Failed to achieve authentication

Hello, i have a weird situation.

i have two mbx servers and two cas servers, all 2013 belonging to one organization.

i have deployed an edge server and subscribed it successfully. 

all receive and send connectors are normal, no authentication mechanism missing nor configuration.

mail flow internally is flowing fantastic, mail flow from internet to inside is going great, however, when i send an email from inside to the internet, the edge server rejects it a while later with a message delayed NDR, and the error on the report and the queue viewer is the following:

451 5.7.3 Cannot achieve Exchange Server authentication. Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts

i have no clue why it's been like that, i am telnet-ing just fine between sites and all FQDN are correct, i have no clue what's the problem with authentication.

i have google countless hours, all solutions are pretty basic trivial and do not apply to my case as what they suggest is pretty trivial and no real sys admin can omit the suggestions they offer.

August 9th, 2015 6:03pm

Hi Muhamad

Can we try first Test-EdgeSynchronication TargetServer with your mailbox server and see if we get any errors on them

Then you can run Start-EdgeSynchronization to your mailbox servers

If none of the above doesn't help then remove the existing subscription ,recreate and start the edgesync to all of your mailbox servers and see the results

Free Windows Admin Tool Kit Click here and download it now
August 9th, 2015 6:58pm

HELLO SATHISH,

when i ran the test-edgesynchronization, i noticed that remote domains and transport config status were " not synchronized " could this be the reason of my mail not flowing to the outside?

can these errors be related to a certificate issue?

August 10th, 2015 1:53pm

Hi 

I would definitely suggest you to recreate the edge subscription which will solve your problem

Follow the below steps:
Create Edge Subscription:
New-EdgeSubscription Filename C:\edgeserversubscription.xml

Copy the xml file to the mailbox server local disk.

Complete subscription by running the below command:

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path C:\EdgeServerSubscription.xml -Encoding Byte -ReadCount 0)) -Site Default-First-Site-Name

Run Start-EdgeSynchronization

Hopefully it should work after performing the above 

Free Windows Admin Tool Kit Click here and download it now
August 10th, 2015 2:11pm

hello again,

i already deleted and recreated my edge subscription twice, no luck.

however, i am not familiar with this step and i did not do it:

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path C:\EdgeServerSubscription.xml -Encoding Byte -ReadCount 0)) -Site Default-First-Site-Name

could this be related?

August 10th, 2015 3:02pm

Hi Muhammad

If you do not perform the last step then the subscription is not imported to the mailbox server and hence they are not able to send emails to the internet

you need to run that command inorder for the subscription to be imported to the mbx servers and the subscription to be completed

Free Windows Admin Tool Kit Click here and download it now
August 10th, 2015 3:40pm

i will try this tonight, and update you on the matter.

Thank you for your sustaining help :)

August 10th, 2015 3:45pm

Again, it didn't work.

when i run test edge synchronization i get this:

RunspaceId                  : 6071b786-da33-4dff-8541-a61cbf0885d9
SyncStatus                  : Normal
UtcNow                      : 8/10/2015 8:03:18 PM
Name                        : KAN-EDGE
LeaseHolder                 : CN=KAN-MBX,CN=Servers,CN=Exchange Administrative Group
                              (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=mstqbl,CN=Microsoft
                              Exchange,CN=Services,CN=Configuration,DC=mstqbl,DC=org
LeaseType                   : Option
FailureDetail               :
LeaseExpiryUtc              : 8/10/2015 8:32:54 PM
LastSynchronizedUtc         : 8/10/2015 8:02:54 PM
TransportServerStatus       : Synchronized
TransportConfigStatus       : NotSynchronized
AcceptedDomainStatus        : Synchronized
RemoteDomainStatus          : NotSynchronized
SendConnectorStatus         : Synchronized
MessageClassificationStatus : Synchronized
RecipientStatus             : Synchronized
CredentialRecords           : Number of credentials 9
CookieRecords               : Number of cookies 2

notice how transporconfigstatus and remote domain status are not synchronized god knows why

Free Windows Admin Tool Kit Click here and download it now
August 11th, 2015 12:05am

Hello, i have a weird situation.

i have two mbx servers and two cas servers, all 2013 belonging to one organization.

i have deployed and edge server and subscribed it successfully. 

all receive and send connectors are normal, no authentication mechanism missing nor configuration.

mail flow internally is flowing fantastic, mail flow from internet to inside is going great, however, when i send an email from inside to the internet, the edge server rejects it a while later with a message delayed NDR, and the error on the report and the queue viewer is the following:

451 5.7.3 Cannot achieve Exchange Server authentication. Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts

i have no clue why it's been like that, i am telnet-ing just fine between sites and all FQDN are correct, i have no clue what's the problem with authentication.

i have google countless hours, all solutions are pretty basic trivial and do not apply to my case as what they suggest is pretty trivial and no real sys admin can omit the suggestions they offer.

August 11th, 2015 9:09am

Hi,

Please check your receive connector settings in your environment. And make sure the Exchange server authentication is checked in the Authentication of Default Front End connector.

Then restart the Microsoft Exchange Transport Service to have a try. If there is other custom connector created in your environment, please provide more information for further analysis.

Regards,

Free Windows Admin Tool Kit Click here and download it now
August 11th, 2015 9:40am

Hi 

Use telnet command to send the testing email from the source server to the destination server
What's the result?

You have to change to set TLS Protocol with Mutual TLS and Server Exchange Authentification on the edge servers 

August 11th, 2015 11:00am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics