Share via

Exchange 2016 and 2019 coexistance with kemp Smtp Anonymous relay issue

ömer ilgan 21 Reputation points
2022-04-25T13:26:32.4+00:00

Hi All,

We have one Exchange2016 running on our organisation and recently we have deployed two new Exchange2019. I configured the same urls(autodiscover,mapi,outlookanywhere...) for my new Ex2019 Server. I configured a IpLess DAG on my new Servers with a Kemp Load Balancer. No problem so far. I changed my internal and external dns, for my new LB. Also
InternalDNS
mail.domain.com > IP Address of LB
autodiscover.domain.com>IP Address of LB
ExternalDNS
redirected LB

After the DNS configuration Clients can access their Mailboxes without any issue.
Inbound and Outbound Emails are Ok !
My problem is ;
I copied the Anonymous Relay connector on Exchange 2016 directly, but despite this, I am getting an error to connect to my new servers from the ip addresses entered here. My applications, some software, running here and my printers are getting connection errors. (Superficially in the form of tls ssl error)
I double checked the ip addresses, I checked with telnet and smtp everything seems normal.
But interestingly, when I do the smtp test, I get the smtp helo response from its own IP address, not the virtual IP address of Kemp LB. Is that normal ?
How can i check what the Problem is ? Please help :(
For your help in advance thank you so much...

Exchange | Exchange Server | Management
Accepted answer
  1. Aholic Liang-MSFT 13,891 Reputation points Microsoft External Staff
    2022-05-31T01:21:14.07+00:00

    Hi @ömer ilgan ,

    my problem is solved. After the trial and error tests, I realized that the real problem was the Kemp LB.

    Great to know that you've managed to sort it out and really appreciate it for your sharing!

    By the way, since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others.". and according to the scenario introduced here: Answering your own questions on Microsoft Q&A, I would make a brief summary of this thread:

    [Exchange 2016 and 2019 coexistance with kemp Smtp Anonymous relay issue]

    Issue Symptom:

    I copied the Anonymous Relay connector on Exchange 2016 directly, but despite this, I am getting an error to connect to my new servers from the ip addresses entered here. My applications, some software, running here and my printers are getting connection errors. (Superficially in the form of tls ssl error)

    Root Cause:

    Kemp LB, if it is planned for SMTP, it is necessary to adjust its settings accordingly. Because while configuring smtp anonymous relay connector, kemp cannot respond correctly to smtp requests as standard if we are using smtp templates directly. Depending on the options and needs, changes need to be made on the Anonymous Relay connectors

    You could click the "Accept Answer" button for this summary to close this thread, and this can make it easier for other community member's to see the useful information when reading this thread. Thanks!

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Aholic Liang-MSFT 13,891 Reputation points Microsoft External Staff
    2022-05-11T09:39:26.847+00:00

    Hi @ömer ilgan ,

    Have you followed this link to create the new Anonymous receive connector on Exchange 2019 server?
    Allow anonymous relay on Exchange servers | Microsoft Learn

    If not, please follow the steps in the link and create a new one. See if it can help.

    1 person found this answer helpful.
  2. Andy David - MVP 158K Reputation points MVP Volunteer Moderator
    2022-04-25T20:34:18.243+00:00

    Sounds like you dont have the Remote Address space set correctly if its hitting the wrong connector

    https://learn.microsoft.com/en-us/Exchange/mail-flow/connectors/allow-anonymous-relay?view=exchserver-2019

    196374-image.png

    You can verify with protocol logging on the receive connectors to see which one is being used.

    https://learn.microsoft.com/en-us/exchange/mail-flow/connectors/configure-protocol-logging?view=exchserver-2019

    Then run tests, see which connector is being used - it will listed in the logs

    0 comments
  3. ömer ilgan 21 Reputation points
    2022-05-09T07:37:34.06+00:00

    Hello David,
    sorry for the delayed reply

    thank you very much for your advices, but i have checked my receive connectors, they are uniq and the ip address of anonymous relay connectors look same.
    I received support from Kemp Load service, we have together performed troubleshooting and performed some configurations , finally we realized that the problem was not LB. We have tested from our ticket system, (by the way our ticket system version is little bit old(2015)) connect to servers, the ticket system can connect with our Exchange2016 without any problem but can not connect with 2019servers. I have checked my smtp receive logs, and I saw that errors :
    Inbound authentication failed because the client Domain\TicketMailboxUser doesn't have submit permission and Tarpit for '0.00:00:05' due to '535 5.7.3 Authentication unsuccessful .
    What I noticed is that on ex2019 servers the replies and communication is all via "Default Frontend Connector", but on ex2016 it is via "anonymous relay connector". When I bypass Kemp LB and point directly to one of the ex2019 servers, this time the connections and answers come from the "anonymous Relay Connector", but this time the error I mentioned above appears. "550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain"

    I use smarthost for my send connector, could this be a problem ? Would it be helpful if I created an additional send connector and bypass smarthost for testing purposes and only less the ip address of the ticket system to it ?
    Would it help if I renew my "anonymous relay connector " on Ex2019servers.
    thanks in advance for your advices...

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.