When you first install Exchange Server 2016 there is no outbound mail flow configured by setup. If you happen to be installing into an existing Exchange organization then the existing outbound routes for the organization will apply, and mail sent by mailboxes on your new Exchange server to external recipients will likely work. However if you’re installing into a new organization, or want to change your existing outbound mail flow, then you’ll need to create a send connector.

Send connectors control outgoing mail flow from your Exchange server. Every organization that needs to send email message to external recipients will need at least one send connector. In this tutorial we’ll look at creating and testing a new send connector for outbound email from an Exchange Server 2016 server.

Creating a Send Connector for Exchange Server 2016

Log on to your Exchange Admin Center and navigate to mail flow and then send connectors.

exchange-2016-send-connectors-01

Give the new send connector a meaningful name and set the Type to Internet.

exchange-2016-send-connectors-02

Next you’ll need to decide how the outbound emails will be delivered. There are two choices – by MX record, or via smart host. MX record delivery involves your Exchange server looking up the MX records of the recipient’s domain in DNS, and then connecting directly to their email server via SMTP to deliver the email message. Smart host delivery involves your Exchange server sending the messages to a specified IP address or host name for another system (typically an email security appliance or cloud service) that is then responsible for the further delivery of that email message.

exchange-2016-send-connectors

For this example I’m going to use MX records to deliver the message. My server already has outbound firewall access on TCP port 25, and can resolve MX records on the internet using DNS, so at a basic level this should work fine. There are other considerations such as SPF and IP reputation in the real world that may impact the delivery of email messages from your server.

exchange-2016-send-connectors-03

Set the address space for the send connector. An address space of “*” means “any domain” and is suitable if you have one send connector that is used for all outbound mail flow. You can use this address space option if you later need to configure specific send connectors for different domains.

exchange-2016-send-connectors-04

Finally, set the source server for the send connector. If you have multiple servers that you want to be responsible for outbound mail flow you can add more than one server to this list.

exchange-2016-send-connectors-05

Click Finish to complete the wizard.

Testing the Send Connector

A simple test to verify that the send connector is working is to send an email from a mailbox on the server to an external address. If the email message is received by the external mailbox you can then check the message headers by copying them from the message and pasting them into the Message Analyzer at ExRCA.com. This will verify for you that the email message took the intended route (via your new server) instead of some other existing outbound route in your organization.

headers

If the email message was not received check the transport queue on the Exchange 2016 server.

[PS] C:\>Get-Queue

Identity                   DeliveryType Status MessageCount Velocity RiskLevel OutboundIPPool NextHopDomain
--------                   ------------ ------ ------------ -------- --------- -------------- -------------
EXSERVER3                 DnsConnec... Ready  0            0        Normal    0              gmail.com
EXSERVERSubmission        Undefined    Ready  0            0        Normal    0              Submission

If you see message stuck in the queue for the next hop domain that you’re trying to send to you can see more details about them by piping the command to Get-Message.

[PS] C:\>Get-Queue | Get-Message | fl

In particular look for the LastError attribute of the queued messages, which will often contain a status code that will tell you why the messages are not being delivered.

Since outbound mail flow depends on DNS and firewall access you can also check those items. For example, to verify that MX records can be resolved in DNS by the Exchange server use the Resolve-DnsName cmdlet.

[PS] C:\>Resolve-DnsName gmail.com -Type MX

You can also test SMTP connectivity from the server using Telnet. Because the Telnet client is not installed by default on Windows Server you may need to install it first.

[PS] C:\>Install-WindowsFeature Telnet-Client

Success Restart Needed Exit Code      Feature Result
------- -------------- ---------      --------------
True    No             Success        {Telnet Client}

From a CMD prompt try to telnet to one of the MX records you resolved earlier.

C:\>telnet gmail-smtp-in.l.google.com 25

220 mx.google.com ESMTP bv3si49894863pbd.105 - gsmtp

If you do not see the 220 response and banner you may have an outbound SMTP connectivity issue that you need to look into further on your firewall.

Finally, if SMTP connectivity looks fine but the emails are still not being delivered you can enable protocol logging on your send connector and then use the log data to assist your troubleshooting.

[PS] C:\>Set-SendConnector "Internet Email" -ProtocolLoggingLevel Verbose

The protocol logs are stored by default in C:Program FilesMicrosoftExchange ServerV15TransportRolesLogsHubProtocolLogSmtpSend and can be opened and read in a text editor such as Notepad. The protocol log will show the SMTP conversation between your server and the external recipient’s server, so any SMTP errors should appear in the log.

protocol-log

Summary

Outbound mail flow from your Exchange 2016 server requires a send connector to be configured. In the article above I demonstrated how to configure a new send connector for a simple scenario, as well as some troubleshooting steps to help you test and validate that the send connector is working.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Gustavo

    My scenario:

    Datacenter #1 – AD Site “A”
    -4 ISP internet connections. (Outbound independently)
    -2 DCs GC (FSMO) Internal DNS
    -2 DNS Servers – External DNS hosted into a DMZ (SPF / MX / PTR records pointing to Site A (mailflow))
    -1 Exchange 2010 SP3 UR30.
    -2 Exchange EDGE Servers in DMZ.
    -500 users

    DNS Namespace: Outbounded model
    Mail services (DNS): webmail.company.com / autodiscover.company.com
    MX´s: 2 mail.company.com | 2 mail2.company.com (2 on 1 ISP and 2 on another ISP for redundancy)

    Datacenter #2 – AD Site “B”
    -2 ISP Internet connections (Outbound independently)
    -2 DCs GC
    -1 Exchange 2016 (Not yet installed)
    -100 users

    Connections: 1 VPN and 1 MPLS connecting Site A to Site B.

    I need to install Exchange 2016 as part of an Exchange Upgrade, and i need to install it directly on Site B because it has more hardware resources and more employee´s.

    Questions :

    1 – Can i install Exchange 2016 directly in Site B without migrate any user mailbox and while Exchange 2010 SP3 still reside in a main site A without changing, afecting or disrupting mail flow or needed to pointing the DNS records to Site B ? > ignoring the fact of the previous and immediate Schema/Ad/Domain updates from remote share in FSMO DC, and configuration of the SCP, the services and the SSL certificate.>

    2 – What´s happens to the actual mail flow, regarding on that exchange 2010 cannot do proxy up to exchange 2016 ?

  2. TED LAURENT

    Thank you! All the articles you’ve shared have been a godsend to me.

    All the best,

    Ted

  3. Swetha

    Hi Paul, This article is really helpful. The very fact of explaining the real time scenarios or why we need to use so and so thing is really helpful. Thank you so much. Appreciate your efforts.

    1. Nandita

      This is a very good article for those Exchange admins who newly working on connectors.
      It’s explained very nicely. Appreciate your amazing efforts.

  4. David

    Hi Paul,

    I have an Exchange 2016 server and I’m changing journal servers. I created a new mail flow send connector and the new journal server works great. However, when I disable the old send connector I get unroutable address errors to the old send connector. How can i completely disable the old connector? Thanks, David

  5. Eduardo

    Hello Paul do you know a way that i can create a send connector but the source server is not a exchange server but an ip address

  6. Vipul Patel

    Hi Paul,

    I’ve just spent three days trying to make sense of our Exchange 2019 server which has been working absolutely fine but now seems to send email into the internet but they never reach the recipient and there are no errors reported. Message queues are always empty so it seems the mail leaves our server but we have no idea where they’re going!

    Incoming mail works fine, and we think this started about ten days ago. I’ve recreated the connectors but nothing makes a difference.

    Can you thknk of why this would happen?

    Thanks,

    Vipul

    1. Rometheis

      Did you configure your send connector to use the reverse lookup name for your Public IP? Are you using a smart Host Connector?
      If your messages have left the queue and when you check the logs you have a ‘250’ ack then it is possible your email is being black holed due to SPF, RDNS issues.
      I am sure you figured this out by now but thought I would offer some ideas for others

  7. Phil

    Hi Paul, I am having trouble with a 2016 Outbound Connector and hopefully you can give me a pointer?
    It is on a 2016 Hybrid. I created a second outbound connector on O365 to send Journal emails to external partner organisation. This connector is set to be used for journal.domain.com
    The standard outbound connector is set for * domain
    I am receiving the following undeliverable reports:
    Your message:
    From: mx12@datacom.co.nz
    Subject: Undeliverable Mail: “Test”
    Could not be delivered because the domain name was unresolvable:
    Unable to resolve route journal.domain.com (MX) – *

    To me, this means it is using the normal route for * domain, as the undeliverable message came from out normal Smart Host and not the Smart Host on Journal Connector.

    Do you know about the setting ‘RouteAllMessagesViaOnPremises’? I found it needs to be set to ‘true’ for a connector for ‘*’ domains. So I assume it would only affect that connector? Is there another setting somewhere that forces all mail through the * connector and not use the more specific connector on a Hybrid?

  8. Bhanu

    Dear Paul,

    We Deployed new AD & Exchange 2016 in the environment. and I need a solution in which all the internal emails that should be able to route to a smart host(Like email gateway), even the email for clients hosted in the same database.
    Is it possible to do something similar on the exchange? To route all the email or at least the email from OWA users to a smart host even for users in the same database? or at least send the email to the smart host and from there to the exchange mailbox as well

  9. Abdullah Al Masud Bhuiyan

    Hi Paul……grateful to you. I have installed MS Exchange Server 2016 and I can received email from external domain but can not send email to those domain. Gmail and yahoo is ok.

  10. Phyo

    Hi Paul,

    We have 3 Exchange Servers (multi-role) in DC site & 3 in DR site which are in different subnets. These exchange servers are only for outbound application relay only whereas user mailboxes are hosted in google mail.
    We are currently facing the email duplicate issue. Email sent for one particular recipient domain are duplicated by 3 or 4 emails (We check it from spam mail firewall). When we check one email with the Get-MessageTrackingLog command, we found that this email going through one exchange server is replicated to other 2 servers and all 3 emails are sent out via the single send connector, so we got 3 or 4 same emails at a time.
    1) What could be the possible cause ?
    2) And, also how many send connectors should be created between two AD sites ?
    3) Does this depend on the number of servers defined as the Source Server of Send Connector ?
    4) Do we also need to define “inter-Site Trasports” links in Active Directory Sites and Services ?

  11. Hannes

    How do you route mail accounts externally the network which aren’t hosted locally on the exchange 2016 box or in the AD?

  12. himanshu

    Dear Paul, we are deploying a security appliance on our network, and I was trying smart-host delivery to this appliance from our Exchange 2010 HT servers using a send-connector. Due to security reasons and this device being in DMZ, we only have port 25 opened both ways. I could figure out from Protocol logs that if we have defined port 25 in the properties of the send-connector, then it is applicable to only to the destination smart-host to which the connector is sending emails, and I cannot control the source port. I mean, at the source, I saw HT servers opening ports randomly in the TCP port range, however, the destination port was always 25 (as defined in the connector properties). Can I restrict port at source to be 25 to allow communication to be on this port only?

  13. Thomas

    For all those who have issues sending out emails after installing Exchange Server, try this:
    Create a new mailbox database
    Mount the database
    Migrate your user to the new database
    Send test mail.

  14. Zewwy

    Hey Paul,

    Love your posts. You may want to include a little note that most ISP that utilize DHCP for end users public IP will block SMTP outbound. In my case my local ISP blocks SMTP for residential internet which is DHCP based form the ISP. A static IP is required which they provide on their business tier services (which can actually be cheaper at times).

    Just figured I’d let ya know. Took me a while of trouble shotting before I found out my ISP was blocking my outbound port 25.

  15. sankarasubramanian parameswaran

    hey we are trying this solution and let us know whether it is workable

    Already we have exchange 2010 configured in Hybrid with office 365. we are planning to install exchange 2016 and move the hybrid from 2010 to 2016. We are trying to reduce the user impact

    Our question
    1. whether send connector can have both 2010 and 2016 servers
    2. Once everything worked fine, can we remove 2010 servers after a week

    when we remove exchange 2010 servers from the send connector whether we need to rerun hybrid wizard ?

    our exchange servers used only for email routing from application if there is any impact or delay or delivery failure when we switch over hybrid from 2010 to 2016

    1. Avatar photo
      Paul Cunningham

      1. Yes
      2. Yes

      Re-run the hybrid configuration wizard after you install the 2016 server, and again after you remove the 2010 server.

  16. Dave

    I’ve followed the various Exchange 2010 to Exchange 2016 Migration Guides online and have the new Exchange 2016 server up and running. I’ve moved a couple of mailboxes over to the new server and the new DB’s. I’ve changed my autodiscover IP to the new server and I’ve changed my firewall to allow port 25 to go to the new server, plus (its a UTM 9 device) set the new Exchange 2016 box as the mail server in the UTM (for SPAM filtering purposes, av scanning etc).

    Mail seems to be going in and out OK for users on both servers EXCEPT I see the odd domain rejecting mail I send out of my account thats going out via the 2016 server. I’m emailing my gmail account fine with the exact same account/server, but mails to a client (well, the only one I’ve identified so far) are being rejected with various ‘delay’ and ‘sender denied’ errors and I can see them being bounced by my clients Firewall like:

    R=static_route_hostlist T=static_smtp: SMTP error from remote mail server after end of data: host 192.168.1.2 [192.168.1.2]: 554 5.1.0 Sender denied

    Thats me sending to them … which has worked fine up till now 😉

    All I did to my existing 2010 Send Connector (that I see in Exchange 2016 – mail flow – Send Connectors) was add my new Exchange 2016 server to the scoping – source server. I have BOTH the Exchange 201 Server and the Exchange 2016 Server

    Any ideas? Tips?

    Cheers!

    1. Avatar photo
      Paul Cunningham

      Does your outbound mail go via the UTM (as in, the send connector is configured to send to a smart host) or does it go direct to the destination (send connector configured to send via MX)?

      If it’s via your UTM as a smart host, I would just revisit things like SPF records to make sure you have all that set up correctly, make sure you’re not blocklisted, that sort of thing.

      If it’s sending direct, make sure your Exchange 2016 server is getting outbound NATed to the correct public IP address. If you have a pool of public IPs its’ possible your firewall is NATing that server to a different IP than you’re expecting.

  17. C. Hunt

    It seems I have the following,I have searched and cannot find anything related to this error and how to fix it.
    “No RPC endpoints were enabled in the configuration file.” Additionally it say MSEchangeRPC service is not running.

      1. C. Hunt

        It immediately Stops. Can I email you the log and a couple of screenshots.

        1. Avatar photo
          Paul Cunningham

          No, sorry. If you’ve got a mail flow problem and services that won’t start I recommend you open a support ticket with Microsoft, if you can’t find information online about the specific event IDs you’re seeing in your event logs. Microsoft Support will ask you to make sure you’re updated to the latest cumulative update first, so if you want to save time you should check that before you contact them.

  18. C. Hunt

    It seems I have the following,I have searched and cannot find anything related to this error and how to fix it.
    “No RPC endpoints were enabled in the configuration file.”

  19. C. Hunt

    Paul,
    I have setup a send connector (exactly as in the article above) but in OWA the mail is hung in Draft. When i run the Get-Queue it is indicating NextHopDomain = Submission. What did I miss? is this a DNS issue.

    1. Avatar photo
      Paul Cunningham

      Possibly. Also possible you’ve got a server health problem or something else going on. You’ll need to dig into event logs to see if there’s any info in there.

      1. C. Hunt

        Looking in the Event Viewer I am seeing Event ID 1007 “No RPC endpoints were enabled in the configuration file.” Along with the Warning that the Exchange Address Book service is disabled. Also, Under Service Task Details the MSEchangeRPC cannot be started. This is interesting since this is a new 2016 server and I thought RPC was no longer used.

        1. Avatar photo
          Paul Cunningham

          Outlook Anywhere is still available in Exchange 2016. Sounds like you’ve got some server health issues to fix and they are possibly the cause of your mail flow issues.

          1. C. Hunt

            So I have run the Test-ExchangeServerHealth and it shows:
            Mailbox Server Role Services status is Fail
            Client Access Server Role Services status is Fail
            and of course
            Mail flow status is *FAILURE*

            So, I know what failed, I’m puzzled at what the next steps would be to find out the what and why to correct the issue and get this working.
            Part of the issue may be, which thought I got everything changed, I was originally going to use a Edge Transport but decided not to.

          2. Avatar photo
            Paul Cunningham

            Run the Test-ServiceHealth cmdlet, it will tell you which services aren’t running.

  20. Olaf

    What if I have choses for a Custom Connector instead of a Internet connector? What is the differences, since the options are all the same.

  21. Avatar photo
    Paul Cunningham

    I haven’t encountered any problems with it, so I’m not sure what you’re seeing or how to go about fixing it. Do you allow outbound IPv6 connections through your firewall?

  22. Kevin

    For a server that has multiple IPs, IPv4 and IPv6 (but specically for IPv6) is there a way to set an IP used for outgoing emails, so that it will always be used?

    IPv6 auto-generates different IPs on each boot, and usually uses those to attempt to send, rather than the static IPv6 address I have set..

    There should be a way to do this, but I haven’t been able to find it yet.

  23. 0ff2w0rk

    I have a lab at home with 2 servers in a dag.
    There is one database on each server. 
    User1@domain1,com is hosted on DB01, which is on Server01
    User2@domain2.com is hosted on DB02, which is on Server02
    I also have two send connector
    Send connector 1, send mail using smarthost, only has server01 on the list
    Send connector 2, send mail using MX record only has server02 on the list.
    In theory, this should mean that user1@domain.com should always send mail using smart host and user2@domain2.com should send using mx record (mx record points to firewall at home lab).
    This seems to work once in a while, sometime user2@domain2.com sends email using the smart host.
    Seems like DAG is doing something with the mailflow?
    I also tried to check for use “proxy throught client access server”, which did not help for send connector 2.
    Anything I’m missing here?

    thanks!

  24. Tomás Crespo

    Hi Paul! My smarthost need authentication, but the authentication has to be DIFFERENT for each exchange account. I can set the same password for every single user in the smarthost, so the password in the Exchange SMTP connector would be always the same.

    The problem is the username. If the exchange user is paul@contoso.com it has to authenticate as paul@contoso.com/pass1 against the smarthost. If the exchante user is tomas@contoso.com it has to authenticate as tomas@contoso.com/pass1.

    My smarthost (my ISP) does NOT allow me to use one single account for every sender.

    Is there any posibility to set up different credentials against the smarthost for every exchange user? Perhaps creating one connector for every exchange user? Perhaps using some varible like $EXCHANGE_USRNAME$@contoso.com/pass1???

    Thanks

    1. Avatar photo
      Paul Cunningham

      No. That sounds a bit ridiculous to me. Maybe you should look at finding a better smart host.

  25. behdad bibak

    hi
    i have a exchange edge server that have a problem
    it receives email from internal servers but doesn’t send them to the local destination.

  26. UMA GANESH

    Hi Paul,

    Thanks for your valuable inputs, We have fixed the issue. Mails were stuck up in the Gateway queue . We have release the queue from mail gateway. Now its works.

    Thanks again.

  27. UMA GANESH

    Hi Paul,

    Thanks again, I have tried telnet to edge server but unable to relay external domain. Please let me know where is the setting to be changed.

    Send Connector Configuration:
    Edgesync to Internet: Delivery : Route email to smart host: Edge Server IP specified.
    Authentication: None
    Scoping: *
    Source Server: Edge Server IP address specified.

    Please let me know any change to be adjusted according to the delivery.

    1. Avatar photo
      Paul Cunningham

      If telnet worked then SMTP connectivity is probably okay. There’s no need to make changes to the EdgeSync connectors, those are created automatically for you when you set up the Edge subscription.

      You should look closer at the queue that is holding the stuck messages, as I suggested already. Use Get-Queue to look at the last error (the property is named “LastError”). That usually provides clues as to what is going wrong. You should also check the event logs if you have not checked them already.

  28. UMA GANESH

    Hi Paul,

    Thanks for the response. Mails are stuck up in the mailbox server submission queue. We have routed emails from edge to Symantec gateway. Firewall is in disabled on all exchange server. Please help.

    1. Avatar photo
      Paul Cunningham

      You should not turn off the Windows Firewall on the Exchange servers. Exchange setup adds the necessary firewall rules for Exchange to function correctly. However you will need to to make sure any network firewalls between the servers are allowing the required ports.

      You should verify that SMTP connectivity between the servers is working. You can use telnet for that.

      You will need to look closer at your queue that the messages are stuck in. Use the Get-Queue cmdlet to look for the last error or the reason that the queued messages aren’t processing. You can also check the event log for any signs of an error.

  29. UMA GANESH

    Hi,

    After installing edge transport server mail flow got stopped. Mails are stucking up in the queue. Could you please help me out resolve this case.

    Exchange 2016. 2 Mailbox servers (Single DAG). 1 Edge server.

    Thanks in advance.

    1. Avatar photo
      Paul Cunningham

      Which queue are they stuck in? The most likely cause is that you haven’t opened the firewall ports that an Edge server requires for communications in/out with your Mailbox servers. But you’ll need to look closer at your queues and the errors on them to determine what’s wrong.

  30. Naveen

    Hello Friends i have a big problem i have configured Microsoft Exchange Server 2016 i am not able to send the email all emails are going in Draft Folder while sending from OWA
    Please help me

  31. Gary

    Thanks… great article.

    I’m having one issue with outbound email. The destination mail server is rejecting my email due to what looks like an invalid source mail server name that is not resolvable externally. I have only set up the mailbox server and have not added any edge servers at this point.

    eu-smtp-1.mimecast.com gave this error:
    Local CT IP Reputation Policy (Reject) – https://community.mimecast.com/docs/DOC-1369#550

    Received: from exchange.internaldomainname.local (192.168.67.14) by
    exchange.alguire.local (192.168.67.14) with Microsoft SMTP Server
    (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
    15.1.544.27; Wed, 7 Dec 2016 18:28:39 -0800
    Received: from exchange.internaldomainname.local ([::1]) by exchange.internaldomainname.local

    I set the FQDN on the Send Connector scoping tab to my legitimate hostname, but that didn’t seem to have any affect.

    Any thoughts appreciated and thanks,
    Gary

  32. elisa

    hi
    would you help me with this problem: I can send email to internet by OWA but it’s not working with outlook! I get this error: “Server error: ‘550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain'”
    I have already an accepted domain (DomainB) configured,assuming my AD is DomainA.

  33. Scott

    I figured it out…. odd thing is i am able to send a message from 2016 to a 2010 mailbox via telnet.
    On my exchange 2010 sever the ehlo response is correct when going to the 2016 box… but going from 2016 to 2010 the response is the external domain not the internal. so 2016 is not getting the correct response.

  34. Scott

    Turned logging on… on the 2016 transport connectivity log

    Failed connection to 2001:db8:a0b:12f0::1:25 (NetworkUnreachable:00002743)[TargetIPAddress:2001:db8:a0b:12f0::1:25|MarkedUnhealthy|FailureCount:8|NextRetryTime:2016-09-26T15:08:22.401Z]
    2016-09-26T15:03:22.401Z,08D3E61B99D4F254,SMTP,site:default-first-site-name; version:14,-,Messages: 0 Bytes: 0 (Attempting next target)
    2016-09-26T15:03:22.401Z,08D3E61B99D4F255,SMTP,site:default-first-site-name; version:14,*,Session Failover; previous session id = 08D3E61B99D4F254; reason = SocketError

  35. Scott

    I have the logging on the 2016 server…. do i need to turn it on the 2010 server as well?

  36. Scott

    The connector i am referring to is on the 2010 server…. it is named internal. It does not have exchange authentication checked… i am thinking that is why i am getting the error i stated above.

    1. Avatar photo
      Paul Cunningham

      No connector by that name on my 2010 server. I’d say it’s a custom connector that someone has created.

      But you need to verify that is the connector that is even handling the connections, and the way to do that is to use protocol logging.

  37. Scott

    ON the 2010 box do i need to have Exchange server authentication checked on the receive connector?

    1. Avatar photo
      Paul Cunningham

      What is “the receive connector”? There’s multiple receive connectors on each server.

      Also, read that link I posted above. It has tips for how to troubleshoot (such as setting SMTP banners on connectors, using protocol logs…)

  38. Scott

    I am deploying an Exchange 2016 server in my domain with an existing 2010 server. I can send and receive external email on the 2016 test mailbox. I can send emails from a 2010 mailbox to the 2016 mailbox. I cannot send an email from the 2016 box to a 2010 mailbox. It sits in the 2016 queue.

    1. Avatar photo
      Paul Cunningham

      The problem is usually a custom receive connector on the 2010 server that uses a remote IP range that overlaps with the 2016 server’s IP address. That will cause server-to-server mail flow to fail.

      1. Scott

        Anyway to correct it or should i just go forward with the roll out… I did notice on the 2016 connector it is port 2525 and on the 2010 its 25. Also i do have a custom connector on the 2010 box to receive email internally. I added the IP of the new 2016 server in the network tab of the receive mail section. Under authentication should i check off exchange server authentication. Under permission i have anonymous and exchange server checked.

        1. Avatar photo
          Paul Cunningham

          “I added the IP of the new 2016 server in the network tab of the receive mail section.”

          Then that is causing the problem. There’s no need to add the IP to a relay connector, nor is there any need to create any type of connector for internal server-to-server mail flow. Do so will break mail flow. Exchange knows how to route email to other Exchange servers in the org without you needing to do anything.

          https://www.practical365.com/no-need-create-connectors-internal-exchange-server-mail-flow/

          1. Scott

            Ok took the IP out of the connector restarted the transport service… still sitting in the 2016 queue… I get an error now of 451 5.7.3 cannot achieve exchange server authentication. I can telnet from each server to them and get the helo response.

  39. Scott Nace

    I have blocked NDR’s and stopped blank senders on my exchange server 2016. I am still getting a lot of message in the queue viewer sometimes hundreds of them to a ton of different domains. Everyone is trying to be delivered to an address that doesn’t exist on the server. My question is that should I do anything else when my scripts run at night they are always red in the transport queue. It doesn’t look like these messages are getting out but how can I stop them all together.

    Here is one of the messages from my queue.

    Identity: Server NameShadow37189775253543
    Subject: Tracking number
    Internet Message ID:
    From Address: Mcclure.452@shekinaproductions.com
    Status: Ready
    Size (KB): 20
    Message Source Name: SMTP:Default Server Name
    Source IP:
    SCL: 0
    Date Received: 9/19/2016 9:31:20 PM
    Expiration Time: 9/21/2016 9:31:20 PM
    Last Error:
    Queue ID: Server NameShadow3
    Recipients: email address@domain.com;2;0;[{LRT=};{LED=};{FQDN=};{IP=}];0;;0

      1. Scott Nace

        Thank you very much for everything you do for us!!!

  40. Wes Shupp

    I want to thank you a TON for all this work you do for us!

    I need your help. My first 2016 deployment and I have some issues and coming down to the wire!

    When I log into OWA and try to send an email. The Email goes directly into the draft folder. Never sends nor do I see it hit the queue

    Do know why ?

    1. Avatar photo
      Paul Cunningham

      These types of issues with both Exchange 2013 and 2016 tend to be DNS related.

  41. Chad

    How do I find out which is my SMTP server from exchange?

    1. Chad

      I forgot to add I’m on Exchange 2016 and its my first administrator role 🙂

      1. Avatar photo
        Paul Cunningham

        I don’t understand your question, so it might be a good idea to explain what you’re trying to achieve or what problem you’re trying to solve.

  42. Ahmadi

    Hi,

    I Install Exchange 2016, configure Accepted Domain, External URL , Internal URL , …

    but in sending email to our local user or External user got error.

    outlook and OWA say “You don’t have permission to do this action”

    i got this error in several test deployment of Exchange. some time after a while error gone. but some time not. some time after update Exchange with update rollup 1 or 2 erroe gone but some time not. its a strange problem.

    1. Ahmadi

      Any Idea Paul?

      1. Avatar photo
        Paul Cunningham

        No, too many unknowns. You need to describe the problem. Where does the error appear, in Outlook/OWA itself or as an NDR? Is that the full error text? Are you logged on as the mailbox owner when the error occurs?

        1. Ahmadi

          Hi Paul,

          Error appear in both (Outlook and OWA) , Also Email stuck in drafts folder.

          I log on with owner of Mailbox, also all of recipient have this error.

          1. Avatar photo
            Paul Cunningham

            Check the DNS settings configured on the network interface of the Exchange server. It should only be configured to use your domain controller(s) for DNS, not any public DNS servers.

          2. Ahmadi

            I Check the DNS Setting of Exchange Server. It Configured to our Internal DNS Server (Our local DC) and have no problem.

            I check MSExchange Management Section in Event Log, it show several errors with Event ID 6: “Cmdlet failed. Cmdlet Get-InboxRule, parameters”

            is this error related to stuck email in drafts and “You don’t have permission to do this action” error?

  43. BW

    Is it possible to prioritise sending email from an Edge server (using EdgeSync) over IPv6 rather than IPv4?

  44. Tom

    Hi Paul,

    I installed the Exchange 2016 successfully, as I configured the Send Connector, I’m stuck at adding the source server window(I selected my source server and clicked on add) it won’t go to the next window by pressing the OK or Cancel button, any ideas?

    1. Avatar photo
      Paul Cunningham

      Sounds odd. Maybe just a browser glitch. Try a new browser session, or a different browser entirely?

      1. Tom

        Thanks Paul. I was using Chrome, it now works with IE.

      2. Rahul

        Hi,

        I am Rahul

        i have install exchange server 2016 and want to configure outbound and inbound email on it,
        how i can send / receive emails from OWA

  45. Anatoly

    Hi Paul
    I set SPF record for my domain to make sure just sent from my mx rocord
    but now I can send email from another exchange server with that domain
    this is my spf record
    v=spf1 mx -all
    please help me what should I do
    Thank you

    1. Anatoly

      Now I checked I can send email from my exchange server with your domain too
      I send and email with IT@ExchangeServerPro.Com from my exchange server and it received in junk

      1. Avatar photo
        Paul Cunningham

        What are you expecting to happen? SPF doesn’t stop someone from using your domain name. It only provides the *receiving* server with information to help it decide whether or not to treat the email as spam. No matter what your SPF record says, it’s up to the *receiving* server to decide whether to block, allow, or junk the email.

        1. Anatoly

          So Can’t we stop using our domain with some one else?
          You mean if I don’t set SPF record any one can send email to and all of email goes to Inbox and if I set a complex SPF record I prevent from receiving some email and move bad mail to Junk?
          So what is the Anti SPAM job?

          1. Avatar photo
            Paul Cunningham

            I don’t understand what you’re asking.

            What is the outcome you are trying to achieve?

          2. Anatoly

            until now I used SPF record for making sure my emails goes to inbox for who I send email to and to prevent abuse of my domain
            But most of my mail that sent to Gmail & Yahoo & Outlook go to SPAM and I receive some Suspicious mail from my domain (That I sure I dont sent it)
            I read some article that told SPF record must be config and DKIM
            Now my question is how to make sure my sent email go to Inbox not to SPAM and how Can I prevent abuse of my domain

            Thank you Paul

  46. Shimon Adimor

    Thanks ! Exactly what I thought 🙂

  47. Shimon Adimor

    Hi,
    I wonder if I should choose both Exchange servers as source servers when I have a DAG of two Exchange 2016 servers (and a witness server).

  48. Nicholas

    I am getting stuck on the last part “setting source server” when I select the server and click ok the page doesn’t go any where. The ok button turns blue and just sticks there. I have tried in IE and Chrome and it happens in both browsers. Suggestions?

    1. Avatar photo
      Paul Cunningham

      Not sure what’s happening there. Should be able to simply highlight one or more servers, click Add, then click OK.

    2. Marko

      Did you manage to fix it? I am dealing with the same problem 🙁

      1. Vidar O.

        I had the same problem. I got it to work by logging in to the server, open browser and browse to https://localhost/ecp. Doing it for there worked fine.

    3. Billk

      I had same issue with Chrome. I used IE from a workstation in domain and it resolved the issue!!

  49. Richard

    Can i make the shared emailbox as read only for all the users so they can read it but cannot delete from the main box?

  50. Marin

    Hello,

    I’m deploying Exchange 2016 , it is a new environment and I’m replacing an email appliance that was able to route all the email to a smart host, even the email for clients hosted in the same database.
    Is it possible to do something similar en exchange? To route all the email or at least the email from OWA users to a smart host even for users in the same database? or at least send the email to the smart host and to the exchange mailbox as well?
    This sounds weird but is what the costumer wants 🙂

      1. Marin

        there are a lot of statistics that are pulled for different people from the smart host reports, and also most of the rules are set in the smart host for email delivery restrictions and so on.
        So it would be easier to route all emails to the smart host and keep the reports as they are now than changing the reporting to exchange and changing the whole process.
        Thats the main reason

        1. Marin

          So exchange is not able to do Sender-based routing, to route email through a specific gateway?

          1. Avatar photo
            Paul Cunningham

            Not natively. But it has a lot of controls that can be applied via transport rules if you’ve got specific delivery restrictions you need. Stats can be pulled from log analysis or third party tools.

Leave a Reply