A message sent from domain contoso.com to acme.org cannot be delivered unless I set authentication to None on the " EdgeSync - Inbound to Default-First-Site-Name " Send Connector of the Edge server. Message Tracking logs and Queue Viewer on ET server shows that the message reaches the ET server and remains in the Queue (unless authentication is set to "None"). This was the error message (before authentication on the Send Connector in question was set to none): Last Error: 451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication. Attempted failover to alternate host. but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. Otherwise (now that authentication = None), mail flows both ways without a problem. So we can assume that it is authentication, and not connectivity, that is at the heart of the problem. Can anyone propose a solution? Additional information is provided below.Thank you in advance!----------------------------------- Synchronization is successful: Edge Tests [PS] C:\>Test-EdgeSynchronization Name : EDGE LeaseHolder : MSERV01 LeaseType : Option ConnectionResult : Succeeded FailureDetail : LeaseExpiry : 1/18/2010 3:28:37 PM LastSynchronized : 1/18/2010 2:28:37 PM CredentialStatus : Synchronized TransportServerStatus : Synchronized TransportConfigStatus : Synchronized AcceptedDomainStatus : Synchronized SendConnectorStatus : Synchronized MessageClassificationStatus : Synchronized RecipientStatus : Synchronized CredentialRecords : Number of credentials 3 [PS] C:\>Start-EdgeSynchronization Result : Success Type : Configuration Name : CN=EDGE,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=acme,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=acme,DC=loc FailureDetails : StartUTC : 1/18/2010 7:56:07 PM EndUTC : 1/18/2010 7:56:07 PM [...] Result : Success Type : Recipients Name : CN=EDGE,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=acme,CN=M icrosoft Exchange,CN=Services,CN=Configuration,DC=acme,DC=loc FailureDetails : StartUTC : 1/18/2010 7:56:07 PM EndUTC : 1/18/2010 7:56:07 PM [...] Send and Receive connector configuration [PS] C:\>Get-SendConnector Identity AddressSpaces Enabled -------- ------------- ------- OUTBOUND {SMTP:*;1} True EdgeSync - Default-First-Site-Name to Internet {smtp:*;100} True EdgeSync - Inbound to Default-First-Site-Name {smtp:--;100} True [PS] C:\>Get-SendConnector "EdgeSync - Inbound to Default-First-Site-Name" | fl AddressSpaces : {smtp:--;100} AuthenticationCredential : Comment : ConnectedDomains : {} ConnectionInactivityTimeOut : 00:10:00 DNSRoutingEnabled : False DomainSecureEnabled : False Enabled : True ForceHELO : False Fqdn : HomeMTA : Microsoft MTA HomeMtaServerId : EDGE Identity : EdgeSync - Inbound to Default-First-Site-Name IgnoreSTARTTLS : False IsScopedConnector : False IsSmtpConnector : True LinkedReceiveConnector : MaxMessageSize : 10MB Name : EdgeSync - Inbound to Default-First-Site-Name Port : 25 ProtocolLoggingLevel : None RequireTLS : False SmartHostAuthMechanism : None SmartHosts : {--} SmartHostsString : -- SourceIPAddress : 0.0.0.0 SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR) SourceTransportServers : {EDGE} UseExternalDNSServersEnabled : False [PS] C:\>Get-ReceiveConnector Identity Bindings Enabled -------- -------- ------- MSERV01\Default MSERV01 {:::25, 0.0.0.0:25} True MSERV01\Client MSERV01 {:::587, 0.0.0.0:587} True MSERV01\INBOUND {10.0.0.3:25} True [PS] C:\>Get-ReceiveConnector "MSERV01\Default MSERV01" | fl AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer Banner : BinaryMimeEnabled : True Bindings : {:::25, 0.0.0.0:25} ChunkingEnabled : True DefaultDomain : DeliveryStatusNotificationEnabled : True EightBitMimeEnabled : True DomainSecureEnabled : False EnhancedStatusCodesEnabled : True LongAddressesEnabled : False OrarEnabled : False Fqdn : MSERV01.acme.loc Comment : Enabled : True ConnectionTimeout : 00:10:00 ConnectionInactivityTimeout : 00:05:00 MessageRateLimit : unlimited MaxInboundConnection : 5000 MaxInboundConnectionPerSource : unlimited MaxInboundConnectionPercentagePerSource : 100 MaxHeaderSize : 64KB MaxHopCount : 30 MaxLocalHopCount : 8 MaxLogonFailures : 3 MaxMessageSize : 10MB MaxProtocolErrors : 5 MaxRecipientsPerMessage : 5000 PermissionGroups : ExchangeUsers, ExchangeServers, ExchangeLegacyServers PipeliningEnabled : True ProtocolLoggingLevel : None RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255} RequireEHLODomain : False RequireTLS : False EnableAuthGSSAPI : False Server : MSERV01 SizeEnabled : EnabledWithoutValue TarpitInterval : 00:00:05 AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) Name : Default MSERV01 DistinguishedName : CN=Default MSERV01,CN=SMTP Receive Connectors,CN=Protocols,CN=MSERV01,CN=Servers,C N=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=acme ,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=acme,DC=loc Identity : MSERV01\Default MSERV01 Guid : 6eb7ee9a-85d3-4ce4-bb97-f158061a2d1f ObjectCategory : acme.loc/Configuration/Schema/ms-Exch-Smtp-Receive-Connector ObjectClass : {top, msExchSmtpReceiveConnector} WhenChanged : 10/18/2009 7:18:33 PM WhenCreated : 10/18/2009 7:18:33 PM OriginatingServer : DC1.acme.loc IsValid : True

Did you configure any public o private certificate on Edge server to use TLS?CapecolMCSA - MCTS Exchange Server 2007 - 2010

No.From your question, it looks like authentication between the two servers takes place with certificates and since I did not configure any, that is the reason authentication is not working?Is it necessary to set up a certificate authority to accomplish this?

Hi,Whether this issue occurred for all the inbound emails? Please try to telnet 25 port to the Hub Tranport Server from the Edge server, then send one testing email. What's the result?ThanksAllen

Hello Allen,I'll try to look at this tonight.I appreciate your help and regret I was not able to get back to this thread right away.

Allen, here are the results: With authentication on EdgeSync - inbound to default-first-site-name set to NONE C:\>Telnet Welcome to Microsoft Telnet Client Escape Character is 'CTRL+]' Microsoft Telnet> o 10.0.0.10 25 220 mail.acme.loc Microsoft ESMTP MAIL Service ready at Tue, 26 Jan 2010 19:45:26 -0500 HELO contoso.com 250 mail.acme.loc Hello [10.0.0.12] MAIL FROM:<rbarre@contoso.com> 250 2.1.0 Sender OK RCPT TO:<admin@acme.org> 250 2.1.5 Recipient OK DATA 354 Start mail input; end with <CRLF>.<CRLF> Subject:EDGE TEST WITH AUTHENTICATION SET TO NONE From:rbarre@contoso.com To:admin@acme.org Hello, This is with authentication set to none . Bye . 250 2.6.0 <cec5316e-dea1-4a0f-a587-d2a7508aae6b@MS01.acme.loc> Queued mail for delivery --------------------------------------------------- With authentication on EdgeSync - inbound to default-first-site-name set to EXCHANGE SERVER 220 mail.acme.loc Microsoft ESMTP MAIL Service ready at Tue, 26 Jan 2010 20:59:1 3 -0500 HELO contoso.com 250 mail.acme.loc Hello [10.0.0.12] MAIL FROM:<rbarre@contoso.com> 250 2.1.0 Sender OK RCPT TO:<admin@acme.org> 250 2.1.5 Recipient OK DATA 354 Start mail input; end with <CRLF>.<CRLF> Subject:Edge test with EXCH Server authentication From:rbarre@contoso.com To:admin@acme.org Hello, XYZ Bye . 250 2.6.0 <6e57d3d2-2ceb-4639-94d8-29bbb86cde39@MS01.acme.loc> Queued mail for delivery.