451 4.4.0 Primary Target IP address responded 421 4.2.1 unable to connect.
emad-farsa.com.eg is just an example/fake domain i have a bunch of users who are trying to send emails to one domain (emad-farsa.com.eg) that are getting stuck in the queue with an error message that says: 451 4.4.0 Primary Target IP address responded 421 4.2.1 unable to connect. Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts or delivery failed to the all alternate host. all my other email to other domains and internally seem to be flowing through the mail server without issue. i used mxtoolbox and everything for our domain and mx record came back ok. when i tried to lookup theres it gave me an error: Reverse DNS FAILED! This is a problem. is the reason why my users cant send to the domain emad-farsa.com.eg? i have sent an email to the recepients to have them check into there reverse dns. i was able to telnet into the destination server and was successful. i only have one smtp send connector with the current address space type SMTP set to * i have turned on the protocol logging level to verbose on the smtp send connector and have located the file but there is a lot of other data in the log file so its hard to pinpoint this exact domain that my users cant send to. if i wanted to isolate this domain to a second smtp send connector would all i have to do is: create a new send connector give it a name - problemdomain select the intended use: choose the internet option address space choose add: SMTP address space in address field type: emad-farsa.com.eg leave the cost at 1 use DNS"MX" records to route mail automatically source server select my hub transport server: server1 i am running exchange 2007 sp1 on w2k3 EE sp2. we only have one domain please help!!!
June 22nd, 2009 11:46pm
hi,this must be DNS Server problem. just look at here ;http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/abfaf32f-6f2e-4635-8f73-7ada66d51497regards,Mumin CICEK | Exchange - MVP | www.cozumpark.com | www.mumincicek.com
June 22nd, 2009 11:56pm
the link seems to be in reference to the EDGE transport role. my mail server is only running the following roles: Hub Transport Client Access Mailbox i do not have any EDGE transport role currently installed on this mail server or any other server in my network. port 25 is not being blocked. we are running a watchguard x1250e
June 23rd, 2009 2:17am
The exchange is running on the windows server 2003, right? Is there any other server between the exchange server and Internet? Does the issue only happen on one destination domain? Which queue is the messages backing up (stuck) in? You said that destination server can be telnet, have you sent the test mail successfully via telnet? You used mxtoolbox for destination domain, and got the Reverse DNS FAILED error, right? Have you got the error info in the protocol log? Please use Mail Flow Troubleshooter, see if we can get any related information
June 23rd, 2009 12:03pm
R u using the Mcfee AV? if so then make sure the "Prevent Mass Mailling worms mail port 25 in not blocked. Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
June 23rd, 2009 1:35pm
yes it is running on windows server 2003 with sp2 EE. the only thing sitting between the exchange server and the internet is a watchguard x1250e using nat to route the mail to and from the internet. i have looked in the queue and i have 3 total that have this same error and 5 queue showing a 451 4.4.0 DNS query failed yes i was able to telnet it and send a test email to the problematic domain, or at least it told me the message was queued for delivery... yes reverse dns failed on destination domain. i have informed the destination to look into. protocol log info: 2009-06-23T12:58:50.572Z,Outgoing SMTP Connector,08CBC1D06BDC890B,0,,18.104.22.168:25,*,,attempting to connect 2009-06-23T12:58:50.760Z,Outgoing SMTP Connector,08CBC1D06BDC890B,1,10.0.10.30:10206,22.214.171.124:25,+,, 2009-06-23T12:58:50.947Z,Outgoing SMTP Connector,08CBC1D06BDC890B,2,10.0.10.30:10206,126.96.36.199:25,<,"220 mail.emad-farsa.com.eg Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Tue, 23 Jun 2009 15:10:34 +0200 ", 2009-06-23T12:58:50.947Z,Outgoing SMTP Connector,08CBC1D06BDC890B,3,10.0.10.30:10206,188.8.131.52:25,>,EHLO mail.mydomain.com, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,4,10.0.10.30:10206,184.108.40.206:25,<,250-mail.emad-farsa.com.eg Hello [220.127.116.11], 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,5,10.0.10.30:10206,18.104.22.168:25,<,250-AUTH=LOGIN, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,6,10.0.10.30:10206,22.214.171.124:25,<,250-AUTH LOGIN, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,7,10.0.10.30:10206,126.96.36.199:25,<,250-TURN, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,8,10.0.10.30:10206,188.8.131.52:25,<,250-SIZE, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,9,10.0.10.30:10206,184.108.40.206:25,<,250-ETRN, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,10,10.0.10.30:10206,220.127.116.11:25,<,250-PIPELINING, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,11,10.0.10.30:10206,18.104.22.168:25,<,250-DSN, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,12,10.0.10.30:10206,22.214.171.124:25,<,250-ENHANCEDSTATUSCODES, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,13,10.0.10.30:10206,126.96.36.199:25,<,250-8bitmime, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,14,10.0.10.30:10206,188.8.131.52:25,<,250-BINARYMIME, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,15,10.0.10.30:10206,184.108.40.206:25,<,250-CHUNKING, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,16,10.0.10.30:10206,220.127.116.11:25,<,250-VRFY, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,17,10.0.10.30:10206,18.104.22.168:25,<,250 OK, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,18,10.0.10.30:10206,22.214.171.124:25,*,1704412,sending message 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,19,10.0.10.30:10206,126.96.36.199:25,>,MAIL FROM:<firstname.lastname@example.org> SIZE=7485 BODY=7BIT, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,20,10.0.10.30:10206,188.8.131.52:25,>,RCPT TO:<EhabM@emad-farsa.com.eg>, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,21,10.0.10.30:10206,184.108.40.206:25,>,RCPT TO:<email@example.com>, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,22,10.0.10.30:10206,220.127.116.11:25,>,RCPT TO:<firstname.lastname@example.org>, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,23,10.0.10.30:10206,18.104.22.168:25,>,RCPT TO:<M.email@example.com>, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,24,10.0.10.30:10206,22.214.171.124:25,>,RCPT TO:<firstname.lastname@example.org>, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,25,10.0.10.30:10206,126.96.36.199:25,>,RCPT TO:<email@example.com>, 2009-06-23T12:58:51.150Z,Outgoing SMTP Connector,08CBC1D06BDC890B,26,10.0.10.30:10206,188.8.131.52:25,>,RCPT TO:<firstname.lastname@example.org>, 2009-06-23T12:58:51.338Z,Outgoing SMTP Connector,08CBC1D06BDC890B,27,10.0.10.30:10206,184.108.40.206:25,<,250 2.1.0 email@example.com....Sender OK, 2009-06-23T12:58:51.682Z,Outgoing SMTP Connector,08CBC1D06BDC890B,28,10.0.10.30:10206,220.127.116.11:25,<,250 2.1.5 EhabM@emad-farsa.com.eg , 2009-06-23T12:58:51.682Z,Outgoing SMTP Connector,08CBC1D06BDC890B,29,10.0.10.30:10206,18.104.22.168:25,<,250 2.1.5 firstname.lastname@example.org , 2009-06-23T12:58:51.682Z,Outgoing SMTP Connector,08CBC1D06BDC890B,30,10.0.10.30:10206,22.214.171.124:25,<,250 2.1.5 email@example.com , 2009-06-23T12:58:51.682Z,Outgoing SMTP Connector,08CBC1D06BDC890B,31,10.0.10.30:10206,126.96.36.199:25,<,250 2.1.5 M.firstname.lastname@example.org , 2009-06-23T12:58:51.682Z,Outgoing SMTP Connector,08CBC1D06BDC890B,32,10.0.10.30:10206,188.8.131.52:25,<,250 2.1.5 email@example.com , 2009-06-23T12:58:51.682Z,Outgoing SMTP Connector,08CBC1D06BDC890B,33,10.0.10.30:10206,184.108.40.206:25,<,250 2.1.5 firstname.lastname@example.org , 2009-06-23T12:58:51.682Z,Outgoing SMTP Connector,08CBC1D06BDC890B,34,10.0.10.30:10206,220.127.116.11:25,<,250 2.1.5 email@example.com , 2009-06-23T12:58:51.682Z,Outgoing SMTP Connector,08CBC1D06BDC890B,35,10.0.10.30:10206,18.104.22.168:25,>,BDAT 6709 LAST, 2009-06-23T12:58:51.932Z,Outgoing SMTP Connector,08CBC1D06BDC890B,36,10.0.10.30:10206,22.214.171.124:25,-,,Remote 2009-06-23T12:58:58.979Z,Outgoing SMTP Connector,08CBC1D06BDC890D,0,,126.96.36.199:25,*,,attempting to connect 2009-06-23T12:59:13.432Z,Outgoing SMTP Connector,08CBC1D06BDC8912,0,,188.8.131.52:25,*,,attempting to connect 2009-06-23T12:59:20.041Z,Outgoing SMTP Connector,08CBC1D06BDC890D,1,,184.108.40.206:25,*,,"Failed to connect. Error Code: 10060, Error Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 220.127.116.11:25" 2009-06-23T12:59:20.041Z,Outgoing SMTP Connector,08CBC1D06BDC890D,0,,18.104.22.168:25,*,,attempting to connect 2009-06-23T12:59:34.323Z,Outgoing SMTP Connector,08CBC1D06BDC8912,1,,22.214.171.124:25,*,,"Failed to connect. Error Code: 10060, Error Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 126.96.36.199:25" the 188.8.131.52 is the first problematic domain that i originally posted for. the 184.108.40.206, 220.127.116.11 and 18.104.22.168 are other queues that i tried resending messages and i got those failures. for the mail troubleshooter everything was ok until i got to the exchange server state test and it told me: port 25 did not respond Port 25, which is used by SMTP instance 'default server1', did not respond on server 0000. port 587 did not respond port 587, which is used by SMTP instance 'client ftlx5', did not respond on server 0000. mail flow troubleshooter results: i chose the option that messages where stuck in the queue: There are 2 of these in the overview results: The 'Remote delivery' queue (ftlx5\182909) on server ftlx5 is in retry status. Number of message(s) in the queue: 4. Last error information: 451 4.4.0 Primary target IP address responded with: 421 4.4.2 Connection dropped." Attempted failover to alternate host in the warnings tab for the emad-farsa.com.eg i get 5 unsuccessful pings. and 1 mail acceptance failure Remote server mail.emad-farsa.com.eg refused the test mail to recipient 'SERVER1-SA@mydomain.com'. If this remote server belongs to a remote domain, this is not necessarily indicating a problem. RCPT TO command: Respond = 550 5.7.1 Unable to relay for SERVER1-SA@mydomain.com There are 5 of these in the overview results: The 'Remote delivery' queue (ftlx5\183026) on server ftlx5 is in retry status. Number of message(s) in the queue: 1. Last error information: 451 4.4.0 DNS query failed but the mail flow troubleshooter states in the Root Causes that all 5 of these do not have either a host or MX record for those domains. Should i run a different option in the mail flow troubleshooter tool? i am using Symantec Mail Security on my exchange server.
June 23rd, 2009 5:45pm
That is on the other end or their ISP there isnt much you'll be able to do about it on your end. If they are hosting their own Name Servers then they need to check their configuration, if their ISP is hosting their NS records (which i doubt) sounds more like they are hosting their own NS servers.Try using the Exchange test tool and see if it works, since you didnt provide the domain I cant test it for you, by plaw they should have a postmaster mb to you send a test messages too if its a US company. https://www.testexchangeconnectivity.com/
June 23rd, 2009 6:41pm
I ran the test and it said it completed successfully both for the remote domain and just to be sure i tested my domain and was successful as well. No errors were reported using the https://www.testexchangeconnectivity.com/ this domain appears to be located in Cairo Egypt.
June 23rd, 2009 6:55pm
bump..... anyone have any ideas on this?
June 24th, 2009 4:16pm
Hi,I found you message and have the same problem. Did you resolve the problem and if so can you tell me how.Thank you for your help, Bernhard.
August 12th, 2009 4:04pm
unfortunately i never did get a resolution to this, however my users who were complaining have not contacted me since about this problem so i can only imagine that the issue was resolved with something on their end.
August 12th, 2009 11:07pm
I had the same problem and detailed it on my blog http://networkadminsecrets.blogspot.com/2010/04/421-and-451-exchange-2007-errors.html
February 16th, 2011 12:47am