Wednesday, April 25, 2012

Receive Connector Rejected an Incoming Connection

On an Exchange server, you might get the error below if you have a server or an application creating more than 20 concurrent connections to a custom Receive Connector:

Log Name:      Application
Source:        MSExchangeTransport
Date:          04/20/2012 16:15:52
Event ID:      1021
Task Category: SmtpReceive
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      HTCAS1.letsexchange.com
Description:
Receive connector "Unauthenticated SMTP" rejected an incoming connection from IP address xxx.xxx.xxx.xxx. The maximum number of connections per source (20) for this connector has been reached by this source IP address.

This means that you have a large number of connections coming from the same IP address. To prevent connections from being rejected, if this volume of connections is normal, you have to change the maximum number of connections per source.

To check the current limit (20 by default), run the following cmdlet and look for MaxInboundConnectionPerSource:
Get-ReceiveConnector <server_name>\<name> | Select *MaxInbound*

To increase the limit, you have to use the Exchange Management Shell:
Set-ReceiveConnector <server_name>\<name> -MaxInboundConnectionPerSource 500 -MaxInboundConnectionPercentagePerSource 100

If you have the same receive connector in multiple servers, you can run the following cmdlet instead to update all at the same time and in one go:
Get-ReceiveConnector *\<name> | Set-ReceiveConnector -MaxInboundConnectionPerSource 500 -MaxInboundConnectionPercentagePerSource 100

Hope this helps!

23 comments:

  1. Excellent article and well written. Thank you!

    ReplyDelete
  2. even after changing the value to unlimited getting same error 1021

    pls Help!!

    Arun

    ReplyDelete
    Replies
    1. Hi Arun,

      Is the error message exactly the same? Can you post the message and the configuration of your Receive Connector?

      Delete
  3. There are two more values to consider. MaxInboundConnections (default 5000) and MaxInboundConnectionPercentagePerSource (default 2). Even if you set MaxInboundConnectionPersource to unlimited you will only get a maximum of 100 connections per IP (2 percent of 5000).

    ReplyDelete
    Replies
    1. Hi Joakim,

      That's a very good point, thank you!

      Delete
    2. We have two HUB transport servers in our organizataions, If I restart MSExchangeTransport service, The queue will be zero, Is it recomended to restart the MSExchangeTransport service or its better to increase the limit of maxinbound connections?

      Delete
    3. We have two Hub transport servers in our organisatation whenever I get this alert, I restart the MSExchangeTransport service, This will clear the Huge queue for me and Submission queue will be , Is this a good practice or so i need to increase the limit Maxinbound connections?

      Delete
    4. Hi Kiran,

      That is not recommended as you will be resetting the connection(s) with the source servers... Before increasing any limits, you should identify what is causing the huge number of connections in the first place - try getting a list of which servers, devices or applications are using your Receive Connectors and how many connections they are establishing. That will give you a good idea of what is going on and how to proceed.

      Let me know how it goes.

      Best regards,
      Nuno

      Delete
    5. It is helpful.
      Is there any Script which can help us with below and help us capsizing the usage?
      "try getting a list of which servers, devices or applications are using your Receive Connectors and how many connections they are establishing."

      Delete
    6. Hi.

      Have you tried using the Message Tracking Logs? The best approach, however, would probably be to enable logging on that specific receive connector, and then use the SMTP logs for that connector. Have you tried that? I am not aware of a specific script to analyse these logs though...

      Best regards,
      Nuno

      Delete
  4. Hi Nuno,

    I created custom connector the MaxInboundConnectionPersource as 100 and MaxInboundConnectionPercentagePerSource as 2%..so it should establish only 2 connection per source as per logic ..but when it tested in goes to 100 connections...which means MaxInboundConnectionPercentagePerSource doesn't shows any value for the connector...i tested them on multiple version of exchange but all looks the same...

    ReplyDelete
    Replies
    1. Hi rajisubramanian,

      By default, Exchange will accept up to 5000 connections on a Receive Connector, of which 2% can come from the same source. As such 2% of 5000 = 100 simultaneous connections from one source.

      In your case, you set the MaxInboundConnectionPerSource to 100 and the MaxInboundConnectionPercentagePerSource to 2%. However, the MaxInboundConnectionPercentagePerSource parameter specifies the maximum number of connections that a Receive connector serves at the same time from a single IP address, based on the available remaining connections on a Receive connector. The key here is the last bit.

      My guess is that your default is still 5000, so Exchange will look at MaxInboundConnectionPerSource and MaxInboundConnectionPercentagePerSource, determine which one is lower (more restrictive) and apply that one. In your case, assuming no connections are established, both parameters limit to 100 connections.
      If, for example, you already have 2000 connections active (3000 left available), the same source could theoretically use up to 60 connections (2% of 3000 = 60), even though MaxInboundConnectionPerSource is set to 100.

      If you only want one source to be able to establish up to two concurrent connections, then you need to set MaxInboundConnectionPerSource to 2.

      Hope this makes sense!

      Best regards,
      Nuno

      Delete
  5. Hi Nuno,
    I have separate CAS and mailbox roles. Need to send some mails from sending program. After some time, mails from that source stop sending, and on CAS logs I see socket error, which as I understand because of maxinboundconnections, which are default 20 and 2%. At the same time I see that on mbx default receive connector has unlimited, and 100%. Should I change my CAS maxinboundconnections value to the same as on mbx?

    ReplyDelete
    Replies
    1. Hi Ruben,
      I would first check exactly how many connections your application is establishing to the CAS server. If you are certain that it is these limits blocking it from sending more, then I would indeed increase them. However, I would not set them to unlimited!

      Best regards,
      Nuno

      Delete
  6. I hate anyone that says servername in quotes or anything like that.
    be a man and do it right
    what does it mean \name what do I put in name my server is exchange-2013 where do I put that and what is the second name???

    ReplyDelete
    Replies
    1. First of all, no need to be rude. If you don't understand something, just ask! We are here to help.
      You don't even deserve an answer, but here it is anyway:
      - , as the name suggests, is the name of your server where the receive connector is configured. As you should know, each server has its own receive connectors.
      - is the name of the receive connector as each server has several.

      Just run Get-TransportService | Get-ReceiveConnector and you will see what I mean.

      Delete
    2. Great response Nuno!

      Delete
  7. Hi Nuno,

    We are using an 2016 Edge server that only accepts smtp messages from allowed I.P.'s (these are applications that send email). We are getting rejected messages form some applications due to the MaxInboundConnectionPerSource setting. If we are using the server only for application relay, what the MaxInboundConnectionPercentagePerSource amount we can have? Can we set it to 50%,or even more? what would be the impact?

    Thanks

    Paul

    ReplyDelete
    Replies
    1. Hi Paul,

      My apologies for the long delay in replying...
      The worst case scenario would be a single IP taking over all the connections available to a server, thus preventing other servers from also relaying emails through that particular Edge server. So, although you can technically set MaxInboundConnectionPercentagePerSource to 100, it is not recommended.
      Hope this helps.

      Best regards,
      Nuno

      Delete
  8. Thanks, I knew what I needed to modify but I'm not a powershell expert and it was being obtuse. Seems like this should be in the GUI as well since its a very much needed setting.

    ReplyDelete