Email fails to specific domain with '421 4.2.1 Unable to connect'

Posted on 2013-11-14
Last Modified: 2013-11-19
We have a simple Exchange 2010 single server setup. Everything has been running fine for years. We have one domain that we are attempting to send an email to that fails. All other emails are flowing fine. The error in the queue is:

451 4.4.0 Primary target IP address responded with: '421 4.2.1 Unable to connect' Attempred failover to alternate host, but did not succeed. Either there are no alternate host, or delivery failed to alternate hosts.

The last successful message to this domain was about 8 weeks ago. I can do an nslookup on the MX records and see them there. I have done an backlist check on my domain and that is coming back fine.


Question by:GlennCameron
  • 5
  • 3
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39649846
The usual thing is to 'telnet' to their mailserver and see if it responds.  Or if there is a contact email address, you could try to send them an email thru Yahoo or Gmail to see if they're still there.

Author Comment

ID: 39649881
I cannot telnet to the mail server. I get 'Connecting to xxxx' then 'Connect failed'.
FYI the domain is a US state government department so they're still there :-)
Their IT is saying that's its an issue on our server.


Assisted Solution

lindento earned 100 total points
ID: 39649906

check that your DNS is resolving the MX records correctly, easy check for this is do an mx check.

If you try to telnet their listed mx on port 25 and can't reach it,
you need to rule out firewall on your end blocking access to their IP.
Also try telnetting to that mailserver from outside your company network(effectifly testing if firewalls are limiting you)

Best Regards

Author Comment

ID: 39649919
I have done the mx check and they appear to be correct. Was going to try the telnet from home tonight.

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.


Author Comment

ID: 39652198
I cannot telnet to the server either inside my corporate network or at home. Two completely different ISPs and of course no firewall at home.
LVL 83

Accepted Solution

Dave Baldwin earned 400 total points
ID: 39652331
Sounds to me like that server is not working or available anymore.  The fact that it is still listed in DNS does not mean that it is available.  You would have to find an alternate method of contacting them to find out what is happening.

Author Closing Comment

ID: 39661148
The destination company finally admitted that they were blocking the traffic.
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39661187
Interesting.  Did they say why?

Author Comment

ID: 39661195
Spam attack from somewhere in China so they have put a lot more restrictions in place. You would of thought that they could have told us that when we first raised the issue!

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CRM Workflow Question 8 583
long file names cant copy 7 136
Lenovo X260 and Windows 7 Enterprise 14 765
ideal datacentre temperature 5 72
I have encountered the following problem while installing and configuring a Microsoft Search Server (actually it was a MSSO Express 2008, but I think it is applicable to other versions as well). Since I did not find an answer and I found an original…
Wow it feels like forever since I have been able to sit down and write an article, I have been away and new exciting projects keeping me busy, but here I am writing another hopefully informative article. I have written about Orchestrator 2012 int…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now