Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4000 Source: SMTPSVC

Message delivery to the remote domain '<domain name>' failed. The error message is '<error message>'.
- Error message: "The remote SMTP service rejected AUTH negotiation" - See ME940207.
- Error message: "Unable to open the message for delivery" - This behavior can occur if there are multiple e-mail recipients on an outbound message, and the RCPT TO command for a recipient's address does not work and returns the status code 552. See ME281704 for a hotfix applicable to Microsoft Windows 2000.
See ME324958 to find out how to block open SMTP relaying and clean up Exchange Server SMTP queues on SBS, and ME310380 to find out how to prevent Exchange 2000 from being used as a Mail Relay in Windows 2000.

See ME820284 and ME884421 for information on how to fix this problem.
ME323350 has information on how to test SMTP services manually in Windows Server 2003.

From a newsgroup post: "If you have verified that you are closed to relay per ME310380, then you may have a compromised account that is being used for authentication. Turn SMTP Protocol Logging to Maximum in the Server -> Diagnostics Logging and check for Event ID 1708. This event will identify the account being used. Common culprits are local administrator accounts with blank passwords, username = test\password = test, and others".

This problem may be caused by the NAT router if you are using one. From a newsgroup post: I am running SMTPSVC under Windows 2000 Professional SP4. I own a Netgear RT314 router. I learned that the router's DNS server does not listen to TCP queries. This explains why SMTPSVC, which by default sends TCP DNS queries, does not work if it sends its query to the router's DNS server. If SMTPSVC forwards the query, to an external DNS server (which obviously handles TCP DNS queries), SMTPSVC works correctly.
I received two suggested solutions for this problem:
1. Leave the external DNS servers configured in the NIC.
2. Configure the SMTPSVC to use UDP for DNS queries. How to accomplish this, is explained in ME330070.

From a newsgroup post: "We use a monitoring tool called Event Sentry. We were asked by the monitoring team to enable SNMP. Well what we did not realize was that this application would suck up about 5000 UDP ports effectively killing all other UDP traffic including DNS".
I was getting this error at random times on a Windows XP Pro SP2 with IIS and the MS SMTP service. Mail would queue up and not go out. Sometimes rebooting the PC would fix the problem. The real fix for the problem was to disable the Symantec Corporate Edition "Internet mail" (SMTP) scanning service. I have seen these SMTP scanners cause problems like this before.
I am running the SMTP service on a Win2K machine. I was getting the error "unable to bind to the destination server in DNS" and all the mail was sitting in the queue. What I did to resolve the problem was to restart the "DNS Client Service" on the machine running SMTP. The DNS Client just gets wonky sometimes and will not do lookups properly to route mail. It looks like everything is ok because you can go to the command line and use nslookup to resolve A records or MX records just fine. It just will not play right with SMTP until you restart it.
P.S. the first time I saw this problem was actually on an Exchange server.
My problem was that my TCP Port on the Outbound Connections of the Delivery Tab of my Default SMTP Virtual Server was set to 26 and not 25. Changing it to 25 and restarting the SMTP service fixed the problem.

I was updating the Symantec Antivirus clients across all my client PCs and setup the client on my network as a monitoring box. I used the SMTP server on the box to send alerts so I would still get alerts if the Exchange server died. The default AV client configuration had the "Internet mail" protection turned on. This was getting in the way of the SMTP service when it tried to send mail. I disabled the "Internet mail" protection and all was well.
In IIS, go to the Default virtual SMTP server properties -> Delivery tab -> Advanced, and check that "smart host" points to your exchange server. This fixed the problem for us.
- Error message: "The remote server did not respond to a connection attempt" - There was a malformed email stuck in the queue, every so often it would try to resend thus generating these errors. To fix the problem, we simply deleted the email.
I moved my already working mail relay machine over to a new DMZ and domain and started getting a lot of these messages. I found that the problem was caused by the fact that I was using internal DNS servers that were relying solely on the ROOT HINTS. When I changed the relay to use an external DNS server, all of the messages started flowing fine. I fixed the configuration of the internal DNS servers to act as forwarder, shifted the mail relay back and everything was ok.
Error message: "The connection was dropped by the remote host." - See ME286673.
Error message: The remote server did not respond to a connection attempt. - no info
- "The connection was dropped by the remote host." - self explanatory (though systems with ZoneAlarm installed may experience this problem). See also ME264891.
- "Unable to bind to the destination server in DNS" - See ME290290 and ME279616.

ME812292 indicates that this problem may occur if Exchange 2000 Server tries to use custom sinks that were previously installed and are no longer used or available.

See also the Exchange 2000 Server Message Categorizer and Non-Delivery Report Troubleshooting whitepaper.
- "Unable to bind to the destination server in DNS" - We solved this by changing the DNS server.
Microsoft says that after you re-install the Simple Mail Transfer Protocol (SMTP) service or re-install Internet Information Services (IIS) on a Microsoft Windows 2000-based computer, mailboxes on that server may no longer be able to send mail to each other. This issue can occur if the SMTP service for Windows 2000 has been re-installed, but the Exchange 2000 SMTP service extensions have not been restored.
To do:
1. Make sure that the SMTP service is installed.
2. Re-install Exchange 2000.
3. Reapply any Exchange 2000 service packs or fixes.
I confirm that this has fixed this problem for me.

Error message: "An internal DNS error caused a failure to find the remote server." - I had this exact problem, "Unable to bind to the destination server in DNS", on a 2000 smtp only server (no Exchange) with two netowork interfaces. When attempting to deliver mail, a DNS lookup is performed via whichever NIC is bound first in the binding order. This can cause the return of an invalid or incorrect MX record. See ME249104.
People upgrading to Win 2000, may experience this problem. Configure DNS entry for your local area network properly. DNS resolver in Windows 2000 has changed, and DNS resolution takes priority over NetBIOS resolution  (DNS is using TCP/UDP port 53). Be sure to configure your firewall to allow these ports. If you cannot see local area connection on windows 2000, refer to ME254631.
See ME262168 - "How to Disable 8BitMIME in Windows 2000 SMTP Service".
Error: "An internal DNS error caused a failure to find the remote server." - This error comes up on the server running SMTP when the DNS server it is set to go through to resolve queries does not accept TCP queries. See ME263237.
The error occurred after I have altered the port that IIS SMTP V Server uses to 26.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.