SMTP unable to relay for second domain

SMTP unable to relay for second domain

Post by David Far » Thu, 02 Sep 2004 18:29:02


Hello,

I have a problem that I'm unable to figure out.
I hope somebody here can help me out.

We have an Exchange 2003 server running on a Win 2000 server and the SMTP
service is giving me problems.

The local domain is company.local, but we receive mail on domain1.com. This
one is added on the Exchange server and works like a charm. It's in the
default recipient policy etc.

Now I'm trying to add domain2.com. That one however does NOT work.
When trying to send to a domain2.com-address I get the "550 5.7.1 Unable to
relay for XXXX@XXXXX.COM "-error.

It's only external, incoming mails that does not work. The mailboxes are
there. The users can log on to them. They can send mail to any addresses.
Internal mail (i.e. from XXXX@XXXXX.COM to XXXX@XXXXX.COM ) works as it
should. OWA works.

The new domain is in the default recipient policy together with the old one.
I've also added a new connector with the new domain and "Allow messages to
be relayed to these domains".

The problem seems to be that the SMTP services does not recognize
domain2.com as an incoming address.
I've tried everything else I can think of; allowing the SMTP service to
relay, verifying that the Exchange server is in the correct user group and
has the correct rights, deleting the keys in the MetaBase etc but nothing
works.

I can't seem to find any info on this since most articles/posts are about
the default recipient policy which seems ok to me.
I have both domain1.com and domain2.com in there, both replicates to AD as
they should and so on.
What really gets to me is that, as far as I can see, there is no difference
between domain1.com and domain2.com except ofcourse for the fact that
domain1.com works and domain2.com does not!


Any help or ideas would be greatly appreciated !!

//David
 
 
 

SMTP unable to relay for second domain

Post by Glen Traff » Thu, 02 Sep 2004 20:18:01

On the recipient policy that has domain2 the check box that states the email
domain is inbound (at home not sure of the exact words) is actually checked?

Glen






This
to
it
one.
difference

 
 
 

SMTP unable to relay for second domain

Post by David Far » Thu, 02 Sep 2004 20:57:21

Hi Glen,

Thanks for the respons.

The recipient policy-checkbox is indeed filled in.
I've also tried switching the defaults between domain1.com and domain2.com.
That doesn't help, but it does *** up the AD, changing all my users
default mail.

So, in the default recipient policy I have three checked domains:
@domain1.com, @domain2.com and the X400 one.

//David




email
checked?


SMTP
addresses.
as
to
and
nothing
about
as
 
 
 

SMTP unable to relay for second domain

Post by Ade Famoti » Thu, 02 Sep 2004 22:00:18

hen you add the second domain in the recipient policy, the DS2MB (directory
service to metabase) service now has to replicate that into the metabase. If
that domain is not in the metabase, the server will not accept mail for that
domain.

Verify using a metabase editor that the second domain is or is not in the
metabase under LM\SMTPSVC\1\DOMAINS. "1" being your virtual server instance
if you only have one, "2" for new or additional one. Also verify the domain
in LM\SMTPSVC\1\ "defaultdomain". This should be the domain that is curently
primary in your default recipient policy.

Based on what you observe, if the domain is there, then the chances are
there may be misconfiguration somewhere, if its not enable msExchangeMU
diagnostic logging on the server, and you'll probably see some events that
indicate an issue with DS2MB replication. You can restart the system
attendant service to kick off this replication also.

You can download your metaedit here
http://support.microsoft.com/default.aspx?scid=kb;EN-US;232068

"David Farm" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...


 
 
 

SMTP unable to relay for second domain

Post by David Far » Thu, 02 Sep 2004 22:57:55

i,

I think you've found the problem.

The info in my metabase does not match what you've written.

Under LM\SMTPSVC\1\DOMAIN (no s) I have 1 subkey (folder-style) called lots
of digits and letters followed by ._msdcs.company.local.
Neither domain1.com nor domain2.com is there.
The default domain as well as the masquerade domain is domain1.com, FQDN is
mail.domain1.com

Under LM\SMTPSVC\2 (which I added as a test to answer on mail.domain2.com:s
IP) I have nothing under Domain at all.
There is no default domain entry, but the masquerade is domain2.com and FQDN
is mail.domain2.com

Furthermore, in the application log I get 2 entries every third minute:
"Event sink registration for SMTP virtual server /LM/SMTPSVC/1 failed. Error
code is 80070005 (Access is denied.). "
followed by the same for virtual server 2.

About every 10 minutes I also get:
"Metabase Update failed replication 5 times with error 80070005 (Access is
denied.). Please change the diagnostic logging level of MSExchangeMU to
'minimum' or greater to find the source of the problem. "

So it would seem I have a security issue with the MetaBase.

I've read a KB that said to delete the LM\DS2MB tree, which I did and it was
recreated immediatly.
So that part of the MetaBase looked ok.

One interesting thing is that SmtpSvc1 does NOT have a domain1.com entry
under \Domain\ and it still delivers mail.

I manually added the default domain entry under SmtpSvc2 and set it to
domain2.com and when I try it now I no longer get the "Unable to
Relay"-message.
I do however get error 452 (Out of memory) after the DATA so I've changed
one problem for another.

So I guess I'd need to change the access rights on the MetaBase somehow.
Any ideas on how to do that?


Thanks for your help!

//David




"Ade Famoti [MSFT]" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...
(directory
If
that
instance
domain
curently
domain1.com.
the
works
old
messages
to
group
AD


 
 
 

SMTP unable to relay for second domain

Post by Ade Famoti » Thu, 02 Sep 2004 23:35:53

rom the _msdcs entry in the metabase, I'm inclined to believe that this
server is/was a Windows 2000 domain controller running Exchange 2003 ?

Was it demoted or promoted at anytime after Exchange 2003 was installed ? if
so..try the step in http://support.microsoft.com/?id=822575 . If that doesnt
work for you, I'll give you some more detailed steps that may alleviate this
issue.

Ade

"David Farm" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...


 
 
 

SMTP unable to relay for second domain

Post by David Far » Thu, 02 Sep 2004 23:53:10

ight, it is in fact a domain controller.
Our original DC is having some hardware problems and goes down a little now
and then.
So we promoted this one to DC as well.

It has not been demoted though, still a DC.
Exchange has been reinstalled since.

I've found alot of new errors after adding the defaultdomain entry manually.
This one started popping up:
"Virtual Server Invalid MailQueue Directory: The specified mail queue
directory is not valid. Cannot start the SMTP Service. "
as well as:
"The description for Event ID ( 4005 ) in Source ( smtpsvc ) cannot be
found. The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. The following
information is part of the event: 0, 0, 0."

Looks like manually editing the MetaBase wasn't such a great idea.

There's alot of differences between the SmtpSvc1 and SmtpSvc2 also, all
sorts of keys missing.
But I also deleted the second one, deleted everything about it in the
MetaBase and then recreated it and it does create some keys, if not all. So
it seems to have access to it, and still not...weird.


//David


"Ade Famoti [MSFT]" < XXXX@XXXXX.COM > wrote in message
news:OQ$ XXXX@XXXXX.COM ...
if
doesnt
this
is
changed
metabase.
the
msExchangeMU
the
the
in
mailboxes
the
service
are
to


 
 
 

SMTP unable to relay for second domain

Post by Ade Famoti » Fri, 03 Sep 2004 00:07:51

id you verify that you still have an ASPNET account and that its disabled ?

"David Farm" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...


 
 
 

SMTP unable to relay for second domain

Post by David Far » Fri, 03 Sep 2004 00:10:25

isabled?

This is our internet server that runs mail and websites (and currently the
AD as well).
It has a working ASPNET account that is very much enabled, otherwise not
very many websites would work for us.

I interpreted the KB as if I needed to have a working, enabled ASPNET
account, which I have.

//David

"Ade Famoti [MSFT]" < XXXX@XXXXX.COM > wrote in message
news:% XXXX@XXXXX.COM ...
?
information
this
?
called
and
minute:
failed.
(Access
to
to
in
events
states
actually
and
It's
5.7.1
XXXX@XXXXX.COM )
recognize
user
but
replicates
no
fact


 
 
 

SMTP unable to relay for second domain

Post by David Far » Fri, 03 Sep 2004 00:54:33

pm european time, so the workday is over.
I hope you (or anyone) can still help us out with this, since I'm in way
over my head here.

I'll check back on this tomorrow morning.

//David

"David Farm" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...
disabled
little
all
all.
?
installed
alleviate
MSExchangeMU
and
mail
server
the
is
chances
system
domains:
any
with
"Allow
articles/posts


 
 
 

SMTP unable to relay for second domain

Post by Ade Famoti » Fri, 03 Sep 2004 02:59:38

will suggest also that you engage Microsoft PSS to help troubleshoot this.
It may need some more dedicated troubleshooting. But I think you're on the
right track as far as identifying the problem.



"David Farm" < XXXX@XXXXX.COM > wrote in message
news:% XXXX@XXXXX.COM ...