<div>
first step in any troubleshooting like this is a telnet (or tnc) - no matter what port your using.<br />
<br />
From the source server in powershell<br />
<br />
tnc -computername &lt;name of destination server&gt; -port &lt;port you are using&gt;
</div>


<div>
Hmm not quite sure what you are hinting at.<br />
Just to be clear this is a single server with all roles contained on it - everything &quot;lives&quot; on 192.168.168.2<br />
<br />
Sure enough, if I try to telnet it on port 475 I won't have anything responding. Port 465 does respond as expected with an SMTP prompt.<br />
Clearly the issue is that during the various &quot;handover&quot; within the Exchange server (sorry I am not fully proficient how the mails do travel internally between the various roles in an Exchange server) at some point there is an attempt to deliver to the right IP but on a weird port (475).
</div>


<div>
Do you have any load balance servers on your exchange as well? All the servers need the new cert.<br />
Have you restarted IIS?<br />
View the below link and if need be the comments after instructions:<br />
<br />
<a href="https://practical365.com/exchange-server/renewing-an-ssl-certificate-for-exchange-server-2013/" rel="ugc">https://practical365.com/exchange-server/renewing-an-ssl-certificate-for-exchange-server-2013/</a>
</div>


<div>
no load balancer - small self-contained setup<br />
<br />
still perplexed by that port 475 being used...
</div>


<div>
Did you assign the new cert to all your &nbsp;Services like IIS, SMTP, IMAP or POP<br />
<br />
ref link: &nbsp;<a href="https://www.experts-exchange.com/articles/32653/How-to-Renew-SSL-Certificate-for-Exchange-2013-Server-Step-by-Step.html" rel="ugc">https://www.experts-exchange.com/articles/32653/How-to-Renew-SSL-Certificate-for-Exchange-2013-Server-Step-by-Step.html</a>
</div>


<div>
Are you using a smart host on your Exchange? &nbsp;You may have to check those settings if so.
</div>


<div>
I believe we did (will double check)<br />
<br />
Is the use of port 475 &quot;normal&quot; / expected ?
</div>


<div>
Yes. &nbsp;See the chart below<br />
<br />
<a href="https://helpdesk.spamtitan.com/support/solutions/articles/4000099997-microsoft-exchange-message-flow-diagram" rel="ugc">https://helpdesk.spamtitan.com/support/solutions/articles/4000099997-microsoft-exchange-message-flow-diagram</a><i></i>
</div>


Alexandre Takacs

<div>
Thanks - very useful diagram. Will make sure to make reference of it !<br />
<br />
So it would seem that for some reason the Mailbox Transport Delivery Service does not listen...
</div>


<div>
Use the Enable-ExchangeCertificate<wbr /> cmdlet to enable an existing certificate in the local certificate store for Exchange services such as Internet Information Services (IIS), SMTP, POP, IMAP<br />
<br />
Enable-ExchangeCertificate<wbr /> -Thumbprint &lt;String&gt; -Services SMTP<br />
<br />
ref link: &nbsp; <a href="https://social.technet.microsoft.com/Forums/en-US/1666e573-8630-49b4-9987-9876a8cbb4a1/mailflow-isnt-working-after-renew-of-edge-server-smtp-certificate?forum=exchangesvrsecuremessaginglegacy" rel="ugc nofollow">https://social.technet.microsoft.com/Forums/en-US/1666e573-8630-49b4-9987-9876a8cbb4a1/mailflow-isnt-working-after-renew-of-edge-server-smtp-certificate?forum=exchangesvrsecuremessaginglegacy</a><br />
<br />
<br />
<br />
You may be not using an edge server but running that command won't hurt. &nbsp;Secondly did you check the smart host configuration?
</div>


<div>
thanks for all inputs - the trigger was definitely understanding that port 475 was indeed used (by Mailbox Transport Delivery Service)
</div>


<div>
<div class="content wysiwyg-content">
All the sudden (not quite, did some &quot;housekeeping&quot; work over the WE, including replacing expired certs - most probably broke something in so doing) I have one of ur exchge server 2013 (latest CU) no delivering messages to mailboxes<br />
<br />
The messages are adopted from remote servers but stuck in the SMTP delivery queue (yes it is a french UI)<br />
<a href="https://filedb.experts-exchange.com/incoming/2020/04_w16/1449788/Screenshot-2020-04-12-at-19.03.40.jpg" target="_blank" title="queue (149 KB)"><img alt="queue" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2020/04_w16/800_1449788/Screenshot-2020-04-12-at-19.03.40.jpg" /></a><br />
The error message reported is:<br />
<br />

<pre><code class="code-1 nolinks" id="code-10-29178563-1"><span>11.04.2020 21:32:02 - Remote Server at maildb01 (192.168.168.2) returned '441 4.4.1 Error encountered while communicating with primary target IP address: &quot;Failed to connect. Winsock error code: 10061, Win32 error code: 10061.&quot; Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 192.168.168.2:475'</span>
</code></pre>
<br />
Note non-standard port 475 being used - I guess that's my issue but not quite sure where to check / modify this option
</div>
</div>


Screenshot-2020-04-12-at-19.03.40.jpg

All the sudden (not quite, did some "housekeeping" work over the WE, including replacing expired certs - most probably broke something in so doing) I have one of ur exchge server 2013 (latest CU) no delivering messages to mailboxes

The messages are adopted from remote servers but stuck in the SMTP delivery queue (yes it is a french UI)


The error message reported is:

(CODE)

Note non-standard port 475 being used - I guess that's my issue but not quite sure where to check / modify this option

Incoming mail stuck in delivery queue

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

Within Internet message handling services (MHS), a message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. A MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol (SMTP). The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services.