Solved

Two 2010 Exchange servers -- error message

Posted on 2015-01-05
14
85 Views
Last Modified: 2015-01-07
Hi,
In my Queue Viewer, I see the following error next to  a queue called "hub version 14":

451 4.4.0 Primary target IP address responded with: “451 5.7.3 Cannot achieve Exchange Server authentication.” Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

My two servers are
Mail 1 and Mail2

If I am on Mail 1 and I do "Telnet localhost 25" then ehlo, I get a set of SMTP verbs.
If I am on Mail 1 and I do a "Telnet Mail 2 25"  then ehlo, I get a set of SMTP verbs but not all of the ones I got when I tried the localhost telnet.
Please see screen shots for two different lists.
Is this normal or does this show that my firewall is blocking some traffic and causing my initial errror above?
telnetLocalHost.jpg
telnetMail2.jpg
0
Comment
Question by:nachtmsk
  • 6
  • 5
  • 3
14 Comments
 
LVL 14

Expert Comment

by:Ben Hart
ID: 40531561
Have you verified service status on both servers?  Have there been any changes made to receive connectors?  If so was the transport service bounced afterwards?

Have a look here:
http://www.petenetlive.com/KB/Article/0000791.htm
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 40531562
Actually that link above.. the section on ESMTP Inspection on Cisco ASA's sounds like your issue.
0
 

Author Comment

by:nachtmsk
ID: 40531573
Hi Ben,
No changes made to Connectors.
Yeah, I saw that pentenetlive.com article. I asked Rackspace about it but they said it wasn't the cause.

not sure what you mean by 'verified service status'
Thanks
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40531580
This is issue usually happens when authentication has been modified in the receive connectors on your Exchange servers. Check to ensure that authentication is correct. Also what SP version and RU are you on?

You can also reference this technet which outlines some steps you can take to correct your issue.
Email Messages stuck in Queue

Will.
0
 

Author Comment

by:nachtmsk
ID: 40531607
Will,
I'm on SP3. Not sure how to tell what RU it is.
I'll look at the link you sent.
When you say "check that authentication is correct", not sure how to go about that or what you mean exactly.

Thanks
0
 

Author Comment

by:nachtmsk
ID: 40531611
Will,
ok, I looked at that article and it suggested something I have been suspected:

"Note If there is a firewall located between the two servers, the Extended SMTP verbs X-ANONYMOUSTLS, X-EXPS, and GSSAPI must be able to pass."

But is it talking about two exchange servers on the same domain or is it talking about two totally different exchange servers (run by different organizations) -- or both?

Thanks,
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40531618
The RU version is visible in Programs and Features under Updates. Also for authentication/permissions you can find this on the properties of each receive connector (authentication tab and permission groups tab).

Will.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40531643
If you look at your second screenshot X-EXPS and GSSAPI is not present which is the issue. They are however present on the first screenshot.

But is it talking about two exchange servers on the same domain or is it talking about two totally different exchange servers (run by different organizations) -- or both

This is to allow internal routing to other Exchange servers.

Will.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40531646
Did you recently do an Exchange 2003 migration to 2010?
0
 

Author Comment

by:nachtmsk
ID: 40531696
Will,

I upgraded from Exchange 2003 but that was a few years ago. The servers have been running fine ever since with the occasional issue.
This issue just came up and I had changed nothing on the servers. That's why I've been looking at other possibilities that might be causing the problem.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40531712
Have you checked both Exchange servers to ensure that authentication methods are the same? based on the screenshot they are not. Please check this.

In the exchange consle under server configuration:
   select hub transport.
   Right click  the client server and select properties.
   Select the authentication tab

Ensure that both servers are set correctly.

Will.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40531831
The server that your are not showing X-EXPS and GSSAPI make sure that on the Default Receive Connector has Exchange Server Authentication checked off. Then restart the Exchange Services.

Will.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 40532120
I do not know if the extended SMTP verbs with the Cisco ASA platforms are solely on inter-domain exchange servers or not.  But we ran into that exact issue here when we migrated to 2010 from 2003.

It's an easy and relevant thing to inquire about.
0
 

Author Comment

by:nachtmsk
ID: 40533910
Ok, I think this is solved.
I created two new Receive connectors, one on each box. I configured them to only listen to each other.
I have a few other receive connectors on each box, but I was afraid to touch them, I didn't want to break anything. Someone told me that Exchange will use the  most restrictive connector first, so I created these two new connects with strong restrictions.
It's a production environment so I don't want to muck around too much, Some of my receive connectors have "Exchange Server Auth" turned on and some of them have it turned off. These two new connectors both have it turned on.
Thanks for all of the help and suggestions.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now