Exchange 延遲寄信( SocketError:Failed to connect Winsock error code:10051)

張喬富 0 信譽點數
2024-03-04T09:14:03.7466667+00:00

想請問微軟,近期本公司有同仁反應,有信件寄送發現延遲問題。

當我去查看相關Log時,發現有下列訊息:

2024-02-26T05:35:26.982Z,Internet,08DC2E1F321507A6,0,,xxx.xxx.xxx.xxx:25,*,SendRoutingHeaders,Set Session Permissions
2024-02-26T05:35:26.982Z,Internet,08DC2E1F321507A6,1,,xxx.xxx.xxx.xxx:25,*,,attempting to connect2024-02-6T05:35:26.985Z,Internet,08DC2E1F321507A6,2,xxx.xxx.xxx.xxx:51028,xxx.xxx.xxx.xxx:25,+,,
2024-02-26T05:35:26.993Z,Internet,08DC2E1F321507A6,3,172.25.150.70:51028,xxx.xx.xx.xxx
:25,<,220 spam1.xxx.xx.xx Nopam ****,
2024-02-26T05:35:26.994Z,Internet,08DC2E1F321507A6,4,172.25.150.70:51028,xxx.xx.xx.xxx
:25,>,EHLO EX01.xxx.xx.xx,
2024-02-26T05:35:26.999Z,Internet,08DC2E1F321507A6,5,172.25.150.70:51028,xxx.xx.xx.xxx
:25,<,250  spam1.xxx.xx.xx PIPELINING SIZE 37784736 ETRN STARTTLS ENHANCEDSTATUSCODES 8BITMIME DSN,
2024-02-26T05:35:26.999Z,Internet,08DC2E1F321507A6,6,172.25.150.70:51028
,xxx.xx.xx.xxx,>,STARTTLS,
2024-02-26T05:35:27.003Z,Internet,08DC2E1F321507A6,7,172.25.150.70:51028
,xxx.xx.xx.xxx:25,<,220 2.0.0 Ready to start TLS,
2024-02-26T05:35:27.003Z,Internet,08DC2E1F321507A6,8,172.25.150.70:51028
,xxx.xx.xx.xxx:25,*, CN=EX01 CN=EX01 2A2646C7D0874FB14871BB722491035C 2CB02BC1F34ECEAC590712F7B68FE0A82BBE77D8 2022-07-04T11:33:34.000Z 2027-07-04T11:33:34.000Z EX01;EX01.xxx.xx.xx,Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2024-02-26T05:35:27.010Z,Internet,08DC2E1F321507A6,9,172.25.150.70:51028,xxx.xx.xx.xxx:25,*,,TLS negotiation failed with error BadBindings
2024-02-26T05:35:27.011Z,Internet,08DC2E1F321507A6,10,172.25.150.70:51028,xxx.xxx.xxx.xxx:25,-,,Local
2024-02-26T05:35:27.011Z,Internet,08DC2E1F321507A7,0,,[2001:4420:6809:4000:xxx.xxx.xxx.xxx]:25,*,SendRoutingHeaders,Set Session Permissions
2024-02-26T05:35:27.011Z,Internet,08DC2E1F321507A7,1,,[2001:4420:6809:4000:xxx:xx:xx:xxx]:25,*,,attempting to connect
2024-02-26T05:35:27.011Z,Internet,08DC2E1F321507A7,2,,[2001:4420:6809:4000:xxx:xx:xx:xxx]:25,*,,"Failed to connect. Winsock error code: 10051, Win32 error code: 10051, Destination domain: xxx.xxx.xx, Error Message: 通訊端操作嘗試連線到一個無法連線的網路。 [2001:4420:6809:4000:xxx:xx:xx:xx]:25."

目前判斷應該是透過IPv4傳送郵件時,可以正常對接,但是後面Exchange Server似乎又會使用IPv6丟送郵件而得不到回應,因而Panding在此。

先前,我們認為這個案件和關閉TLS 1.0與1.1有關,也針對此事向微軟開了Case,Case號為2401120040001135。

微軟的工程師希望我們加以下的機碼:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\]
"Enabled" = dword:00000001
"DisabledByDefault" = dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server\]
"Enabled" = dword:00000001
"DisabledByDefault" = dword:00000000

但是,當時的情況我們選擇了執行了Exchange的Windows Update並重新啟動,問題似乎正常解決。
然而,近期又有發生這樣的情況,讓我懷疑此問題是否是因為IPv6才會發生此狀況。

Exchange Server
Exchange Server
Microsoft 用戶端/伺服器傳訊和共同作業軟體系列。
4 個問題

1 個回答

排序依據: 最實用
最實用 最新 最舊
  1. Yuki Sun-MSFT 40,871 信譽點數
    2024-03-05T02:58:56.2033333+00:00

    @張喬富 先生,您好!

    注意到您提供的Log中看到有“TLS negotiation failed with error BadBindings”這樣的報錯訊息,對比了我實驗環境中可以正常送達的Log,看起來郵件延遲的問題確實很可能是TLS加密相關。
    User's image

    微軟的工程師希望我們加以下的機碼:

    請問您的意思是說,目前您環境中的這些機碼都已經加上了嗎?如果是這樣的話,關於您提到的對IPv6的懷疑,根據下面這篇官方文檔的説法,雖然官方的建議是保持默認狀態,但另一方面,確實也有用戶反饋了iPv6會導致DNS解析的問題:
    Exchange 2013 - IPv6 (To disable or not)User's image

    針對這個情況,建議您參考上述文檔中的推薦做法,開一個電話case請電話技術支援工程師再進一步評估是否確實有必要嘗試禁用iPv6:
    User's image

    謝謝您的理解!

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.