Troubleshooting 421 4.0.0 error


I hope this may be useful to someone. I have just spent a couple of hours troubleshooting the above error message which was occuring when we sent mail to our company banker.

I appears that others are having similar problems see the thread here:

Anyhow, I thought I would list my troubleshooting steps.

On being told that people couldn’t send mail to the recipient, I proceded as follows:

First I looked at the queues on the Exchange server and located the mail. It was set to retry and had been that way for a day or so.

I next checked the error message presented in the queue viewer which was as below:

“The connection was dropped by the remote host”

I then restarted the SMTP service to see if that would get things moving. As expected, it didn’t!

Having done this I then used nslookup to lookup the MX records for the problem domain. I did this by first setting nslookup to search for MX records using the command:

Set type=mx

then entering the domain.

Once I had the mail servers for the domain I new DNS was working so I then moved on and checked the SMTP logs by going to:

Start/Run/ and typing logfiles.

Then I located the SMTPSVC1 folder and copied the latest log to my PC

I opened the log using Excel and converted the log to columns using?a space delimiter in the wizard.

I then filtered the log to only show the domain in question. This showed that many connection attempts were made but all failed with a “421.4.0.0 Server error” message.

Having established this I tried to telnet to the mail server from my Exchange server and then from another box. Both connection were refused in the same way.

Given the immediacy of the connection drop either we were on a block list or connection filter, or perhaps we were missing a PTR record.

My next step is to get the relevant people to setup the PTR records which is not currently there. I believe it is likely that this will then allow mail to flow.

I have also changed the way the SMTP server announces itself in the advanced section of the delivery tab on the SMTP Virtual Server so that it now announces itself using the same address as the MX record.

I will report back soon with progress.




A Public Folder permissions issue


This is an issue that was discussed recently on the Mark Minasi forums ( which I thought might help others with similar public folder permissions problems.


The issue was that an Exchange server had a functioning e-mail enabled public folder on an Exchange 2003, where some user can read and some can delete?content. It was created and configured before I the current administrator started the job.

At this point there came the need to?give another user?the delete permission. The problem was, that when the admin clicked on the?”Client Permissions” button in System Manager for this folder, the dialog box “Client Permissions” has no entries at all. And that’s strange, since the permissions once granted seem to nonetheless be in effect.

One thing that stands out with this particual folder, is its owner (otherwise there are nothing out of the ordinary with it). The (AD) owner of this folder is MY_OLD_SRV$, wherefrom it was once migrated. Other folders have either MY_CURRENT_SRV$ or SYSTEM as owner (even those created on the old server).

Having looked at this is seemed that maybe something had been corrupted on migration. I suggested that the admin should try to recreate the correct permissions.

When the admin tried adding permissions he found that he couldn’t add any entries in Client Permissions. When clicking OK, he got the following error message:

“Invalid windows handle
ID no: 80040102
Exchange System Manager”

While not wholly satisfying, at least this?provided something to Google for. First stop was Q313333, in which a tool is discussed, PFInfo, for exporting, editing, and importing permissions. Thing was, it’s not downloadable, but you have to call Microsoft and ask for it.

So a little more?Googling turned up a blog entry?( another utility was discussed, PFDAVAdmin, which you can use to manage public folder permissions etc, and this was downloadable from Microsoft.

Having?downloaded and installed the tool it was then possible to check the actual Client Permission-entries for the folder with this utility, and also edit them without any trouble.

Now everybody is happy.


It has been brought to my attention that this tools is now available here:


Hope this helps someone,