Hello Office365 Admins,
450 4.4.101 Proxy session setup failed on Frontend with ‘451 4.4.0 Primary target IP address responded with “451 5.7.3 STARTTLS is required to send mail.” Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was <endpoint>’.
I did some search and I found a Microsoft article says: to solve this issue you should Remove the TLSCertificateName and TLSDomainCapabilities properties from the receive connector on the hybrid server: https://support.microsoft.com/en-us/kb/2989382
I did the above steps in the article but unfortunately the issue didn’t resolved in my case.
the exchange topology in the site is:
- Two Exchange 2010 client access servers.
- Two Exchange 2010 Mailbox Servers.
- One Exchange 2010 Edge server.
- CISCO ASA Firewall.
Now, while I am trying to telnet mydomain.mail.protection.outlook.com on port 25 from the edge server I receive a stars (220 ***********************************************************) as below:
The result:
Once you receive a result like above this means that the SMTP inspection is enabled in the firewall and as you know this feature make a lot of issues in the mail flow usually, so I asked the the Network team to disable the SMTP Inspection in the CISCO ASA, once it’s disabled all mail flow worked like a Magic 🙂
About blogger …
Ahmad Yasin (MCSA office 365, MCSE, Messaging, Azure certified)
Ahmad is currently working in Specialized Technical Services Company (STS).
Thanks for info 🙂
Welcome bro 🙂
Hi Ahmad Yasin,i am getting following error when validating office 365 connector
450 4.4.317 Cannot connect to remote server Message=451 5.7.3 STARTTLS is required to send mail
Yes sir, did you apply the solution mentioned in the article ?
Wish I found this a couple of hours ago! Thank you!
Thank Dan for your feedback 🙂
Great post! Saved me a lot of time. Cheers