Rerouting outbound SMTP mail through Exchange 2016 Send Connectors from Exchange 2010 fails with: 451 4.4.0 Primary target IP address responded with: “421 4.3.2 Service not available.”

Problem

You’re currently migrating from Exchange Server 2010 to 2016 and have just reconfigured the Send Connectors to route outbound SMTP mail through Exchange 2016 but notice that sent emails are stuck in the Exchange 2010 queues with the following error:

451 4.4.0 Primary target IP address responded with: “421 4.3.2 Service not available.” Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

image

image

Solution

One of the reasons why this error would be thrown is if the receive connectors configured on Exchange 2016 are not allowing Exchange 2010 servers to relay email through them.  To correct the problem, either locate an existing or create a new FrontendTransport receive connector and configure the following permissions:

image

Authentication:

  • Transport Layer Security (TLS)
  • Integrated Windows authentication
  • Exchange Server authentication

Permissions Group

  • Exchange servers
  • Legacy Exchange servers

Ensure that this receive connector’s Remote network settings is configured to allow the IP addresses of the Exchange 2010 hub transport servers.

With the above configured, the queued up mail on the Exchange 2010 servers should retry with success.