Exchange 2013 Cannot Receive External Email


Starting yesterday morning, nobody in my environment has been able to receive external email. I've tried rebooting the server, restarting the Transport service, and some of the basic things I've found in forums. Internal email and sending to outside addresses work fine. When I'm internal i can hook up on port 25 to the mail server but if I try externally I get a 421 server is busy error. I look at my firewall logs and SMTP traffic inbound is passing to my exchange server. Most email doesn't return a bounce message. Would anyone be able to help me narrow this down?

Here is the Microsoft Remote Connectivity Analyzer results:

      Testing inbound SMTP mail flow for domain ''.
       The Microsoft Connectivity Analyzer failed to test inbound SMTP mail flow.
      Additional Details
Elapsed Time: 860 ms.
      Test Steps
      Attempting to retrieve DNS MX records for domain ''.
       One or more MX records were successfully retrieved from DNS.
      Additional Details
MX Records Host, Preference 10
Elapsed Time: 1 ms.
      Testing Mail Exchanger
       One or more SMTP tests failed for this Mail Exchanger.
      Additional Details
Elapsed Time: 859 ms.
      Test Steps
      Attempting to resolve the host name in DNS.
       The host name resolved successfully.
      Additional Details
IP addresses returned:
Elapsed Time: 156 ms.
      Testing TCP port 25 on host to ensure it's listening and open.
       The port was opened successfully.
      Additional Details
Banner received: 421 Server busy, closing transmission channel. Try again later
Elapsed Time: 208 ms.
      Analyzing SMTP Capabilities for server
       The test passed with some warnings encountered. Please expand the additional details.
      Additional Details
Unabled to determine SMTP capabilities. Reason: Unexpected SMTP server response. Expected: 220, actual: 421, whole response: 421 Server busy, closing transmission channel. Try again later
Elapsed Time: 310 ms.
      Attempting to send a test email message to using MX
       Delivery of the test email message failed.
      Additional Details
The server returned status code 421 - Service not available, closing transmission channel. The server response was: Server busy, closing transmission channel. Try again later
Exception details:
Message: Service not available, closing transmission channel. The server response was: Server busy, closing transmission channel. Try again later
Type: System.Net.Mail.SmtpException
Stack trace:
at System.Net.Mail.SmtpConnection.GetConnection(ServicePoint servicePoint)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
Elapsed Time: 184 ms.

A real simple Exchange setup with only one Exchange server and it houses the mailboxes as well. There has been no DNS changes or any other firewall/infrastructure changes.

Thank you for your help!!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

WindhamSDAuthor Commented:

Disk space seems OK:

C: 45.5GB free of 119
Logs E: 66GB free of 100
Mailboxes F: 175GB free of 500
Chad SmithCommented:
I would say:

Router needing rebooted?
Router ACL/traffic filter has changed?
If using 3rd party for spam filter, maybe that has changed or needs updating on setup?

Hope this helps!
Simon Butler (Sembee)ConsultantCommented:
It is classic back pressure, despite the hard disk space being fine.
External inbound email is always first to stop.

Something should be logged for MS Exchange Transport - so go through the event viewer on the server to see if there is something.

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Murali ReddyExchange ExpertCommented:
421 service code is for service unavailable. Could you please check your transport service on the server.

If you have any intermittent gateway/SMTP relay, check there if there is any issue. If you have an ISP provider, check with them if they made any changes.

use the below link to check the smtp and MX connectivity issues if any.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WindhamSDAuthor Commented:
Thanks everyone for the input I really appreciated it,

I checked my firewall and I can see that SMTP traffic is being handed off to my Exchange server and all other inbound/outbound traffic for all other district resources is working properly.

As far as the event viewer I have only found:

An internal transport certificate will expire soon. Thumbprint:823C9DCF977D2C76A876A26826AB94C572B32159, hours remaining: 522

The STARTTLS certificate will expire soon: subject:, thumbprint: 2608DDB958AAD3A31244C66308EEE24D428E32F4, hours remaining: 522. Run the New-ExchangeCertificate cmdlet to create a new certificate.

Other than that, there isn't any errors at all for anything. Just some informational logs. The server has been running fine for months with the occasional need for a reboot.

I agree though, it does feel like there is an issue similar to back pressure, but it's a smaller environment. Where else do you think I should look?

Thanks again everyone!
WindhamSDAuthor Commented:
I take it back, here is a warning I found under MSExchangeApplicationLogic:

Scenario: ProcessKillBit. Failed to read killbit list file because of exception System.IO.IOException: The process cannot access the file 'C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\prem\15.0.995.29\ext\killbit\killbit.xml' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
   at Microsoft.Exchange.Data.ApplicationLogic.Extension.KillBitHelper.TryReadKillBitFile(Int32& refreshRate, DateTime& lastModifiedTime)
WindhamSDAuthor Commented:
This one earlier in the day too under MSExchange RBAC:

(Process w3wp.exe, PID 10484) Connection leak detected for key in Microsoft.Exchange.Configuration.Authorization.WSManBudgetManager class. Leaked Value 1.
Simon Butler (Sembee)ConsultantCommented:
Neither of those errors are transport related.
Have you tried restarting the transport service to see whether that resolves the problem or generates some useful logs?

WindhamSDAuthor Commented:
Thanks Simon,

I've restarted a few times and restarted the service quite a few too. The logs are all the same and are extremely minimal. It feel so much like a firewall issue but my packet captures prove me wrong. I'm digging through verbose logs right now..
WindhamSDAuthor Commented:
Hi Everyone,

Thanks for all if you're assistance. So after a lot of digging and trusting my gut, I decided to take packet captures and found that even though my firewall was telling me it was passing packets it in fact was not. It was just throwing out anything on port 25. I recreated my virtual host on the firewall and bingo! Mail flow again. Thanks again!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.