Exchange 2010 - Send Connector High Availability

Hi All,
I performed a successful migration a few years back from a single node Exchange 2003 server to a two node Exchange 2010 organisation with a DAG and Kemp load balanced CAS array. The solution works well and when we simulate a site failure
I am able to get the second node to handle all mail functions.
The one problem I have though is that I have to manually disable the send connector on the primary server in order for the one on the secondary server to be in use. I should explain that I have two send connectors as I do not want the secondary server
to be used unless the primary server is down or the route is unavailable. I realise that Exchange 2010 does not know whether the SMTP route is down or not so will just continue trying to use the send connector from the primary server (until I tell it
not to by disabling it).
My question is how do I get this to happen automatically? Does anyone else have an example of how this could be done or use a PowerShell script to achieve this? I guess a script could check the route and disable the send connector on the primary
server if necessary, but how would one do this?
Any help greatly appreciated.
Rob

Hi,
According to your description, your secondary send connector cannot be automatically used when the first one is down. If I misunderstand your meaning, please feel free to let me know.
If yes, I’d like to confirm if the settings of the secondary one is same with the first one and we can check the connectivity logs including diagnostic information for Healthy Server Selector.
For more information, you can refer to the following article:
http://technet.microsoft.com/en-us/library/ff634392(v=exchg.141).aspx
Thanks,
Angela Shi
TechNet Community Support

Similar Messages

Exchange 2010 Send Connector to postfix (v. 2.11) smarthost uses STARTTLS and cannot connect

Dear all,
I am having problems with exchange 2010 sending emails through a postfix smarthost server which disconnects the sessions. I also use a sendmail as a smarthost
server which is working just fine but I have to switch to postfix and cannot do this as long as the encryption does not work.
Here is the log file of the postfix server:
Jan 4 14:18:59 server7 postfix/smtpd[1659]: initializing the server-side TLS engine
Jan 4 14:18:59 server7 postfix/smtpd[1659]: connect from server1.mydomain.com[192.168.20.10]
Jan 4 14:18:59 server7 postfix/smtpd[1659]: setting up TLS connection from server1.mydomain.com[192.168.20.10]
Jan 4 14:18:59 server7 postfix/smtpd[1659]: server1.mydomain.com[192.168.20.10]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:before/accept initialization
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1B0] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1B0] (11 bytes => 11 (0xB))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0000 16 03 01 00 5a 01 00 00|56 03 01 ....Z... V..
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1BE] (84 bytes => 84 (0x54))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0000 54 a9 3d b9 0d 5e 8b 64|7c 6b b5 21 f2 93 e7 84 T.=..^.d |k.!....
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0010 17 ea 33 d7 e5 13 f2 75|3a 87 38 32 01 85 82 5b ..3....u :.82...[
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0020 00 00 18 00 2f 00 35 00|05 00 0a c0 13 c0 14 c0 ..../.5. ........
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0030 09 c0 0a 00 32 00 38 00|13 00 04 01 00 00 15 ff ....2.8. ........
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0040 01 00 01 00 00 0a 00 06|00 04 00 17 00 18 00 0b ........ ........
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0050 00 02 01 ...
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0053 - <SPACES/NULLS>
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 read client hello A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write server hello A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write certificate A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write key exchange A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write server done A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: write to 7F4823FA5210 [7F4823FB8B70] (1911 bytes => 1911 (0x777))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0774 - <SPACES/NULLS>
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 flush data
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAC803] (5 bytes => 0 (0x0))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:failed in SSLv3 read client certificate A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept error from server1.mydomain.com[192.168.20.10]: lost connection
Jan 4 14:18:59 server7 postfix/smtpd[1659]: lost connection after STARTTLS from server1.mydomain.com[192.168.20.10]
Jan 4 14:18:59 server7 postfix/smtpd[1659]: disconnect from server1.mydomain.com[192.168.20.10]
I
have read in the post at https://social.technet.microsoft.com/Forums/exchange/en-US/6db38364-cb08-45c0-b159-3ddf30ef0b3e/exchange-2010-send-connector-uses-ssltls-and-cannot-connect-to-smarthost-how-to-deactivate-ssl?forum=exchange2010
how to deactivate the SSL encryption, but this is of course a security flaw, if I am not mistaken. I would like to encrypt the connection between the servers for obvious security
reasons but I have come to a standstill...
My Exchange server certificate is configured
as follows:
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
essRule}
CertificateDomains : {server1, server1.solid-con.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=server1
NotAfter : 22/01/2017 13:18:02
NotBefore : 22/01/2012 13:18:02
PublicKeySize : 2048
RootCAType : None
SerialNumber : 6925D91285B649BD4D5E4297F1A48471
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=server1
Thumbprint : 939A37173BF84E352CEDC74F7D9A3D71F498A005
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-SERVER1}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-SERVER1
NotAfter : 19/01/2022 12:56:44
NotBefore : 22/01/2012 12:56:44
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 1DB8711F7ADC5CB54196468EF2FF5D21
Services : None
Status : Valid
Subject : CN=WMSvc-SERVER1
Thumbprint : 191D86BDE274510453D58DDB91D253DABBCF05F1
And My Default Send Connector is configured as follows:
AddressSpaces : {SMTP:*;1}
AuthenticationCredential : System.Management.Automation.PSCredential
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
DNSRoutingEnabled : False
DomainSecureEnabled : False
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn :
HomeMTA : Microsoft MTA
HomeMtaServerId : SERVER1
Identity : Internet
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
LinkedReceiveConnector :
MaxMessageSize : unlimited
Name : Internet
Port : 25
ProtocolLoggingLevel : None
RequireOorg : False
RequireTLS : False
SmartHostAuthMechanism : None
SmartHosts : {server7.mydomain.com, server6.mydomain.com}
SmartHostsString : server7.mydomain.com,server6.mydomain.com
SmtpMaxMessagesPerConnection : 20
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {SERVER1}
TlsAuthLevel :
TlsDomain :
UseExternalDNSServersEnabled : False
Any help would be greatly appreciated as I am
stuck...
Luca

Hi Allen,
Thank you very much for your reply.
The Postfix TLS Manager is enabled in master.cf
tlsmgr unix - - n 1000? 1 tlsmgr
and running
server7:/etc/postfix # ps -efa|grep tls
postfix 11967 11863 0 11:21 ? 00:00:00
tlsmgr -l -t unix -u
Every other (Linux/UNIX) server has no problem e.g.:
Jan 5 11:28:36 server7 postfix/smtpd[12215]: connect from server2.mydomain.com[192.168.20.20]
Jan 5 11:28:36 server7 postfix/smtpd[12215]: Anonymous TLS connection established from server2.mydomain.com[192.168.20.20]: TLSv1 with cipher DHE-DSS-AES256-SHA (256/256 bits)
Jan 5 11:28:36 server7 postfix/smtpd[12215]: B5502946AB0: client=server2.mydomain.com[192.168.20.20]
Jan 5 11:28:36 server7 postfix/cleanup[12221]: B5502946AB0: message-id=<[email protected]>
Jan 5 11:28:36 server7 postfix/qmgr[12200]: B5502946AB0: from=<[email protected]>, size=1026, nrcpt=1 (queue active)
Jan 5 11:28:36 server7 postfix/smtpd[12215]: disconnect from server2.mydomain.com[192.168.20.20]
Jan 5 11:28:37 server7 postfix/smtpd[12225]: connect from localhost[127.0.0.1]
Jan 5 11:28:37 server7 postfix/smtpd[12225]: 4076A946AB1: client=localhost[127.0.0.1]
Jan 5 11:28:37 server7 postfix/cleanup[12221]: 4076A946AB1: message-id=<[email protected]>
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4076A946AB1: from=<[email protected]>, size=1778, nrcpt=1 (queue active)
Jan 5 11:28:37 server7 postfix/smtpd[12225]: disconnect from localhost[127.0.0.1]
Jan 5 11:28:37 server7 postfix/smtp[12222]: B5502946AB0: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.54, delays=0.05/0.01/0.01/0.47, dsn=2.0.0, status=sent
(250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4076A946AB1)
Jan 5 11:28:37 server7 postfix/qmgr[12200]: B5502946AB0: removed
Jan 5 11:28:37 server7 postfix/cleanup[12221]: 4401F946AB0: message-id=<[email protected]>
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4401F946AB0: from=<[email protected]>, size=1920, nrcpt=1 (queue active)
Jan 5 11:28:37 server7 postfix/local[12226]: 4076A946AB1: to=<[email protected]>, relay=local, delay=0.02, delays=0/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 4401F946AB0)
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4076A946AB1: removed
Jan 5 11:28:37 server7 postfix/smtp[12227]: Untrusted TLS connection established to 192.168.20.10[192.168.20.10]:25: TLSv1 with cipher AES128-SHA (128/128 bits)
Jan 5 11:28:37 server7 postfix/smtp[12227]: 4401F946AB0: to=<[email protected]>, orig_to=<[email protected]>, relay=192.168.20.10[192.168.20.10]:25,
delay=0.29, delays=0/0.01/0.02/0.25, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=619] Queued
mail for delivery)
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4401F946AB0: removed
and if you take a look at the lines in bold you will see that mails can be delivered over TLS to that very Exchange server (the mailboxes are on that server)...
To summarise:
exchange --> postfix with TLS = session disconnected (and everything seems to be initiated by the exchange server -if I read the logs correctly)
postfix --> exchange with TLS = works
any further hints?
Thank you very much in advance,
Luca

Exchange 2010 Receive Connector intermittently getting an SMTP RSET from sending SMTP servers causing missing user email

Users are receiving about 95% of their messages from sending SMTP servers. Intermittently, sending SMTP servers send the Exchange 2010 Server a SMTP RSET command for no apparent reason. The RSET Command (by SMTP specification) causes the Exchange 2010 Server
to drop the message. The sending SMTP servers then do not resend the message after asking the Exchange server to drop the message. This means the message is marked as Sent by the sending servers but the dropped messages never show up in the users' Outlook
inbox.
Exchange 2010 Version 14.3 (Build 123.4)
Roles: Hub Transport, Client Access, Mailbox
What is going on?
Exchange Receive Connector log showing a RSET example:
2014-07-17T12:47:07.370Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,1,10.80.120.15:25,65.99.255.73:53479,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2014-07-17T12:47:07.370Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,2,10.80.120.15:25,65.99.255.73:53479,>,"220 vpn.a1expediting.com Microsoft ESMTP MAIL Service ready at Thu, 17 Jul 2014 08:47:06 -0400",
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,3,10.80.120.15:25,65.99.255.73:53479,<,EHLO inbound37.exchangedefender.com,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,4,10.80.120.15:25,65.99.255.73:53479,>,250-vpn.a1expediting.com Hello [65.99.255.73],
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,5,10.80.120.15:25,65.99.255.73:53479,>,250-SIZE 52428800,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,6,10.80.120.15:25,65.99.255.73:53479,>,250-PIPELINING,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,7,10.80.120.15:25,65.99.255.73:53479,>,250-DSN,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,8,10.80.120.15:25,65.99.255.73:53479,>,250-ENHANCEDSTATUSCODES,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,9,10.80.120.15:25,65.99.255.73:53479,>,250-AUTH,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,10,10.80.120.15:25,65.99.255.73:53479,>,250-8BITMIME,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,11,10.80.120.15:25,65.99.255.73:53479,>,250-BINARYMIME,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,12,10.80.120.15:25,65.99.255.73:53479,>,250 CHUNKING,
2014-07-17T12:47:07.511Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,13,10.80.120.15:25,65.99.255.73:53479,<,MAIL FROM:<[email protected]> SIZE=165270,
2014-07-17T12:47:07.511Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,14,10.80.120.15:25,65.99.255.73:53479,*,08D16FD38F3D3355;2014-07-17T12:47:07.370Z;1,receiving message
2014-07-17T12:47:07.511Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,15,10.80.120.15:25,65.99.255.73:53479,>,250 2.1.0 Sender OK,
2014-07-17T12:47:07.558Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,16,10.80.120.15:25,65.99.255.73:53479,<,RCPT TO:<[email protected]> ORCPT=rfc822;[email protected],
2014-07-17T12:47:07.558Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,17,10.80.120.15:25,65.99.255.73:53479,>,250 2.1.5 Recipient OK,
2014-07-17T12:47:10.496Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,18,10.80.120.15:25,65.99.255.73:53479,<,RSET,
2014-07-17T12:47:10.496Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,19,10.80.120.15:25,65.99.255.73:53479,>,250 2.0.0 Resetting,
2014-07-17T12:47:10.559Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,20,10.80.120.15:25,65.99.255.73:53479,<,QUIT ,
2014-07-17T12:47:10.559Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,21,10.80.120.15:25,65.99.255.73:53479,>,221 2.0.0 Service closing transmission channel,
Daniel

Hi,
According to the receive connector log, your emails were failed to be deliverd with DNR. If I misudnerstand the meaning, please feel free to let me know. If yes, I'd like to confirm the detail information in the DNR to narrow down the
cause.
Additionally, based on my research, the RSET command performs an SMTP reset, and then aborts the message that is currently being sent. Thus, the log didn't provide more information for troubleshooting. Is there any other error in your event log? please check
the event log when the issue happens again.
Thanks,
Angela Shi
TechNet Community Support

Exchange 2010 Receive Connector gets 530 5.7.1 Not Authenticated Error

Hi All, I am using Exchange2010 SP2 with HT,CAS and Mail roles ( this is my test machine). I created a receive connector for Mutual TLS in which i have added remote servers with which i want to do mutual (Domain Secure Emails Transfer) and enabled TLS &
Mutual TLS in authentication tab only and partners in permission tab only. When I test these settings with my partners who are on exchange server or iron mail they are working fine. My problem occurs when i receive mails from MDaemon Pro 13.5 and the problem
is i get 530 5.7.1 Not Authenticated error. Can anyone help me why i am getting this.

I am attaching more details for the said problem. Below is send log from mdaemon side and receive log from exchange 2010 (my side).
Sender Log: (MDaemon side)
--- Session Transcript ---
Mon 2014-02-03 17:31:18: Parsing message <xxxxxxxxxxxxxxxxxxxxxxxx\pd35000084484.msg>
Mon 2014-02-03 17:31:18: * From: [email protected]
Mon 2014-02-03 17:31:18: * To: [email protected]
Mon 2014-02-03 17:31:18: * Subject: Mutual TLS 03022014
Mon 2014-02-03 17:31:18: * Size (bytes): 1551
Mon 2014-02-03 17:31:18: * Message-ID: <[email protected]>
Mon 2014-02-03 17:31:18: Attempting SMTP connection to [receive.com]
Mon 2014-02-03 17:31:18: Resolving MX records for [receive.com] (DNS Server: 141.1.1.1)...
Mon 2014-02-03 17:31:18: * P=010 S=000 D=receive.com TTL=(240) MX=[win2k8.receive.com]
Mon 2014-02-03 17:31:18: Attempting SMTP connection to [win2k8.receive.com:25]
Mon 2014-02-03 17:31:18: Resolving A record for [win2k8.receive.com] (DNS Server: 141.1.1.1)...
Mon 2014-02-03 17:31:28: * DNS: 10 second wait for DNS response exceeded (DNS Server: 141.1.1.1)
Mon 2014-02-03 17:31:28: Attempting SMTP connection to [win2k8.receive.com:25]
Mon 2014-02-03 17:31:28: Resolving A record for [win2k8.receive.com] (DNS Server: 8.8.8.8)...
Mon 2014-02-03 17:31:28: * D=win2k8.receive.com TTL=(239) A=[receiver_ip]
Mon 2014-02-03 17:31:28: Attempting SMTP connection to [receiver_ip:25]
Mon 2014-02-03 17:31:28: Waiting for socket connection...
Mon 2014-02-03 17:31:28: * Connection established (sender_ip:60054 -> receiver_ip:25)
Mon 2014-02-03 17:31:28: Waiting for protocol to start...
Mon 2014-02-03 17:31:33: <-- 220 win2k8.receive.com Microsoft ESMTP MAIL Service ready at Mon, 3 Feb 2014 17:31:41 +0500
Mon 2014-02-03 17:31:33: --> EHLO mail.sender.com
Mon 2014-02-03 17:31:33: <-- 250-receive.com Hello [sender_ip]
Mon 2014-02-03 17:31:33: <-- 250-SIZE
Mon 2014-02-03 17:31:33: <-- 250-PIPELINING
Mon 2014-02-03 17:31:33: <-- 250-DSN
Mon 2014-02-03 17:31:33: <-- 250-ENHANCEDSTATUSCODES
Mon 2014-02-03 17:31:33: <-- 250-STARTTLS
Mon 2014-02-03 17:31:33: <-- 250-AUTH NTLM
Mon 2014-02-03 17:31:33: <-- 250-8BITMIME
Mon 2014-02-03 17:31:33: <-- 250-BINARYMIME
Mon 2014-02-03 17:31:33: <-- 250 CHUNKING
Mon 2014-02-03 17:31:33: --> STARTTLS
Mon 2014-02-03 17:31:33: <-- 220 2.0.0 SMTP server ready
Mon 2014-02-03 17:31:33: SSL negotiation successful (TLS 1.0, 2048 bit key exchange, 128 bit encryption)
Mon 2014-02-03 17:31:33: --> EHLO mail.sender.com
Mon 2014-02-03 17:31:33: <-- 250-receive.com Hello [sender_ip]
Mon 2014-02-03 17:31:33: <-- 250-SIZE
Mon 2014-02-03 17:31:33: <-- 250-PIPELINING
Mon 2014-02-03 17:31:33: <-- 250-DSN
Mon 2014-02-03 17:31:33: <-- 250-ENHANCEDSTATUSCODES
Mon 2014-02-03 17:31:33: <-- 250-AUTH NTLM
Mon 2014-02-03 17:31:33: <-- 250-8BITMIME
Mon 2014-02-03 17:31:33: <-- 250-BINARYMIME
Mon 2014-02-03 17:31:33: <-- 250 CHUNKING
Mon 2014-02-03 17:31:33: --> MAIL From:<[email protected]> SIZE=1551
Mon 2014-02-03 17:32:03: <-- 530 5.7.1 Not authenticated
Mon 2014-02-03 17:32:03: --> QUIT
--- End Transcript ---
Receive Log: (Exchange 2010 side)
2014-02-03T13:31:12.609Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,0,receiver_ip:25,sender_ip:60294,+,,
2014-02-03T13:31:12.609Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,1,receiver_ip:25,sender_ip:60294,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2014-02-03T13:31:12.609Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,2,receiver_ip:25,sender_ip:60294,>,"220 win2k8.receive.com Microsoft ESMTP MAIL Service ready at Mon, 3 Feb 2014 18:31:11 +0500",
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,3,receiver_ip:25,sender_ip:60294,<,EHLO mail.sender.com,
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,4,receiver_ip:25,sender_ip:60294,>,250-win2k8.receive.com Hello [sender_ip],
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,5,receiver_ip:25,sender_ip:60294,>,250-SIZE,
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,6,receiver_ip:25,sender_ip:60294,>,250-PIPELINING,
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,7,receiver_ip:25,sender_ip:60294,>,250-DSN,
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,8,receiver_ip:25,sender_ip:60294,>,250-ENHANCEDSTATUSCODES,
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,9,receiver_ip:25,sender_ip:60294,>,250-STARTTLS,
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,10,receiver_ip:25,sender_ip:60294,>,250-AUTH NTLM,
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,11,receiver_ip:25,sender_ip:60294,>,250-8BITMIME,
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,12,receiver_ip:25,sender_ip:60294,>,250-BINARYMIME,
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,13,receiver_ip:25,sender_ip:60294,>,250 CHUNKING,
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,14,receiver_ip:25,sender_ip:60294,<,STARTTLS,
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,15,receiver_ip:25,sender_ip:60294,>,220 2.0.0 SMTP server ready,
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,16,receiver_ip:25,sender_ip:60294,*,,Sending certificate
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,17,receiver_ip:25,sender_ip:60294,*,"CN=win2k8.receive.com, OU=Domain Control Validated - QuickSSL(R) Premium, Certificate subject
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,18,receiver_ip:25,sender_ip:60294,*,"CN=SSL CA, OU=SSL, O=3rd Party, C=LL",Certificate issuer name
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,19,receiver_ip:25,sender_ip:60294,*,0763ED,Certificate serial number
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,20,receiver_ip:25,sender_ip:60294,*,1234567890,Certificate thumbprint
2014-02-03T13:31:12.625Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,21,receiver_ip:25,sender_ip:60294,*,win2k8.receive.com;win2k8.receive.com;autodiscover.receive.com,Certificate alternate names
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,22,receiver_ip:25,sender_ip:60294,<,EHLO mail.sender.com,
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,23,receiver_ip:25,sender_ip:60294,*,,TlsDomainCapabilities='None'; Status='NoRemoteCertificate'
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,24,receiver_ip:25,sender_ip:60294,>,250-win2k8.receive.com Hello [sender_ip],
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,25,receiver_ip:25,sender_ip:60294,>,250-SIZE,
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,26,receiver_ip:25,sender_ip:60294,>,250-PIPELINING,
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,27,receiver_ip:25,sender_ip:60294,>,250-DSN,
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,28,receiver_ip:25,sender_ip:60294,>,250-ENHANCEDSTATUSCODES,
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,29,receiver_ip:25,sender_ip:60294,>,250-AUTH NTLM,
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,30,receiver_ip:25,sender_ip:60294,>,250-8BITMIME,
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,31,receiver_ip:25,sender_ip:60294,>,250-BINARYMIME,
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,32,receiver_ip:25,sender_ip:60294,>,250 CHUNKING,
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,33,receiver_ip:25,sender_ip:60294,<,MAIL From:<[email protected]> SIZE=17914,
2014-02-03T13:31:13.234Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,34,receiver_ip:25,sender_ip:60294,*,Tarpit for '0.00:00:30',
2014-02-03T13:31:43.250Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,35,receiver_ip:25,sender_ip:60294,>,530 5.7.1 Not authenticated,
2014-02-03T13:31:43.250Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,36,receiver_ip:25,sender_ip:60294,<,QUIT,
2014-02-03T13:31:43.250Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,37,receiver_ip:25,sender_ip:60294,>,221 2.0.0 Service closing transmission channel,
2014-02-03T13:31:43.250Z,WIN2K8\Default WIN2K8,08D0EEF2D8DBF9DD,38,receiver_ip:25,sender_ip:60294,-,,Local
I hope this shall help you understand some thing. Do remember that i am using mutual (force) TLS with this client
whose domain is already in my send/receive secure list of TransportConfig.

Exchange 2010 SMTP Connector

Hello,
We are having an issue with our exchange 2010 hub transport server and its external SMTP connector. We use an external DNS CNAME as the smart host, this works on 2003 (As a FQDN of the host, not a smart host) but we receive DNS query failures on 2010.
We can successfully route to the relay if we use an A record but an CNAME doesn't seem to work, is this as per design? Can we only use A records or IPs?
Thanks

You mean Send Connector, right? (SMTP Connector is an Exchange 2000 or 2003 thing.)
Are you sure you entered the CNAME correctly in the connector properties? Can you ping the smart host or establish a telnet session over port 25?
I've never heard of that issue before. You might consider opening a ticket with Microsoft Support.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Exhcnage 2010 send connector

our exchange 2010 smtp send connector shows we are sending an smtp request to an unwanted address every 10 minutes. How does one determine with the session number listed who/what is initiating that request?

Hi,
SMTP logging is disabled on Exchange server 2010 by default. I recommend you use the following cmdlet to enable protocol logging for the Send connector.
Set-SendConnector "xxx" -ProtocolLoggingLevel Verbose
For more information, here is an article for your reference.
Understanding Protocol Logging
http://technet.microsoft.com/en-us/library/aa997624(v=exchg.141).aspx
Hope it helps.
Best regards,
Amy Wang
TechNet Community Support

Exchange 2010: Sender address rejected: Access denied

hi friends
i have been recently experiencing an issue with one of my customer which i send email i get bounce message while i can receive their emails with no issue. i have exchange 2010 installed and im using Anti spam device too. my domain is ok.com
i try to send from OWA as well but i get the same result.
Delivery has failed to these recipients or groups:
[email protected] A problem occurred during the delivery of this
message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.
Diagnostic information for administrators:
Generating server: antispamServer.ok.com
[email protected] #< #5.0.0 X-Spam-&-Virus-Firewall; host mail.abc.com[22.22.22.12] said: 554
5.7.1 <btv1==14869c83b8f==[email protected]: Sender address rejected: Access denied (in reply to RCPT TO command)> #SMTP#
Original message headers:
any idea?
thanks

hi
when i disable the antispam device i get this error
smtp5.relay.iad3a.emailsrvr.com rejected your message to the following e-mail addresses:
[email protected]
smtp5.relay.iad3a.emailsrvr.com gave this error: <[email protected]>: Sender address rejected: Access denied
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another
restriction may be preventing delivery.

Exchange online and Exchange 2010 on-premise calendar availability

I am running a hybrid exchange 2010 on-premise and online exchange environment. The online exchange users cannot see calendar availability of anybody on premise. The on-premise users can see the online exchange availability. I can see the
calendar if the calendar is shared, but trying to setup a meeting or calendar appointment still shows the unavailable through all days.
All of the users are using office 365 for outlook on premise and exchange online. If it is only working one way, could it be an autodiscover issue where it is not configured correctly on our on-premise exchange 2010 or online exchange? Which
side would be causing the issue?

I have done a little more research and ran the following in powershell:
[PS] C:\Windows\system32>Get-FederationInformation -domainname weiman.com
RunspaceId            : f4af09c7-134a-4fe7-95c0-acd120c63949
TargetApplicationUri : outlook.com
DomainNames           : {Weiman.onmicrosoft.com, weiman.com, Weiman.mail.onmicrosoft.com}
TargetAutodiscoverEpr : https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity
TokenIssuerUris       : {urn:federation:MicrosoftOnline}
IsValid               : True
[PS] C:\Windows\system32>Get-OrganizationRelationship | FL
RunspaceId            : f4af09c7-134a-4fe7-95c0-acd120c63949
DomainNames           : {herbertstanley.com, weiman.com, Weiman.mail.onmicrosoft.com}
FreeBusyAccessEnabled : True
FreeBusyAccessLevel   : LimitedDetails
FreeBusyAccessScope   :
MailboxMoveEnabled    : True
DeliveryReportEnabled : True
MailTipsAccessEnabled : True
MailTipsAccessLevel   : All
MailTipsAccessScope   :
TargetApplicationUri : outlook.com
TargetSharingEpr      :
TargetOwaURL          : http://outlook.com/owa/herbertstanley.com
TargetAutodiscoverEpr : https://pod51043.outlook.com/autodiscover/autodiscover.svc/WSSecurity
OrganizationContact   :
Enabled               : True
ArchiveAccessEnabled : True
AdminDisplayName      :
ExchangeVersion       : 0.10 (14.0.100.0)
Name                  : On Premises to Exchange Online Organization Relationship
DistinguishedName     : CN=On Premises to Exchange Online Organization Relationship,CN=Federation,CN=WEIMAN,CN=Microsof
                        t Exchange,CN=Services,CN=Configuration,DC=herbertstanley,DC=com
Identity              : On Premises to Exchange Online Organization Relationship
Guid                  : 26b4ec5d-fe93-473e-b451-1f9aa2e94ebb
ObjectCategory        : herbertstanley.com/Configuration/Schema/ms-Exch-Fed-Sharing-Relationship
ObjectClass           : {top, msExchFedSharingRelationship}
WhenChanged           : 1/13/2014 1:25:54 PM
WhenCreated           : 12/17/2013 1:04:32 PM
WhenChangedUTC        : 1/13/2014 7:25:54 PM
WhenCreatedUTC        : 12/17/2013 7:04:32 PM
OrganizationId        :
OriginatingServer     : gemini.herbertstanley.com
IsValid               : True
I am not sure why we have that value for the OriginatingServer. That server is a backup domain controller, not the server that houses the on-premise exchange.
I then ran the set-OrganizationRelationship and get the below error.
[PS] C:\Windows\system32>Set-OrganizationRelationship -Identity weiman.mail.onmicrosoft.com -targetapplicationUri outloo
k.com -TargetAutodiscoverEpr https://pod51043.outlook.com/autodiscover/autodiscover.svc/WSSecurity
The operation couldn't be performed because object 'weiman.mail.onmicrosoft.com' couldn't be found on 'gemini.herbertst
anley.com'.
    + CategoryInfo          : NotSpecified: (0:Int32) [Set-OrganizationRelationship], ManagementObjectNotFoundExceptio
   n
    + FullyQualifiedErrorId : F2215CB2,Microsoft.Exchange.Management.SystemConfigurationTasks.SetOrganizationRelations
   hip
How do I change the originating server to be my exchange server?

Exchange Server 2013: Deploying High Availability and Site Resilience

Dear All,
I'm planning to Deploying High Availability and Site Resilience.
I have two data center and I have one exchange server on each site (multi-role).
I want to deploy Database Availability Group.
Is it possible? any idea?
in addition, all clients is connected to their email to their own site. dose it has any affected to Outlook users?
KH
[email protected]

Hi MAS,
Currently, I have only mailbox server and only database for each site.
+ Site1: I has DB1 and all users in site1 will access to their own site. (MBX1) subnet 192.168.1.0/24
+ Site2: I has DB2 and all users in site2 will access to their own site. (MBX2) subnet 192.168.2.0/24
But the email for incoming and outgoing with external will go to Site1.
In Planning,
I want to implement DAG to provide HA on database level below:
Is it possible to do that? dose it has any affected to current Outlook users?
BR,
KH
[email protected]

Exchange 2010 Send As Permissions Dropping

We are finding send as rights are dropping even though they are still appearing in the send As Rights Permissions box. This has been happeneing intermittently for a few weeks now, has anyone experienced something similar?
Thanks

Hi,
As per the information and details provided by you, Send As permission is Dropping in Exchange 2010.
Please follow these steps to setup Send As Permission in Exchange Server2010: -
In Exchange 2010, Click on Start>
Programs> Microsoft Exchange> and then click
Active Directory Users and Computers.
In the View menu, click on the
Advanced Features.
Expend Users, then right click the Mailbox Owner object where you want to grant the permission, and then click
Properties.
Click on the Security tab, and then click on
Advanced.
In the Access Control Setting for Mailbox Owner dialog box, click on Add.
In the Select User, Computer, or Group dialog box, click the user account or the group that you want to grant Send As permission to and then click
OK.
In the Permission entry for Mailbox Owner dialog box, click
This Object Only in the Apply onto list.
In the Permission list, locate
Send As, and then click to select the Allow check box.
Click OK three times to close the dialog boxes.
I hope this information will be helpful for you.
Thanks and regards
Ashish@S
Ashish@V

Exchange 2007 Send Connectors

Hello,
I'm relatively new to administering Exchange and I had some questions on Send Connectors. We send mail to a few different domains that usually 75% of the time will generate a message saying:
Delivery is delayed to these recipients or distribution lists:
This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf.
Delivery of this message will be attempted until 1/9/2014 9:31:13 AM (GMT-05:00) Eastern Time (US & Canada). Microsoft Exchange will notify you if the message can't be delivered
by that time.
Sometimes messages will make it to the intended recipients and other times not. Most of the time they are just regular emails without any attachments on them. I'm not exactly sure how connectors work, but I'm thinking that I can set one up to tell exchange
that it should route these certain emails to that domain. Is this the correct thought process on how a send connector would work and are there any ramifications I need to worry about if I set up a second or third send connector?
I apologize if this is naïve or doesn't make sense. Please let me know if you need more information. We run Exchange 2007 on Windows SBS 2008.
Thank you.

Hi,
It seems that it could be a reverse DNS lookup issue. I recommend you check if the reverse DNS record is configured correctly.
If it is ok, I suggest you enable logging at your send connector. Then check the log to see if you could find some clues.
Best regards,
Belinda
Belinda Ma
TechNet Community Support

Exchange 2007 send connector does nor respect Maximum message size (sometimes...)

Hi to all
We have 9 email server, 5 Mailboxes, 2 CAS and 2 HT, We began to have problems to send and receive from internet; so I checked the queues and I discovered that some users are sending messages with a size greater than 16 MB, althought internally can send
until 40MB, if they send externally, only until 16MB.
I revised all the configuration:
Organization Configuration/Hub Transport/Global Settings/ Maximum send size (KB):40960
Server Configuration/Hub Transport/HT01/Receive Connectors/Default HT01/Maximum message size(KB): 40960 (only this server can send outside, the other server is in spare)
Organization Configuration/Hub Transport/Send Connector/SendMailOuside/Maximum message size(KB) 16386
We send by an Smart host that is used only by the HT01 to a Symantec server.
With this, we have this situations:
In the queue, I see some users are sending emails with a size more than 16MB outside the organization, I revised their configuration and the "maximun send size" is clear the checkbox (just like my account), the weir is if I try to send an email
with a size more than 16MB, I got the message: "#550 5.3.4 ROUTING.SizeLimit; message size exceeds fixed maximum size for route ##", this is not sense because their account configuration is the same like mine, so the Exchange must not let
them to put the email in the queue...
If between internal users try to send an email with size more than 16MB, this is allowed and it's send without any problem
So I don't know where is the misconfiguration, is permited to send mails with size less than 40MB internally, but externally only until to 16MB, but I din't know why the Exchange system let some users to send (or at least put in the queue) this kind of messages,
my account is in the same DB like the other users...
I hope to be clear in the description of the situation, maybe a patch or some thing, the HT server has the January patch and in april will be applied the last patchs.
Doc MX

Hi DocMX,
Thank you for your question.
We could run the following command:
Get-TransportConfig | FL max*size
Then, we could check the send connector by the following command:
Get-SendConnector | FL Identity,MaxMessageSize
We could run the following command to check an individual user maximum size.
Get-Mailbox <username> | FL Name,Max*size
In my solution, we could rebuild the user profile that those users could send emails more than 16MB to check if the issue persist.
We could also restart the service of “Microsoft Exchange Transport”.
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support

Exchange 2010 - Send / Recieve Limits

Hi All,
I'm facing this weird issue where my send and receive limits are not the same, currently I'm unable to receve a large sized mail even though my receive limits are at that rate. What I've noticed is its hitting my Send Limit. What is the reason for this I've
seen a few posts on this on the internet but I find it a little hard to believe I will Post those article links here too.
Links with similar Issue:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27744685.html
Please Advice,
Thanks and Best Regards,
Michael

Hi Amy / Andy,
I'm aware of the three places to change the limits and that User level limits take precedence when authenticated only.
[PS] C:\Windows\system32>Get-TransportConfig | ft maxsendsize, maxreceivesize
MaxSendSize
MaxReceiveSize
12.01 MB (12,595,200 bytes)                                 30.27 MB (31,744,000 bytes)
[PS] C:\Windows\system32>Get-ReceiveConnector | ft name, maxmessagesize
Name
MaxMessageSize
Edge Server to Hub Transport Server                         30.27 MB (31,744,000 bytes)
Edge Server to Hub Transport Server                         30.27 MB (31,744,000 bytes)
[PS] C:\Windows\system32>Get-SendConnector | ft name, maxmessagesize
Name
MaxMessageSize
EdgeSync - Inbound to Default-First-Site-Name               unlimited
EdgeSync - Default-First-Site-Name to Internet               30.27 MB (31,744,000 bytes)
My Problem is External Mail that is being sent to an Internal User is hitting the Send Connector Org Limit when it shouldn't be and I'm getting the NDR of message size exceeded.
Thanks and Best Regards,
Michael

Import csv file in Address Spaces in an Exchange 2007 Send Connector

hello , i must put more than 300 domains in the addres space of a Send connector.
is possible have a csv file with the 300 domains and a powershell script to import this file in the address space of one send connector?
example csv file :
cepsa.es
repsol.com
parsi.es
Regards
Thansk in advance
mcse 200x + mesaging 2000 2003 2007 2010

Hi
At First, you CSV should be set as the format like
Name
cepsa.es
repsol.com
parsi.es
If you would like to set a new Send Connector. you can simply do
New-SendConnector -Name ConnectName -AddressSpace ((Import-CSV <PathOfCSV>) | ForEach {$_.Name})
If you would like to add to a Send Connector that already existed, Please run
$al = (Get-SendConnector -Identity <ConnectName>).AddressSpaces
$al += (Import-CSV <PathOfCSV>) | ForEach {$_.Name})
Set-SendConnector -Name ConnectName -AddressSpace $al
Cheers
Zi Feng
Zi Feng
TechNet Community Support
The first script is still working as it should under Exchange 2013 when a send connector is created for the first time.
The second part of adding (or removing) address spaces from an existing send connector was a little bit trickier.
the following script did it:
Get-SendConnector "ConnectorName" | Set-SendConnector -AddressSpace ((Import-CSV <PathOfCSV>) | ForEach {$_.Name})
Watch out! this command also removes domains which are not present in the csv file!

OEM TEC Connector - high availability

Hi,
We want to use the IBM TEC Connector plugin and I know this requires the installation of a TEC Web Service.
The OEM configuration is within a 2 node RAC/Clusterware act with a load balancer to allow an ACTIVE:ACTIVE confguration. I want to place the TEC Web Service on both of these nodes so as provide HA that is consistent with the OEM repository but wondered if it can be done?
kind regards
gordon

Hi,
According to your description, your secondary send connector cannot be automatically used when the first one is down. If I misunderstand your meaning, please feel free to let me know.
If yes, I’d like to confirm if the settings of the secondary one is same with the first one and we can check the connectivity logs including diagnostic information for Healthy Server Selector.
For more information, you can refer to the following article:
http://technet.microsoft.com/en-us/library/ff634392(v=exchg.141).aspx
Thanks,
Angela Shi
TechNet Community Support

Exchange 2010 - Send Connector High Availability

Similar Messages

Maybe you are looking for