If you happen to be deploying Exchange 2007/Exchange 2010 Server in a multiple sites environment and using a Cisco ASA Firewall as your VPN tunnel, you’ll likely encounter issues below:
1. Users are only able to send emails within the same Active Directory site
2. When users attempt to send an email over to the next hop/Active Directory Site, under the Exchange Queue, you’ll see a Retry status: 451 4.4.0 Primary target IP address responded with “451 5.7.3 Cannot achieve Exchange Server authentication” SMTPRelay to remote AD Site
3. When you attempt to telnet from the Exchange Servers from both site, you’ll get such response from the telnet command: 220*************
The only way to fix this is to use the Commandline Interface (CLI) and type in this command:
telnet YourCiscoManagementIP
device password (default is usually cisco)
en
password (Management password)
no fixup protocol smtp 25
write mem
Remember to run these command all firewalls at each site. Once is done, telnet to the Exchange server with port 25 and you should get a normal response:
220 ExchangeServerHostName.Domain.com Microsoft ESMTP MAIL Service ready at Day, Date Month Year, Hour:Minute:Seconds +TimeZone
3 comments
Comments feed for this article
January 5, 2011 at 9:46 pm
2010 in review « Just Another UC Blog
[…] Exchange Hub Transport unable to communicate at different Active Directory Sites December 2009 […]
April 25, 2013 at 5:18 am
Martin Wells
Thank you so much!! This was a life saver today!
July 31, 2013 at 1:28 am
digital signage open source
Link exchange is nothing else except it is only placing the other person’s weblog link on your page at suitable place and other person will also do similar for you.