One CAS needs another for sending mail to internet.

Hello!

I have Win2012 and Exchange 2013 in all servers. The situation is following:
1) installed MAILCAS.example.com with MBX and CAS roles. Created AUTODISCOVER.example.com (cname to MAILCAS) in public DNS servers.
2) installed MAIL.example.com with CAS role.
3) installed MBX1 and MBX2 with MBX role and created DAG.
4) moved mailboxes from MAILCAS to DAG.
5) changed AUTODISCOVER.example.com and MX record to point to MAIL.example.com
5) Now I want to remove server MAILCAS. Problem is in sending e-mails to internet. When MAILCAS is shut down, then e-mails to internet recipients accumulate to queue. After turning MAILCAS on, the e-mails fortunatelly go out.

When I compare the send connector settings in ECP then they are the same for MAIL and MAILCAS.
"Proxy through client access server" is not selected.

Where is the problem?
April 1st, 2015 1:26pm

A few things...

Since you separated out the roles, I'm almost positive you need to select the option to proxy through the CAS if you want everything to come from your CAS server.  Do you have a 3rd party hygiene provider?  If so, you may need to contact them to have them approve the new server to send mail through them.

Here are some blogs on configuring external mailflow... take a look at them and make sure you have everything configured properly.

http://exchangeserverpro.com/configuring-outbound-mail-flow-in-exchange-server-2013/

http://exchangeserverpro.com/exchange-2013-front-end-proxy/

Free Windows Admin Tool Kit Click here and download it now
April 1st, 2015 1:50pm

Can you check if MAILCAS is still on the list of source transport servers for the send connector used to dispatch outbound mail ?

Get-SendConnector | ft Name, SourceTransportServers

If found on any of the send connectors, this must be amended as to not contain it. From the behavior you're describing it looks like MAILCAS is the only source transport server for your Internet connector.

April 1st, 2015 3:02pm

Oh yes, this is the one I forgot.

Get-SendConnector | fl gives me:

AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
CloudServicesMailEnabled     : False
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         :
FrontendProxyEnabled         : False
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : MAILCAS
Identity                     : Internet
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
MaxMessageSize               : 10 MB (10,485,760 bytes)
Name                         : Internet
Port                         : 25
ProtocolLoggingLevel         : None
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {MAILCAS}
TlsAuthLevel                 :
TlsCertificateName           :
TlsDomain                    :
UseExternalDNSServersEnabled : False

OK, I will do: Get-SendConnector | Set-SendConnector -SourceTransportServers "MBX1","MBX2"

But there is HomeMtaServerId=MAILCAS, what should I do with it?

I'm sorry for the totally wrong question name:)

Free Windows Admin Tool Kit Click here and download it now
April 2nd, 2015 4:16am

Hi lote,

Thank you for your question.

By above suggestion, we could create a send connector on new CAS server to point to Internet, then we could delete send connector on removed CAS server to check if the issue persist.

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

April 2nd, 2015 5:04am

HomeMtaServerId looks to be an internal parameter, and checking the Technet official page for Set-SendConnector, it doesn't have any parameter to directly alter that (and we don't really want to). If MAIL has no firewall issues in sending outbound mail to Internet, then you could simply do:

Set-SendConnector Internet -SourceTransportServers MAIL

Free Windows Admin Tool Kit Click here and download it now
April 2nd, 2015 5:23am

Hi Lote,

This looks really unsafe, you are using your MBX servers to direcly send emails out to the internet, (must be receiving too). An additional layer is suggested atleast, even if you are not using any message hygiene solutuion as hinted by Hinte.

HomeMtaServerId: Should automatically change once you update the SourceTransportServers.

If not we need to troubleshoot using ADSIEdit may be.

April 2nd, 2015 5:37am

I would create a new send connector for the 2 new servers, and make sure mail can flow out of those servers (look at the headers) first, then I would remove the old send connector, let it go for a day, then shut down the old server again.
Free Windows Admin Tool Kit Click here and download it now
April 2nd, 2015 9:53am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics