Tag Archives: New-ReceiveConnector

SMTP Relay in Exchange 2010

When an Exchange 2010 Hub Transport Server is installed two Receive Connectors are automatically created:

  • Client Receive Connector – used by end users with an SMTP client that want to send out messages. This is authenticated SMTP and the connector is using port 587 for this;
  • Default Receive Connector – used to receive SMTP messages on port 25 from other Exchange Hub Transport Servers or the Edge Transport Server.

I always recommend not to change the default receive connectors with the exception of setting Anonymous Users on the Permission Groups to allow other SMTP hosts to submit messages as well.

image

Relaying SMTP messaging

For relaying SMTP messaging I normally recommend to use an additional Receive Connector with an additional IP address on the server. This IP address can have an easy to remember FQDN like relay.contoso.com

To create the new Receive Connector use the following command in the Exchange Management Shell:

New-ReceiveConnector –Name “Relay Connector (EXCH01)” –usage Custom –Bindings 10.19.67.33:25 –FQDN relay.contoso.com –RemoteIPRanges 10.19.67.201 –Server ServerName –PermissionGroups AnonymousUsers

This command will create a new Receive Connector, bind it to the IP address 10.19.67.33 (this should be on the network card of the server of course) and allow the IP address 10.19.67.201 to submit SMTP messages anonymously. However, only messages for recipients whose SMTP domain is an an Accepted Domain in the Exchange organization are accepted at this point. This is a default setting so the permissions on the Receive Connector have to be changed.

The ms-Ech-SMTP-Accept-Any-Recipient permission is to make sure that all submitted recipients are accepted by the Hub Transport Server. This permissions can be added with the Add-ADPermission cmdlet:

Get-ReceiveConnector –Identity “Relay Connector (EXCH01)” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

If you have multiple Receive Connectors and want to check whether or not anonymous relay is enabled on any connector you can use the following command:

Get-ReceiveConnector | Get-ADPermission | where {$_.extendedrights –like “*Any-Recipient”}

New-ReceiveConnector fails

When creating a new Receive Connector on Exchange Server 2007 SP3 (Update Rollup 2) the creation failed with a non-retriabele error and a “the requested attribute does not exist” error:

Active Directory operation failed on DC02.labs.local. This error is not retriable. Additional information: The parameter is incorrect.
Active directory response: 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1
The requested attribute does not exist.
Exchange Management Shell command attempted:
new-ReceiveConnector -Name ‘Relay X2007SP3’ -Usage ‘Custom’ -Bindings ‘10.0.0.217:25’ -RemoteIPRanges ‘10.0.0.213-255.255.255.255’ -Server ‘X2007SP3’

According to this article on the Microsoft Exchange Team site more people are facing this issue (scroll through the comments). It looks like something specific to UR1 and UR2 for Exchange Server 2007 SP3: http://msexchangeteam.com/archive/2010/09/09/456198.aspx

Microsoft is aware of this issue and it is currently being investigated. It looks like the schema upgrade during SP3 is not performed properly sometimes, resulting in an incorrect schema for Service Pack 3. Unfortunately the setup application of SP3 continues, resulting in these kind of errors.

That being said, you can solve it by running the Exchange 2007 SP3 schema upgrade again:

Setup.com /PrepareSchema

After this creation of a new Receive Connector is successful.

When this issue is fully investigated by Microsoft and a solution is available an official Microsoft knowledgebase article will be available as well.