Cannot Send Outbound Email - Exchange 2010

We are currently working on phasing our old (aka ancient) Exchange 2003 server out of our organization after upgrading to Exchange 2010. After attempting to artificially remove  (either completely shutting it down, or changing the routing connector to a higher digit priority) Exchange 2003 to make sure Exchange 2010 is fully functional by itself we can't send email outward. We can receive email from outside the org, and we can receive and send from inside. So essentially everything works without the Exchange 2003 server functional EXCEPT sending out of the organization.

While watching the queue viewer while testing I can see the email get stuck in DNS Connector Delivery Queue and eventually give an "unable to connect" error. I've tried allowing port 53 and port 25 both directions on both the local and network firewall, which didn't work. I've also ran nslookup on the external DNS settings and it returns IPs for domains so it definitely can connect to the external DNS server.

Worth noting is that when I do this test I do still have the inter-exchange connector between Exchange 2010 and Exchange 2003 up, but I have it's priority on Exchange 2010 set to a higher digit value than the internet send connector. In normal operation the Exch2010-Exch2003 connector would be the only send connector enabled.

Our business is 24/7 and is required to not have any downtime on email. We can bring it down but not for long enough to lose emails to TTL. So essentially no longer than an hour if we can help it. So any awkward things like uninstalling and going through the removal process of 2003 to test isn't going to cut it.
Connor IrvinAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
exchange 2003 to 2010 routing connector is there to transact emails between both servers
however mails on internet should go through send connector only, have you configured that and if your exchange 2010 server has access to internet (outbound 25)
also did you disabled internet SMTP connector on exchange 2003?
Todd NelsonSystems EngineerCommented:
  1. Make sure the Exchange 2010 server has been added as a source server to the send connector.
  2. Test telnet (on port 25) from the Exchange 2010 server to an external mail service like Outlook.com.
  3. Make sure the firewall allows port 25 from the Exchange 2010 server.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Connor IrvinAuthor Commented:
Yes I have configured a send connector on Exchange 2010. When I've tested it though I've tried removing the routing connector and having just the send connector and it did not work. I've also tried just changing priorities so the send connector would be lower cost than the routing connector so it would prefer it. Neither work.

I have not tried disabling the SMTP connector on Exchange 2003 though because I figured removing the routing connector would be sufficient. But knowing Exchange it probably isn't.
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

MaheshArchitectCommented:
if you have created send connector pointing to any domain (*) and if exchange has internet access to outbound SMTP (25), the mail should go outside regardless of exchange 2003 is online or not.
Connor IrvinAuthor Commented:
Todd,
 Port 25 has been allowed through the firewall Exchange 2010 has been added as a source server. I will try to telnet.

Mahesh,
Yet, it does not.
Todd NelsonSystems EngineerCommented:
Do you have an AV product installed?
Connor IrvinAuthor Commented:
Only AVG scanning. No active component or firewall from AVG. Windows firewall is on, but port 25 has been allowed through.
Valentina PerezExchange ServersCommented:
Hi,

If the port 25 is open and you have created correctly send connector. Could you copy and paste the error that you received in the queue.

Get-Queue |fl *error*

Regards
Valentina
Connor IrvinAuthor Commented:
Sure. Here is the error that happens when I enable Exchange 2010's send connector:

451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to al
            ternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alte
            rnate hosts.
Valentina PerezExchange ServersCommented:
Hi Connor,

In the send connector do you have both servers in source servers? Both Exchange 2003 and 2010?

Please restart tranport service in Exchange 2010 and try again to send email.

Regards
Valentina
Todd NelsonSystems EngineerCommented:
Connor IrvinAuthor Commented:
Exchange 2003 is not added to the send connector, for one, because I want to use just Exchange 2010 in the future and retire the Exchange 2003 server, and two, I can't add Exchange 2003 as a source (I assume because it's considered legacy and doesn't have the setup Exchange 2010 expects).

I'll restart the transport service and test again.

Todd,
I have confirmed the DNS settings. The default NIC settings are still set (matching the article), and I had already added google DNS server to external DNS and enabled it in the send connector settings.
Connor IrvinAuthor Commented:
Restarting the Transport service didn't make a difference.
Valentina PerezExchange ServersCommented:
Hi connor,

Could you create a test user in Exchange 2010 and try to send an email. Do you have the same behaviour?

Regards
Valentina
Connor IrvinAuthor Commented:
Created a new test user and not changing any settings from default did not make a difference. I assume default settings was what you were implying.
Valentina PerezExchange ServersCommented:
Hi Connor,

Exactly i wanted to check if there were some difference...

So all users even Exchange 2010...if you have an user stored in Exchange 2010 database you have exactly the same behaviour...

Could you check if you have errors in Event Viewer regarding transport?

Regards
Valentina
Connor IrvinAuthor Commented:
Valentina,

I checked through the logs  and saw no error for the transport service during the time I was testing.
I did see an error that stated "Unable to connect to hub server", but it was happening outside of the test time.

Also, I think it's worth mentioning this Exchange server is a HyperV guest machine. I don't see why it would be a problem, though. And it's worth mentioning the Exchange server has all of the roles installed on it.
Connor IrvinAuthor Commented:
It ended up being a firewall appliance issue after all. All of our rules were out of order but we never noticed because we were lucky enough to not have any problems from it and allowing email out of the new Exchange server was basically being dropped by a rule that SHOULDN''T have had higher priority.
The little things.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.