Solved

Shared SMTP address space(5.1.1 smtp;550 5.1.1 RESOLVER.ADR.RecipNotFound; not found)

Posted on 2013-12-15
23
188 Views
Last Modified: 2015-05-18
I'm migrating an source AD forest, forest A, with Exchange 2007, SP3 with latest or 2nd latest rollup, into a different target forest, forest B, with Exchange 2010, SP3 not sure of rollup without looking. I'm in the early steps setting up the mail flow and SMTP sharing.

Receive Connectors: Both systems have "Anonymous Users" and the IPs setup for the HT servers in the opposite forest.

Send Connectors: Both the source and target forests have a send connector for *all* SMTP suffixes for the source forest, A. They contain default settings, have proper source servers and the address spaces are added with a cost of 1 and "Include all subdomains" checked.

Accepted Domains: Source forest, A, has been converted from Authoritative to Internal Relay for all SMTP address spaces. Target forest, B, has all the accepted domains added to it as Internal Relay.

I added a source forest, A set of email addresses to a test user on the target forest, B. When sending internally or externally, a response of the user not existing comes from the source forest's, A, HT server(s). This shouldn't be possible in Internal Relay... it should forward it to the target forest, B.

Anyone have any ideas why the source forest, A, is still treating the domains like it's Authoritative?
0
Comment
Question by:DaveQuance
  • 15
  • 8
23 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 39719669
Are your both source and target primary SMTP name spaces are same ?

Mahesh
0
 

Author Comment

by:DaveQuance
ID: 39719671
Their primary isn't the same at the moment (but during the migration that will exist). Right now the user in the target just has additional SMTP addresses for each domain on it for testing.

user@forestb.com <- User in the target's, B, primary email address
user@foresta.com <- additional address with an SMTP suffix from the source, A.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39719817
If your primary smtp name space is different in both domains, you also have receive connectors in both domains, then why you required internal relay domains ?

Instead just create send connectors pointing to each other with smart host configuration in both domains.

As per my understanding, If you are sharing same smtp name space across two domains OR you have SMTP gateway (sending and receiving ) in only one domain for multiple smtp name spaces across multiple domains then, you should use relay domains.

Check below article
http://technet.microsoft.com/en-us/library/bb124423(v=exchg.141).aspx#RDomains

Mahesh
0
 

Author Comment

by:DaveQuance
ID: 39719826
That was a typo, it *IS* the same, not isn't. I'll detail the send/receive connectors more in a minute.

Source Forest, A, Domains: foresta.com, abc.com
Target Forest, B, Domains: forestb.com

Users in the source, Forest A, have <user>@foresta.com and <user>@abc.com

In the target, Forest B, have <user>@forestb.com

For my testing I added @foresta.com and @abc.com to a user in the target, Forest B, and that's where I'm getting the user does not exist since the Exchange 2007 seems to be treating the address space as authoritative still for some reason.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39719834
You mean to say you are adding forest A email addresses to user account in forest B, right?
Correct me if wrong..
Obviously you will get error because you are trying to send email to Forest B user for which you have set email addresses from forest A. You cannot have user from one domain and email address from other domain.

It doesn't work like that.

If you have send connectors as appropriate in both domains pointing to all smtp namespaces then create mail contact \ mail enabled user in Forest B pointing to email addresses in forest A and then send mails from forest B
OR
you can directly send mails from forestA to forest B users
OR
you can have email contacts in both domains pointing to each other

Mahesh
0
 

Author Comment

by:DaveQuance
ID: 39719846
Yes, I'm adding forest A emails to forest B (hence why I have set all Forest A domains to Internal Relay, added them to Forest B, setup send connectors between the systems for the shared address space, and setup receive connectors.

Attached are outputs from EMS on both systems showing the Accepted Domains, Receive Connnectors, and Send Connectors.

I may be explaining this to you in a confusing way, I know I did have at least one statement I said completely opposite of what I had intended.

For what I'm doing, I know you *can* share an SMTP namespace between two separate mail systems. You don't need a mail-enabled user, contact, or any other such object from Forest A for the Forest B user for this to work. The way Exchange is supposed to deal with it is if it's an Internal Relay (not Authoritative), it checks to see if it has the mailbox, if it does not it will use your send connector and ship it off to the next destination.

I'm already doing this in the same network for an Exchange 2003 forest to Forest B successfully and have done the same for Exchange 2007 to 2010 in the past. As well, I currently have a lab that does it successfully with an Exchange 2007 forest to an Exchange 2010 forest.
Output.txt
0
 

Author Comment

by:DaveQuance
ID: 39719852
I know that during the migration I'll need mail-enabled users or contacts. At this point I'm simply testing to make sure the mail flow goes through. So the addresses I've setup do *not* exist in Forest A. The Forest B user being used for testing has unique addresses for foresta.com and abc.com simply to verify it will pass through to forest B.
0
 

Author Comment

by:DaveQuance
ID: 39719862
Color me a liar... I'd swear that worked but I did create a contact like you said just to test and it did work. I'm going to go back and test the things that I was very confident were working in that lab and the 2003 to 2010 one.

But regardless of any of that, that DID allow the email to go through.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39719864
From screen shot, You are having same SMTP name spaces in both domain.
To do what you are trying to do, your user must be in Forest A with forest A email addresses
( not in forest B with email addresses in forest A), now exchange will 1st try to identify user in its own domain (Forest B) and since it will not find there, then it will go to Forest A through send connector.

Mahesh
0
 

Author Comment

by:DaveQuance
ID: 39719879
Details are further down but here's a bit of a summary. I confirmed that every statement I made before does work in the other environments I have access to, but not the one I opened this question on. Your statement that a mail-enabled object is required in Forest A did allow the mail to go through and be delivered in Forest B. My aim is to achieve the same functionality of the lab2007/2010 and that production 2003/2010 where it flows through without requiring mail-enabled objects. Since this is a migration, I might be able to get away with it requiring mail-enabled objects if push comes to shove.



Current mail flow:
Internet -> Forest A -> Forest B

Mail flow for the source forests SMTP domains still start through Forest A (so foresta.com and abc.com go through forest A then to Forest B if they don't exist).  Granted my tests now are simply sending from a user in Forest A to the <user>@foresta.com email address setup on the forest B user.

Testing in the other environments:
I did further testing and my previous statements were definitely true. In my lab I have a forest of Lab2007.local and Lab2010.local. Same setup, on a user in lab2010.local I added randomtest@lab2007.local (and no mail-enabled object exists with that email address at all in lab2007.local), then using a user within the lab2007.local environment, emailed randomtest@lab2007.local and it went through without issue.

In the production migration I'm doing, I did the same test (the production one is an Exchange 2003 forest as the source and Exchange 2010 as the target). I was able to receive email with randomtest@<Exchange2003ForestSMTP> without a mail-enabled object in the Exchange 2003 forest for randomtest@.
0
 

Author Comment

by:DaveQuance
ID: 39719886
I re-read through the link you provided pertaining to "Internal Relay Domain"s. It doesn't say any mail-enabled objects are required for the mail to flow through. That should only be required if one is set to authoritative, shouldn't it?

"If an accepted domain is configured as authoritative and a recipient isn't found in Active Directory, a non-delivery report (NDR) is returned to the sender. The accepted domain that's configured as an internal relay domain first tries to deliver to a recipient in the Exchange organization. If the recipient isn't found, the message is routed to the Send connector that has the closest address space match."

Based on that excerpt from the link, I'm assuming the only reason I need the mail-enabled object is that it's still treating it as authoritative. Am I making sense in my statement? And do you agree with my logic?

Edit: I tested what I was saying, the requirement for a mail-enabled object is only required when using authoritative.
0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 
LVL 35

Expert Comment

by:Mahesh
ID: 39720199
You are not getting my point.
Mail enabled object is the just example I given to you as very 1st comment you told me that you are not using same smtp (shared) name space
Later on when you share me snapshots then I came to know that you are using shared smtp name space.

Now since you are using same smtp name space (Shared) at both domains, what you can do, just create relay domains in each forest for shared name space.
Then create contacts in each forest for opposite side users.
Now when your users send mail from either domains to users in either domains, exchange will try to deliver it 1st in its own organization, if not found then forward it to another forest with smtp send connector

Check below link series (part 1, 2,3,4,5) for more info and complete setup of your scenario
http://ibrahimnore.wordpress.com/2012/09/02/cross-forest-smtp-namespace-sharing-part-1/

Also check routing loop issue in below article due to shared name space.
http://www.sysadminsblog.com/microsoft/shared-smtp-namespace-during-cross-forest-migration/

Mahesh
0
 

Author Comment

by:DaveQuance
ID: 39720259
Note: Since adding the contact allows the  mail to go through, I don't believe there is a routing loop. Without a contact it's rejected immediately, past routing loops I've seen usually have them in the queue for at least a short period of time that is visible.

I think we're not on the same page here, you keep referencing mail-enabled objects (Mail Contacts or Mail-Enabled users). For the mail flow only, I have re-validated no such objects are required when using Internal Relay (only if you're set to Authoritative are those objects required to use a shared address space).

Essentially, I either made a mistake somewhere and am overlooking it, or there is a bug. My purpose is to determine which and how to fix it.

My tests to validate the behavior when using Authoritative/Internal Relay with/without mail-enabled objects were with the following scenarios (Authoritative only successful with mail-enabled objects, Internal Relay successful with and without mail-enabled objects):

Forest 1 (Exchange 2003, production) to/from Forest 2 (Exchange 2010, production)
Forest 3 (Exchange 2007, lab) to/from Forest 4 (Exchange 2010, lab)
Forest 5 (Exchange 2013, production) to/from Forest 4

The output attached previously shows that the domains in question are configured as "Internal Relay" in both forests.

I believe my send connectors are fine as well since Forest B sends to Forest A without issue and when I create a mail contact in Forest A for the <user>@foresta.com email on the Forest B user it is successfully delivered.

If the issue were my receive connectors I'd probably have some error other than no such recipient.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39723546
Yes, you are right. For the mail flow to work contacts are not required.
But If you are not creating contacts, then how come your GAL show the required recipients from opposite forests ?
In that case user need to type full email address of opposite forest once in outlook and then they will get cached by outlook
Also if users are using Webmail, then they need to type complete email address of email addresses in opposite forests.
For simplicity, you need to add contacts in both forests for opposite email addresses so that they can be visible in GAL
In any case exchange should not find recipients email address in its own forest in order to work with shared smtp name space (i.e. to relay mail to email address in opposite forest).

Mahesh
0
 

Author Comment

by:DaveQuance
ID: 39723611
The GAL, and/or address lists, are not a concern to me at this time, what ids necessary there is handled or will be handled when matters. The only thing I care about regarding this is that it is not working as it should. All I am looking for is help resolving this incorrect behavior. If you have any ideas specific to that, they would be much appreciated.

The HTs are on SP3 rollup 11. I'm out of good ideas at the moment and do not see a configuration problem anywhere. I've asked the customer to install the latest rollup, 12.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39723622
if you could please upload any error logs here

Mahesh
0
 

Author Comment

by:DaveQuance
ID: 39729984
The customer is running the latest rollup this weekend, since that's occurring we're going to leave further investigation alone until after that is completed.
0
 

Author Comment

by:DaveQuance
ID: 39738275
I haven't received an update if the rollup was applied yet. I'll respond further once I know.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39738323
I don't think rollup update will resolve the issue

There must be some very basic configuration problem

I request you to just remove all internal relay domains and start from scratch and validate each step from starting.
You may take help of below article
http://ibrahimnore.wordpress.com/2012/09/02/cross-forest-smtp-namespace-sharing-part-1/

Mahesh
0
 

Author Comment

by:DaveQuance
ID: 39775153
You may be correct about the rollup, I recently got back from a trip and have not heard back from the people responsible for applying it. I did logon and validate the build number still doesn't reflect it. So this is still in a holding pattern until they at least rule that out.
0
 

Author Comment

by:DaveQuance
ID: 40033104
This can be closed, the customer backburnered the project due to other things and never did get the rollup in. I'm sure it will come back up some time down the road but I'm not sure when.
0
 

Accepted Solution

by:
DaveQuance earned 0 total points
ID: 40073460
The customer was ready to start working on the project again and put the rollups on. This fixed the issue and the internal relay on the domain worked exactly as they're supposed to.
0
 

Author Closing Comment

by:DaveQuance
ID: 40782636
Issue was resolved from a Microsoft patch that I had decided to try.
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now