451 4.4.0 Primary target IP address issue n Exchange

[guest]

Error: 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to
connect." Attempted failover to alternate host ..."

Case 1: After removing McAfee Enterprise antivirus, everything was back to normal.
Outgoing mail is blocked by it.

Case 2: I had a look at the Send Connectors settings, the internal domain name has been setup as the FQDN on the send connector. So that the email sent out side stay in the queue.

Case 3: It could be the DNS issue. Double check the DNS settings or use dnsstuff.com to check it. Here is another case.
Yes, after reviewed the trace, I also found the info below:

=========

Standard query MX ExternalDomain

Standard query response MX ...

Standard query AAAA ExternalDomain

Standard query response, Server failure

Standard query AAAA ExternalDomain

Standard query AAAA ExternalDomain

Standard query response, Server failure

=========

After spent more time on the issue, I found that the issue is still caused by IPv6. IPv6 cannot be completely disabled in Windows 2008 even by adding the registry

Here’s a similar case as yours

Explanation: The registry entry will only disable the IPv6 but does not uninstall it completely from the windows 2008 server, exchange will still querying for remote domain’s AAAA record (QuadA – IPV6) for delivering. And if exchange server were asking the AAAA record to a remote domain that doesn’t have one, same symptom will occur, and it won’t continue to seek for remote domain’s A record for delivering

Current workarounds:

· Add target IP in the host file (Just like you did)

· Set up send connector for specify correct remote server IP address (A record) on them

· If there is lots of target domains (without AAAA record) encountered the error, suggest setting up non-Windows 2008 IIS SMTP Server and forward all outgoing messages to the smart host for externally delivering

Notes: If the ISP (hosting remote domain’s MX records) can publish AAAA records for the remote domain’s MX Record FQDN, then this issue won’t be seen even as Exchange 2007 gets a successful response for its queries


Case 4: I suggest you inspect the protocol log, and make sure your server can connect to the intended target server. The protocol log is loacted here: %EXCHANGE DIRECTORY%\TransportRoles\Logging\Protocol\Smtp\SmtpSend.

You can enable the protocol log for the 'send connector' responsible for delivering messages to those domains through the Exchange 2007 Management Console. It's probably the one with address space set to "*". Once you did that, you should see a protocol logfile starting to grow in %EXCHANGE DIRECTORY%\TransportRoles\Logging\Protocol\Smtp\SmtpSend.

That file should give you a clue as to why the server failed to connect. You can also dump the lines corresponding to those sessions in this forum, and someone might be able to point out the issue.

Case 5: I guess you get that in Smtp Send session. RBL is the blacklist of spammers. You can also verify this by looking at Last Error on the Delivery Queue.

Meaning of 550 depends on the command it was response to. This means a parmanent error due to some policy or smtp parameters or some error during processing. Like for OnRcpt it means Mailbox not available. In your case i think you must have got it on response to OnConnect.

Case 6:
Looks like the remote server does not provide some SMTP verbs correctly. The issue may occur:

1. The remote server does not provide correct SMTP verbs
2. Some device between your mail server and remote mail server filter some SMTP verbs

Therefore, please let me know whether the Exchange Server is configured to deliver message to external mail server directly or needs to deliver to a smarthost server firstly.

If the Exchange Server is configured to deliver message to external mail server directly, please check whether issue only occurs when sending to specific external domain or all external domains such as gmail, yahoo. If the issue only occurs when sending to specific external, I think the issue mostly occurs on remote side. If the issue occurs on all external domains, please check whether you have any devices which may affect SMTP traffic.

If the Excahnge Server is configured to deliver message to smarthost firstly, please log on smarthost locally and telnet to itself. Then, please type "EHLO" and check whether you only get SMTP commands like below:

250 Postini says hello back
250 8BITMIME
250 HELP

If not, please also check whether any device between Exchange Server and smarthost which may affect SMTP traffic.

More cases can be found this page: 400 4.4.7 message delayed - http://www.chicagotech.net/exchange/exch2010f.htm

[chicagotech]

When trying to send email from our SBS 2008 running Exchange 2007, we receive this message:
Delivery has failed to these recipients or distribution lists:

chicagotech.net@gmail.com
Microsoft Exchange has been trying to deliver this message without success and has stopped trying. Please try sending this message again, or provide the following diagnostic text to your system administrator.

--------------------------------------------------------------------------------
Sent by Microsoft Exchange Server 2007

Diagnostic information for administrators:

Generating server: SBS2008.chicagotech.local

chicagotech.net@gmail.com
#550 4.4.7 QUEUE.Expired; message expired ##

Resolution: Here are some quick steps you can take to resolve common email problems:

1. Make sure you have an internet connection. Visit other Websites to make sure that you can surf the Web. Your email will not work if you have no internet connection.

2. If you're having trouble with an email client (i.e., Outlook Express, Outlook, etc.), read these instructions to make sure your mail server settings are correct.

Email Program Settings Field:
Enter:

Incoming (POP)
pop.att.yahoo.com

Outgoing server (SMTP)
smtp.att.yahoo.com
(requires authentication)
Incoming mail server:
POP3

Incoming/Outgoing
User Name: Full AT&T email address, including domain
(e.g., test@att.net, test@bellsouth.net)
Incoming mail port #:
995, secure connection (SSL) checked
Outgoing mail port #:
465, secure connection (SSL) checked

Note: Make sure you entered your email address and password correctly.

In your email client (i.e., Outlook Express, Outlook, etc.), look to see if you have any messages in your Outbox folder. If so, remove those messages and try to send a new message.

If you still cannot send/receive with your email client, try the AT&T Service & Support Tool. It can automatically detect and fix many problems. At the top of this article, select Get Started.