Solved

exchange 2010 2013 smtp relay

Posted on 2014-11-13
2
651 Views
Last Modified: 2014-11-13
Have Exchange 2010 topology in place currently with:
(2) CAS servers (using CAS array and windows NLB)
(2) Mailbox servers (using a DAG)
Barracuda Spam firewall used for transport to/from outside world.

Just spun up
(2) Exchange 2013 servers (with both cas and mbx roles)
using Barracuda load balancer for cas balanced access
still using Barracuda Spam firewall for transport to/from outside world.

My issue is relaying using the new Exchange 2013 servers
We have several other services who relay through our existing Exchange 2010 cas array address and send email both to internal and external addresses correctly.

When I change the other services to relay SMTP through the new Exchange 2013 barracuda load balanced cas I can send emails to mailboxes that reside on the Exchange 2013 servers, but NOT to mailboxes that reside on the Exchange 2010 mailbox servers, nor to the outside world.

I can send from mailboxes on 2010 servers to mailboxes on 2013 servers.
I can relay through 2010 servers to the outside world and internally to both 2010 and 2013 mailboxes
I cannot send from mailboxes on the 2013 servers to mailboxes on the 2010 servers.
I cannot relay through the 2013 servers to the 2010 mailboxes (only 2013 mailboxes) nor the outside world.

I'm not ready to move all the mailboxes over yet from 2010 to 2013 (due to voicemail integration).

All other CAS functions work using new Exchange 2013 servers (OWA, ECP, etc).

It's as if the emails relaying through Exchange 2013 to mailboxes on Exchange 2010 just disappear, I cannot find them in mail flow traces.

There is a relay connector on the 2010 cas servers which allow certain network subnets to relay. The 2013 exchange servers are in those allowed subnets.  

I have not made any changes to the initial receive connectors.
0
Comment
Question by:jasonbrandt3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 

Author Comment

by:jasonbrandt3
ID: 40441058
I tried adding a relay connector on the exchange 2013 servers as per this article:
http://www.petenetlive.com/KB/Article/0000891.htm

via a telnet session all looks good, mail is queued, but never gets delivered.

Emails from a 2013 mbx user to a 2010 mbx user get Delivery is delayed message:
"Remote Server returned '400 4.4.7 Message delayed'
 11/13/2014 7:48:37 PM - Remote Server returned '451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
0
 

Accepted Solution

by:
jasonbrandt3 earned 0 total points
ID: 40441215
I found my answer here:
http://jermsmit.com/primary-target-ip-address-responded-with-451-5-7-3-cannot-achieve-exchange-server-authentication/

had to allow exchange server authentication on the 2010 connector relay I had in place
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question