This weekend we moved our mail server. After many troubles with copying we managed to get it running on the new host (ESXi5.5).

For the mail server we opened ports 80, 443, 135 and 25. All dns records point to the new IP. I also recreated the recursive lookup zone for the new internal ip.

Yet, mail flow is not working while I can connect and login on owa and connect with Outlook from both inside and outside the network. Internal mail, even from and to the same address is not working.

This is the first time we moved a mail server and we might have missed something. Any ideas where to look?

• Edited by Jason Mulder Monday, February 09, 2015 3:45 PM Extra information

Mail to external server is not working, although it ends up in the sent items.

On the qeue viewer I see 2 different errors:

DNS Query failed. The error was: DNS query failed with error ErrorRetry

Error encountered while communicating with primary target ip address. Unable to connect. (and something about fail over, not applicable since we have none)

Looking at these errors it looks like its the dns server?

The Default Frontend MAIL receive connector is indeed binded to port 25 and I changed the ip binding to the correct ip.

Looking into the dns I see this warning: pastebin.com/jwdM3u9M

But the dns server is started 10 seconds later.

Edit:

For the telnet test, when I connect from outside to port 25 I get: 

421 No SMTP service here

But, when testing at mxtoolbox.com I get:

Connecting to 31.201.xxx.xxx

220 mail.xxx.com Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 19:56:44 +0100 [686 ms]
EHLO MXTB-PWS3.mxtoolbox.com
250-mail.xxxx.com Hello [64.20.xxx.xxx]
250-SIZE 524288000
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST [749 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 Sender OK [749 ms]
RCPT TO: <test@example.com>
550 5.7.1 Unable to relay [5756 ms]

MXTB-PWS3v2 9235ms

• Edited by Jason Mulder Monday, February 09, 2015 6:58 PM

Hi,

It's not xxx.com but I am not allowed to share the exact domain so I mask it that way.

The internal zone is indeed xxx.com and everything runs on the same server. 

Hi Jason,

According to your description, I understand that mail flow for internet cannot work after move mail server to another one.
If I misunderstand your concern, please do not hesitate to let me know.

I want to double confirm how about the internal or external mail flow, and how about OWA?

Error 421 means the service is not available and the connection will be closed. Therefore, please run Test-ServiceHealth to double check Exchange services, for your reference:
https://technet.microsoft.com/en-us/library/aa998852(v=exchg.150).aspx

Besides, please try to use message tracking log or Microsoft Remote Connectivity Analyze to double confirm external mail flow:
https://technet.microsoft.com/en-us/library/aa997984(v=exchg.141).aspx
https://testconnectivity.microsoft.com/

Best Regards,
Allen Wang

Hi Allen,

That is correct, both internal and external mail flow are down. Running the Test-ServiceHealth shows everything is running.

I already tested with the test connectivity tool and it just fails without giving me a proper error. Also, when I send a mail from my Hotmail I receive a delivery delayed NDR.

I see that the Message Tracking Log has already been enabled and I will look into it now.

Edit:

Okay I think I found something, it seems to be still connecting to the wrong ip.

"The last endpoint attempted was 172.24.1.181:2525" While the new ip is 192.168.30.205.

I believe this has to do with a receive connector which listens on port 2525. I'll bind it to the correct ip. It was set to all ipv4 addresses.

Yet, after a reboot it still tries to connect to the wrong ip so I think I am in the wrong place.

Part of the log: http://pastebin.com/ieHHx4zQ

One of the message qeues seems to be able to send again, 2 are still not.

• Edited by Jason Mulder Tuesday, February 10, 2015 5:03 PM

Hi,

As you mentioned, please try to run below command to double confirm the IP address range for sender connector and receive connector:
Get-ReceiveConnector | FL Name,*IP*
Get-SendConnector | FL Name,*IP*

Additional, are you deploy any firewall or antivirus? Please try to double confirm whether there is some block list host on Exchange server or smart host.
I find a similar thread about your question, for your reference:
https://social.technet.microsoft.com/Forums/en-US/f8db70af-0549-4070-bace-1fb8c77fddf4/exchange-mail-transmission-error-421-service-not-availableclosing-transmission-channel?forum=exchangesvrsecuremessaginglegacy

Best Regards,
Allen Wang