Cannot send external mail when your smart host server is different from the ISP server where your e-mail is stored in Windows Small Business Server 2003
After you configure your Microsoft Windows Small Business Server 2003-based computer to send and to receive Internet e-mail, you cannot successfully send e-mail messages through the SmallBusiness Simple Mail Transfer Protocol (SMTP) connector. The e-mail messages remain in the outgoing mail queue.
Additionally, if you configure diagnostic logging for the MSExchangeTransport service, an event that is similar to the following may appear in the Application log:
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: Connection Manager
Event ID: 4006
Message delivery to the host 'SmartHost' failed while delivering to the remote domain 'SmartHostFQDN' for the following reason: The remote SMTP service rejected AUTH negotiation.
For more information, see Help and Support Center at http://support.microsoft.com.
This problem may occur if all the following conditions are true:
- You configured e-mail delivery to forward all e-mail to a smart host server.
- The smart host server is different from the Internet Service Provider (ISP) mail server where your e-mail is stored.
- You configured e-mail retrieval to use TURN authentication.
For example, you may experience this problem if you configure the SmallBusiness SMTP connector by using the following settings in the Configure E-mail and Internet Connection Wizard:
- In the E-mail Delivery Method window, you click Forward all e-mail to e-mail server at your ISP. In the E-mail server box, you type the name of a smart host server.
- In the E-mail Retrieval Method window, you do all the following:
- You click to select the Use Exchange check box.
- You click E-mail is held at my ISP until my server sends a signal.
- In the Specify the e-mail server to send the signal to box, you type a server name that is different from the name of the smart host server. This server name specifies the ISP's e-mail server that your Microsoft Exchange server will send its signal to.
- You click Turn after authentication.
- In the TURN Authentication Information window, you type the appropriate user name and password for the account that is used to authenticate Exchange to your ISP's mail server.
In this case, the authentication request fails when you try to send e-mail to the Internet through the SmallBusiness SMTP connector. The SMTP connector tries to authenticate to the smart host server by using the outbound security credentials that you specified for TURN authentication. The authentication request fails because the outbound security user name and password are configured for the server that Windows Small Business Server retrieves incoming mail from, and not for the smart host server. Although the Windows Small Business Server-based computer cannot send Internet e-mail, the computer can successfully receive Internet e-mail messages because the authentication information is correct for the mail retrieval side.
To work around this problem, configure two separate SMTP connectors to send and to receive Internet mail. To do this, follow these steps:
- Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.
- In Exchange System Manager, expand Connectors.
Note If administrative groups or routing groups are displayed in Exchange System Manager, you have to expand the administrative group or the routing group to access the connectors.
- Right-click the SMTP connector, and then click Properties.
Note By default, the SMTP connector is named SmallBusiness SMTP connector.
- Click the Advanced tab.
- Click to select Do not send ETRN/TURN, and then click OK.
- Right-click Connectors, point to New, and then click SMTP Connector.
- In the Name box, type a name for the connector, such as TURN Retrieval.
- Under Local bridgeheads, click Add.
- In Add Bridgehead, click to select the SBS computer, and then click OK.
- Click the Address Space tab.
- Click Add, click to select SMTP, and then click OK.
- In the E-mail domain box, type nodomain.local, and then click OK.
- Click the Advanced tab.
- Click Outbound Security.
- Click to select Basic Authentication (password is sent in clear text), and then click Modify.
- Type the username and the password of the account that is authorized to retrieve mail by using TURN, and then click OK.
- If the TURN server uses Transport Layer Security (TLS) encryption, click to select the TLS encryption box.
Note If you do not know whether the TURN server uses TLS encryption, contact the Internet service provider that is hosting the server.
- Click OK.
- Click to select Request ETRN/TURN from different server, and then type the fully qualified domain name (FQDN) or the IP address of the TURN server in the Server box.
- In the Connection time box, click to select a schedule for mail retrieval, or click Customize to create a custom schedule.
- Under Specify how to request that remote servers dequeue mail, click to select Issue TURN (Requires Basic or Windows security), and then click OK.
If you want to test mail retrieval by using the new SMTP connector, you can force a connection instead of waiting for a scheduled mail retrieval. To do this, follow these steps:
- In Exchange System Manager, expand Servers.
- Expand ServerName, and then click Queues.
- In the list of queues, right-click the queue for the new SMTP connector, and then click Force connection.
If the server does not retrieve the mail, contact the Internet service provider that is hosting the TURN server to verify the server address, authentication method, and the credentials that are used to retrieve the mail.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Article ID: 827601 - Last Review: December 3, 2007 - Revision: 3.2
- Microsoft Windows Small Business Server 2003 Standard Edition
- Microsoft Windows Small Business Server 2003 Premium Edition