Incoming mail stuck in delivery queue
All the sudden (not quite, did some "housekeeping" work over the WE, including replacing expired certs - most probably broke something in so doing) I have one of ur exchge server 2013 (latest CU) no delivering messages to mailboxes
The messages are adopted from remote servers but stuck in the SMTP delivery queue (yes it is a french UI)
The error message reported is:
Note non-standard port 475 being used - I guess that's my issue but not quite sure where to check / modify this option
The messages are adopted from remote servers but stuck in the SMTP delivery queue (yes it is a french UI)
The error message reported is:
11.04.2020 21:32:02 - Remote Server at maildb01 (192.168.168.2) returned '441 4.4.1 Error encountered while communicating with primary target IP address: "Failed to connect. Winsock error code: 10061, Win32 error code: 10061." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 192.168.168.2:475'Note non-standard port 475 being used - I guess that's my issue but not quite sure where to check / modify this option
ASKER
Hmm not quite sure what you are hinting at.
Just to be clear this is a single server with all roles contained on it - everything "lives" on 192.168.168.2
Sure enough, if I try to telnet it on port 475 I won't have anything responding. Port 465 does respond as expected with an SMTP prompt.
Clearly the issue is that during the various "handover" within the Exchange server (sorry I am not fully proficient how the mails do travel internally between the various roles in an Exchange server) at some point there is an attempt to deliver to the right IP but on a weird port (475).
Just to be clear this is a single server with all roles contained on it - everything "lives" on 192.168.168.2
Sure enough, if I try to telnet it on port 475 I won't have anything responding. Port 465 does respond as expected with an SMTP prompt.
Clearly the issue is that during the various "handover" within the Exchange server (sorry I am not fully proficient how the mails do travel internally between the various roles in an Exchange server) at some point there is an attempt to deliver to the right IP but on a weird port (475).
Do you have any load balance servers on your exchange as well? All the servers need the new cert.
Have you restarted IIS?
View the below link and if need be the comments after instructions:
https://practical365.com/exchange-server/renewing-an-ssl-certificate-for-exchange-server-2013/
Have you restarted IIS?
View the below link and if need be the comments after instructions:
https://practical365.com/exchange-server/renewing-an-ssl-certificate-for-exchange-server-2013/
ASKER
no load balancer - small self-contained setup
still perplexed by that port 475 being used...
still perplexed by that port 475 being used...
Did you assign the new cert to all your Services like IIS, SMTP, IMAP or POP
ref link: https://www.experts-exchange.com/articles/32653/How-to-Renew-SSL-Certificate-for-Exchange-2013-Server-Step-by-Step.html
ref link: https://www.experts-exchange.com/articles/32653/How-to-Renew-SSL-Certificate-for-Exchange-2013-Server-Step-by-Step.html
Are you using a smart host on your Exchange? You may have to check those settings if so.
ASKER
I believe we did (will double check)
Is the use of port 475 "normal" / expected ?
Is the use of port 475 "normal" / expected ?
ASKER
Thanks - very useful diagram. Will make sure to make reference of it !
So it would seem that for some reason the Mailbox Transport Delivery Service does not listen...
So it would seem that for some reason the Mailbox Transport Delivery Service does not listen...
Use the Enable-ExchangeCertificate
Enable-ExchangeCertificate
ref link: https://social.technet.microsoft.com/Forums/en-US/1666e573-8630-49b4-9987-9876a8cbb4a1/mailflow-isnt-working-after-renew-of-edge-server-smtp-certificate?forum=exchangesvrsecuremessaginglegacy
You may be not using an edge server but running that command won't hurt. Secondly did you check the smart host configuration?
Enable-ExchangeCertificate
ref link: https://social.technet.microsoft.com/Forums/en-US/1666e573-8630-49b4-9987-9876a8cbb4a1/mailflow-isnt-working-after-renew-of-edge-server-smtp-certificate?forum=exchangesvrsecuremessaginglegacy
You may be not using an edge server but running that command won't hurt. Secondly did you check the smart host configuration?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Nice!!
ASKER
thanks for all inputs - the trigger was definitely understanding that port 475 was indeed used (by Mailbox Transport Delivery Service)
From the source server in powershell
tnc -computername <name of destination server> -port <port you are using>