Hi, I am halfway through migrating a Hybrid deployment from 2010 to 2013. Configuration as below:
Production:
1x 2010 CAS/HT/MBX server
2x 2013 CAS/MBX servers in DAG (EX01 is getting all mail-flow)
It's worth noting that they reversed the sites, the 2010 box is in the same AD site as the 2013 DR server.
DR:
1x 2013 CAS/MBX server in DAG
They also have 365 tenant with Exchange online. Currently all mail flows through 365 to on-premise, all outbound mail flows from on-premise to 365.
I'm about to begin migrating mailboxes over, but with a few test users I've discovered the following issue.
Once a user is migrated to any 2013 box, mail-flow is fine. They can send/receive externally fine. They can send to 2010/2013 mailboxes fine as well. The problem comes when sending from 2010 mailbox to a 2013 mailbox, on the 2010 server the mail just sits in the queue:
Next Hop Domain: DR site
Delivery Type: SMTP Relay to Remote Active Directory Site
Last Error: 451 4.4.0 Primary target IP address responded with: "421 4.3.2 Service not available". Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
So I did some testing, I am unable to telnet from the 2010 box to any of the 2013 boxes on port 25. So I added the 2010 IP into the 'Default Frontend EXxx' receive connector on each of the 2013 boxes, this resolved the service not available error, but returned a different error:
451 4.4.0 Primary target IP responded with "451 5.7.3 Cannot achieve Exchange Server authentication" etc which makes sense because the 'Default Frontend' connectors don't have exchange server authentication enabled. But I can't simply enable this as other authentication methods are enabled and this is how it came from being installed and I don't want to break mail-flow. My understanding is that 2013 should simply "know" how to route 2010 messages.
David Robertson