question

DisabledLivesMatter-3766 avatar image
DisabledLivesMatter-3766 asked ·

How to fix [Message=421 4.3.2 Service not available] error??

We can't send email from an O365-only test account mailbox to our on-premises mail server, which has already been set up as a hybrid Exchange server.

Wireshark shows this packet, I don't know how to save it as text:

31219-wireshark-packet-capture-2020-10-09-101207.png

The Exchange 2013 server shows this in its transport log:

2020-10-08T15:43:56.170Z,E13\Email from Barracuda,08D86B3B4FC0E0CD,64,172.x.x.8:25,172.x.x.x:42148,-,,Local
2020-10-08T15:44:06.827Z,,08D86B3B4FC0E0CF,0,127.0.0.1:25,127.0.0.1:21656,+,,
2020-10-08T15:44:06.827Z,,08D86B3B4FC0E0CF,1,127.0.0.1:25,127.0.0.1:21656,>,421 4.3.2 Service not available,
2020-10-08T15:44:06.827Z,,08D86B3B4FC0E0CF,2,127.0.0.1:25,127.0.0.1:21656,-,,Local
2020-10-08T15:44:19.407Z,,08D86B3B4FC0E0D0,0,172.x.x.8:25,104.47.58.176:63456,+,,
2020-10-08T15:44:19.407Z,,08D86B3B4FC0E0D0,1,172.x.x.8:25,104.47.58.176:63456,>,421 4.3.2 Service not available,
2020-10-08T15:44:19.407Z,,08D86B3B4FC0E0D0,2,172.x.x.8:25,104.47.58.176:63456,-,,Local
2020-10-08T15:44:40.471Z,,08D86B3B4FC0E0D2,0,172.x.x.8:25,104.47.66.40:11473,+,,
2020-10-08T15:44:40.471Z,,08D86B3B4FC0E0D2,1,172.x.x.8:25,104.47.66.40:11473,>,421 4.3.2 Service not available,
2020-10-08T15:44:40.471Z,,08D86B3B4FC0E0D2,2,172.x.x.8:25,104.47.66.40:11473,-,,Local
2020-10-08T15:44:52.628Z,,08D86B3B4FC0E0D3,0,172.x.x.8:25,104.47.55.173:58944,+,,
2020-10-08T15:44:52.628Z,,08D86B3B4FC0E0D3,1,172.x.x.8:25,104.47.55.173:58944,>,421 4.3.2 Service not available,
2020-10-08T15:44:52.628Z,,08D86B3B4FC0E0D3,2,172.x.x.8:25,104.47.55.173:58944,-,,Local

172.x.x.8 is our Exchange 2013 email server internal IP address.

Our Exchange server also has a Barracuda 300 email gateway through which all mail should pass, and we do have a receive connector for the Barracuda.

The 421 4.3.2 Service not available error seems to indicate the smtp service is not available, but why is this happening?? All other email from other email addresses works fine, just not this email. Mail transport services are running properly so far as I can see, I even restarted them.

Message trace in Exchange Online Admin:

Reason: [{LED=450 4.4.317 Cannot connect to remote server [Message=421 4.3.2 Service not available] [LastAttemptedServerName=mail.domain.org] [LastAttemptedIP=216.x.x.x:25] [CO1NAM11FT015.eop-nam11.prod.protection.outlook.com]};{MSG=421 4.3.2 Service not available};{FQDN=mail.domain.org};{IP=216.x.x.x};{LRT=10/9/2020 1. OutboundProxyTargetIP: 216.x.x.x. OutboundProxyTargetHostName: mail.domain.org

216.x.x.x is the outside IP of our Exchange 2013 mail server.

I have seen that 450 4.4.317 is a certficate error, so I attached the appropriate certificate to the default email server receive connector and to the O365 send connector, then re-ran the hybrid config wizard, to no avail.

I don't know yet how the Barracuda receive connector fits into the picture either, since the 421 4.3.2 error is about something within the Exchange server.




office-exchange-server-connectivityoffice-exchange-server-mailflowoffice-exchange-server-itprooffice-exchange-hybrid-itpro
1 comment
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @DisabledLivesMatter-3766
According to your description, this question seems to be related to Exchange, so we would move the irrelevant tags.

0 Votes 0 · ·
DisabledLivesMatter-3766 avatar image
DisabledLivesMatter-3766 answered ·

Fixed.
Had to add custom receive connector scoped to O365 IPs for port 25.
Then had to bind ssl certificate to three receive connectors: default, default frontend, above-mentioned custom receive connector.

1 comment Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Glad to hear that, and thanks for your sharing. You solution may help others with the similar issue.
If you have any other issues about Exchange, please feel free to post in Microsoft Q&A.

Have a nice day.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 · ·
LydiaZhou-MSFT avatar image
LydiaZhou-MSFT answered ·

@DisabledLivesMatter-3766

Do you mean you have the hybrid environment, and only messages from your O365 organization cannot be received by on-premises mailboxes?
Can on-premises users receive messages from other O365 organization?

In general, HCW creates connectors for mail flow between on-premises and O365, and default receive connectors on-premises Exchange also will be used, no additional connectors need to be created manually.
Please check the configuration of Barracuda email gateway, you can disable it temporarily then test the mail flow from your O365 again.

You can check the message tracking logs of on-premises Exchange servers, to see where the message is blocked:

 Get-TransportService|Get-MessageTrackingLog -MessageSubject <subject> -Sender <mailbox address> -Recipients <mailbox address> |select timestamp,EventID,Source,ConnectorID|sort-object Timestamp

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 comment Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


It's hard to tell if you read my post, since some of my questions cover things I already said in my first post.

YES it is a hybrid configuration and YES this mail server can receive email from OTHER O365 sites, just not our own O365 mailboxes.

All default and O365 connectors are already configured.

Wrt disabling Barracuda email security -- how do you propose that I do this?? Furthermore, no one would receive ANY email if I did this. :)

Regarding the message tracking, the above-posted log entry DOES come from the receive transport log within the Exchange server itself.

Finally, it's not exactly a 'blocked' issue. It's a NOT AVAILABLE issue. The Wireshark packet and the log clearly say "Service not available" referencing the SMTP service.

WHAT is making the SMTP service not available?? WHY is this message occurring??

Thank you, TOm

0 Votes 0 · ·
LydiaZhou-MSFT avatar image
LydiaZhou-MSFT answered ·

@DisabledLivesMatter-3766

Since the description in the question may have other ways to understand, please understand that I have to reconfirm with you.
I did notice that you put a part of the message tracking log, but I need more specific information, and I provided the command with needed parameter to filter the message tracking log.

Did you create a new receive connector or modify the default receive connector for the gateway?

In general, messages from your O365 organization should be treated as internal emails and we cannot put the third-party gateway between your on-premises and O365 organization. In the Exchange 2013 hybrid environment, the default receive connector "Default Frontend" is modified for hybrid mail flow. The configuration for the receive connector may also be the cause for your mail flow issue. You can use this command to check the receive connector settings:

 Get-ReceiveConnector <connector identity>|fl

Here is a blog about hybrid mail flow, you may get more details from it: Office 365 – Common Exchange Online Hybrid Mail Flow Issues.
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

4 comments Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for the link and for the suggestions. It will take some time to review everything to figure out what/where/why things are not working as desired.
Plan now is to have someone with more experience than I in Exchange 2013/Online review the setup and get things working.

0 Votes 0 · ·
LydiaZhou-MSFT avatar image LydiaZhou-MSFT DisabledLivesMatter-3766 ·

Well, if you have any updates to share or need further assistance, please feel free to post here.
Hope your issue can be solved soon.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 · ·

Just checking in to see if above information was helpful. Please let us know if you would like further assistance.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 · ·
Show more comments