MThe purpose of this Technical Note is to provide the system administrators and other interested users and evaluators with the configuration steps required to connect Isode's M-Switch X.400 (M-Switch) to Microsoft Exchange (Exchange) using X.400.

The reasons for doing this include:

  • As part of building a distributed X.400 network
  • Connecting Exchange to network of M-Switches, as a means to support the Microsoft Outlook client.
  • Providing access to the MIME/X.400 Gatewaying (MIXER) capabilities of M-Switch.
  • This document covers Exchange 5.5, Exchange 2000 and Exchange 2003.

The default settings on Exchange are set to work with other copies of Exchange.

The information provided in this Note will be particularly helpful to administrators to tailor MS Exchange to Isode M-switch x.400 configurations.

Configuring the MS Exchange Server

The MS Exchange server must first be configured with its local site X.400 addressing. In Microsoft Exchange System Manager, with the menu item Action/New Other/MTA Transport Stack, specify all the transport services which will be used for X.400. This need only be done once for each server which will be handling connections, and for each protocol (TCP or X.25) which that server will be using. For TCP/IP (RFC 1006) no selectors need be specified.

M-Switch Exchange screenshot

Configure each connection to a peer MTA using the menu item Action/New Other/TCP X.400 Connector.

M-Switch Exchange screenshot

The fields on several tabs in this Property Page window must be filled in before MS Exchange will create the configuration:

M-Switch Exchange screenshot

On the General tab, deselect Remote clients support MAPI. You may also wish to set a password other than the single space default, so that it will be clearly visible.

M-Switch Exchange screenshot

On the Stack tab, specify a hostname or IP address (ensure the Remote host name vs IP address flag is set appropriately), and an outgoing transport selector. The transport selector should be the same as that in the $(ETCDIR) isoservices file, which starts the x400in88 program. (Be sure to set the text vs hex flag appropriately - TSELs such as '401' are textual).


M-Switch Exchange screenshot

Transport selector

M-Switch Exchange screenshot

On the Advanced tab, deselect both the Two Way Alternate and Allow MS Exchange Contents checkboxes. (TWA is supported by Isode but there are no benefits to using it between M-Switch and Exchange).

M-Switch Exchange screenshot

On the Address Space tab, click New X.400 and fill in the Country code, ADMD and any other fields which describe the addresses accessible through this remote MTA.

M-Switch Exchange screenshot

The name and password of the MS Exchange MTA are set in the Message Transfer Agent item, located underneath the MS Exchange server's own node. This applies to all X.400 connections unless overridden for specific peer MTAs.

Local X400 Properties

M-Switch Exchange screenshot

Click on the "Modify" button to display the Local MTA Credentials.

M-Switch Exchange screenshot

Changes made to the configuration using Microsoft Exchange Administrator, such as changes in X.400 MTA passwords, do not take effect immediately. You must restart the MTA after applying changes.

Configuring Isode's M-Switch

Set up an M-Switch X.400 or MIXER configuration. The program you'll need to use to configure this is called EMMA. For more information about EMMA, refer to Administrator's Guide: Message Handling Services. After you configure a standalone M-Switch system, you'll need to create an External MTA that will contain the information on how to communicate with Microsoft Exchange MTA. You will need to know the following:

  • The O/R Hierarchy that the Exchange MTA manages. For example,/C=GB/ADMD= /O=Microsoft/
  • The Presentation Address that the Exchange MTA expects to be called on.
    This consists of a Transport Selector, which can be encoded as text or hex,
    and a network address (which can be an IP address of X.25 address).
    For example, "591"/
  • The MTA Name and password of the Exchange server
  • The MTA Name and password of your Isode server


Start by creating a node in the routing tree that correspond with the O/R hierarchy you specified in Step 2(a) above. You can either enter the full O/R Hierarchy by right clicking on Main Routing Tree and selecting Add Node from the menu, or you can also expand the tree and enter the nodes individually.

After you finish, your Main Routing Tree will look something like this:

M-Switch Exchange screenshot

External MTA

After you have created the routing node you need to create an External MTA. Select the Message Transfer Agents node, and click on the New button (or right click and select New).

Change the configuration type to External MTA, and click on Next. In the hostname, enter the fully qualified hostname of the MS Exchange MTA (the hostname from 2(b)). In the next pane, select the routing tree node you have created before and click on Next.

Finally you have to enter the Presentation Address specified in 2(b). If the fully qualified hostname you specified before could be resolved, you should have something that looks like the finished example in Step 2(b). If you need to modify it to use your transport selector and network address, click on Edit. Click on Next, review the information and if everything is fine click on Finish.

X.400 connection details

Now that you have an External MTA defined, you need to configure the authentication information. Expand the new External MTA, click on the x40088 channel and select the Auth tab.

Your screen will look something like this:

M-Switch Exchange screenshot

To configure the authentication information, click on Edit button of the Initiator: RTS Credentials and enter the required information. First the MTA Name of the Microsoft Exchange MTA, and then its expected password. Do the same for the Responder: RTS Credentials, which must be the same as the Initiator credentials (MS Exchange does not allow these credentials to be different).

M-Switch Exchange screenshot

The authentication requirements that are set by default need to be changed when connecting to an Exchange MTA. Edit both theInitiator and Responder Authentication Requirements and make sure that only the Simple Authentication check box is set. Finally click on Apply to save the changes to have made.

M-Switch Exchange screenshot

In case you haven't set the Isode's MTA and password for the X.400 channel, you need to do this now. Expand the Isode MTA, expand the channels and select the x40088 channel. Now click on the Auth tab, and set the Initiator and Responder RTS Credentials and Authentication Requirements just like before, but using the information in 2(d).

As you have created a new MTA, you need to generate the MTA links, and you can do that by clicking on the Generate button found in the same pane.

In the RTSE tab, set both the Initiator and Responder Checkpoint values to 8. As always, click on the Apply button to save your changes. This setting is needed in order to support large message transfer, as MS Exchange will not work correctly with the default values.

Testing X.400 connections

Now, if you have configured the equivalent information in the Microsoft Exchange server, you should be able to test the connection between the Isode server and the Exchange server.

Select again the x40088 channel of the External MTA corresponding to the Exchange server (i.e., right click and select the Test Connection option.

Troubleshooting Connections

Association rejected: [Connect request refused on this network connection]

The Presentation Address is wrong. Check that the information on the Presentation Address field is correct. Check if there's connectivity between the Isode machine and the Exchange machine. When the port number is omitted from a P.A. then the default value used is 102, which sometimes can be closed by a firewall.

Association rejected: [authentication error]

Make sure that the sets of passwords sent and expected are OK. Check the logs in the Exchange server to try to find more information.

If you keep getting this error, you could increase the level of logging for the x40088 channel by splitting the logging (under the MTA Program folder) and then setting the x40088 channel's normlog to level = all. Then you can try to test the connection again and this time you'll have much more information, including what you send in the MTA Bind operation.

Checking the routing

If you have established a connection from an Isode MTA to an Exchange MTA, then the next thing to try is to check the routing.

For that you can use the ckadr command. From a shell run the following command:

ckadr -x "/G=John/S=Smith/O=Microsoft/ADMD= /C=GB/"

Change the O/R address to something that matches the O/R hierarchy specified in (1).

The output should be something like:

# ckadr -x "/G=John/S=Smith/O=Microsoft/ADMD= /C=GB/"
/G=John/S=Smith/O=Microsoft/ADMD= /C=GB/ -> (x400) /G=John/S=Smith/O=Microsoft/ADMD= /C=GB/

Delivered to <cn=x40088,,cn=Messaging Configuration,ou=MHS,c=XX> by x40088

If the Isode MTA routes addresses correctly, and the MTA connectivity is fine, then testing should be undertaken with real messages. On the Exchange side, Isode recommends Boldon James, which is used with Microsoft Outlook. On the M-Switch X.400 side, basic testing can be done using Isode's test X.400 client, which connects directly to M-Switch X.400 using X.400 P3. If a full User Agent is needed on the X.400 side, a message store (Isode's M-Store X.400) should be added and then an X.400 P7 User Agent, such as MailmaX.400 from Addonmail our Microsoft Outlook with the Boldon James MAPI P7 plugin.

X.400 Body parts

When X.400 is used to connect M-Switch X.400 and MS Exchange, X.400 body parts will be carried transparently by M-Switch X.400. MS Exchange maps X.400 body parts on delivery, and not all X.400 body parts are (fully) supported. It will work correctly for all commonly used body parts. If unusual body parts, body part parameters or non-standard MIXER mappings are being used, MS Exchange support should be verified.

Troubleshooting Exchange

If you are unable to make a connection, increase the MS Exchange log levels for X.400 and security issues from none to maximum. MS Exchange writes to the application log, which can be seen using the Event Viewer program (located in the Administrative Tools folder of Program Manager). It may be necessary to increase the log size (using the Log/Log Settings menu item of Event Viewer). For more details on MTA logging check this web page.

To change the frequency of outgoing X.400 connection attempts , change the Open Interval field on the Override tab of that MTA. The default is 600 seconds (10 minutes).

The standard logging defaults for the M-Switch do not need to be altered.For full details on configuring the M-Switch Administrator's Guide.