Messaging Gateway

When Exchange (from Outlook) is sending emails via SMG i have errors in SMG "Abort message (message time out)". Problem was reported to Broadcom Support and after looking at packet capture they found that Exchange send data packet to SMG, SMG sends ACK to Exchange, SMG sends ACK with TCP widow update to Exchange, five minutes after most recent ACK no other packets have been received form Exchang and SMG time out the sesion. 
In Exchange transport service logs I have 

2023-05-18T20:18:41.277Z,SMG,08DB53CAAC00F8FF,21,192.168.45.35:49461,192.168.45.41:25,*,,"HandleError has encountered a suspicious connection reset from a remote, non-mailbox transport server."

From Exchange Queue 

[{LED=450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError)} Exchange 2016

Emails sended via OWA are working fine

When Exchange (from Outlook) is sending emails via SMG i have errors in SMG "Abort message (message time out)". Problem was reported to Broadcom Support and after looking at packet capture they found that Exchange send data packet to SMG, SMG sends ACK to Exchange, SMG sends ACK with TCP widow update to Exchange, five minutes after most recent ACK no other packets have been received form Exchang and SMG time out the sesion. 
In Exchange transport service logs I have 

2023-05-18T20:18:41.277Z,SMG,08DB53CAAC00F8FF,21,192.168.45.35:49461,192.168.45.41:25,*,,"HandleError has encountered a suspicious connection reset from a remote, non-mailbox transport server."

From Exchange Queue 

[{LED=450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError)} Exchange 2016

Emails sended via OWA are working fine

After 4 atempts message is sent. To low max connection in Exchange connector?

When Exchange (from Outlook) is sending emails via SMG i have errors in SMG "Abort message (message time out)". Problem was reported to Broadcom Support and after looking at packet capture they found that Exchange send data packet to SMG, SMG sends ACK to Exchange, SMG sends ACK with TCP widow update to Exchange, five minutes after most recent ACK no other packets have been received form Exchang and SMG time out the sesion. 
In Exchange transport service logs I have 

2023-05-18T20:18:41.277Z,SMG,08DB53CAAC00F8FF,21,192.168.45.35:49461,192.168.45.41:25,*,,"HandleError has encountered a suspicious connection reset from a remote, non-mailbox transport server."

From Exchange Queue 

[{LED=450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError)} Exchange 2016

Emails sended via OWA are working fine

After 4 atempts message is sent. To low max connection in Exchange connector?

When Exchange (from Outlook) is sending emails via SMG i have errors in SMG "Abort message (message time out)". Problem was reported to Broadcom Support and after looking at packet capture they found that Exchange send data packet to SMG, SMG sends ACK to Exchange, SMG sends ACK with TCP widow update to Exchange, five minutes after most recent ACK no other packets have been received form Exchang and SMG time out the sesion. 
In Exchange transport service logs I have 

2023-05-18T20:18:41.277Z,SMG,08DB53CAAC00F8FF,21,192.168.45.35:49461,192.168.45.41:25,*,,"HandleError has encountered a suspicious connection reset from a remote, non-mailbox transport server."

From Exchange Queue 

[{LED=450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError)} Exchange 2016

Emails sended via OWA are working fine

When Exchange (from Outlook) is sending emails via SMG i have errors in SMG "Abort message (message time out)". Problem was reported to Broadcom Support and after looking at packet capture they found that Exchange send data packet to SMG, SMG sends ACK to Exchange, SMG sends ACK with TCP widow update to Exchange, five minutes after most recent ACK no other packets have been received form Exchang and SMG time out the sesion. 
In Exchange transport service logs I have 

2023-05-18T20:18:41.277Z,SMG,08DB53CAAC00F8FF,21,192.168.45.35:49461,192.168.45.41:25,*,,"HandleError has encountered a suspicious connection reset from a remote, non-mailbox transport server."

From Exchange Queue 

[{LED=450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError)} Exchange 2016

Emails sended via OWA are working fine

Sounds like something might be between SMG and Exchange that should be looked at. the "Abort message (message timed out)" specifically means that the Messaging Gateway was communicating with the other server but the network connection was lost (not due to direct action from SMG). Your description of the packet capture lacked context, but in general you said that SMG sent an ACK (meaning it acknowledged Exchanges previous packet) and would generally then be waiting for Exchange's next packet, which never arrived - ending in time out.
Your Exchange logs seem to indicate that Exchange thought SMG stopped responding. Thus, most likely culprit is something in between.

When Exchange (from Outlook) is sending emails via SMG i have errors in SMG "Abort message (message time out)". Problem was reported to Broadcom Support and after looking at packet capture they found that Exchange send data packet to SMG, SMG sends ACK to Exchange, SMG sends ACK with TCP widow update to Exchange, five minutes after most recent ACK no other packets have been received form Exchang and SMG time out the sesion. 
In Exchange transport service logs I have 

2023-05-18T20:18:41.277Z,SMG,08DB53CAAC00F8FF,21,192.168.45.35:49461,192.168.45.41:25,*,,"HandleError has encountered a suspicious connection reset from a remote, non-mailbox transport server."

From Exchange Queue 

[{LED=450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError)} Exchange 2016

Emails sended via OWA are working fine

Nope, SMG is only for inbound mail. I want to enable outgoing mails via SMG and this hapens

Description of pacet capture is from Case 33390143. Exchange and VM are in VLAN, same site maybe sometimes different host. But from OWA mails are working. From transport service logs i se that certificate negotiation using tls 1.2 is succeded 

Sounds like something might be between SMG and Exchange that should be looked at. the "Abort message (message timed out)" specifically means that the Messaging Gateway was communicating with the other server but the network connection was lost (not due to direct action from SMG). Your description of the packet capture lacked context, but in general you said that SMG sent an ACK (meaning it acknowledged Exchanges previous packet) and would generally then be waiting for Exchange's next packet, which never arrived - ending in time out.
Your Exchange logs seem to indicate that Exchange thought SMG stopped responding. Thus, most likely culprit is something in between.

When Exchange (from Outlook) is sending emails via SMG i have errors in SMG "Abort message (message time out)". Problem was reported to Broadcom Support and after looking at packet capture they found that Exchange send data packet to SMG, SMG sends ACK to Exchange, SMG sends ACK with TCP widow update to Exchange, five minutes after most recent ACK no other packets have been received form Exchang and SMG time out the sesion. 
In Exchange transport service logs I have 

2023-05-18T20:18:41.277Z,SMG,08DB53CAAC00F8FF,21,192.168.45.35:49461,192.168.45.41:25,*,,"HandleError has encountered a suspicious connection reset from a remote, non-mailbox transport server."

From Exchange Queue 

[{LED=450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError)} Exchange 2016

Emails sended via OWA are working fine

Description of pacet capture is from Case 33390143. Exchange and VM are in VLAN, same site maybe sometimes different host. But from OWA mails are working. From transport service logs i se that certificate negotiation using tls 1.2 is succeded 

Sounds like something might be between SMG and Exchange that should be looked at. the "Abort message (message timed out)" specifically means that the Messaging Gateway was communicating with the other server but the network connection was lost (not due to direct action from SMG). Your description of the packet capture lacked context, but in general you said that SMG sent an ACK (meaning it acknowledged Exchanges previous packet) and would generally then be waiting for Exchange's next packet, which never arrived - ending in time out.
Your Exchange logs seem to indicate that Exchange thought SMG stopped responding. Thus, most likely culprit is something in between.

When Exchange (from Outlook) is sending emails via SMG i have errors in SMG "Abort message (message time out)". Problem was reported to Broadcom Support and after looking at packet capture they found that Exchange send data packet to SMG, SMG sends ACK to Exchange, SMG sends ACK with TCP widow update to Exchange, five minutes after most recent ACK no other packets have been received form Exchang and SMG time out the sesion. 
In Exchange transport service logs I have 

2023-05-18T20:18:41.277Z,SMG,08DB53CAAC00F8FF,21,192.168.45.35:49461,192.168.45.41:25,*,,"HandleError has encountered a suspicious connection reset from a remote, non-mailbox transport server."

From Exchange Queue 

[{LED=450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError)} Exchange 2016

Emails sended via OWA are working fine

It is absolutely not acceptable for you to ask for a packet capture, or any personal/business data, from someone else. Please refrain from such behavior.

Description of pacet capture is from Case 33390143. Exchange and VM are in VLAN, same site maybe sometimes different host. But from OWA mails are working. From transport service logs i se that certificate negotiation using tls 1.2 is succeded 

Sounds like something might be between SMG and Exchange that should be looked at. the "Abort message (message timed out)" specifically means that the Messaging Gateway was communicating with the other server but the network connection was lost (not due to direct action from SMG). Your description of the packet capture lacked context, but in general you said that SMG sent an ACK (meaning it acknowledged Exchanges previous packet) and would generally then be waiting for Exchange's next packet, which never arrived - ending in time out.
Your Exchange logs seem to indicate that Exchange thought SMG stopped responding. Thus, most likely culprit is something in between.

When Exchange (from Outlook) is sending emails via SMG i have errors in SMG "Abort message (message time out)". Problem was reported to Broadcom Support and after looking at packet capture they found that Exchange send data packet to SMG, SMG sends ACK to Exchange, SMG sends ACK with TCP widow update to Exchange, five minutes after most recent ACK no other packets have been received form Exchang and SMG time out the sesion. 
In Exchange transport service logs I have 

2023-05-18T20:18:41.277Z,SMG,08DB53CAAC00F8FF,21,192.168.45.35:49461,192.168.45.41:25,*,,"HandleError has encountered a suspicious connection reset from a remote, non-mailbox transport server."

From Exchange Queue 

[{LED=450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError)} Exchange 2016

Emails sended via OWA are working fine

It is absolutely not acceptable for you to ask for a packet capture, or any personal/business data, from someone else. Please refrain from such behavior.

Description of pacet capture is from Case 33390143. Exchange and VM are in VLAN, same site maybe sometimes different host. But from OWA mails are working. From transport service logs i se that certificate negotiation using tls 1.2 is succeded 

Sounds like something might be between SMG and Exchange that should be looked at. the "Abort message (message timed out)" specifically means that the Messaging Gateway was communicating with the other server but the network connection was lost (not due to direct action from SMG). Your description of the packet capture lacked context, but in general you said that SMG sent an ACK (meaning it acknowledged Exchanges previous packet) and would generally then be waiting for Exchange's next packet, which never arrived - ending in time out.
Your Exchange logs seem to indicate that Exchange thought SMG stopped responding. Thus, most likely culprit is something in between.

When Exchange (from Outlook) is sending emails via SMG i have errors in SMG "Abort message (message time out)". Problem was reported to Broadcom Support and after looking at packet capture they found that Exchange send data packet to SMG, SMG sends ACK to Exchange, SMG sends ACK with TCP widow update to Exchange, five minutes after most recent ACK no other packets have been received form Exchang and SMG time out the sesion. 
In Exchange transport service logs I have 

2023-05-18T20:18:41.277Z,SMG,08DB53CAAC00F8FF,21,192.168.45.35:49461,192.168.45.41:25,*,,"HandleError has encountered a suspicious connection reset from a remote, non-mailbox transport server."

From Exchange Queue 

[{LED=450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError)} Exchange 2016

Emails sended via OWA are working fine

But why mails without attachment are delivered?

I mentioned previously that it appears something is between the Messaging Gateway and your internal mail server. The things you've posted here also suggest that. The error from your exchange server is "HandleError has encountered a suspicious connection reset from a remote, non-mailbox transport server.", the error from Messaging Gateway is that it experienced a timeout waiting for an update from 192.168.45.35. Those are not the same results, the Messaging Gateway did not reset the connection, the 45.35 host did. So, when two different conversations appear to be happening, it tends to be something in the middle that's causing it. It could be a load balancer, a firewall, some other security process, or even potentially a bad cable or switch port.
At any rate, all that's been posted here is pointing to something other than the Messaging Gateway as the cause. If you have other evidence that the Messaging Gateway may be involved as a cause, feel free to post it or open a case and we will revise, but otherwise you should be investigating the network.

But why mails without attachment are delivered?

Yes, when im testing i'm disabling Internet connector and leave only smg connector. When i'm sending emails with only subject name they are delivered. When email has small attachment, problem occurs

Have you checked for IP address conflicts on your LAN? 

Yes, when im testing i'm disabling Internet connector and leave only smg connector. When i'm sending emails with only subject name they are delivered. When email has small attachment, problem occurs

There is no IP conflict. Exchange and SMG are in same VXLAN, MTU is 1500, firewall in Exchange is off. Should I run wireshark on Exchange? Alexander, I don't know what You meen by "What is the email path of the flow." It's standard flow from Outlook to Exchange and then via external connector to SMG

Have you checked for IP address conflicts on your LAN? 

Yes, when im testing i'm disabling Internet connector and leave only smg connector. When i'm sending emails with only subject name they are delivered. When email has small attachment, problem occurs