Solved

New install Exchange 2013 CU2 - "4.7.0 Temporary server error. Please try again later. PRX5"

Posted on 2013-10-28
9
2,174 Views
Last Modified: 2013-10-29
I have a new build of Ex13 CU2 which I migrated over from Ex07. Single server for all roles. Periodically I see this message right after "354 Start mail input":

Message or connection acked with status Retry and response 441 4.4.1 Error encountered while communicating with primary target IP address: ""421 4.4.2 Connection dropped due to ConnectionAborted."" Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was x.x.x.x:2525"

I originally saw this when receiving mail from my pbx on my lan.  Sending log from pbx:

12240 >>> Content-Transfer-Encoding: 7bit
12240 >>> <rest of the data>
12240 >>> .
12232 <<< 250 2.6.0 <201310241234.r9OCYL6S012229@pbx.domain.com> [InternalId=1550483193875] Queued mail for delivery
12232 >>> QUIT
12232 <<< 221 2.0.0 Service closing transmission channel
12240 <<< 451 4.7.0 Temporary server error. Please try again later. PRX5
12240 >>> QUIT
12240 <<< 221 2.0.0 Service closing transmission channel

It looks like the mail data is accepted, but then what is the error about?  Now that I have been looking at the logs, I also see legitimate outside mail getting the same error.  I have looked at other e-e posts but can't find a solution to this.

The fact that it mentions endpoint using port 2525 makes me think it's related to the default HUB recv connector, but I'm not sure where to look to get to the next step.  Users have complained that mail takes longer at times - I suspect this is the reason, and it gets through on the next attempt.

Exchange gurus, any help here?
0
Comment
Question by:dvanaken
  • 6
  • 3
9 Comments
 
LVL 42

Expert Comment

by:Amit
ID: 39605607
Check  AV and  Firewall. Disable it and check again.
0
 

Author Comment

by:dvanaken
ID: 39606021
Firewall is off per GPO, Symantec Mail Security for Exchange is active, and needs to remain so (and has been used here for many years with Ex07).  Is there is specific reason why AV could be a factor?  Have not ever seen that mentioned before.
0
 
LVL 42

Accepted Solution

by:
Amit earned 500 total points
ID: 39606031
Symantec Mail Security for Exchange is this compatible with 2013? Can you check with vendor guide.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:dvanaken
ID: 39606534
Yes, beginning with version 7 it supports Ex 2013. We have the latest version installed.
0
 

Author Comment

by:dvanaken
ID: 39609850
Ok, for anybody else that runs into this, here is what is happening.  Amit was right - it was AV software related - sort of.  If you see this in your logs and it occurs just after a transaction ending with a 550 error, it may be Symantec Mail Security.  It turns out that if SMS AntiSpam is set to "reject spam", it calls a MSFT API to reject a message at the SMTP protocol level, sending the 550.  Due to some bug in the API, the very next message croaks with the above 441 message.  So this is a Symantec and/or MSFT problem.  The solution for me was to change SMS Antispam from "reject (spam) message" to "accept message", and then check... "but do not deliver".  This way the SMTP protocol is more normal but any message identified as spam is deleted.  There is also some confusion at Symantec about where the message is being scanned for spam.  I think it happens at the Transport level and not at the FrontEnd at all.  I could be wrong, but that seems to fit with the new 2013 architecture.  If anybody knows for sure I'd appreciate some confirmation.  Points to Amit for making me question Symantec a second time...
0
 

Author Closing Comment

by:dvanaken
ID: 39609852
Thanks!
0
 
LVL 42

Expert Comment

by:Amit
ID: 39609878
Thanks for the points and sharing the solution. As far as I know about 2013. We have 3 services related to hub. 2 resides on MBX role and one on CAS server. For more details:

http://blogs.technet.com/b/rischwen/archive/2013/03/13/exchange-2013-mail-flow-demystified-hopefully.aspx

Scanning part we need to check Symantec product guide.
0
 

Author Comment

by:dvanaken
ID: 39609890
Final note:  the errant API call is ReceiveMessageEventSource.RejectMessage in transport.smtp.  Maybe a few more RUs and we'll get this working correctly...
0
 

Author Comment

by:dvanaken
ID: 39609900
Amit - I actually studied that same technet post.  Unfortunately Symantec is not clear about where their product hooks in.  Their support is not up to speed on Ex2013.  I need to remember to wait a year...
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SBS 2011. One user has no X400 email address 4 33
Exchange 2013 certificate 8 39
Exchange 2007 3 35
ADFS: When usernames dont match with your Active Directory 26 32
Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Utilizing an array to gracefully append to a list of EmailAddresses
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question