Wednesday, February 15, 2017

451 5.7.3 cannot achieve Exchange server authentication



Recently, we migrated our exchange environment from Exchange 2010 to 2013, post installation of exchange 2013, we tested email routing between Exchange 2010 to 2013, and the email got delivered to 2013 user mailbox but not the other way around.

How email routing happening between Exchange 2010 to 2013: -
 
Will go a little bit back to know about Email routing on exchange 2003 and earlier version, we have to create “Email Routing Group” to exchange the emails between the legacy and higher version (exchange 2010). 

Starting from Exchange 2007 and higher version the emails are delivered between exchanges 2007 to 2010/2013/2016 based on the version, this routing method called “Version Based Routing” - https://blogs.technet.microsoft.com/exchange/2009/10/14/spotlight-on-exchange-2010-version-based-routing/

Now, we know how email routing is happening between exchange servers. Based on the above error message (451 5.7.3 cannot achieve Exchange server authentication) we can see clearly there is some mis-configuration on the receive connector.

By default, Exchange servers will use “Exchange server authentication” to accept the messages between the servers.

To fix the issue, Enable Exchange server authentication on Exchange 2010 Default receive connector.


  1. If you are configuring a Receive connector on a Hub Transport server, expand Server Configuration in the console tree, and select Hub Transport. On an Edge Transport server, select Edge Transport in the console tree.

  2. In the work pane, select the Receive Connectors tab, and then double-click the Receive connector you want to configure.

  3. Use the Authentication tab to configure security options for incoming SMTP connections:

 Exchange Server authentication   Select this option to authenticate by using an Exchange authentication mechanism, such as TLS direct trust or Kerberos through TLS.

Now mail flows in both directions between my servers.

Thanks for visiting