:00
IsRemoteTest : True
Identity :
IsValid : True
That goes to show... what exactly?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
No solution found. Abandoned the task.
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
