Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, July 20, 2016 7:09 AM
Hi Guys,
We have a hybrid of Exchange 2010 with Exchange Online. Hybrid server as well as Edge is in version 2016.
Users sometimes complaining that email are delivered with significant delay. After checking Tracking logs on O365 there are bunch of following errors with eventid DEFER:
'[{LED=450 4.4.316 Connection refused};{MSG=Socket error code 10061};{FQDN=smtp.our_domain.com};{IP=<our_ip_Addr>};{LRT=7/13/2016 8:52:55 AM}]'
smtp.our_domain.com is out Exchange 2016 Edge server.
Has anyone seen something like that before?
We had issue with delays previously, but it was due to below parametrs that were set not correctly:
MaxInboundConnectionPerSource
MaxInboundConnectionPercentagePerSource
I changed these, but still was getting compains about message delays, after investigating found that "450 4.4.316 Connection refused; MSG=Socket error code 10061".
Anyone knows what could it be? Appreciate any help.
Pawel
All replies (11)
Monday, August 1, 2016 10:35 AM âś…Answered | 4 votes
Hi All,
Case solved :) Opened a case at MS for O365, they told me however that case is mostly related to my on-premise environment (which being honet I knew but I was somehow counting for their help/pointers), although the support engineer told me he is almost certain it is IP ranges that are causing the problem, as they are not allowed to communicate to our on premise infrastructure.
Aaaaaand seems he was right :) he send me that article:
Instead of allowing only specific IPs we allowed all the traffic on 25 port form outside, after that change even doing tests and sending thousands of messages - haven't seen the error any more.
Thank you all for your help in that thread!
Kindest regards,
Pawel
Wednesday, July 20, 2016 10:29 AM
Winsock error 10061 means connection refused, so definitely take a look at your firewall and make sure external systems (or only EO) can reach you on-prem server. Port 25 namely.
1. When was the last time it was working fine?
2. Have you made any recent changes on the computer?
3. Do you have any security software installed on the computer?
I would suggest that you temporary disable the security software on the computer and later try to install the service pack, check if it works.
Disable antivirus software
http://windows.microsoft.com/en-US/windows-vista/Disable-antivirus-software
As per the below Microsoft article this error occurs when connecting to the mail server.
Exchange Server client receives an error message when it tries to send or receive e-mail: "Socket error: 10061, Error Number: 0x800ccc0e"
http://support.microsoft.com/kb/191687
Regards, Rajukb | MCSE (Communication ), MCSA (o365) ,Certified "Lync server 2013 depth support engineer"| This posting is providedwith no warranties and confers no rights. If my reply answers your question please mark as answer/helpful if its helpful.
Thursday, July 21, 2016 5:48 AM
Hi,
Can you send emails to others with the same domain successfully?
Please confirm the delay issue occurs on all external domain or a specific domain.
According to the error message,it indicated Exchange Online service could not establish the connection between your organization and the recipient's mail serve.Please follow above suggestion to check the firewall settings.
Also check if the SPF record is added correctly for your domain in Office 365.
For your reference: https://support.office.com/en-us/article/Create-DNS-records-for-Office-365-at-any-DNS-hosting-provider-7b7b075d-79f9-4e37-8a9e-fb60c1d95166?ui=en-US&rs=en-US&ad=US
Regards,
David
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
David Wang_
TechNet Community Support
Thursday, July 21, 2016 7:00 PM
Hi Raju,
Thank you for reply. Both of these link are no longer available :) however found that kb191687 in german - which is also fine :) about the other link, indeed we got ESET antivirus running on that box, will disable it and do the testing.
So replying to points: Ad1. Seems it was never working fine, Ad2. There was no recent changes on our Edge Server, Ad3. Yes, indeed we have ESET antivirus.
Will try disable antivirus and review that article.
Will get back to you shortly with findings.
Cheers!
Thursday, July 21, 2016 7:04 PM
Hi David,
Seems that DNS entries (also SPFs) are configured correctly, messages are being delivered, however - and here yes, indeed for all external domains - for lots of time we see that error, it is not terminating message delivery, but just causing delays, as the message is being delivered after few minutes.
I think Raju made here a good point that I would need to check and disable antivirus, and review that article (in German though :D (I am Polish))
Thank you for suggestions David!
Kindest regards,
Pawel
Tuesday, July 26, 2016 1:23 PM
Hi Raju,
As per kb191687 all relevant services, checked with netstat and our Edge server is listening on 25:
[PS] C:\Windows\system32>netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
As I mentioned we got ESET antivirus, and here is the thing, I send like 800 test messages (with ESET on and off) and I was not albe to replicate the error on yesterday. Although I send 12 messages on Friday last week and got 2 errors among them -.- but on that time ESET was running. I also noticed that in crimson channel are some Winsock logs, so now I have one more time :) send around 200 messages while winsock eventlog was enabled and ESET turned off. So tomorrow these messages will be available in O365 message tracking - wondering what I will get :)
cheers!
Tuesday, July 26, 2016 2:12 PM
Thank you for posting Pawel, let me also think a loud to see if i can get any other ways to fix this.
Regards, Rajukb | MCSE (Communication ), MCSA (o365) ,Certified "Lync server 2013 depth support engineer"| This posting is providedwith no warranties and confers no rights. If my reply answers your question please mark as answer/helpful if its helpful.
Monday, August 1, 2016 11:35 AM
Good to know that the issue has been resolved finally, thanks for sharing the information.
Regards, Rajukb | MCSE (Communication ), MCSA (o365) ,Certified "Lync server 2013 depth support engineer"| This posting is providedwith no warranties and confers no rights. If my reply answers your question please mark as answer/helpful if its helpful.
Tuesday, August 2, 2016 1:30 AM
Hi,
Thank you for generous sharing.
Regards,
David
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
David Wang_
TechNet Community Support
Thursday, January 18, 2018 4:33 PM | 1 vote
Hi All,
Case solved :) Opened a case at MS for O365, they told me however that case is mostly related to my on-premise environment (which being honet I knew but I was somehow counting for their help/pointers), although the support engineer told me he is almost certain it is IP ranges that are causing the problem, as they are not allowed to communicate to our on premise infrastructure.
Aaaaaand seems he was right :) he send me that article:
Instead of allowing only specific IPs we allowed all the traffic on 25 port form outside, after that change even doing tests and sending thousands of messages - haven't seen the error any more.
Thank you all for your help in that thread!
Kindest regards,
Pawel
What about I don't want to open 25 for all remote IP.
I want to have Exchange online communication directly to our exchange server whitout the need of passing by the spam filter. I have added all the IP that are here https://technet.microsoft.com/en-us/library/dn163583(v=exchg.150).aspx and they are allowed port 443 and 25. Still received the connection refused. again, we don't want to have port 25 open to all on that specific IP as we have another one for that.
Friday, October 12, 2018 4:53 PM
What about I don't want to open 25 for all remote IP.
I want to have Exchange online communication directly to our exchange server whitout the need of passing by the spam filter. I have added all the IP that are here https://technet.microsoft.com/en-us/library/dn163583(v=exchg.150).aspx and they are allowed port 443 and 25. Still received the connection refused. again, we don't want to have port 25 open to all on that specific IP as we have another one for that.
This. We're having the exact same trouble, but opening up traffic from all IPs is not an acceptable answer, the only traffic we want coming in should be from Exchange Online. Opening it up to all traffic is enabling the potential for unfiltered spam to come through.
If the list provided by MS for IPs to allow is not comprehensive, then how are we supposed to plug this type of security hole? Can we enforce the security by another means?