Exchange 2013 External Relay gives me a headache... Anonymous relay fail to external address

Similar Messages

• Exchange 2013 - Outlook 2010 - 550 5.1.0 RESOLVER.ADR.InvalidInSmtp; encapsulated INVALID address inside an SMTP address

  Hello, 
  I have issue when sending email to some addresses. Server respond with:
  Remote Server returned '550 5.1.0 RESOLVER.ADR.InvalidInSmtp; encapsulated INVALID address inside an SMTP address (IMCEAINVALID-)'
  My enviroment: Exchange 2013, Outlook 2010 - no cached mode. Issue happend with two email addresses but not always.
  Any suggestion, how to resolve issue?
  Thx.

  Hi Tomas,
  Does this issue occur in OWA? How is the impact, only one user or all users?
  Please try to run Outlook under safe mode to avoid add-ins and AVs.
  If there is any 3rd party add-ins, please try to disable them for testing.
  Thanks
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Mavis Huang
  TechNet Community Support

• Unable to open delivery reports in Exchange 2013 SP1. Gives warning "The status for the recipient can't be determined because of a temporary error. Please try again later."

  This seems to be occurring with all users (have tested a few, all display the same exact error message).
  When I click on "Message Delivery Report" in Outlook 2010 or 2013, it points me to the ECP and displays this message "Warning The status for the recipient can't be determined because of a temporary error. Please try again later." I'm
  not sure which log files to look at. The last time I remember it worked was before I applied SP1, I think CU3.
  Our environment is two servers running Exchange Server 2013 Std. SP1 (847.32) in a DAG.
  Thanks.

  Hi,
  From the error description, I would like to clarify the following thing:
  Delivery Reports is a message tracking tool that you can use to search for delivery status on email messages sent to or from users in your organization's address book, with a certain subject. In Exchange 2013, you can track messages for up to 14 days after
  they were sent or received. Please make sure the message you are tracking isn't older than 14 days.
  Here is an article for your reference:
  Track messages with delivery reports
  http://technet.microsoft.com/en-us/library/jj150554(v=exchg.150).aspx
  Hope it helps.
  Best regards,
  Amy Wang
  TechNet Community Support

• How to configure AD on windows 2012 server for Exchange 2013 internal and external email flow

  Dear Experts,
  I have to configure exchange 2013 on Windows server 2012 STD. Company has registered Static IP addresses and can get the MX record pointing to any of this Static IP.  
  The registered domain name is e.g.  contoso.com. 
  a. What should I use as domain name on AD? contoso.com or contoso.local
  b. Is it recommended to have two different servers  for AD and Exchange?
  c. What should be my connector settings for mail flow?
  d. how can I set 2 email servers in company for load balancing?

  Hi,
  a, I suggest use contoso.com as domain name. It is convenient to add urls into our certificate for internal and external mail flow.
  b, Recommended that installing AD
  and Exchange Server on two separate
  Servers. If Exchange Server downed unfortunately, it can prevent AD server from crushing at the same time.
  c, Found some articles for your reference:
  Configure Mail Flow and Client Access
  http://technet.microsoft.com/en-us/library/jj218640(v=exchg.150).aspx
  Configuring Outbound Mail Flow in Exchange Server 2013
  http://exchangeserverpro.com/configuring-outbound-mail-flow-in-exchange-server-2013/
  d, Load Balancing
  http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• External emails not received after shutdown of Exchange 2010 in coexistence with Exchange 2013

  I have exchange 2013 and exchange 2010 in coexistence mode. All mailboxes have been moved to Exchange 2013 and firewall/spamfilters already pointed to Exchange 2013 CAS server. I can receive/send from and to external addresses, however when I shutted down
  the Exchange 2010 all incoming external mails were not received. What could be the cause?

  Start by re-checking how the device that takes the traffic from the external MX IP to internal is configured.
  Sniff the traffic to ensure that it is hitting 2013 directly.
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Exchange 2013 user cann't access exchange 2013 public folder

  Hi, during the coexistence exchange 2007 and exchange 2013, outlook is unable to access public folder of exchange 2007 from exchange 2013, I've install CU2 for exchange 2013 and also set authentication to Ntlm, but also failed. please help to look into this
  problem, thanks.
  belows are information about outlook anywhere in our exchange.
  exchange 2007：(primary site)shmail04,shmail05,shmail06; (DR site)drpmail05,drpmail06
  exchange 2013：(primary site)shcas01,shcas02; (DR site)wxcas01
  Identity                           : SHCAS01\Rpc (Default Web Site)
  InternalHostname                   : infor.tdw.com
  InternalClientAuthenticationMethod : Ntlm
  InternalClientsRequireSsl          : True
  ExternalHostname                   : infor.tdw.com
  ExternalClientAuthenticationMethod : Ntlm
  ExternalClientsRequireSsl          : True
  IISAuthenticationMethods           : {Ntlm}
  Identity                           : SHCAS02\Rpc (Default Web Site)
  InternalHostname                   : infor.tdw.com
  InternalClientAuthenticationMethod : Ntlm
  InternalClientsRequireSsl          : True
  ExternalHostname                   : infor.tdw.com
  ExternalClientAuthenticationMethod : Ntlm
  ExternalClientsRequireSsl          : True
  IISAuthenticationMethods           : {Ntlm}
  Identity                           : WXCAS01\Rpc (Default Web Site)
  InternalHostname                   : infor.tdw.com
  InternalClientAuthenticationMethod : Ntlm
  InternalClientsRequireSsl          : True
  ExternalHostname                   : infor.tdw.com
  ExternalClientAuthenticationMethod : Ntlm
  ExternalClientsRequireSsl          : True
  IISAuthenticationMethods           : {Ntlm}
  Identity                           : SHMAIL04\Rpc (Default Web Site)
  InternalHostname                   :
  InternalClientAuthenticationMethod : Ntlm
  InternalClientsRequireSsl          : False
  ExternalHostname                   : legacy.tdw.com
  ExternalClientAuthenticationMethod : Ntlm
  ExternalClientsRequireSsl          : True
  IISAuthenticationMethods           : {Ntlm}
  Identity                           : SHMAIL05\Rpc (Default Web Site)
  InternalHostname                   :
  InternalClientAuthenticationMethod : Ntlm
  InternalClientsRequireSsl          : False
  ExternalHostname                   : legacy.tdw.com
  ExternalClientAuthenticationMethod : Ntlm
  ExternalClientsRequireSsl          : True
  IISAuthenticationMethods           : {Ntlm}
  Identity                           : SHMAIL06\Rpc (Default Web Site)
  InternalHostname                   :
  InternalClientAuthenticationMethod : Ntlm
  InternalClientsRequireSsl          : False
  ExternalHostname                   : legacy.tdw.com
  ExternalClientAuthenticationMethod : Ntlm
  ExternalClientsRequireSsl          : True
  IISAuthenticationMethods           : {Ntlm}
  Identity                           : DRPMAIL05\Rpc (Default Web Site)
  InternalHostname                   :
  InternalClientAuthenticationMethod : Ntlm
  InternalClientsRequireSsl          : False
  ExternalHostname                   : legacy.tdw.com
  ExternalClientAuthenticationMethod : Ntlm
  ExternalClientsRequireSsl          : True
  IISAuthenticationMethods           : {Ntlm}
  Identity                           : DRPMAIL06\Rpc (Default Web Site)
  InternalHostname                   :
  InternalClientAuthenticationMethod : Ntlm
  InternalClientsRequireSsl          : False
  ExternalHostname                   : legacy.tdw.com
  ExternalClientAuthenticationMethod : Ntlm
  ExternalClientsRequireSsl          : True
  IISAuthenticationMethods           : {Ntlm}

  Hi,
  I have found an article said that we need to set the external host name the same. See more details in the following link:
  http://blogs.technet.com/b/mspfe/archive/2013/10/21/upgrading-to-on-premises-exchange-server-2013.aspx
  To allow your Exchange 2013 Client Access server to redirect connections to your Exchange 2007 servers, you must enable and configure
  Outlook Anywhere on all of the Exchange 2007 servers in your organization. If some Exchange 2007 servers in your organization are already configured to use Outlook Anywhere, their configuration must also be updated to support Exchange 2013.
  The following configuration is set on each Exchange 2007 server:
  The Outlook Anywhere external URL is set to the external hostname of the Exchange 2013 server.
  Sent By
  Silver

• Exchange 2013 email on ipad

  I have exchange 2010 server and I have brought Exchange 2013 online & I'm in the process of upgrading to 2013.
  I have ipads in the organisation with no issues getting iPads to receive email when offsite from exchange 2010.
  When I move a mailbox to the exchange 2013 server the iPad can no longer get mail.
  The external name for the server is identical to the one used in exchange 2010 but iPad won't get mail.
  What have I missed?
  OWA is working fine externally via the same server name as I use with my iPads.
  I have since installed the OWA App on to my iPad & managed to get mail via that app.
  Is there a way of getting mail using the apple mail app?

  A couple of ideas:
  1) Sometimes when you use activesync devices (like an iPad), you need to check user accounts to make sure inheritable permissions checkbox is checked. http://support.microsoft.com/kb/2579075 This
  can happen when users are moved to the next version of Exchange.  I've seen this with Exchange 2010 and Exchange 2013 migrations.
  2) Have you transitioned your CAS traffic from 2010 to 2013?  Exchange 2010 cannot proxy traffic from Exchange 2010 to 2013. 
  http://www.expta.com/2014/01/exchange-2013-client-access-coexistence_28.html
  Traffic needs to flow from external to Exchange 2013 to Exchange 2010.
  So let us know what your traffic flow is for HTTP, HTTPS and SMTP.
  JAUCG - Please remeber to mark replies as helpful if they were or as answered if I provided a solution.

• Exchange 2013 Domain Prep Fails: Setup /prepareschema, setup /PrepareAD, Setup /PrepareDomain

  Whenever I try to prep for a 2013 exchange install I always get:
  "earlier versions of the server roles that are installed were detected"
  whenever I try to run Setup /prepareschema OR setup /PrepareAD OR Setup /PrepareDomain
  I am working on a Server 2012 standard machine with Exchange 2010 currently installed. This server is a DC (bad I know), DNS, DHCP.
  I am trying to prep the domain so that I can install Exchange 2013 on a VM and eventually remove Exchange 2010 from the organization altogether.
  There are no other domain controlelrs in the domain. The domain started life as a SBS 2003 machine which was demoted and removed once the server 2012 box was up with exchange 2010 running.
  Any help would be greatly appreciated.
  Here is some info that may help:
  1. PrePare Schema
  Navigated an elevated command prompt to the folder with Exchange 2013 CU3.
  Ran setup /PrepareSchema
  This command should perform the following tasks:
  A: Connects to the schema master and imports LDAP Data Interchange Format (LDIF) files to update the schema with 
  Exchange 2013 specific attributes. The LDIF files are copied to the Temp directory and then deleted after they are imported 
  into the schema.
  B: Sets the schema version (ms-Exch-Schema-Verision-Pt) to a Exchange 2013 value.
  This command fails with: Earlier versions of server roles that were installed were detected.
  First I confirmed that administrator account for domain is a member of schema admins and enterprise admins.
  Next I ran asdiedit.
  I navigated to: "CN=ms-Exch-Schema-Version-Pt,CN=Schema,CN=Configuration,DC=BDA,DC=LAN"
  and reviewed the current "rangeUpper" attribute.
  The ms-Exch-Schema-Verision-Pt is not updated to CU3 range Upper setting.
  The current range upper 14734 which means its still at Exchange 2010 SP3 settings. 
  In short, updaing the schema fails.
  2. Prepare Active Directory
  Navigated an elevated command prompt to the folder with Exchange 2013 CU3.
  setup /PrepareAD [/OrganizationName:<organization name>]
  This command fails with: Earlier versions of server roles that were installed were detected.
  schema update version 56
  I began reviewing the long, long list of the following containers and objects under
   CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
  which are required for Exchange 2013:
  missing cn=Auth Configuration
  missing CN=ExchangeAssistance
  missing CN=Monitoring Settings
  missing CN=Monitoring Settings
  missing CN=Monitoring Settings
  missing CN=Workload Management Settings
  Checked Management role groups within the Microsoft Exchange Security Groups OU
  missing Compliance Management group  --- Manually created this entry
  Step 3 Prepare Domain:
  Navigated an elevated command prompt to the folder with Exchange 2013 CU3.
  Ran setup /PrepareDomain
  This command fails with: Earlier versions of server roles that were installed were detected.
  confirmed the following:
  ObjectVersion property fails as it is still set to Echange 2010 sp3 -  13040
  You have a new global group in the Microsoft Exchange System Objects container called Exchange Install Domain Servers-DONE
  The Exchange Install Domain Servers group is a member of the Exchange Servers USG in the root domain.-DONE
  On each domain controller in a domain in which you will install Exchange 2013, the Exchange Servers USG has permissions 
  on the Domain Controller Security Policy\Local Policies\User Rights Assignment\Manage Auditing and Security Log policy.-DONE
  Thanks.

  Whenever I try to prep for a 2013 exchange install I always get:
  "earlier versions of the server roles that are installed were detected"
  Hi,
  That tells us that you are trying to run the prep on your combined DC and Exchange 2010 Server - That will not work. Run it on the Server where you plan to install Exchange 2013.
  It is not mandatory to run this before the actuall Exchange install - It will run automatically for you, if it hasn't been done already and if you are logged on with an account with the proper permissions.
  Martina Miskovic

• Exchange 2013 SP1 CU8 installation stuck

  Good Morning,
  I'm just installing CU8 for Exchange 2013 on a DAG Member (only mailbox role installed), and setup is stuck at 49% of "Mailbox Role: Client Access service" for more than 2 hours now.
  The ExchangeSetup logfile says:
  [04/15/2015 06:44:20.0582] [2] Active Directory session settings for 'New-PerfCounters' are: View Entire Forest: 'True', Configuration Domain Controller: 'srv-dc02.oostvogels.com', Preferred Global Catalog: 'dc02.contoso.com', Preferred Domain Controllers: '{ dc02.contoso.com }'
  [04/15/2015 06:44:20.0582] [2] User specified parameters: -DefinitionFileName:'ServiceProxyPoolCounters.xml'
  [04/15/2015 06:44:20.0582] [2] Beginning processing new-PerfCounters
  [04/15/2015 06:44:20.0582] [2] Processing file: C:\Program Files\Microsoft\Exchange Server\V15\Setup\Perf\ServiceProxyPoolCounters.xml
  [04/15/2015 06:44:20.0582] [2] Performance counter name is Proxy Instance Count, type is NumberOfItems32.
  [04/15/2015 06:44:20.0582] [2] Performance counter name is Current Outstanding Calls, type is NumberOfItems32.
  [04/15/2015 06:44:20.0582] [2] Performance counter name is Total Number of Calls, type is NumberOfItems32.
  [04/15/2015 06:44:20.0582] [2] Performance counter name is Calls/sec, type is RateOfCountsPerSecond32.
  [04/15/2015 06:44:20.0582] [2] Performance counter name is Average Latency, type is AverageCount64.
  [04/15/2015 06:44:20.0582] [2] Performance counter name is Base for Average Latency, type is AverageBase.
  [04/15/2015 06:44:20.0582] [2] Performance counter category name is 'MSExchange ServiceProxyPool'.
  [04/15/2015 06:44:20.0738] [2] Performance counter category name is 'MSExchange ServiceProxyPool'.
  [04/15/2015 06:44:22.0255] [2] Ending processing new-PerfCounters
  Does anyone have any suggestions or did you experience a similar issue?
  I also can see some events like this:
  Cmdlet failed. Cmdlet New-PerfCounters, parameters -DefinitionFileName "ADDriverCachePerformanceCounters.xml".
  Thanks and best regards,
  Sebastian

  Hi,
  According to your post, I understand that install Exchange 2013 SP1 CU8 in a DAG with MBX role failed with error “Cmdlet failed. Cmdlet New-PerfCounters, parameters -DefinitionFileName ‘ADDriverCachePerformanceCounters.xml’”.
  If I misunderstand your concern, please do not hesitate to let me know.
  I want to double confirm whether you deploy clean install or implement upgrade an existing Exchange Server 2013 installation to Cumulative Update 8.
  To rebuild all Performance counters including extensible and third-party counters, type the following commands at an Administrative command prompt. Press ENTER after each command:
  1. Rebuilding the counters:
      cd c:\windows\system32
      lodctr /R
  2. Resyncing the counters with Windows Management Instrumentation (WMI):
      WINMGMT.EXE /RESYNCPERF
  3. Stop and restart the Performance Logs and Alerts service.
  4. Stop and restart the Windows Management Instrumentation service.
  If the issue persists, please run to reload all the perf counters. For your reference:
  http://blogs.technet.com/b/mikelag/archive/2010/09/10/how-to-unload-reload-performance-counters-on-exchange-2010.aspx
  Thanks
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Allen Wang
  TechNet Community Support

• Can't install Exchange 2013 after previous uninstall (insufficient user privileges with the same user)

  I have installed Exchange 2013 on Windows Server 2012, which ist a member of a Windows Server 2012 R2 Domain. All prerequisites and AD modifications were successfully  completed and I could install Exchange 2013. Unfortunately I made a mistake with
  the target directory and had to uninstal Exchange 2013. If I start the Setup again, it fails in prerequisite check - the current user should not be a member of Enterprise and Schema admin Group, but it's the same user, which comleted the previous Installation
  of Exchange 2013! Do you have any idea how to solve this Problem - I'm running out of ideas.

  Inhave tried to run setup /PrepareSchema again and get the following error in exchange setup log:
  [03.07.2014 19:25:53.0305] [0] Setup encountered a problem while validating the state of Active Directory: Couldn't find the Enterprise Organization container.
  [03.07.2014 19:25:53.0337] [0] Validating options for the 0 requested roles
  [03.07.2014 19:25:53.0383] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Couldn't find the Enterprise Organization container.
  [03.07.2014 19:25:53.0399] [0] The Exchange Server setup operation didn't complete.  More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.
  After removing all Exchange Parts by ADUC (advanced View) and ADSI Edit (Services) I'm able to install Exchnge 2013 again - the uninstall procedure seems not to work in a clean manner.

• Unable to send to external email recipients - Multi Tenant Exchange 2013 - MultiRole servers in DAG

  Greetings all, I hope someone can help.
  I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
  Internal mail flow is fine (external email addresses can send to the domain).
  External firewall port forwards ports 443 and 25 to the Internal DAG IP address.
  There are two multi-role Exchange servers that are members of the DAG.
  I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
  No SSL certificates have been purchased or installed yet.
  Exchange URLs have not been changed since default configuration at install.
  OWA and ECP works both internal and external.
  External DNS works with SPF and PTR records correctly configured
  Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)
  Send Connectors are the default ones created during install. Receive connector is standard configuration with  - * - 
  When sending email to an external address, I receive a failure notice
  ServerName.test.corp.int gave this error:
  Unable to relay 
  Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.
  More Info - 
  ServerName.test.corp.int
  Remote Server returned '550 5.7.1 Unable to relay'
  I have been troubleshooting this for many hours with no progress.
  I have created new Send Connectors for the server that is advising that it is unable to relay, but they have all failed.
  I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
  I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
  I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.
  I am at a loss as to why I can't send out with the default configuration. I would assume that email would flow out without any changes, but this does not happen.
  Can someone please assist before I lose my sanity.
  Thanks in advance,
  Terry

  Greetings all, I hope someone can help.
  I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
  Internal mail flow is fine.
  Incoming mail from external senders is also fine. - 
  external email addresses can send to the domain).
  External firewall port forwards ports 443 and 25 to the Internal DAG IP address.
  There are two multi-role Exchange servers that are members of the DAG.
  I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
  No SSL certificates have been purchased or installed yet.
  Exchange URLs have not been changed since default configuration at install.
  OWA and ECP works both internal and external.
  External DNS works with SPF and PTR records correctly configured
  Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)
  Receive Connectors are the default ones created during install. Send connector is standard configuration with  - * - 
  When sending email to an external address, I receive a failure notice
  ServerName.test.corp.int gave this error:
  Unable to relay 
  Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.
  More Info - 
  ServerName.test.corp.int
  Remote Server returned '550 5.7.1 Unable to relay'
  I have been troubleshooting this for several days with no progress.
  I have created new Receive Connectors for the server that is advising that it is unable to relay, but they have all failed.
  I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
  I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
  I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.
  Even more info - Further troubleshooting -
  I found my one of my Exchange servers had an extra NIC. I have since added a second NIC to the other server, so now both Exchange servers have dual NICs. I removed the DAG cleanly and recreated the DAG from scratch, using this link -
  hxxp://careexchange.in/how-to-create-a-database-availability-group-in-exchange-2013/ 
  The issue still exists, even with a newly created DAG. I also found that the Tenant Address Books were not 'applied'. I applied them but still no resolution
  I think the issue is related to multi-tenant configuration even though the error says that it can't relay. The unable to relay message can appear when sending from a domain that the Organization does not support. Like trying to email as [email protected]
  when you domain name is apple.com - But through extensive research I still can't resolve the issue.
  Can someone please assist before I lose my sanity.
  Thanks in advance,
  Terry

• Exchange 2013 autodiscover not working from Externally

  Hi 
  i have exchange 2010 sp3(2Mb, 2hub/cas). I installed exchange 2013 servers(2MB, 2CAS). For coexistence i generated new certifcate with new cas from third party. I installed that certificate in that cas and assigned all services. i changed all my virtual
  directories service url. I didnt import the new certificate to exchange 2010 cas server and i didnt change url to legacy link.But still iam able to check exchange 2010 user mailbox owa, activesync and autodiscover without any certificate error. 
  If i try to browse owa, its going to 2013 server, if user is exchange 2010 user and its redirecting to exchange 2010 owa with same link.
  But i dont know how above things is working without importing to new certificate...
  Main problem is i am not able to configure exchange 2013 users outlookanywhere, Autodiscover from externally...
  So in tmg i pointed the outlook anywhere ip address new cas server, now both exchange 2010 and exchange 2013 users while OA from external, its keep on asking password... Not accepting it...
  Please help me to fix this issue..

  Hi ,
  On TMG please have the outlook anywhere rule like below and check the status.
  Step
  1 :
  On the TMG rule - >authentication delegation ---> select the option "no delegation users can authenticate directly"
  Step
  2 :
  on the users tab in the TMG rule - just add "all users" group on that rule.
  By having the above settings we have avoided the issues in your environment.
  Note : Based on the above setting's , Each and everyone in exchange will have a access to the outlook anywhere from external world , because there would not be having any restriction on the TMG rules.
  Please have a look in to the below link , it will give you some ideas which is related to TMG
  http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
  Thanks & Regards S.Nithyanandham

• Out of office replies in Exchange 2013 not working for external recipients

  Hi,
  Few days ago a couple of company workers went to vacation. They set up OOF automatic replies in OWA 2013. However automatic replies are not working for external recipients (outside of company). Internal users (company users) receive OOF notification.
  I'm using smart host in sender connector configuration (SMTP server of internet provider) to deliver emails. Any clues about this problem ? Please find below part of the transaction log. For testing purposes i set up administrator account
  to be on vacation.
  HARED... SMTP    
  [email protected]           
  {[email protected]}             Automatic reply: vacation test
  RECEIVE  SMTP    
  [email protected]           
  {[email protected]}             Automatic reply: vacation test
  DROP     ROUTING 
  [email protected]           
  {[email protected]}             Automatic reply: vacation test
  AGENT... AGENT    [email protected]           
  {[email protected]}             Automatic reply: vacation test
  HARED... SMTP    
  [email protected]           
  {[email protected]}             Automatic reply: vacation test
  RECEIVE  SMTP    
  [email protected]           
  {[email protected]}             Automatic reply: vacation test
  AGENT... AGENT    [email protected]           
  {[email protected]}             Automatic reply: vacation test
  TRANSFER ROUTING  [email protected]           
  {[email protected]}             Automatic reply: vacation test
  FAIL     SMTP    
  [email protected]           
  {[email protected]}             Automatic reply: vacation test

  Hi Informus,
  Please check if it is allowed in AllowedOOFType of the Remote Domain *
  In Exchange 2013, the only way to see or change the current configuration for automatic replying and forwarding to the Internet is via the Exchange Management Shell (EMS) with PowerShell commands.
  To get the currently configured Remote Domains, use:
  Get-RemoteDomain
  Name                           DomainName                                  
  AllowedOOFType
  Default                        *                                           
  External
  Get-RemoteDomain Default | fl AllowedOOFType, AutoReplyEnabled, AutoForwardEnabled
  AllowedOOFType     : External
  AutoReplyEnabled   : False
  AutoForwardEnabled : False
  To change the settings, use the Set-RemoteDomain command.
  Enable automatic replies
  Set-RemoteDomain -AutoReplyEnabled $true
  Enable automatic forwards
  Set-RemoteDomain –AutoForwardEnabled $true
  Enable OOF for Outlook 2003 and previous (for Exchange 2007 and 2010 support)
  Set-RemoteDomain –AllowedOOFType $ExternalLegacy
  To change all these properties at once, you can use:
  Set-RemoteDomain Default -AutoReplyEnabled $true –AutoForwardEnabled $true –AllowedOOFType $ExternalLegacy
  Note:
  Valid settings for the AllowedOOFType property are:
  External
  This is the default and only allows for the new style OOF messages as introduced in Outlook 2007.
  ExternalLegacy
  This settings allows for both the new style and old style OOF messages and needs to be set if you want to enable external OOF support for Outlook 2003 as well.
  None
  This setting doesn’t allow for the use of OOF messages at all (both internal and external).
  InternalLegacy
  This setting only allows for internal OOF messages to be sent for all Outlook versions.
  Regards,
  Satyajit
  Please “Vote As Helpful”
  if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• 530 5.7.1 Client was not authenticated - Exchange 2013 to external domains

  Hi all,
  I have an Exchange server 2013 on windows 2012 R2 and do all the configuration for sending and receiving the mail according to the document provided by Microsoft.
  But whenever I am trying to send mails from external domains to my exchange server domain I got the following error:
  530 5.7.1 Client was not authenticated
  Same thing I am getting If I am sending mail through outlook from my Exchange domains to external domain.
  But if I am selecting the
  <label for="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers" id="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers_label">Anonymous
  users in the security option of Default Frontend XXXX, I am able to send the mails through outlook.</label>
  <label for="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers" id="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers_label">But I don't
  want to use this option as it will enable to send the mails without validating the Exchange server user name and password.</label>
  SO can anyone please suggest some solutions to resolve this as using Anonymous users fro sending and receiving mails is not secure.
  Regards
  Pankaj Raman.
  <label for="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers" id="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers_label">
  </label>

  I have a java code for sending mails using the SMTP address of the servers. For sending a mail it required a valid user name and password. For all other SMTP servers if I have used invalid user name and password then I am getting the  530
  5.7.1 Client was not authenticated error, but
  if I am using my SMTP address and invalid user name and password then also I am able to send the mails.
  So I just want to know what I have to configure in the exchange 2013 server so that it will validate the user name and password.
  Regards
  Pankaj Raman.
  Hi Pankaj,
  Thank you for your question.
  Was invalid user name and password included in Java code?
  Did outlook send emails?
  If this issue happen on Java code instead of outlook?
  In fact, Exchange server didn’t validate user account and password, user account and password will be validated on domain controller,
  I suggest we create a new dedicated receive connector and enable “anonymous” permission for java code
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• External Mail Flow not coming into Exchange 2013 Server

  We just finished migrating from Exchange 2007 to Exchange 2013 and when I disable a certain receive connector on Exchange 2007 we stop receiving external emails. I have reviewed all of the Exchange 2013 Receive Connectors and everything looks to be fine
  but the server does not get mail flow. If anyone could assist with this issue that would be great.
  Thanks,
  Ryan

  Hi,
  According to your description, all your inbound mails cannot be received in your Exchange 2013 server after you disable a receive connector in your Exchange 2007 server. If I misunderstand your meaning, please feel free to let me know.
  If yes, since your MX record has been configured properly for your Exchange 2013 server, we can begin with checking the A record for the Exchange 2013 server and confirm if all external mails cannot come in your organization. And we can depend on the following
  troubleshooting to narrow down the mail flow issue:
  1. Check the NDR information if there is NDR.
  2. Check Telnet to test the mail flow:
  http://technet.microsoft.com/en-us/library/bb123686(v=exchg.150).aspx
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Angela Shi
  TechNet Community Support