Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 239
  • Last Modified:

exchange 2010 - cannot send mail to another AD site

OK - I'll try to shorten this, as the infrastructure is rather complex.
This is a global company in the middle of transistioning to EXCH2010 from 2003 - in the process of going to EXCH2013

they have 20+ AD Sites, and around 10 of the sites have Exchange. Some are EXCH2010 only, others are being migrated to 2010.

On site were originally on 2003 - they had already installed 2010 server - I migrated pilot - tested ok, and then moved the remaining users. They've used it for a couple of weeks - when we suddenly noticed that they could not send emails to one of the other AD sites. Only on. Let's call it SITE B

So emails from SITE A to SITE B don't work
emails from SITE A to SITE C, SITE D, SITE E and so forth works ok
emails from SITE B to SITE A works
just mail flow from SITE A to SITE B won't work

What we've done is:
-migrated users to EXCH2010
-removed EXCH2003 routing groups
-removed EXCH2003 - but problem was there before we removed EXCH2003, if we look at the logs

how does the error show:
- emails isn't delived - cannot connect to remote host. emails stays for 2 days then error is sent to sender
- when testing telnet MAILSERVER-SITEB 25 - it gives a blank black window, where as testing another site - it gives the proper ESMTP response
- the SMTP SEND logs looks like this:
2014-06-30T00:12:20.048Z,Intra-Organization SMTP Send Connector,08D15F45B4E3A71C,2,,,-,,Remote
2014-06-30T00:13:21.326Z,Intra-Organization SMTP Send Connector,08D15F45B4E3A74E,0,,,*,,attempting to connect
2014-06-30T00:13:21.967Z,Intra-Organization SMTP Send Connector,08D15F45B4E3A74E,1,,,+,,
2014-06-30T00:23:22.659Z,Intra-Organization SMTP Send Connector,08D15F45B4E3A74E,2,,,-,,Remote

- What I've checked:
- the Exchange server is not present in anonymous connector on receving side
- Changed to self signed cert on both sites
- made sure time is correct on both site

I've been told that there is no FW between servers. The sending servers is in Africa - the receiving is in Englands coastal area --- But I will have to double check this

maybe a HELP! might be in order ---
hope you guys have som input, I may have forgotten some tiny detail somewhere, but I cannot see where -- thanks !
Jakob Digranes
Jakob Digranes
  • 3
  • 2
1 Solution
Simon Butler (Sembee)ConsultantCommented:
Blank window means the traffic is being blocked somewhere. Simple as that.
Could be a restriction on the Receive Connector, could be somewhere closer like a firewall, AV product etc.

However if it was an Exchange configuration error, I would expect the connection to be made, so I would be looking outside of Exchange.

The only other thing to check would be basic networking, including subnet mask etc, to ensure that they don't conflict in any way.

Jakob DigranesSenior ConsultantAuthor Commented:
Excellent .... it's what I've thought of - but wasn't sure. Will be looking at network and firewalls ... sadly, that has to go through the Networking Dept - which then has to take this to the global company handling landlines for the rigs ... mass-emailing; here I come

Will give you an update ASAP :-)
Jakob DigranesSenior ConsultantAuthor Commented:
just one other question; failing to establish START TLS due to incorrect time or certs, could that give this error in telnet?
Simon Butler (Sembee)ConsultantCommented:
A blank screen do you mean?
No, because TLS is established after the initial handshake. You aren't getting a response so it isn't even getting that far.

Jakob DigranesSenior ConsultantAuthor Commented:
Thanks .... this was it. Finally got ahold of the company looking after radio links to rigs, they was awaiting feedback from our networking dept, which they never got. 1 hour later they let all traffic from mail server bypass WAN optimizer and everything worked.
The strange thing is that sometimes the queues emptied themselves and emails where delivered - for no good reason. so it was hard to sell this in as a networking issue.

But now it works. Thanks a ton !

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now