Hello Friends,

I have 2 Forests with one Exchange 2013 server on each one.

One domain controller per forest but only one DHCP located in Forest A.

Exchange Server in Forest A can e-mail any user of Exchange server in Forest B.

Users on server B cannot e-mail any Users on server A.

Both servers are configured to route mail externally using a dirrent Public IP with NAT.

Both servers are on the same subnet 255.255.0.0 but on a different range.

One is on 10.0.1.xx and the other is on 10.0.30.xx

Both can send and receive to any other domain withuot problems.

Mail sent from Exchange server B to Exchnage A stays stuck in mail Queue with retry status.

Bouce message:

Remote Server at pxxxxx.com (10.0.1.xx) returned '400 4.4.7 Message delayed'
2015-06-08 1:46:48 AM - Remote Server at p-reference.com (10.0.1.xx) returned '441 4.4.1 Error encountered while communicating with primary target IP address: "Failed to connect. Winsock error code: 10060, Win32 error code: 10060." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 10.0.1.46:25'

Any help would be greatlyappreciated!

Hello

tip: check firewall if have between two exchange.

TY. I'm using one firewall for both: PfSense.

NAting each public IP to the internal ones.What else can I do besides that?

I even tried to create dedicated send and receive connectors with only the iPs of the opposing server with no success.

Hello

and in firewall logs see when server try connect to ?

When server A emails server B, it connects to the public IP.
When I do a nslookup it resolves my public exchnage IP.

But when B sends to A, it resolves internally and it hits the @ (A record) of my internal DNS which is very different from my public IP of Webmail.mydomain.com of that same domain.

I'm trying to find PfSense logs...

Which logs would you like to see?

-rw-------   1 root  wheel  512144 Oct 24  2014 dhcpd.log
-rw-r--r--   1 root  wheel   10919 Jun  7 19:55 dmesg.boot
-rw-------   1 root  wheel  512144 Jun  8 16:47 filter.log
-rw-------   1 root  wheel  512144 Jun  7 19:55 gateways.log
-rw-------   1 root  wheel   57166 Oct  1  2014 installer.log
-rw-------   1 root  wheel  512144 Jun  7 19:56 ipsec.log
-rw-------   1 root  wheel  512144 Jun  7 19:55 l2tps.log
-rw-r--r--   1 root  wheel      28 Jan 14 13:07 lastlog
-rw-------   1 root  wheel  512144 Oct  1  2014 lighttpd.log
drwxr-xr-x   2 root  wheel     512 Oct  1  2014 ntp
-rw-------   1 root  wheel  512144 Jun  7 19:56 ntpd.log
-rw-------   1 root  wheel  512144 Oct  1  2014 openvpn.log
-rw-------   1 root  wheel  512144 Oct  1  2014 poes.log
-rw-------   1 root  wheel  512144 Jun  7 19:55 portalauth.log
-rw-------   1 root  wheel  512144 Oct  1  2014 ppp.log
-rw-------   1 root  wheel  512144 Oct  1  2014 pptps.log
-rw-------   1 root  wheel  512144 Oct  1  2014 relayd.log
-rw-------   1 root  wheel  512144 Jun  7 19:55 resolver.log
-rw-------   1 root  wheel  512144 Jun  7 19:55 routing.log
-rw-------   1 root  wheel  512144 Jun  8 16:47 system.log
-rw-------   1 root  wheel   15822 Jun  7 19:55 userlog
-rw-r--r--   1 root  wheel     394 Jun  8 16:47 utx.lastlogin
-rw-------   1 root  wheel    2149 Jun  8 16:47 utx.log
-rw-------   1 root  wheel  512144 Oct  1  2014 vpn.log
-rw-------   1 root  wheel  512144 Oct  1  2014 wireless.log

• Edited by Paradoxweb 10 hours 36 minutes ago

When server A emails server B, it connects to the public IP.
When I do a nslookup it resolves my public exchnage IP.

But when B sends to A, it resolves internally and it hits the @ (A record) of my internal DNS which is very different from my public IP of Webmail.mydomain.com of that same domain.

I'm trying to find PfSense logs...

Which logs would you like to see?

-rw-------   1 root  wheel  512144 Oct 24  2014 dhcpd.log
-rw-r--r--   1 root  wheel   10919 Jun  7 19:55 dmesg.boot
-rw-------   1 root  wheel  512144 Jun  8 16:47 filter.log
-rw-------   1 root  wheel  512144 Jun  7 19:55 gateways.log
-rw-------   1 root  wheel   57166 Oct  1  2014 installer.log
-rw-------   1 root  wheel  512144 Jun  7 19:56 ipsec.log
-rw-------   1 root  wheel  512144 Jun  7 19:55 l2tps.log
-rw-r--r--   1 root  wheel      28 Jan 14 13:07 lastlog
-rw-------   1 root  wheel  512144 Oct  1  2014 lighttpd.log
drwxr-xr-x   2 root  wheel     512 Oct  1  2014 ntp
-rw-------   1 root  wheel  512144 Jun  7 19:56 ntpd.log
-rw-------   1 root  wheel  512144 Oct  1  2014 openvpn.log
-rw-------   1 root  wheel  512144 Oct  1  2014 poes.log
-rw-------   1 root  wheel  512144 Jun  7 19:55 portalauth.log
-rw-------   1 root  wheel  512144 Oct  1  2014 ppp.log
-rw-------   1 root  wheel  512144 Oct  1  2014 pptps.log
-rw-------   1 root  wheel  512144 Oct  1  2014 relayd.log
-rw-------   1 root  wheel  512144 Jun  7 19:55 resolver.log
-rw-------   1 root  wheel  512144 Jun  7 19:55 routing.log
-rw-------   1 root  wheel  512144 Jun  8 16:47 system.log
-rw-------   1 root  wheel   15822 Jun  7 19:55 userlog
-rw-r--r--   1 root  wheel     394 Jun  8 16:47 utx.lastlogin
-rw-------   1 root  wheel    2149 Jun  8 16:47 utx.log
-rw-------   1 root  wheel  512144 Oct  1  2014 vpn.log
-rw-------   1 root  wheel  512144 Oct  1  2014 wireless.log

• Edited by Paradoxweb Monday, June 08, 2015 8:49 PM

Hi Para,

Thank you for your question.

You should contact network administrator in forest B to make sure forest B could resolve A pulic IP address, then we could send email to check if the issue persist.

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

Hi Jim,

Right on the nose!

The forwarders in forest B were sert with only the interal DC IP of forest A.

I removed it and added Public DNS servers and now it works like a charm :-)