We have created a new Exchange organization in a resource forest that runs parallel to our corporate installation. Both system are running Exchange 2013. I want to have both systems use the same Edge servers (also 2013).
- Lets call the original Exchange installation CORP
- Lets call the new Exchange installation RESOURCE
The Edge servers are subscribed to the CORP systems. I am trying to get a new send connector on the Edge servers to send a certain mail domain to the RESOURCE system. I created a new connector using ECP on the CORP system and see it has replicated to the Edge servers. When I send a message that will go through the new connector deliver fails stating that the Client does not have permissions to send as this sender. ( 5.7.1 smtp;550 )
I configured the Edge server send-connector to use Basic Authentication AFTER starting TLS. I have an account created in the RESOURCE forest and entered it and credentials on the send connector. I am sending on port 2525 to send to the Default receive connector (HUB) on the internal mailbox server (RESOURCE system).
On the receive connector I checked the Basic Authentication option along with the Offer basic authentication only after starting TLS. ( default hub transport - receiving on port 2525 )
I made sure that the certificate chains are present on all the servers to insure certificate validation.
I read the following links in preparation for making the above changes:
-
https://blogs.technet.microsoft.com/ehlro/2015/03/30/exchange-2013-edge-as-a-smarthost-with-basic-over-tls-authentication/
-
https://technet.microsoft.com/en-us/library/bb232082%28v=exchg.150%29.aspx
After I get the inbound messages delivering to the RESOURCE system I will then create an outbound send-connector on the RESOURCE MB server with an associated receive-connector on the Edge servers (also BASIC Authentication)
Any suggestions for getting around the issue? -- the Client does not have permissions to send as this sender. ( 5.7.1 smtp;550 )
Should I be using a receive connector other than the Default Hub Transport receive connectgor?
Will adding Basic Authentication to this recive connector adversely impact any other default Exchange routing?
Does the AD account used for the Basic Authentication require any special permissions?
Anxious to hear how bad I messed things up :)
Thanks in advance
Tom