Share via

Mail Delivery Issues between Mixed Deployment of Exchange 2019 Servers 03 and 04

何志锋 26 Reputation points
2024-12-04T08:47:35.5633333+00:00

We have newly deployed two exchange 2019 servers, both of which are used for delivery to 365. One is called 03 and the other is called 04. The two servers 01 and 02 in front are exchange2013. Currently, when 03 is delivered to 04, this error 451 is reported. 4.4.395 Target host responded with error, -> 454 4.7.0 Temporary authentication failure);, in fact, the same error is reported for 01-02 delivery. We suspect that there is something wrong with 04. The fingerprints of the 04 certificate and 03 are the same. Currently, no one can deliver to the 04 server. The same is true for the 03telnet key port 04. Common

1519660305ff95fc2dc747f7fef9dcd

I would like to ask the engineer if he has any troubleshooting ideas for this situation.

Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,384 questions
Exchange Server Development
Exchange Server Development
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Development: The process of researching, productizing, and refining new or existing technologies.
558 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
2,177 questions
0 comments
Accepted answer
  1. Jake Zhang-MSFT 7,850 Reputation points Microsoft Vendor
    2024-12-05T08:53:25.3033333+00:00

    Hi @何志锋,

    Welcome to the Microsoft Q&A platform!

    Based on your description, the error "454 4.7.0 Temporary Authentication Failed" that you are experiencing usually indicates an authentication issue between your Exchange servers. Here are some troubleshooting steps you can follow to resolve this issue:

    1. Make sure the clocks on both Exchange servers (03 and 04) and the domain controller are synchronized. The time difference between them should be within 5 minutes.
    2. Verify that there are no replication issues between your domain controllers. You can force replication to ensure that everything is up to date.
    3. Make sure that the SPN for SMTPSVC is properly registered on the target server (04). You can use the SetSPN tool to check and register the necessary SPNs.
    4. Verify that the TCP/UDP ports required for the Kerberos protocol are not blocked by any firewall. This is critical for proper authentication.
    5. Make sure that the correct certificate is bound to the SMTP service on server 04. You can use the Enable-ExchangeCertificate cmdlet to bind the certificate to the SMTP service.
    6. Enable protocol logging on the Send connector to collect more details about the problem. This can help determine if there are any certificate-related issues2.

    Here are some commands that may be helpful:

    1. To check the SPN:
    SetSPN -L <ExchangeServerName>
    1. To bind the certificate to the SMTP service:
    Enable-ExchangeCertificate -ThumbPrint "<TLSCertThumbprint>" -Services SMTP
    1. To enable protocol logging:
    Set-SendConnector "<SendConnectorName>" -ProtocolLoggingLevel Verbose

    Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.

    Best,

    Jake Zhang

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. 何志锋 26 Reputation points
    2024-12-11T04:19:58.2633333+00:00

    Thank you very much, this problem was solved when I registered SPN

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.