We recently upgraded one of our clients from Exchange 2003 to Exchange 2010.
Exchange Server Info
Exchange version: 2010
Exchange Serice pack: SP3
Default Send Connector: TLS optional'
Email routing: Via DNS (smart host not used)
The majority of email sends without issue, but email to sporadic domains just sits in the queue retrying.
I found the out where the issue was occurring when I turned off optional TLS on the send connector. After restarting the Exchange Transport service, the mail queues emptied, but this is only a work around.
In the SMTPSend logs I can see TLS communication running successfully for the majority of domains, but for the trouble domains, I can see a successful initial connection to the remote SMTP host, and the exchange of certificates showing the correct host DNS entries, but then the data payload is empty and the connection retries.
I can also successfully connect to the remote SMTP servers via telnet on port 25, and send a test email to a recipient via EHLO.
Has anyone had TLS issues before after upgrading an Exchange 2003 server to Exchange 2010?