Another Exchange 2003 to Exchange 2010 mail flow issue

Posted by Ryan Roussel on Geeks with Blogs See other posts from Geeks with Blogs or by Ryan Roussel
Published on Wed, 22 Dec 2010 22:34:00 GMT Indexed on 2010/12/22 16:55 UTC
Read the original article Hit count: 305

Filed under:

During a migration recently, we came across another internal mail routing issue.  The symptoms were identical to my previous post about Exchange internal mail routing.  Mail was flowing from 2010 to 2003, from 2010 to the internet, but not from 2003 to 2010.   I went through the normal check list looking at permissions, DNS, and the routing group connectors.  I verified that both servers listed in the routing group connectors were the routing master in their respective routing groups through the 2003 ESM.  I also verified that inheritable permissions were enabled for the Exchange 2003 server object in the schema.  No luck with either.

 

For my previous post about this issue in which inheritable permissions were the culprit:
Exchange 2010, Exchange 2003 Mail Flow issue

 

And for Routing Group issues:
Exchange 2007 Routing Group Connector Mayhem

 

I finally enabled logging on the SMTP virtual server on Exchange 2003 and the Default Receive Connector on 2010 and sent a few test e-mails where I found 2003 was having issues authenticating to 2010.  By default 2003 uses Exchange Server Authentication to communicate to 2010. The exact error was:

4.7.0 Temporary Authentication Failure

which was found in the SMTP logs on the Exchange 2003 side

 

After scouring based on this error, I found the solution:   The Access this computer from the network user rights in the local computer policy on the Exchange 2010 server were changed from the default.  The network administrator had modified the Default Domain policy and changed this user right assignment to only list Domain Users.   The fix was to clear this setting in the Default Domain policy,  force gpupdate to refresh the group policy settings, then ensure the appropriate users and groups were listed.

 

This immediately fixed the problem and the Exchange 2003 server was able to route mail to the Exchange 2010 mailboxes.

 

The default user rights assignments for Access this computer from the network

On Workstations and Servers:

  • Administrators
  • Backup Operators
  • Power Users
  • Users
  • Everyone

On Domain Controllers:

  • Administrators
  • Authenticated Users
  • Everyone

More can be found here: http://technet.microsoft.com/en-us/library/cc740196(WS.10).aspx

© Geeks with Blogs or respective owner