I wrote a long time ago about the IsAlive behavior in Exchange 200x clusters, but one interesting scenario was brought to my attention recently.
Remember that the IsAlive check for the SMTP resource requires the cluster node actively running the SMTP resource to be able to connect into port 25 on the virtual IP address bound to the particular SMTP virtual server. So, if anything prevents the cluster service from making this connection, the IsAlive is surely bound to fail!
With that background, know that some antivirus vendors have added an option to prevent “mass mailing worms from sending mail” (ie – they actively block access to port 25). This will prevent mail delivery to the server where this feature is enabled, whether it’s a cluster or not. Clearly it shouldn’t be enabled on an Exchange server.
But, as I mention above, if you have this option set on an Exchange 200x cluster you are going to have problems getting the SMTP resource online (and keeping it online) above and beyond any mail delivery issues you might encounter!