The Exchange Management Shell provides the Set-ReceiveConnector cmdlet for modifying settings on Hub Transport server Receive Connectors. This can include the RemoteIPRanges setting, which is the multivalued list of IP addresses on the network that are allowed to use that Receive Connector to send mail.
Most Exchange environments will include at least one Receive Connector that is configured to allow certain hosts and applications to relay email. Over time this may build up a lengthy RemoteIPRanges IP address list. When it comes time to add additional IP addresses to the list it seems logical to use Set-ReceiveConnector, however this cmdlet will overwrite the existing setting with the new IP address specified.
For example, look at the current IP addresses:
[PS] C:\>Get-ReceiveConnector "Relay Connector" | fl remoteipranges
RemoteIPRanges : {10.0.0.21, 10.0.0.23, 10.0.0.22, 10.0.0.14, 10.0.0.20, 10.0.0.19, 10.0.0.18, 10.0.0.17, 10.0.0.16, 10
.0.0.15, 10.0.0.10, 10.0.0.9, 10.0.0.8, 10.0.0.7, 10.0.0.6, 10.0.0.5, 10.0.0.4, 10.0.0.13, 10.0.0.12,
10.0.0.11, 10.0.0.3, 10.0.0.2, 10.0.0.1}
Note: if the list of IP addresses is too long and is being truncated in the shell output see this tip for extending the enumeration limit.
Now use Set-ReceiveConnector with a new IP of 10.0.0.99:
[PS] C:\>Set-ReceiveConnector "Relay Connector" -RemoteIPRanges 10.0.0.99
And whoops, we’ve overwritten all of the previous IP addresses!
[PS] C:\>Get-ReceiveConnector "Relay Connector" | fl remoteipranges
RemoteIPRanges : {10.0.0.99}
If you were just adding one new IP address the Management Console would do the job, but that can be slow for remote servers and is not as efficient if the change is being applied to multiple servers or involves adding multiple IP addresses.
Fortunately with the Exchange Management Shell we can easily add IP addresses to existing Receive Connectors.
To add a single IP address to an existing Receive Connector:
[PS] C:\>$RecvConn = Get-ReceiveConnector "Relay Connector" [PS] C:\>$RecvConn.RemoteIPRanges += "10.0.0.99" [PS] C:\>Set-ReceiveConnector "Relay Connector" -RemoteIPRanges $RecvConn.RemoteIPRanges
Now we can see that 10.0.0.99 has been added to the Receive Connector.
[PS] C:\>Get-ReceiveConnector "Relay Connector" | fl remoteipranges
RemoteIPRanges : {10.0.0.99, 10.0.0.23, 10.0.0.22, 10.0.0.21, 10.0.0.1, 10.0.0.2, 10.0.0.3, 10.0.0.11, 10.0.0.12, 10.0.
0.13, 10.0.0.4, 10.0.0.5, 10.0.0.6, 10.0.0.7, 10.0.0.8, 10.0.0.9, 10.0.0.10, 10.0.0.15, 10.0.0.16, 10.
0.0.17, 10.0.0.18, 10.0.0.19, 10.0.0.20, 10.0.0.14}
To add multiple IP addresses at once use this command sequence:
[PS] C:\>$RecvConn = Get-ReceiveConnector "Relay Connector" [PS] C:\>$RecvConn.RemoteIPRanges += "10.0.0.99", "10.0.0.100", "10.0.0.101" [PS] C:\>Set-ReceiveConnector "Relay Connector" -RemoteIPRanges $RecvConn.RemoteIPRanges
Sometimes the list of IPs being added is too long to type out. To add multiple IP addresses from a text file called newips.txt use this command sequence instead:
[PS] C:\>$RecvConn = Get-ReceiveConnector "Relay Connector"
[PS] C:\>Get-Content .\newips.txt | foreach {$RecvConn.RemoteIPRanges += "$_"}
[PS] C:\>Set-ReceiveConnector "Relay Connector" -RemoteIPRanges $RecvConn.RemoteIPRanges
About Paul Cunningham
how do you add multiple IP addresses from a text file to multiple Hub Transport connectors?
Yee, I don’t have a code sample for it but I would imagine it would be as easy as wrapping up the example above into a loop.
get-receiveconnector | where {$_.Name -like “*Default*”} | Set-ReceiveConnector -RemoteIPRanges (Get-Content .\iplist.txt)
That will modify multiple Receive Connectors but it will overwrite all of their existing remote IP addresses.
Hello,
I liked the script above but when I hit exactly 863 ip’s in a receive connector I can no longer add any more IPs. I receive the error below. Has anyone ran into this error? I get the same thing when adding an additional entry in the GUI as well. I’ve read it is a limitation of Active Directory.
Set-ReceiveConnector : Active Directory operation failed on c15088dc3001.mydomain.
com. This error is not retriable. Additional information: The administrative li
mit for this request was exceeded.
Active directory response: 00002024: SvcErr: DSID-02080490, problem 5008 (ADMIN
_LIMIT_EXCEEDED), data -1112
At line:1 char:32
Is the only workaround adding another receive-connector? I am not in the position of adding a range, because it’s an anonymous POP3 Connector.
Well having never added 863 IP’s to a Receive Connector I can’t say I’ve ever hit that limit
I guess either add another connector so you can add more IP’s. Or try to make some or all of them authenticated connections instead so you don’t have to limit by IP address.
One other (maybe not so good) idea would be to restrict the IP’s using a firewall rule instead, and just leave the Receive Connector open, but that would not be my ideal choice.
It looks like it’s an Active Directory thing. AD2000 has ~800 limit, and AD2003 has ~1300. I think we’re on a functional 2000 domain.
http://social.technet.microsoft.com/Forums/en/exchangesvrmigration/thread/538f9e35-9901-40cf-b9fa-1e4895c13a68
All of these entries are for printers that scan and email. Maybe an easier way would be to make an authenticated receive connector and just change the printer settings to authenticate with a generic account. Sounds a little easier huh….
Strangest thing
Exchange 2010 SP1+Rollup 4. When running the import with a text file containing a list of IP addresses
the following error occurs for each IP address:
[PS] C:\Windows\system32>Get-Content .\iplist.txt | foreach {$RecvConn.RemoteIPRanges += “$_”}
Exception setting “RemoteIPRanges”: “Cannot convert value “System.Object[]” to type “Microsoft.Exchange.Data.MultiValue
dProperty`1[Microsoft.Exchange.Data.IPRange]“. Error: “The value ’1.1.1.1′ is already present in the collection.”"
At line:1 char:47
+ Get-Content .\iplist.txt | foreach {$RecvConn. <<<< RemoteIPRanges += "$_"}
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyAssignmentException
Exception setting "RemoteIPRanges": "Cannot convert value "System.Object[]" to type "Microsoft.Exchange.Data.MultiValue
dProperty`1[Microsoft.Exchange.Data.IPRange]". Error: "The value '10.4.10.210' is already present in the collection.""
At line:1 char:47
+ Get-Content .\iplist.txt | foreach {$RecvConn. <<<< RemoteIPRanges += "$_"}
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyAssignmentException
Can someone assist ???
The answer is in the error message. Two of the IP addresses you’re trying to add are “already present in the collection”.
Thanks, I managed.
None of the IP addresses were already present. The trick for me to get it to work was to specify
In the first line the full connector name (including the server name) instead of only the connector name.
Thanks!
I notice that if you have an error like “The value ‘xx.xx.xx.xxx’ is already present in the collection.”", the script stops.
Anyone knows how can I make the script still running and putting the rest of the IPs to the receive connector even with some errors ?
Tks in advance.
Hi Rodney, I guess a bit of script logic to check for existing IP’s first would do the trick. I’ll see if I can come up with something.
Hey Paul,
My list of receive connectors is truncated … Even when results outputted to .txt file. Is there a way to have it show the entire list
[PS] C:\>Get-ReceiveConnector “internal relay” |fl remoteipranges >C:\Users\uwhadmin\Documents\output\remoteip.txt
RemoteIPRanges : {10.150.12.21, 10.150.31.63, 10.150.21.35, 10.0.10.13, 10.30.15.27, 10.0.1.7, 10.150.11.14, 10.150.50.191, 10.150.53.196, 10.150.53.197, 10.150.50.195, 10.150.52.197, 10.150.50.192, 10.150.50.193, 10.150.11.62, 10.0.1.24…}
Hi Aaron, try this:
http://exchangeserverpro.com/how-to-prevent-truncation-of-long-output-in-exchange-management-shell
Hey, Paul –
We just built an Exchange 2010 and migrated all the mailboxes from the old 2003 Exchange box. My integrator says he usually adds ALL the IP addresses (and in our case, all the subnet ranges) into the Relay Connector. This is opposed to just devices that usually send mail — scanners, copiers, accounting/equitrac servers.
What say you about adding all my IP ranges into the Exchange 2010 Relay Connector?
Thanks.
It is a “low effort” approach. I’ve permitted entire IP ranges in some cases before, usually for things like desktop apps that need direct SMTP relay but the pc’s are on a DHCP range without reservations (reservations might sound like a logical solution to that, but they add “yet another thing” to manage and will of course break if the user gets a new pc or logs on to a different one).
I wouldn’t do it on insecure networks, eg wireless where a guy in his car outside the building uses your server to relay spam.
And as long as they aren’t creating an open relay that can be exploited from the internet then it’s probably fine.
Excellent Post. Very helpful.
Thank you.
Hi,
We migrated from exchange 2003 to 2010. We have many servers and application using the old server, so I had to put one by one the ip address of these application server to the new Relay connector on the new exchange 2010 so they can send email. Every thing is working fine, but only one server could not telnet this relay server. I’ve already add the IP on the list. It can telnet the exchange 2003 not the 2010.
I got the error below
Connecting To mgprelay01…Could not open connection to the host, on port 25: Connect failed
Could you help please?
Thanks
Can you ping the server? Not a simple routing issue?
I’ve seen firewalls (both network and client firewalls) as well as some antivirus products cause problems like that (eg preventing outbound SMTP from the server because it looks like a worm/trojan). So check for those.
What you can also do is enable Protocol Logging on the Receive Connector on the server you’re trying to telnet to, then inspect the protocol logs after trying to make the connection to see whether the traffic is hitting it or not.
Thanks for replying, Yes it can ping the server normally (with hostname and ip address). For the antivirus, I’m not really sure it block the outbound SMTP because it can telnet the old exchange 2003 server as well.
I’ll enable the Protocol Logging on the RC to see if it works.
Thanks again
Helpful article (and following comments). One question – talking about text file used for importing IPs, what exactly is the format of records in the file? Just type in all IPs row by row, comma delimited, one IP per line? Or else?
Yes, just one IP per line will work.
Ok, thanks. Will try. In the past I had some troubles of getting the properly formatted text file to be used with Win PowerShell for input. Maybe thats how I made it work – putting records in line by line.