During an Exchange migration, the "old" Exchange server may not be able to deliver mails to the new Exchange server. This happened during an Exchange 2013 to Exchange 2019 migration. Mails on the Exchange 2013 server to mailboxes that had already been migrated to Exchange 2019 could not be delivered. The queue on the Exchange 2013 server returned the following error:
[{LRT=30.08.2020 21:06:24};{LED=441 4.4.1 Error encountered while communicating
with primary target IP address: „421 4.4.2 Connection dropped due to SocketError.“
Attempted failover to alternate host, but that did not succeed. Either there are no
alternate hosts, or delivery failed to all alternate hosts. The last endpoint
attempted was 192.168.1.10:475};{FQDN=exchange2019.domain.local};{IP=192.168.1.10}]
The error "421 4.4.2 Connection dropped due to SocketError" can have several causes, but in migration scenarios the lack of support for TLS 1.2 is usually the main cause. The above error message occurred on an Exchange 2013 server that was installed on Windows Server 2018 R2. The Exchange 2013 server should be migrated to Exchange 2019 on Windows Server 2019.
The cause of the error was the lack of TLS 1.2 support on the Exchange 2013 server. The server was configured to operate as a TLS 1.2 server, but not as a TLS 1.2 client. This meant that the Exchange 2013 server could accept TLS 1.2 connections, but could not establish TLS 1.2 connections to the Exchange 2019 server itself. However, Exchange 2019 requires TLS 1.2.
To resolve the issue and enable TLS 1.2 on Exchange 2013 in client mode, the following registry key can be created:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
Two DWORDs can now be created under this path:
DWORD: DisabledByDefault
Value: 0
DWORD: Enabled
Value: 1
If the key with the name "Server" is also missing, this should also be created and the same DWORDs should be created as described above.
After restarting the "MSExchangeTransport" service, the queue was processed on the Exchange 2013 server and the delivery of the mails works perfectly.
Here you will find everything you need to know about TLS and Exchange Server: