Link to home
Start Free TrialLog in
Avatar of Darktide00
Darktide00

asked on

2003 Unable to send mail to old 5.5 server or to the outside, 5.5 can't get to 2003 boxes

Hi,
I recently got my new 2003 exchange server up and running thanks to MunichPostman....
There is something weird happening though.
I am unable to send anything from the old 5.5 accounts to the new 2003 accounts and vice versa... The global address list appears on both and underlines who I want to send it to. However, every time I get the system admin sending back the mail to me. Or when sending from the new ones it just sticks inside the queue and will not release. I have hit retry and still nothing happens. Any ideas? This server is a hot issue here and I am alone in my quest to make this thing work.
Thanks,
Avatar of Member_2_1821405
Member_2_1821405

Hello again,

can you please provide details on what kind of NDR's you are receiving?

Also please check the following to see if all of the objects in Exchange 2003 are stamped with the correct proxy addresses.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;281761

Avatar of Darktide00

ASKER

Sure here is the report:

Your message did not reach some or all of the intended recipients.

      Subject:      test
      Sent:      10/20/2004 10:56 AM

The following recipient(s) could not be reached:

      'cbrady@companyname.com' on 10/20/2004 10:56 AM
            The recipient name is not recognized
      The MTS-ID of the original message is: c=us;a= ;p=companyname;l=NT040410201756VH19SAWT
            MSEXCH:IMS:Company Inc.:WORKRITE:SERVER04 0 (000C05A6) Unknown Recipient

The weird thing is the part listed as SERVER04 should be pointing to the new server which is MAIL.... is that right?
At the risk of sounding uninformed I have not performed a dump using the tools listed in the MS article. Is there an article that explains how to do this without the risk of having to reinstall the servers?
Thanks!
Use ADSIedit to see the recipients proxyaddress properties.  Additionally, you should see pretty much the same info on the user's general tab under "e-mail".
If you didn't manually populate that field, then the Recipient update service did (which is what you want).  Also verify that ADC is up and running correctly, once you add a new 2003, you should modify your ADC connection agreements to point to the new 2003 server on port 379.  If you see any ADC connections pointing to a 5.5 server while you have a 2003 server in the same site/Routing Group, change the ADC recipient and pubfldr connection agreement properties to reflect the new 2003 server on port 379.  Also make the new 2003 server in the routing group, the local bridgehead.

Hope that helps
Paul
F.Y.I The ADC is responsible for replicating the configuration of 5.5 to AD, and the 2003 Site Replication Service (SRS) is designed to replicate the AD/Ex2k3 topology back to 5.5.  From what it looks like, the later isn't happening. ADC should be able to solve that..
Paul
Hi,

the key thing to check is if the users have been stamped with the proxy addresses mentioned in the article. The NDR you have posted looks to me as if your recipients are missing either their homeMTA or Homemdb properties.

Doing a dump using LDP is quite safe.
Hi,
I really appreciate your help on this one....
I have checked the connection agreements and all three are pointing to the new server. When I went to the routing group I noticed that the old 5.5 server is greyed out in the member area. Also under connectors the Internet Mail Service is pointing to the old server with an SMTP connector. I am unable to create a routing group because it says you need more than one routing group to create a connector. I was not able to make the new server a bridgehead.
Really it shouldn't matter which server the IMS is on or your SMTP connector.. The greyed out server I believe is normal, it's represented that way because it's 5.5 and 5.5 is generally considered outside the management scope of ESM.  Based on your answer I presume you only have a single site then.

Are the ADC connections to the new server on port 379?  Your NDR is accurate in mentionning SERVER04 since that's where messages are coming in on, they just have no idea how to find the mailbox on the other server, that makes me think SRS..  Do you see an SRS agreement in ESM under Site Replication Service?

Paul
Thanks for the quick response:)

Yes the sites; Config CA_COMPANYNAME_MAIL, Public Folders, and users are pointing to 379....
I noticed something here though..... The users agreement only replicates the "user" file on 5.5..... All the actual users are in the "recipient folder" on 5.5 not the "user folder"...... Do I need to create a new "recipient connection agreement" for the users to replicate accross....
When I go to the "users" folder in 5.5 I see my test subject I created on the new 2003 side but no one else.....
Also yes there is an SRS agreement going to the new 2003 server showing.....
One more weird thing is happening... I just entered a new user to active directory and assigned it a mailbox on the new server. However, I is not showing up under "Mailboxes" while the other test subject did......
Ok... Mailboxes are showing up again after adding them to active directory and I am able to send mail to thetest subjects from each other within 2003. Still unable to send to any 5.5 addresses or outside....
I just got through the proxy lookup.
It all seems to be pointing to the right address....
Also the new mailbox store is listed in the homemdb and the homemta mentions the new server as well......
sounds good, can you now send and receive messages without NDR's??
Can both server's ping each other?
What are the account group memberships for the accounts used in ADC?
Verify that account connecting to the DC/GC has Enterprise and Schema Admin permissions.
Verify that the account connecting to 5.5 has service account admin for the entire 5.5 at the organization level and inherited all the way down to the servers..
Mailboxes only "truely" get created when they get their 1st message.

There are still problems, can you see the 2003 server using the Exchange 5.5 Administrator Console on the Excahnge 5.5 server?
Can you see the 5.5 server from the ESM on the Exchange 2003 server?

Thanks
Paul
Hi ,
Once again I cannot thank you guys enough for helping me out on this... I have until the end of the month to get this server rolling and into production..... No Pressure......hahahaha....

I am still getting the same NDR message when I send to the test user from the 5.5 side. I am still unable to send to 2003 from the 5.5 side.... Also I am unable to reach the test user from outside accounts like AOL or MSN....

Both servers can ping each other but their is something odd here....
When I ping the 5.5 server from 2003 it resolves fine....
When I ping the 2003 servers IP address it is fine. But when I try to ping its name it gives me the wrong server.. It goes to our outside Outlook Web Access address and resolves the same name as our new server with a .com instead of a .net
It is unable to ping its full name as well. ie...    mail.company.net  
Could this be part of the problem? It seems the OWA has the same name as the new server just slightly different with a .com instead of a .net
The account connectiing the ADC has a ton of memberships including the 2 mentioned above.
I cannot see the new 2003 server from the old 5.5 admin at all.......
I am able to see the 5.5 from the ESM.....

Thank you again in advance for all your help!!!!
This is also the same account that is the service account admin on 5.5
Under the new user directory the test account is listing itself as an admin? weird....
Do I need to create something in the ADC to point to "recipients" instead of "users"? That is where all of our mailboxes are located. Not in the "user" area.

Should I remove the old 5.5 Outlook Web access to resolve this name problem? I have to redo this anyways with the new 2003 install....
No, don't change anything yet..

Sounds to me like a DNS issue..
What are the DNS servers listed on each server's DNS tab in the NIC config..  Are any of the server's multi-homed, meaning more than one operational network card per machine?  What is your FQDN for Active Directory, i.e. what's the domain name for AD (not the NetBIOS name).  Also, what's the domain name from the internet?

From the sounds of it, your 5.5 server is using a different DNS server than the AD DNS server.
the 5.5 server is most likely set to your ISP's DNS servers.. In AD's DNS, add a forwarder to you ISP's DNS.
Then in your 5.5 NIC, change to the internal AD DNS server.

Hope that's it!
Paul

"When I ping the 2003 servers IP address it is fine. But when I try to ping its name it gives me the wrong server.."

It sounds as if you have a dns misconfiguration.

You will need to check the DNS record of the Exchange 2003 server. If you type the command nslookup followed by the name of the Exchange 2003 server does it give you the information of a different server? If it does DNS is definately the problem.
In case you are not familar wiht nslookup and DNS here is some help

http://support.microsoft.com/kb/200525
The reason the NDR's are occuring is because the E2k3 server (and as a result the users) are not showing up in Exchange 5.5  This probably has to do with the name resolution problem.  Either fix the DNS entry or add a hosts file entry to the E2k3 server.  Once name resolution works, force replication from the 5.5 server and run a KCC.  Once the E2k3 server shows up on the 5.5 side, kick off ADC replication and make sure the 2k3 recipients show up.  Once this is done the NDR's should go away.
Optionally, You can also add a DNS suffix search order to your 5.5 server, you can have it search the companyname.net 1st, then search comapnyname.com 2nd.  So when you query hostxx it will check hostxx.companyname.net and if it can't find anything, will search hostxx.companyname.com..  I'm pretty sure that the "DNS suffix search order" option existed in NT4 as well as newer, but can't remember for sure, however, DNS is the root cause..

Thx
Paul
Awesome tips guys you are awesome!!
That DNS change is now allowing the 5.5 server to see the right mail server!
It seems that the whole thing is a DNS mess I created.....
When I use nslookup it states that it can't find the server name for address...
It is also giving me the wrong IP address. It is giving me the address of the other Domain Controller....
Then it states "DNS request timed out"
"Request to Unknown timed-out"
Yup, so are things any better yet?  Things will work themselves out from here, but if you wanted to speed things up, you could try to force a replication in ADC for recipient and pubfolder Connection Agreements.
Thx
Paul
Hi,
I am still unable to see the new 2003 server in Exchange 5.5 admin on either side. I am able to ping the server on both sides now. I ahev added in the suffix information as listed above as well....
I am unaware of how to force the replication on the 5.5 admin side of the fence though so that could be an issue...
"Once name resolution works, force replication from the 5.5 server and run a KCC"
Should this be done in the ADC as before? Or actually on the 5.5 server?
This is done on the 5.5 server.  Open 5.5 admin, highlight the server name, and open directory service on the right.  Both the update now and KCC options should be there.
Hi,
I went to the 5.5 server,went to the original old mail server, and opened the directory service but the "update Now" function is greyed out....?
I am still unable to see the new 2003 server on either machine within the 5.5 admin.......
This is not good, it means that the 5.5 server has no knowledge of the SRS.  There are a couple of ways to fix this, but none of them are easy:

- Install another E2k3 server into the AG and create an SRS
OR
- Roll the E2k3 install back completely and reinstall

Of course there is a 3rd option that doesn't require a new server or an uninstall, but its completely unsupported.  If you want the steps let me know and I'll give them to you.
I vote for option 3, then if all else fails a reload might be the answer......
ASKER CERTIFIED SOLUTION
Avatar of marc_nivens
marc_nivens

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hmmmm. I got to the last part to create the service and all it asked for was the admin password. It did not ask me where I would like to point it... It has the new servs name in parenthesis (MAIL) not the old server.... There are no items inside of it...
Wooooooah Nelly.... Hold the phones.... The new server is appearing in the 5.5 Admin.... No way....:) HAPPY HAPPY JOY JOY!!!!
It contains "Microsoft  DSA"
That is expected.  Sounds like its starting to work.  So I take it you were able to recreate the SRS successfully?
Genius pure Genius....... That was a pretty sweet move!
Just glad I could help :-)
Everyone here has been really really helpful and eyeopening.... I totally appreciate all you guys helped me with....
Should I be able to send mail back and forth now or will it take a while to replicate everything?
Once the ADC replicates recipients between 5.5 and AD properly you will be able to send back and forth.
Do I have to do anything to make this happen? Or should I relax a while and let it run......
It depends on the ADC schedule... if you wanna force it open the ADC management tool, right click on the recipient connection agreement, and click replicate now.   Then just sit back and wait...
My Connection Agreement does not have a recipient connection agreement....? It has one marked "users"... Which is strange because on the 5.5 side there is 1 user in there and it is one of the test subjects I made... Everyone else is in the "recipient" folder on 5.5.... Do I need to create a new agreement to catch the "recipients"?
No, this connection agreement should work.  
Still unable to send mail to 5.5 or vice versa?
Your message did not reach some or all of the intended recipients.

      Subject:      test
      Sent:      10/21/2004 4:00 PM

The following recipient(s) could not be reached:

      'jbrady@company.com' on 10/21/2004 4:00 PM
            The recipient name is not recognized
      The MTS-ID of the original message is: c=us;a= ;p=Company Name ;l=NT040410212300VLXH18K0
            MSEXCH:IMS:SITE NAME:GOUPNAME:NT04 0 (000C05A6) Unknown Recipient

NT04 is the old 5.5 server.... jbrady's mailbox is on the new server.... I sent this from a 5.5 test account....
Then the ADC is not working right.  Did the ADC Tools for 2003 create this connection agreement?  If so, check the application log on the ADC server for any errors or warnings.  If the ADC tools did not create this connection agreement, delete it and run the ADC tools.
Processing of the Connection Agreement 'Config CA_WORKRITE_MAIL' has been stopped due to an invalid configuration. Check the event log for more information.

Could not locate the import container cn=Workrite Uniform Company Inc,cn=Microsoft Exchange,cn=Services,cn=Configuration,dc=workrite,dc=net. Make sure that the configured container exists, or that the account in the Connection Agreement has permissions to access the container. Replication stopped for this Connection Agreement.   (Connection Agreement 'Config CA_WORKRITE_MAIL' #3344)

I am unable to delete the CA_WORKRITE_MAIL agreement........
This is probably the config CA for the SRS that was deleted.  As long as the 2003 server shows up in 5.5, the Config CA is working.  The errors I'm referring to would come from the users connection agreement.
The service threw an unexpected exception.  
This is the only other error popping up besides the other 2..... Event ID 8142

User Action
Restart the service. Verify that there is enough disk space and memory. If the problem persists, contact Microsoft Product Support Services.
   
   
Version: 6.5.6940.0
Component: Microsoft Exchange Active Directory Connector
Message: The service threw an unexpected exception.

I tried this and it still does not seem to work....

An odd thing though there is a missing period at the end the storage name. Could that make a difference?
Workrite Uniform Company Inc.   <-----What it shows on the 5.5 server
Could not locate the import container cn=Workrite Uniform Company Inc,  <------ Error message
This is showing up on the 5.5 server......

The user /O=Workite Uniform Company Inc./OU=WORKRITE/cn=Configuration/cn=Servers/cn=MAIL has caused a security violation. Locality table (LTAB) index: 4. Windows NT error code: 0. [BASE IL MAIN BASE 1 237] (14)
error 9297
Oh I just thought of something... we never changed the 5.5 directory back to LDAP port 389.  Most likely the users CA is trying to use this port.  Change the LDAP port on 5.5 back to 389 and restart the directory service.  Then force replication on the user CA.  You can verify that the user CA is using port 389 by going to properties, 2nd tab.
Okey Dokey the LDAP is back to 389 however all the agreements are pointing to the new server and on port 379.....
Same errors after starting them back up......
See if this fixes them:

319889 The Configuration Connection Agreement Does Not Replicate the Information
http://support.microsoft.com/?id=319889
You're not going to believe this..... There was a "." missing off the main name of our exchange server. I ran the connector services and there is no error so far...:)
Hi again,
I came ion this morning and tried to send a mail to my test accounts....
They came back not deliverable once again:( ...
Here is the message

Your message did not reach some or all of the intended recipients.

      Subject:      test1037
      Sent:      10/22/2004 10:36 AM

The following recipient(s) could not be reached:

      'mbrady@workrite.com' on 10/22/2004 10:36 AM
            The recipient name is not recognized
      The MTS-ID of the original message is: c=us;a= ;p=workite uniform ;l=NT040410221735VL7XPP1X
            MSEXCH:IMS:Workite Uniform Company Inc.:WORKRITE:NT04 0 (000C05A6) Unknown Recipient
It sounds like the problem is now with the user connection agreement.  To troubleshoot this I'll need to understand how its set up.  Open properties of the user connection agreement in the ADC admin tool.  Tell us everything that is listed on the From Windows and From Exchange tabs, including boxes that are checked/unchecked.  Also, how many Config CA's do you have listed?