How to Fix Error 451 4.7.0 When Sending Emails from MS Online to On-Premise Exchange 2019

Learn how to troubleshoot and resolve the error 451 4.7.0 when sending emails from MS online to on-premise Exchange 2019 using port 587. If you are using MS online services such as businesscentral.dynamics.com to send emails to your on-premise Exchange 2019 server, you may encounter the error 451 4.7.0 Temporary server error. Please try again later.PRX4. This error indicates that the client proxy session failed to set up due to a requirement of XAnonymousTls. In this article, you will learn what causes this error and how to fix it by changing the connector settings on your Exchange server.

Table of Contents

What is XAnonymousTls and Why is it Required?
How to Fix Error 451 4.7.0 by Changing the Connector Settings
FAQs
Q: What are the risks of disabling the requirement of XAnonymousTls for the Default Frontend connector?
Q: How can I enable the requirement of XAnonymousTls for the Default Frontend connector again?
Q: How can I check the status of the requirement of XAnonymousTls for the Default Frontend connector?
Summary

What is XAnonymousTls and Why is it Required?

XAnonymousTls is a custom SMTP verb that is used by Exchange servers to communicate with each other. It allows the servers to establish a secure and anonymous TLS connection without requiring any authentication or certificate validation. This is useful for scenarios where the servers are in different organizations or domains and do not have a trust relationship.

XAnonymousTls is required by default for the following connectors on Exchange 2019:

Default Frontend: This is the connector that receives inbound SMTP connections from external sources such as MS online services. It requires XAnonymousTls to proxy the messages to the backend transport service on the same server or another server in the same organization.
Outbound Proxy Frontend: This is the connector that sends outbound SMTP connections to external destinations such as MS online services. It requires XAnonymousTls to proxy the messages from the backend transport service on the same server or another server in the same organization.

How to Fix Error 451 4.7.0 by Changing the Connector Settings

To fix the error 451 4.7.0 when sending emails from MS online to on-premise Exchange 2019, you need to disable the requirement of XAnonymousTls for the Default Frontend connector on your Exchange server. This will allow the MS online service to connect to your Exchange server using standard SMTP verbs such as EHLO and AUTH.

To disable the requirement of XAnonymousTls for the Default Frontend connector, follow these steps:

Open the Exchange Management Shell on your Exchange server.
Run the following command to get the identity of the Default Frontend connector:

Get-ReceiveConnector | Where-Object {$_.Name -like "Default Frontend*"}

Note down the identity of the connector. It should look something like this: Default Frontend Myserver
Run the following command to disable the requirement of XAnonymousTls for the connector:

Set-ReceiveConnector -Identity "Default Frontend Myserver" -RequireXAnonymousTls $false

Replace the identity with the one you noted down in the previous step.
Restart the Microsoft Exchange Transport service on your Exchange server.

After performing these steps, you should be able to send emails from MS online to your on-premise Exchange 2019 server without getting the error 451 4.7.0.

FAQs

Q: What are the risks of disabling the requirement of XAnonymousTls for the Default Frontend connector?

A: Disabling the requirement of XAnonymousTls for the Default Frontend connector may expose your Exchange server to potential security risks. For example, an attacker may be able to spoof the identity of another Exchange server and send malicious messages to your server. Therefore, you should only disable the requirement of XAnonymousTls for the Default Frontend connector if you trust the source of the SMTP connections, such as MS online services.

Q: How can I enable the requirement of XAnonymousTls for the Default Frontend connector again?

A: To enable the requirement of XAnonymousTls for the Default Frontend connector again, you can run the following command in the Exchange Management Shell:

Set-ReceiveConnector -Identity "Default Frontend Myserver" -RequireXAnonymousTls $true

Replace the identity with the one of your Default Frontend connector. Then, restart the Microsoft Exchange Transport service on your Exchange server.

Q: How can I check the status of the requirement of XAnonymousTls for the Default Frontend connector?

A: To check the status of the requirement of XAnonymousTls for the Default Frontend connector, you can run the following command in the Exchange Management Shell:

Get-ReceiveConnector -Identity "Default Frontend Myserver" | Select-Object RequireXAnonymousTls

Replace the identity with the one of your Default Frontend connector. The output will show either True or False depending on whether the requirement of XAnonymousTls is enabled or disabled.

Summary

In this article, you learned how to troubleshoot and resolve the error 451 4.7.0 when sending emails from MS online to on-premise Exchange 2019 using port 587. You learned that this error is caused by the requirement of XAnonymousTls for the Default Frontend connector on your Exchange server. You learned how to disable the requirement of XAnonymousTls for the Default Frontend connector by using the Exchange Management Shell. You also learned how to check and enable the requirement of XAnonymousTls for the Default Frontend connector again.