Home

Exchange OnPremises mailflow issue ( Remote(ConnectionReset) )

%3CLINGO-SUB%20id%3D%22lingo-sub-721418%22%20slang%3D%22en-US%22%3EExchange%20OnPremises%20mailflow%20issue%20(%20Remote(ConnectionReset)%20)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-721418%22%20slang%3D%22en-US%22%3E%3CP%3Ewe%20have%20an%20organization%20in%20hybrid%20with%20central%20exchange%202016%20relay%20servers%20that%20relay%20the%20inbound%20messages%20to%20the%20satelite%20locations.%20The%20inbound%20mail%20from%20O365%2Finternet%20arrive%20just%20fine%20on%20the%20relay%20servers%20and%20then%20get%20queued%20for%20delivery%20to%20the%20onpremises%20exchange%20server.%20All%20onpremises%20exchange%20reside%20in%20the%20same%20AD%20Forest%20and%20mail-delivery%20TLS%20is%20based%20on%20the%20exchange%20server%20trusted%20certificates.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethe%20satelite%20location%20network%20connection%20is%20using%20wireless%20broadband%20that%20can%20be%20either%20Sattelite%2F4G%2FWiFi%20based%20on%20availability%20of%20the%20best%20provider.%20The%20messages%20queue%20and%20in%20some%20cases%20the%20messages%20are%20stuck%20and%20the%20error%20in%20the%20smtpreceive%20log%20is%20%22Remote(ConnectionReset)%22.%20The%20lasterror%20on%20the%20sending%20relay%20server%20is%3A%3C%2FP%3E%3CP%3ELastError%20Status%3CBR%20%2F%3E---------%20------%3CBR%20%2F%3E450%204.4.318%20Connection%20was%20closed%20abruptly%20(SuspiciousRemoteServerError)%20Retry%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20network%20traffic%20capture%20with%20wireshark%20shows%20a%20lot%20of%20package%20retransmit%20and%20finally%20you%20see%20RST%20(reset)%20messages.%3C%2FP%3E%3CP%3EThe%20OUTBOUND%20traffic%20from%20the%20satellite%20location%20towards%20the%20central%20relay%20seems%20to%20be%20just%20fine%20which%20makes%20me%20wonder%20where%20to%20search%20for%20the%20real%20issue%2Fcause.%3C%2FP%3E%3CP%3EAs%20the%20nature%20of%20the%20WAN%20connection%20via%20satellite%2F4g%2Flonge%20range%20wifi%20is%20sensitive%20to%20dataloss%2Finefficiency%20that%20should%20impact%20both%20directions%20but%20I%20see%20mainly%20issues%20inbound%20towards%20the%20satellite%20exchange%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eany%20suggestions%20related%20to%20TCP-stack%20optimization%20(Set-NetTcpSetting%20profile%20optimization%3F%3F)%20or%20which%20exchange%20log%20to%20check%20if%20the%20receiving%20server%20is%20the%20issue%20or%20the%20network%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethe%20intrusion%20detection%20(checkpoint)%20has%20been%20bypassed%20for%20the%20exchange%20related%20traffic.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20any%20suggestions.%3C%2FP%3E%3CP%3ERgds%2C%3C%2FP%3E%3CP%3EEric%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-721418%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-726163%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20OnPremises%20mailflow%20issue%20(%20Remote(ConnectionReset)%20)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-726163%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F366819%22%20target%3D%22_blank%22%3E%40env296%3C%2FA%3E%26nbsp%3Bout%20of%20curiosity%2C%20are%20you%20using%20port%2025%20on%20the%20WAN%20ip%20of%20the%204g%20devices%3F%20Or%20do%20you%20establish%20VPN%20tunnels%20first%20and%20then%20tunnel%20the%20SMTP%20traffic%3F%20I%20would%20think%20a%20VPN%20tunnel%20would%20help%20you%20to%20bypass%20any%20port%20filters%20that%20might%20be%20imposed%20by%20the%204g%20cellular%20carriers.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
env296
Occasional Visitor

we have an organization in hybrid with central exchange 2016 relay servers that relay the inbound messages to the satelite locations. The inbound mail from O365/internet arrive just fine on the relay servers and then get queued for delivery to the onpremises exchange server. All onpremises exchange reside in the same AD Forest and mail-delivery TLS is based on the exchange server trusted certificates.

 

the satelite location network connection is using wireless broadband that can be either Sattelite/4G/WiFi based on availability of the best provider. The messages queue and in some cases the messages are stuck and the error in the smtpreceive log is "Remote(ConnectionReset)". The lasterror on the sending relay server is:

LastError Status
--------- ------
450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError) Retry

 

The network traffic capture with wireshark shows a lot of package retransmit and finally you see RST (reset) messages.

The OUTBOUND traffic from the satellite location towards the central relay seems to be just fine which makes me wonder where to search for the real issue/cause.

As the nature of the WAN connection via satellite/4g/longe range wifi is sensitive to dataloss/inefficiency that should impact both directions but I see mainly issues inbound towards the satellite exchange server.

 

any suggestions related to TCP-stack optimization (Set-NetTcpSetting profile optimization??) or which exchange log to check if the receiving server is the issue or the network?

 

the intrusion detection (checkpoint) has been bypassed for the exchange related traffic.

 

Thanks for any suggestions.

Rgds,

Eric

1 Reply

@env296 out of curiosity, are you using port 25 on the WAN ip of the 4g devices? Or do you establish VPN tunnels first and then tunnel the SMTP traffic? I would think a VPN tunnel would help you to bypass any port filters that might be imposed by the 4g cellular carriers. 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
50 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
32 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
15 Replies
Dev channel update to 80.0.355.1 is live
josh_bodner in Discussions on
67 Replies