Exchange 2010 Messages stuck in queue to remote AD site

I have recently been working on implementing a number of new exchange 2010 servers and had an issue where some mail was getting stuck in a queue. For example messages from mailboxes on Server B to mailboxes on Server A end up in one of Server B’s queues called “SMTP Relay to Remote Active Directory Site.” and the last error is 451 4.4.0 Primary Target IP address responded with: “421 4.4.2 Connection dropped.

Now I knew it wasn’t a firewall or network issue as I could telnet into port 25 from each of the servers to each other and sending email in this way also worked. Curiously I couldn’t see anything in the event logs either. The Mail Flow Troubleshooter gives the message ”It appears that the SMTP service and SMTP instance(s) on server A are started but the port did not respond. Check if there are any network errors or hung services.” Also gives “Error submitting mail.” The issue remains after a service and server restart.

The resolution for me was to re-assign the original self signed certificate to the SMTP service instead of the 3rd party CA signed certificate we were using for OWA. (even though it had a valid SAN for the internal FQDN) and then restart the transport service on server A. Once the SMTP service was using the self signed cert all the queued mail was delivered. I hope this helps someone else out there struggling with this issue.

7 Replies to “Exchange 2010 Messages stuck in queue to remote AD site”

  1. This worked for me too. I only have 1 cert, once I removed the SMTP from it and restarted the transport service. My queue emptied and SMTP added itself back to the cert.

  2. Just wanted to say a big THANK YOU for this post. I pulled an all-night-er and couldn’t think straight after working a 14 hr shift…came across your post and solved my dilemma.

  3. Hi Guys,

    After 4 days (shame on me, Really shame) I just find that the mailbox-database drive is full. (Exchange 2010 SP3 on Windows Sever 2008 R2 SP1)

    I’m really sorry for mine. Why haven’t I payed attention to it?

    (I’m sorry, but I’m new in English)

  4. This sounds very similar to the issue I am seeing now. It’s becoming a very serious problem now. When you say “reassign the original self signed certificate” what exactly is that? can you give me a step-by-step?

    Thank you in advance for any help you can provide!

  5. Thanks, this worked for me. I ended up doing this on the HT server in the source site and it worked perfectly.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.