we did look at logs and sniff the network. what we saw was that the Edge would connect to the HT, exchange syn, syn-ack, ack, ehlo, blah, quit.
prior to now, ET was delivering to HT via a connector that we had created. the same connector that the Ironports had used. Logs confirm this. I surmise that when the E2k10 server came into play, it forced the Edge Subscription to use Exchange Authentication. Which was evident on looking at the edge-internal recv connector. I *know* that that connector previously had no auth. Ironports wouldn't have handled it... so, ... i think that when the 2k10 server talked to the edge, it forced Exchange Auth, which we were not configured for on the more specific, manually created connector. supposition here. would love to have validation. b thoughts? reasonable theory? On Wed, Apr 14, 2010 at 5:48 PM, Michael B. Smith <mich...@smithcons.com> wrote: > Did you look at the connection logs anytime during this process? > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > From: Russ Patterson [mailto:rus...@gmail.com] > Sent: Wednesday, April 14, 2010 5:34 PM > To: MS-Exchange Admin Issues > Subject: Re: Added dig cert to our E2010 CAS server, all mailflow stopped > > > > I misspoke - we didn't telnet back & forth between two servers, we telnetted > from the Edge to the Hub, and then on the hub we telnetted to localhost, and > saw different SMTP verbs after ehlo. That was the clue that we had a > non-Exchange-authentication-friendly connection happening. (We saw the > Exchange autrh verbs on telnet localhost, but not from Edge to hub.) > > > > Sorry for the confusion - it's been one of those days. > > On Wed, Apr 14, 2010 at 2:47 PM, Russ Patterson <rus...@gmail.com> wrote: > > This was a strange one - called MS support; it turned out to be an old > connector (which had been functioning for over a year.) > > > > At first, it had been to allow traffic from our Ironport appliances into the > org, then we retired the Ironports & added an Edge server. For a while, we > had both the Ironport IPs and the IP of the Edge in the Network tab of a > Receive connector in the "Receive mail from remote servers that have these > IP addresses" box. > > > > We deleted the connector, since those were the only 3 IPs in there, and > restarted Transport all around. TheQueue from the Edge server to all our Hub > servers emptied. The MS tech could see this was needed by doing telnet in > both directions - after issuing an ehlo, a different list of verbs was > listed in the SMTP session going one way as compared to the other. > > > > The thing we really don't have an answer for is - why did it work for weeks > (after we turned off the Ironports) until this morning when I added the > digital cert on the 2010 CAS server? The mail stopped within seconds > of assigning the SMTP service to the new cert..... > > > > All's well that ends well, I guess. Thanks everyone for their assistance! > > On Wed, Apr 14, 2010 at 11:41 AM, Russ Patterson <rus...@gmail.com> wrote: > > John - working on the root cert, Tom - we have rebuild the Edge Subscript. > > > > Thanks much you guys! > > On Wed, Apr 14, 2010 at 11:05 AM, Ellis, John P. <johnel...@wirral.gov.uk> > wrote: > > Do you need to apply a root CA cert as well? Just a guess > > digcert or Digicert? > > > > John > > > > ________________________________ > > From: Russ Patterson [mailto:rus...@gmail.com] > Sent: 14 April 2010 16:04 > To: MS-Exchange Admin Issues > Subject: Added dig cert to our E2010 CAS server, all mailflow stopped > > I was following the MS Deployment Checklist, and just added a DigCert to our > new 2010 CAS server. All we have in place (for 2010) is that machine, which > has CAS & HUB roles. > > > > ALL inbound mail is now queueing on our 2007 Edge server. Any suggestions? > > > > Thanks! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > This footnote also confirms that this email message has been swept by > > MIMEsweeper for the presence of computer viruses. > > www.clearswift.com > > ********************************************************************** > > > > > >
