About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
I was testing outgoing mail flow in my new Exchange 2010 setup, which should go from the CAS Servers to the Edge server in the DMZ.
After configuring the Edge subscription I noticed that outgoing mails got stuck in the queue with the following error:
“451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.“
I verified that name resolution back and forth was ok and that I could communicate on port 25, 50389 and 50636.
Then I tried to telnet from a CAS server to the Edge server on port 25 and I noticed that there was some kind of smtp filtering active.
You can recognize it with a telnet connection because server name, version etc are masked with asterix character:
The problem is that esmtp inspection drops packets for TLS encryption (which is used between CAS and Edge).
I checked the Cisco switch and in the config there was an inspect esmtp statement in the global_policy policy-map.
After modifying the configuration the communication went fine:
no inspect esmtp
For more details see PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example
.NET .NET FrameWork Active Directory Altiris Apple Automation Manager Citrix Dell Delphi Excel Exchange Exchange2003 Exchange2010 Hack HP iOS Java LinkedIn Linux Lync MSI Office Office 2010 Passat Password PowerPoint PowerShell RES RNS510 SasLibEx SCOM Security Terminal Server ThinApp TSAdminEx VBS VCDS Visual Basic Visual Studio VMWare Volkswagen VW Windows PE Wordpress XenApp