Try our new Certificate Revocation List Check Tool
CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.
Category published:  Microsoft Exchange   Click on the Category button to get more articles regarding that product.

Exchange 2013 LED 441 4.4.1 Mail Flow stuck because of Receive Connector SELF MADE wrong

Posted by admin on 15.10.2015

ERROR:

LED=441 4.4.1 Error encountered while communicating with the Primary Target IP address (Failed to connect. Winsock error code: 10060, Win32 error code 10060. Attempted failover to alternate host)

 You see E-Mail in the Queue and have no E-Mail flow on Exchange 2013:

 

This can have following error sources:

  1. DNS Settings of NIC (Server)
  2. DNS Settings of Exchange itself (Not the OS DNS the under /ECP)
  3. HIDDEN OLD NIC as example replaced or in VM
  4. RECEIVE CONNECTOR with DUBLETTE criteria (SELF MADE which reflects built in CRITERIA)

 
 

Here is how to resolve in steps:

  1. Check if all AUTOMATIC Services from Exchange are running (Exchange 2013 CAN take Services DOWN if he thinks something is wrong)
  2. Restart full Exchange or all *TRANSPORT* Services
  3. Check your DNS Settings in Exchange ITSELF (/ECP) and on your NIC’s (https://www.butsch.ch/post/Exchange-2013-451-470-Temporary-Server-errors-Please-Try-Again-Later-PRX.aspx
  5. Receive Connector > Check all additional RECEIVE Connector and IF they have common criteria with OTHER built in receive connector. If worst CASE both have the MANY identical Criteria on your SELF MADE you may have to change from Port 25 to 26. Test by removing the SELF MADE receive connector and Restart the Exchange. If Mail Flow is ok then it was the connector you made. (https://www.butsch.ch/post/Exchange-2007-2010-How-to-RELAY-ANONYMOUS-for-clients-or-Servers-(GermanEnglish).aspx) < THIS has not changed from 2007/2012 in terms of selection through Criteria.

     
     

     
     

Look out for IP ranges, which are in Connector two times AND have the same setting on PORT, Authentication etc. If Exchange DOES not KNOW, WHICH receive connector to take/use he will end up in a loop and may take down services in 2013 if this happen many times.

  
 

Some sample Connector Criteria:

 

Sample wrong Connector range which covers the “OTHER” Exchange Server which would have IP 192.168.200.10 and thus Exchange would FALSE use this connector for INTERNAL MAIL FLOW (Exchange Mail Flow). Beside this would open MAIL RELAY for the Full VLAN segment in Ransomware days.

 

 
 


 Category published:  Microsoft Exchange   Click on the Category button to get more articles regarding that product.

Related Post

Microsoft Exchange Server SE (Subscription Edition) ab Herbst 2025

CRLcheck.exe Certificate Revocation List Check Tool to verify all CRL and OCSP on Windows client

Exchange CVE-2024-21410 2016 2019 Extended Protection Kemp-F5 and Modern Hybrid Mode problem

Template theme: Newsup by Themeansar (External Link, you will leave www.butsch.ch).