Hi guys,
We have a very strange problem in our environment.
First let me explain our setup which have been working successfully for more that four years until last Sunday.
We have two servers running Exchange 2010 Enterprise. Both server are running The Hubtransport role, the CAS role and the mailbox role.
The servers are members of a DAG solution and both servers normally have active databases.
Last week we configured a new Certificate from GoDaddy. At first everything worked fine but I had trouble applying the certificate on one of the servers to the Hub transport role.
Last Sunday we noticed mails send from server a towards users hosted on Server B got stuck in the Queue.
After a lot of trouble shooting I created a ticket at MS. They helped me but it didn't went as smooth as we wanted.
I was really hoping they would tell me I just made a mistake which was easy to fix..
Unfortunately Microsoft told me yesterday they couldn't help me anymore and that I needed to perform an Inplace Updgrade which should fix the problem with the old Certificate.
This reminds me I forgot to mention something :), since I couldn't apply the new certificate to the transport role the old one was still used. Result TLS handshake mismatch..
After the disappointing message from Microsoft we worked during the evening to get stuff sorted out. I mean if people tell you, you can't fix stuff, you are kind of forced to proof them wrong...
If you have the same feeling this is your chance :) Any help is appreciated!!
Status at the moment:
We got rid of the old certificate; although MS told us this wasn't possible we still sorted it out.
Since our certificate from GoDaddy couldn’t hold the FQDN anymore we entered this in a Self Signed Cert. and assigned this to the SMTP service.
Right now queues are still pilling up the error message we get:
451 4.4.0 Primary target IP Address Responded with: "421 4.4.2 Connection Dropped due to SocketError."
I tried every single thing which I could found on the WWW to sort it out, I mean everything!
Mail sent from Server A still isn't delivered to people on Server B and the other way arround
I checked if there was a issue with the internal DNS, if there were problems to setup a SMTP session on port 25 between the two servers.
No problems to be found. Both Servers are showing StartTLS.
So basically I got stuck. if anyone of you guys had this at a certain moment and sorted it out, please share it with me.
Like mentioned your help is appreciated!