Hello,

Exchange 2010 Edge Server properly SP'ed and Patched:  EDGE01
Exchange 2013 Primary Mailbox Server:  MB01
Exchange 2013 Archive Mailbox Server:  ARCHMB01

Mailflow from the EDGE01 to MB01 appear to be working just fine.  In some instances it appears that the edge server is trying to deliver messages to the Archive Mailbiox server, ARCHMB01.  WHen this occures, external senders are reciveing the following undeliverable message: 

Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.

The following organization rejected your message: ARCHMB01.xxx.xxx.com.

ARCHMB01.xxx.xxx.com #<ARCHMB01.xxx.xxx.com #5.7.1 smtp;530 5.7.1 Client was not authenticated> #SMTP#

Security settings on the recieve connectors for the ARCHMB01 match MB01.  Edge Subscription was done on the primary mailbox server, MB01.  Does the Edge Subscription need to also be completed on the Archive Mailbox server since it also holds the transport role?

Any thoughts on this mail flow issue is appreciated.

Thank You

If you subscribe the Edge to all the Mailbox servers in the  AD site. If one of the servers was added after the initial Edge Subscription, you need to run the subscription process again

https://technet.microsoft.com/en-us/library/Aa997438(v=EXCHG.150).aspx

Hi Andy,

Thank you for the response. I did not subscribe the second mailbox server, ARCHMB01, so I will give that a try and test. 

Not sure why exchange edge server will some times decide to deliver to the primary mailbox server and other time decide to try and delivery to archive mailbox server, which is fails on.  External users would send the same message a second time, and it would work.  Message details would show the message was successfully delivered to the MB01, where as when it did fail the first time, it showed ARCHMB01.  I know that both servers run the transport role, so now that I have the archive mailbox server subscribed now we will see what happens.

I will update the post once I hear back from my counter part.

Thank you again.

Hi,

How is going on after rerun Edge subscription?

Check that your RECEIVE connectors are properly configured. This should include allowed IP addresses, authentication settings, etc.  http://technet.microsoft.com/en-us/library/bb125159(v=EXCHG.141).aspx

Confirm that Edge Sync is working as expected. If only from some recipients, check that you don't have those domains defined in your environment or if contact objects exist within your organization.  Sometimes an odd setting on such an object can cause unexpected NDRs.

If needed, check your SMTP logs for details as to what is being sent to your transport server that might tell your servers to require authentication.  http://technet.microsoft.com/en-us/library/aa997624(v=exchg.141).aspx

Hi Allen,

Once I ran the edge subscription on our archive server external users were still reporting the undeliverable message.  I went back and reviewed the default Receive connector on both the Primary Mailbox server and the Archive Mailbox server and noticed that I did not have "Anonymous Users" checked on the security options for the connector.  I have checked that options and waiting response from my end users.  I have also, enabled logging on this Connector to monitor any errors further.

Thank You