Exchange 延遲寄信( SocketError:Failed to connect Winsock error code:10051)

Question

想請問微軟，近期本公司有同仁反應，有信件寄送發現延遲問題。

當我去查看相關Log時，發現有下列訊息：

2024-02-26T05:35:26.982Z,Internet,08DC2E1F321507A6,0,,xxx.xxx.xxx.xxx:25,*,SendRoutingHeaders,Set Session Permissions
2024-02-26T05:35:26.982Z,Internet,08DC2E1F321507A6,1,,xxx.xxx.xxx.xxx:25,*,,attempting to connect2024-02-6T05:35:26.985Z,Internet,08DC2E1F321507A6,2,xxx.xxx.xxx.xxx:51028,xxx.xxx.xxx.xxx:25,+,,
2024-02-26T05:35:26.993Z,Internet,08DC2E1F321507A6,3,172.25.150.70:51028,xxx.xx.xx.xxx
:25,<,220 spam1.xxx.xx.xx Nopam ****,
2024-02-26T05:35:26.994Z,Internet,08DC2E1F321507A6,4,172.25.150.70:51028,xxx.xx.xx.xxx
:25,>,EHLO EX01.xxx.xx.xx,
2024-02-26T05:35:26.999Z,Internet,08DC2E1F321507A6,5,172.25.150.70:51028,xxx.xx.xx.xxx
:25,<,250  spam1.xxx.xx.xx PIPELINING SIZE 37784736 ETRN STARTTLS ENHANCEDSTATUSCODES 8BITMIME DSN,
2024-02-26T05:35:26.999Z,Internet,08DC2E1F321507A6,6,172.25.150.70:51028
,xxx.xx.xx.xxx,>,STARTTLS,
2024-02-26T05:35:27.003Z,Internet,08DC2E1F321507A6,7,172.25.150.70:51028
,xxx.xx.xx.xxx:25,<,220 2.0.0 Ready to start TLS,
2024-02-26T05:35:27.003Z,Internet,08DC2E1F321507A6,8,172.25.150.70:51028
,xxx.xx.xx.xxx:25,*, CN=EX01 CN=EX01 2A2646C7D0874FB14871BB722491035C 2CB02BC1F34ECEAC590712F7B68FE0A82BBE77D8 2022-07-04T11:33:34.000Z 2027-07-04T11:33:34.000Z EX01;EX01.xxx.xx.xx,Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2024-02-26T05:35:27.010Z,Internet,08DC2E1F321507A6,9,172.25.150.70:51028,xxx.xx.xx.xxx:25,*,,TLS negotiation failed with error BadBindings
2024-02-26T05:35:27.011Z,Internet,08DC2E1F321507A6,10,172.25.150.70:51028,xxx.xxx.xxx.xxx:25,-,,Local
2024-02-26T05:35:27.011Z,Internet,08DC2E1F321507A7,0,,[2001:4420:6809:4000:xxx.xxx.xxx.xxx]:25,*,SendRoutingHeaders,Set Session Permissions
2024-02-26T05:35:27.011Z,Internet,08DC2E1F321507A7,1,,[2001:4420:6809:4000:xxx:xx:xx:xxx]:25,*,,attempting to connect
2024-02-26T05:35:27.011Z,Internet,08DC2E1F321507A7,2,,[2001:4420:6809:4000:xxx:xx:xx:xxx]:25,*,,"Failed to connect. Winsock error code: 10051, Win32 error code: 10051, Destination domain: xxx.xxx.xx, Error Message: 通訊端操作嘗試連線到一個無法連線的網路。 [2001:4420:6809:4000:xxx:xx:xx:xx]:25."

目前判斷應該是透過IPv4傳送郵件時，可以正常對接，但是後面Exchange Server似乎又會使用IPv6丟送郵件而得不到回應，因而Panding在此。

先前，我們認為這個案件和關閉TLS 1.0與1.1有關，也針對此事向微軟開了Case，Case號為2401120040001135。

微軟的工程師希望我們加以下的機碼：

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\]
"Enabled" = dword:00000001
"DisabledByDefault" = dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server\]
"Enabled" = dword:00000001
"DisabledByDefault" = dword:00000000

但是，當時的情況我們選擇了執行了Exchange的Windows Update並重新啟動，問題似乎正常解決。
然而，近期又有發生這樣的情況，讓我懷疑此問題是否是因為IPv6才會發生此狀況。

Answer 1

@張喬富 先生，您好!

注意到您提供的Log中看到有“TLS negotiation failed with error BadBindings”這樣的報錯訊息，對比了我實驗環境中可以正常送達的Log，看起來郵件延遲的問題確實很可能是TLS加密相關。

微軟的工程師希望我們加以下的機碼：

請問您的意思是說，目前您環境中的這些機碼都已經加上了嗎？如果是這樣的話，關於您提到的對IPv6的懷疑，根據下面這篇官方文檔的説法，雖然官方的建議是保持默認狀態，但另一方面，確實也有用戶反饋了iPv6會導致DNS解析的問題：
Exchange 2013 - IPv6 (To disable or not)

針對這個情況，建議您參考上述文檔中的推薦做法，開一個電話case請電話技術支援工程師再進一步評估是否確實有必要嘗試禁用iPv6:

謝謝您的理解！

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.