Topic Last Modified: 2007-11-20

This topic provides information about how to troubleshoot Microsoft Exchange Server 2007 mail flow issues between Exchange 2007 and Exchange Server 2003 and Exchange 2000 Server. After you install Exchange 2007 into your Exchange 2003 or Exchange 2000 organization, you may notice that there is no mail flow from Exchange 2007 to Exchange 2003 or Exchange 2000. However, you can send e-mail messages from Exchange 2003 or Exchange 2000 to Exchange 2007. The queue is in retry mode with the following error information:

"451 4.4.0 Primary IP address responded with: 535 5.7.3 anonymous authentication not allowed."

This issue occurs when the fully qualified domain name (FQDN) setting on the Exchange 2003 or Exchange 2000 server's Simple Mail Transfer Protocol (SMTP) virtual server does not match the internal FQDN of the server.


To resolve the problem, change the FQDN to the correct name.

Before You Begin

To perform this procedure, the account you use must be delegated the following:

  • Membership in the local Administrators group

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Active Directory Service Interfaces (ADSI) Edit can be run from a client computer or server. The computer does not have to be a member of a domain, but the user must have the rights to view and edit the Active Directory directory service domain to which the user is connecting. For more information about how to use ADSI Edit, see Adsiedit Overview.

If you use ADSI Edit or any other Lightweight Directory Access Protocol (LDAP) version 3 client, and you incorrectly modify the attributes of Active Directory objects, serious problems may occur. These problems may require you to reinstall Windows Server 2003, Exchange 2007, or both Windows Server 2003 and Exchange 2007. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.


To use ADSI Edit to change the FQDN to the correct name

  1. Install ADSI Edit.

  2. Launch ADSI Edit. Click Start, click Run, type adsiedit.msc in the text box, and then click OK.

  3. Locate the servicePrincipalName attribute for the Exchange 2003 or Exchange 2000 server by going to this location: CN=Computers under Domain Configuration.

  4. Right-click the Exchange 2003 or Exchange 2000 server, and then click Properties.

  5. Select the servicePrincipalName attribute for this Exchange 2003 or Exchange 2000 server.

  6. Determine the value in the format of SMTPSVC/FQDN and make sure the FQDN is correct. If the FQDN is incorrect, change it to the correct FQDN.

  7. In Exchange System Manager on the Exchange 2003 or Exchange 2000 server, click the SMTP virtual server that you want to configure.

  8. On the Action menu, click Properties.

  9. Click the Delivery tab, and then click Advanced.

  10. In the Advanced Delivery dialog box, type the same FQDN as the one you identified in the servicePrincipalName attribute.

  11. Click OK to close the virtual server properties.

  12. Stop, and then restart the SMTP service.

  13. Click OK, and then close ADSI Edit.