Question : Event ID: 7004 and 7010 servers in differnt organisation, using SMTP connectors

We have an Exchange 2003 Server in our organisation which recently start getting a lot of 7004 and 7010 errors in the Apllication log.
The recent change we have made is configured a SMTP connector to differnt Exchange organisations as we recently merged with another company. I also get a lot of NDR Event ID 3005 messages which I never used to. Most of them are to email accounts that have been disabled, mispelled , or do not exist, but there are some legitamate ones as well.Diagnostic Logging is set to NONE. I am not aware of any mail flow problems from user point of view.

Event ID 7010

This is an SMTP protocol log for virtual server ID 1, connection #6349. The client at "x.x.x.xa "xexch50" command, and the SMTP server responded with "504 Need to authenticate first ". The full command sent was "xexch50 756 2". This will probably cause the connection to fail.
Points to a Exchange 5.5 server configured on Connector A

Event ID :7004

This is an SMTP protocol error log for virtual server ID 1, connection #6353. The remote host "x.x.x.x responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 2156 2 ". This will probably cause the connection to fail.
Points to a Exchange 2003 server configured on Connector B

I looked into http://support.microsoft.com/default.aspx?scid=kb;en-us;843106 And it is saying it is a normal behaviour, if there is bo connector "Exchange Server 2003 computer in a different Exchange organization, if there is no connector configured for cross-forest trust between the Exchange organizations"
But we have a connector and forest trust relationship, so I am not sure.

Any advice is gretly appreciated .Thanks

Answer : Event ID: 7004 and 7010 servers in differnt organisation, using SMTP connectors

Hi, I know you said you have a connector and forest trust real but have you done the following.

Authentication in cross-forest scenarios
To enable cross-forest authentication

To enable cross-forest or inter-organization SMTP authentication, you must create connectors in each forest that uses an authenticated account from the other forest. By doing this, any mail that is sent between the two forests by an authenticated user resolves to the appropriate display name in the Global Address List. This section explains how to enable cross-forest authentication. In this example, there are two forests named OrgA and OrgB. 1. Create an account in the OrgA forest that has Send As permissions. (For all users in the OrgB forest, a contact also exists in the OrgA forest; therefore, this account permits users in the OrgB forest to send authenticated mail.) You must configure the new account with Send As permissions on all Exchange servers in OrgA that will accept incoming mail from the OrgB forest.
2. On an Exchange server that is in the OrgB forest, create a connector that requires authentication using the account that you created in the OrgA forest to send outbound mail.
To set up cross-forest authentication from the OrgA forest to the OrgB forest, repeat these steps to create an account in the OrgB forest and a connector in OrgA forest.

To create a user account in the destination forest with Send As permissions

Before you set up your connector in the connecting forest, you must create an account in the destination forest (the forest that you want to connect to) and give that account Send As permissions. Configure these permissions on all servers that are in the destination forest and that will accept inbound connections from the connecting forest. The procedures below describe how to set up an account in the OrgA forest and a connector in the OrgB forest, this will permit users in the OrgB forest to send mail to the OrgA forest with resolved e-mail addresses.

To create the account used for cross-forest authentication
1. In the destination forest (the OrgA forest), create a user account in Active Directory Users and Computers. This account must be an active account, but it does not require the following permissions:" Log on locally
" Log on through terminal server

2. On each Exchange server object that will accept incoming connections from the connecting forest, configure Send As permissions for this account.

Note Be careful when you create the password policy. If you set the password to expire, make sure that you have a policy rule that changes the password before its expiration date. If the password for this account expires, cross-forest authentication will fail.a. Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.
b. In the System Manager console tree, expand Servers, right-click an Exchange server that will accept incoming connections from the connecting forest, and then click Properties.
c. On the Security tab in the ServerName Properties dialog box, click Add.
d. In Select Users, Computers, or Groups, add the account that you just created, and then click OK.
e. On the Security tab, under Group or user names, select the account that you just created.
f. Under Permissions, click the Allow check box that is next to Send As.

To configure a connector and require authentication for cross-forest authentication
1. Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.
2. In the console tree, right-click Connectors, point to New, and then click SMTP Connector.
3. On the General tab, in the Name box, type a name for the connector.
4. Click Forward all mail through this connector to the following smart hosts, and then type the fully qualified domain name or IP address of the receiving Exchange 2003 bridgehead server.
5. Click Add to select a local bridgehead server and an SMTP virtual server to host the connector.
6. On the Advanced tab, click Outbound Security, and then click Integrated Windows Authentication.
7. In Outbound Connection Credentials, specify an account and a password in the Account box, the Password box, and the Confirm password box.

Note The account and password that you specify must meet the following conditions: " The account is in the destination forest (OrgA).
" The account has Send As permissions.
" The account is an authenticated OrgA account.
Use the following format for the account name:
domain\username
In this format, domain is a domain in the destination forest, and username represents an account in the destination forest that has Send As permissions on all Exchange servers in the destination forest that will accept mail from this connector.

Random Solutions

Mac client to PPTP vpn

regarding ntuser.dat file

TURN OFF FORWARDERS DNS

HTTP Server fails to start with a wallet that uses a password.

FQDN can not be resolved

how to do simple math from dos command line (for my batch file)

Setup VWIC 1MFT T1 for Call Manager Express

Problem Configuring Sun one HTTP Server with IBM Application Server for Load Balancing

GPS navigation routing engine

Netbios name and Dns resolution