Geeks With Blogs
Cajun MCSE MS technology down on the bayou

While performing the initial Exchange 2010 deployment for a customer migrating from Exchange 2003, I ran into an issue with mail flow between the two environments.  The Exchange 2003 mailboxes could send to Exchange 2010, as well as to and from the internet.  Exchange 2010 mailboxes could send and receive to the internet, however they could not send to Exchange 2003 mailboxes.

 

After scouring the internet for a solution, it seemed quite a few people were experiencing this issue with no resolution to be found, or at least not easily.  After many attempts of manually deleting and recreating the routing group connectors,  I finally lucked onto the answer in an obscure comment left to another blogger.   If inheritable permissions are not allowed on the Exchange 2003 object in the Active Directory schema, exchange server authentication cannot be achieved between the servers.

 

It seems when Blackberry Enterprise Server gets added to 2003 environments, a lot of Admins get tricky and add the BES Admin user explicitly to the server object  to allow  inheritance down from there to all mailboxes.  The problem is they also coincidently turn off inheritance to the server object itself from its parent containers.  You can re-establish inheritance without overwriting the existing ACL however so that the BES Admin can remain in the server object ACL.

 

By re-establishing inheritance to the 2003 server object, mail flow was instantly restored between the servers. 

 

To re-establish inheritance:

1. Open ASDIedit by adding the snap-in to a MMC (should be included on your 2008 server where Exchange 2010 is installed)

2. Navigate to Configuration > Services > Microsoft Exchange > Exchange Organization > Administrative Groups > First Administrative Group > Servers

3. In the right pane, right click on the CN=Server Name of your Exchange 2003 Server, select properties

4. Navigate to the Security tab, hit advanced toward the bottom.

5. Check the checkbox that reads “include inheritable permissions” toward the bottom of the dialogue box.

Posted on Monday, April 5, 2010 10:34 AM | Back to top


Comments on this post: Exchange 2010, Exchange 2003 Mail Flow issue

# re: Exchange 2010, Exchange 2003 Mail Flow issue
Requesting Gravatar...
I had a similar issue that the above solution resolved. However, when I moved my first mailbox from Exchange 2003 to Exchange 2010 I am able to send and receive to the internet, able to receive from Exchange 2003 mailboxes but not able to send to to Exchange 2003 mailboxes from Outlook 2007. I am able to send to Exchange 2003 mailboxes from Outlook Web App from the newly moved mailbox account. Furthermore, everything works when a new mailbox is created on the Exchange 2010 server.

Left by Alex on Apr 27, 2010 12:53 PM

# re: Exchange 2010, Exchange 2003 Mail Flow issue
Requesting Gravatar...
Sounds like you might need to recreate the mail profile in Outlook and verify it's resolving to the correct mailbox server. Also you can test your Outlook connections by shift clicking on the outlook Icon in the taskbar.
Left by Ryan Roussel on Apr 28, 2010 9:27 PM

# re: Exchange 2010, Exchange 2003 Mail Flow issue
Requesting Gravatar...
I've a similar situation, also with BES installed.
Made the adsiedit changes but i'm still nog able to send from 2010 mailboxes to 2003 mailboxes.

Sending from to 2003 to 2010 works fine.
Left by Jeroen on May 14, 2010 7:26 AM

# re: Exchange 2010, Exchange 2003 Mail Flow issue
Requesting Gravatar...
You can try the Exchange mailflow analyzer to see if you server is trying to send using the correct connector and correct server name.
Left by Ryan Roussel on Aug 10, 2010 4:35 PM

# re: Exchange 2010, Exchange 2003 Mail Flow issue
Requesting Gravatar...
Thanks for this, i'd been trying to find a solution for a few days and this fixed it!
Left by Richard Edwards on Jan 10, 2011 10:27 AM

# re: Exchange 2010, Exchange 2003 Mail Flow issue
Requesting Gravatar...
I ran into this issue yesterday...mail flow from 2003 --> 2010 not working. Turns out that if you are using a smarthost you need to remove it from the smtp virtual server in 2003 and create an smtp connector in the First Routing Group that defines the smarthost instead. Otherwise Exchange gets "confused" and doesn't know how to route the mail to mailboxes that reside on the 2010 server. Just wanted to throw that out there for anyone else that my run into this issue.
Left by dustin on Feb 09, 2011 10:26 AM

# re: Exchange 2010, Exchange 2003 Mail Flow issue
Requesting Gravatar...
Everything was ok until last Friday when I ran into this and I cannot find a solution. I looked and searched everywhere. Its quite amusing that Microsoft don't have an answer. Anyway, thank you very much Cajun your help was well appreciated. It solved my problem.
Left by Cesar on Feb 14, 2011 1:34 AM

# re: Exchange 2010, Exchange 2003 Mail Flow issue
Requesting Gravatar...
@dustin
That fixed my issue!
Nice post, thnx.
Left by Sanderma on Feb 20, 2011 11:34 AM

# re: Exchange 2010, Exchange 2003 Mail Flow issue
Requesting Gravatar...
I have same issue.i can able to send exchange 2003 to exchange 2010 but not able to send mail exchange 2010 to exchange 2003.i have recreated the routing group no luck
Left by akhilraj on Jul 15, 2011 2:44 AM

# re: Exchange 2010, Exchange 2003 Mail Flow issue
Requesting Gravatar...
excellent! thank you.
Left by steve on Oct 13, 2011 7:52 AM

# re: Exchange 2010, Exchange 2003 Mail Flow issue
Requesting Gravatar...
Thanks so much!! Searched everywhere and this was my problem! Works like a charm
Left by RicD on Jan 13, 2012 9:40 AM

# re: Exchange 2010, Exchange 2003 Mail Flow issue
Requesting Gravatar...
I have the same issue, but resolve the another form:

On your Exchange 2003 server (MAIL1) can you check the properties of the SMTP virtual server? Under the "Access" tab and then "Authentication" is "Integrated Windows Authentication" checked?
Left by Luiz Roth on Aug 25, 2012 7:07 PM

Your comment:
 (will show your gravatar)


Copyright © Ryan Roussel | Powered by: GeeksWithBlogs.net