OWA DNS Internally + OWA DNS Externally

Dns can take up to 36 - 72 hours to propagate the network. Although it has been my experience that it normally does not take that long, I would wait and see. 2 hours may not be long enough.

Thanks CincyItSolutions

OK, I drive home and see what happens.

Rgs, Juha

Make sure to create the zone on your internal DNS server with the necessary A records to have it work internally I'm guessing your have the MX set up as you can send and receive e-mail.  As cincy said it can take a while for the DNS entries to propogate externally.  Make sure to set up the SPF and PTR records externally.

Hi boed

Can you please give me an exsample of the A record and where to place it:

Maildomain: publicdomain.fi
Name in the Certificate (exchange server name): mail.publicdomain.fi
Server NetBIOS name: server.publicdomain.local
Internal IP: 192.168.2.10
The DHCP comes from HW Firewall
server.publicdomain.local is a local DNS server

The server now works (the problem is solved) but while I Googled I noticed a comment just like yours and as far as I know there is not such a recors in the DNS

Thanks,

Juha

Juha
Can you run ExRCA
https://www.testexchangeconnectivity.com/

Test for inbound and outbound mail.
Also test for outlook anywhere (if you are using RPC/HTTPS)

Another good idea would be to run SBS 2003 BPA
http://www.microsoft.com/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en

This checks for your SBS configuration against the standard practices.
Please run a health scan

Please report back errors.

Hello,

Depending on whether you have serveral internal dns entries to make .e.g. ftp.mydomain.com if you have an FTP server in an addition to exchange.mydomain.com - you will create a new mydomain.com zone on your dns servers and create A records for each IP you want to resolve internally.   If the only thing with that domain you need to resolve internally is your exchange server then you would just create the exchange.mydomain.com zone.

Thanks Boed

Excelent links. I'm out of Site without VPN. The RPC over HTTPS Outlook works fine. I need to leave for apx. 45 mins. Hopefully you are still there.

There is no companyweb or FTP or www (and not even Smart Phones). Only HW VPN for Terminal Server and now Exchange Outlook.

45-60 mins.

Rgs,

Juha

Boed

Here are the results (performed Out of Site)

Failed to test inbound SMTP mail flow.
       Test Steps
              Attempting to retrieve DNS MX records for domain humberg.fi
       One or more MX records were successfully retrieved from DNS.
              Additional Details




       Testing Mail Exchanger mail.humberg.fi.
       One or more SMTP tests failed for this Mail Exchanger.
              Test Steps

*******************

Performing Outbound SMTP Test
  Outbound SMTP Test Successful
   Test Steps
   Attempting reverse DNS lookup for IP 83.150.90.53
  Successfully resolved IP 83.150.90.53 via Reverse-DNS lookup
   Additional Details
  Resolved IP address 83.150.90.53 to host mail.humberg.fi
 
 Performing Real-Time Blackhole List (RBL) Test
  Your IP address wasn't found on any of the block lists selected.
   Test Steps
   Checking Block List "SpamHaus Block List (SBL)"
  The address isn't on the block list.
   Additional Details
  IP 83.150.90.53 was not found on RBL
 
 Checking Block List "SpamHaus Exploits Block List (XBL)"
  The address isn't on the block list.
   Additional Details
  IP 83.150.90.53 was not found on RBL
 
 Checking Block List "SpamHaus Policy Block List (PBL)"
  The address isn't on the block list.
   Additional Details
  IP 83.150.90.53 was not found on RBL
 
 Checking Block List "SpamCop Block List"
  The address isn't on the block list.
   Additional Details
  IP 83.150.90.53 was not found on RBL
 
 Checking Block List "NJABL.ORG Block List"
  The address isn't on the block list.
   Additional Details
  IP 83.150.90.53 was not found on RBL
 
 Checking Block List "SORBS Block List"
  The address isn't on the block list.
   Additional Details
  IP 83.150.90.53 was not found on RBL
 
 Checking Block List "MSRBL Combined Block List"
  The address isn't on the block list.
   Additional Details
  IP 83.150.90.53 was not found on RBL
 
 Checking Block List "UCEPROTECT Level 1 Block List"
  The address isn't on the block list.
   Additional Details
  IP 83.150.90.53 was not found on RBL
 
 Checking Block List "AHBL Block List"
  The address isn't on the block list.
   Additional Details
  IP 83.150.90.53 was not found on RBL
 
 
 
 Performing Sender ID validation
  Sender ID validation performed successfully
   Test Steps
   ExRCA is attempting to find the SPF record using a DNS TEXT record query.
  ExRCA wasn't able to find the SPF record.
   Additional Details
  No records were found.
 
Rgs,

Juha
 
 
 
 

Cincy

Sureley you were right. After 2,5 hrs the "DNS" started working. After your words I decided to drive home rather than stay OnSIte on Friday doing nothing special.

Rgs,

Juha

ExRCA wasn't able to find the SPF record.
   
Tests from mxtoolbox
220 humberg.fi Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 2 Jul 2010 19:10:21 +0300
>>>>>> May be an open relay.
 0 seconds - Good on Connection time
 0.624 seconds - Good on Transaction time
 OK - 83.150.90.53 resolves to mail.humberg.fi
>>>>>>  Warning - Reverse DNS does not match SMTP Banner

ok you did part 1 of the tests.

Now do part-2

Another good idea would be to run Exchange 2003 BPA
http://www.microsoft.com/downloads/details.aspx?FamilyID=dbab201f-4bee-4943-ac22-e2ddbd258df3&displaylang=en

Download and run a health scan.

Let us know warnings and errors

from your SBS server

go to command prompt
start > run  > Cmd

type

dcdiag /v /e /TEST:DNS > c:\dcdiag1.txt

upload dcdiag1.txt here

---
Also check the event logs
Under application
Check any errors from MsExchange IS / MTA etc.

start > run > eventvwr

Please upload errors here.

boed
I suspect there is something else going on there too..most likely related to transport

Rimfire

Go to services.msc
Verify all Microsoft Exchange Services are running
(no replication if you are not using any..

Specifically
Info Store / system attendant / MTA etc.

Also check if Simple Mail Transfer Protocol service is running

Is SMTP service down ?
a) I dont get a Exchange Header for mail.humberg.fi

b) go to dos prompt and type this

netstat -ab > c:\netstat.txt

Check for
192.168.0.1:25 >
Where 192.168.0.1 = IP address of your SBS server.

See if you can find that.
If you cant - we have a problem.

Please check my prior posts too.

thanks

Hi

1. I won't be on the Site before Sunday or Monday (no VPN or ILO).
2. I can send and receive via RPC over HTTPS.
3. The secmx1.nebula.fi is the ISPs secondary MX wisch holds mails on queue if my server is down. There might be some filtering too, I'm not sure.
4. I won't close this case now since I'm a little worry.
5. I will do these tests surely on post results here.
6. The smtp banner, If I remember correctly I had this problem before in some other server. Really want to reunderstand since in some of my servers were might be problems with this
7. I have not installed this so far: http://support.microsoft.com/kb/950757 

Thanks you very much.

Juha

Juha
You are saying that your mailflow is working.

Please test again using ExRCA
inbound email.

www.testexchangeconnectivity.com/

Hi

At www.testexchangeconnectivity.com/ The Inbound smtp email test fails. I'm little worried about the situation. Also https://mail.publicdomain.fi/exchange does not work Internally  fails internally. Something to do with DNS perhaps. I have done nothing for the DNS server, should I?

I start other tests guided above next.

BTW. The small company who previoisly provided us emails hotel told me that they are not too sure how to configure dns.

Rgs,

Juha

Sunny7

"netstat -ab > c:\netstat.txt

Check for
192.168.0.1:25 >
Where 192.168.0.1 = IP address of your SBS server."

Id did this check and there were no lines for protocol 25.

Sunny

I have huge amount of  error event id 3018 Source MXExchange Transport (NDR) which asks me to check DNS using nslookup.

The dcdiag is not regognized sw on this server.

Any ideas?

Hi

This is what how mx records are set with mail hotel's DNS server:

HOST                  RECORD      VALUE
-------------------------------------------------
humberg.fi.            NS      ns2.servia.fi.
humberg.fi.            NS      ns1.servia.fi.
humberg.fi.            A      84.234.78.xx
mail.humberg.fi.      A      83.150.90.yy
webmail.humberg.fi.      A      83.150.90.53
ftp.humberg.fi.            CNAME      humberg.fi.
lists.humberg.fi.      CNAME      humberg.fi.
www.humberg.fi.            CNAME      humberg.fi.
humberg.fi.            MX (10)      mail.humberg.fi.
humberg.fi.            MX (20)      secmx1.nebula.fi.
84.234.78.xx / 24      PTR      humberg.fi.

Juha
I ran some tests.

MX for humberg.fi = mail.humberg.fi
mail.humberg.fi > should point to your exchange server on a public IP

-- > this is setup already. Your Exchange server is running and listening on Port 25
tested on www.mxtoolbox.com

220 mail.humberg.fi Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 5 Jul 2010 15:36:46 +0300
 May be an open relay.
 0 seconds - Good on Connection time
 0.640 seconds - Good on Transaction time
 OK - 83.150.90.53 resolves to mail.humberg.fi
 OK - Reverse DNS matches SMTP Banner

STEP-2

a) Download this tool and run it on SBS 2003
http://www.microsoft.com/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en

Run a health scan.
Post back errors and warnings here.

Hi

Nice to hear from you Sunnyc7!

I'm currently installing updates to the server - it is not yet on the SP2 level. So it will take an hour or two untila I can reply.

Btw I changed ont the SMTP virtual server / Delivery / Advanced the fully Qualified domain name from: mydomain.fi to mail.mydomain.fi. Didn't notice any special impack.

Thanks,

Juha

thats fine. You should have that configured for rDNS tests to not fail

After you are done with updates - run the health scan for SBS 2003 BPA

Actually when I now test

SMTP virtual server / Delivery / Advanced the fully Qualified domain name: mail.mydomainname.fi I get the "Domain name is not valid" error. Should I change it back. Suppose when you just made a tests it were set up: mail.mydomainname.fi.

Rgs,

Juha

Did you click on check DNS next to it @@

that should be set to mail.humberg.fi > that's correct.
Dont change it.

What happens when you do this

go to command prompt
start > run  > Cmd

type

dcdiag /v /e /TEST:DNS > c:\dcdiag1.txt

then type
dcdiag1.txt

Save DcDiag1.txt on desktop
then

upload dcdiag1.txt here

Hi

I don't have dcdiag program. But, I got a huge amount of these which indicates I believe that this server is Open Relay:

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      NDR
Event ID:      3030
Date:            5.7.2010
Time:            18:47:13
User:            N/A
Computer:      SERVER
Description:
A non-delivery report with a status code of 5.2.0 was generated for recipient rfc822;richardsneider@interunitygroup.com (Message-ID  <a28641276eccc668268587c12b806805@localhost.localdomain>).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

*********************

Those addresses are unfamiliar to this organication, IIK.

Juha

Dcdiag is there on every computer which is a domain controller



Go to dos prompt
Click start then run
Then type
Command

You can check al switches by typing

Dcdiag /?

C:\Users\juha rimmi.TUKIKOMPPANIA>dcdiag /?
'dcdiag' is not recognized as an internal or external command,
operable program or batch file.

Juha
Please confirm that you are getting that error when you run that command from sbs 2003 command prompt and not from your workstation ?

Yes, this happens from server.

I'm installing .NET ServicePack and it takes a long time (doesen't want to cancel it). After that I pressume that I can instal Support Tools where I should find the program.

Also I'm updating the server so I can run: http://www.microsoft.com/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en

I don't understand what you mean by this: "Did you click on check DNS next to it @@"

Rgs, Juha

SMTP virtual server / Delivery / Advanced the fully Qualified domain name: mail.mydomainname.fi I get the "Domain name is not valid" error. Should I change it back

>> Over there on smtp virtual server when you change the fqdn
Do you see test dns. Click that and see if it resolves


Will wait for the updates report

Ok

Here is dcdiag results:

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine humhp, is a DC.
   * Connecting to directory service on server humhp.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 1 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\HUMHP
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... HUMHP passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\HUMHP
      Test omitted by user request: Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: Advertising
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: RidManager
      Test omitted by user request: MachineAccount
      Test omitted by user request: Services
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: frssysvol
      Test omitted by user request: frsevent
      Test omitted by user request: kccevent
      Test omitted by user request: systemlog
      Test omitted by user request: VerifyReplicas
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : Schema
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : Configuration
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : Humberg
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running enterprise tests on : Humberg.local
      Test omitted by user request: Intersite
      Test omitted by user request: FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
           
            DC: humhp.Humberg.local
            Domain: Humberg.local

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003 for Small Business Server (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000001] HP NC373i Multifunction Gigabit Server Adapter:
                     MAC address is 00:1F:29:08:B6:12
                     IP address is static
                     IP address: 192.168.200.10
                     DNS servers:
                        192.168.200.10 (humhp.humberg.local.) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     217.30.180.230 (<name unavailable>) [Valid]
                     217.30.182.230 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: Humberg.local.
                     Delegated domain name: _msdcs.Humberg.local.
                        DNS server: humhp.humberg.local. IP:192.168.200.10 [Valid]
                 
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone Humberg.local.
                  Test record _dcdiag_test_record added successfully in zone Humberg.local.
                  Test record _dcdiag_test_record deleted successfully in zone Humberg.local.
                 
               TEST: Records registration (RReg)
                  Network Adapter [00000001] HP NC373i Multifunction Gigabit Server Adapter:
                     Matching A record found at DNS server 192.168.200.10:
                     humhp.Humberg.local

                     Matching CNAME record found at DNS server 192.168.200.10:
                     875fb63a-599b-4006-b674-fdd9f569961a._msdcs.Humberg.local

                     Matching DC SRV record found at DNS server 192.168.200.10:
                     _ldap._tcp.dc._msdcs.Humberg.local

                     Matching GC SRV record found at DNS server 192.168.200.10:
                     _ldap._tcp.gc._msdcs.Humberg.local

                     Matching PDC SRV record found at DNS server 192.168.200.10:
                     _ldap._tcp.pdc._msdcs.Humberg.local

         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 192.168.200.10 (humhp.humberg.local.)
               All tests passed on this DNS server
               This is a valid DNS server
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
               Delegation to the domain _msdcs.Humberg.local. is operational
               
            DNS server: 217.30.180.230 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 217.30.182.230 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: Humberg.local
               humhp                        PASS PASS PASS PASS PASS PASS n/a  
         
         ......................... Humberg.local passed test DNS

Ok your dns is ok. Dcdiag passed all tests

HI

Here is BPA results. I'm currently downloading Exchange SP2 and will install it when the download is complite.

****************
The functional level of your Exchange Server 2003 organization is: Mixed Mode (can support pre-Exchange 2000 servers).   This must be changed to native mode before attempting to migrate to Windows Small Business Server 2008
***************
The Default instance should use the latest available service pack for Microsoft SQL Server 2005
****************
This server is running Microsoft Exchange Server 2003 with Service Pack 1 and SP2 is available
**************
You should install the Update for Exchange 2003 (KB911829). Doing so will ensure that your Outlook Web Access installation is compatible with Windows Vista.
*****************
You should configure Reverse Lookup Zone: 200.168.192.in-addr.arpa to allow only secure dynamic updates
***************
SQLAgent$SBSMONITORING service should be set to automatic and started
***************
You should install the appropriate Time Zone Update on the server. For more information, see the Knowledge Base article "August 2008 .........
**************
This server is running Windows SBS 2003 Service Pack 1 and Microsoft Exchange Server 2003 Service Pack 1. Exchange Server 2003 SP2 is available.
*******************
To configure Windows SBS Monitoring go to Start/Server Management/To Do List/Configure Monitoring

So,I start Installing Exchange SP2 now.

rgs,

Juha

Don't install sp2 exchange

There are some changes which you need to make otherwise your exchange will stop working

Google search for

Install exchange 200r sp2 on sbs 2003


I am outside and don't have access to a computer so can't send you the link

Check the first result from microsoft support

Hi Sunny

I stopped the Exchange SP2 installation (only extracted) and Found an article involved Intelligent Message Filtering. It is just that I can't see intelligetn filter under Message Delivery. Also I don't have a MSCFV2 -folder to rename as guided in kb/935916.

Coudn't it be so that I can carry on ninstalling Exch SP2?

Rgs,

Juha

Juha
Lets skip exchange SP2 installation and focus on getting the mail flow working for SBS 2003

Your dcdiag's passed.
Lets test ExRCA
http://www.testexchangeconnectivity.com/

If OWa still fails we will reset OWA to default virtual directories.

please confirm that you are not running any ASP or ASP.Net applications through IIS.
Also please confirm that you are not using Sharepoint Services.

thanks

Ok Sunny

ExRCA inbound fails and also I can't currently access mails externally via https://mail.mydomain.fi/exchgange

This is ExRCA result:
Testing Inbound SMTP Mail flow for domain testi2@humberg.fi
  Failed to test inbound SMTP mail flow.
   Test Steps
   Attempting to retrieve DNS MX records for domain humberg.fi
  One or more MX records were successfully retrieved from DNS.
   Additional Details
  MX Records Host mail.humberg.fi, Preference 10
, Host secmx1.nebula.fi, Preference 20
 
 
 Testing Mail Exchanger mail.humberg.fi.
  One or more SMTP tests failed for this Mail Exchanger.
   Test Steps
   Attempting to resolve the host name mail.humberg.fi in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: 83.150.90.53
 
 Testing TCP Port 25 on host mail.humberg.fi to ensure it is listening and open.
  The port was opened successfully.
   Additional Details
  Banner Received: 220 humberg.fi Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 5 Jul 2010 22:17:44 +0300  
 
 Attempting to send test email message to testi2@humberg.fi using MX mail.humberg.fi.
  Delivery of the test message failed.
   Additional Details
  Server returned status code 452 - Insufficient system storage. The server response was: 4.3.1 Out of memory
Exception details:
Message: Insufficient system storage. The server response was: 4.3.1 Out of memory
Type: System.Net.Mail.SmtpException
Stack trace:
at System.Net.Mail.MailCommand.CheckResponse(SmtpStatusCode statusCode, String response)
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
 
***************************

Also I still has hundreds of these:
Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      NDR
Event ID:      3008
Date:            5.7.2010
Time:            22:19:56
User:            N/A
Computer:      HUMHP
Description:
A non-delivery report with a status code of 5.0.0 was generated for recipient rfc822;amigo_sony@amigodog.com.tw (Message-ID  <59451947f9620901a730e5a9e9ea67dc@localhost.localdomain>).  
Cause:  This indicates a permanent failure. Possible causes :  1)No route is defined for a given address space. For example, an SMTP connector is configured, but this recipient address does not match the address spaces for which it routes mail.  2)Domain Name Server (DNS) returned an authoritative host not found for the domain.  3)The routing group does not have a connector defined û mail from one server in the routing group has no way to get to another routing group.    
Solution: Verify that this error is not caused by a DNS lookup problem, and then check the address spaces configured on your STMP connectors. If you are delivering Internet mail through an SMTP connector,  consider adding an address space of type SMTP with value ô*ö (an asterisk) to one of the SMTP connectors to make routing possible. Verify all routing groups are connected to each other through a routing group connector or another connector.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Rgs, Juha
 
 
 
 

Forgot

We don't use SharePoint and suppose not any asp solutions. There is a SQL server used for 3rd Party accountting SW.

Rgs, Juha

Additionally

The inbound smtp test says that:

 Server returned status code 452 - Insufficient system storage. The server response was: 4.3.1 Out of memory

I do have 1,7 GB free memory right now.
One External USB disk is full. I just made 10 GB space available in there but seems that it didn't fix the problem.

Rgs,

Juha
Juha

Hi

I'm preparing to do this procedure: http://support.microsoft.com/kb/883380

How to reset the default virtual directories that are required to provide Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services in Exchange Server 2003

Method 2: Use Adsutil.vbs
Back up your IIS Metabase. To do this, follow these steps:
Start IIS Manager.
Right-click Default Web Site, point to All Tasks, and then click Save Configuration to a File.
Delete the virtual directories for Outlook Web Access. To do this, right-click Exadmin in the left pane of IIS Manager, and then click Delete. Click Yes when you are prompted with the question of whether you want to delete this item.

Repeat this step for the following virtual directories:
Exchange
ExchWeb
Microsoft-Server-ActiveSync
OMA
Public
Quit IIS Manager. .........


OK?

dont use adsutilvbs

I have a better one.

Use Method-1 > IIS metabase explorer.

Also about insufficient storage

a) Let me know the amount of space left in all drives.
b) On what drive is Exchange installed on
c) Go to Exchange System Manager
Expand Administrative Groups
- first storage group
- expand servers
- right click on your exchange server name go to properties
you will find the location of your exchange EDB files and log Files

Check if you have sufficient space for Exchange +  log files

Hi

I actually just finnished adsutil procedure which went through just like in the instructions. It Didn't change/fix anything. The SMTP inbound test fails. Note that OWA works externally and I can install the self signed certificate.

But, Internally I can't access another companys OWA too, doesn't that indicate that perhaps there is something in the firewall Policy Routes or DNS. The DNS comes from Win Server but DHCP comes from firewall.

Rgs,

Juha

Hi

I just noticed that these errors are gone - no new one appeared for last 15 mins.

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      NDR
Event ID:      3008
Date:            5.7.2010

I need to drive home now and I'll be back after 40 mins.

Drice C: 24,6 GB of 68,3 GB free
Drive E: 95 GB of 136 GB free
Dirve F 10 GB of 465 GB free (External BU disk - earlier on today there were on 20 MB free space)

Exchange is installed on drive E:
E:\Program Files\Exchsrvr\MDBDATA\priv1.edb
E:\Program Files\Exchsrvr\MDBDATA\priv1.stm

Rgs, Juha

Hi

I'm here if you have any ideas.

Rgs, Juha

Juha
I am really sorry i havent responded. I have guests over. Give me about 3-4 hrs.
Just came in here to leave a quick msg.

Ok thanks

Actually I had a little sleep. The clock is now 5 am here in Finland.

Juha

I am back. Sorry I had guests over.

Lets focus on getting exchange to receive emails first.

I just noticed something you mentioned above ?

I actually just finnished adsutil procedure which went through just like in the instructions. It Didn't change/fix anything. The SMTP inbound test fails. Note that OWA works externally and I can install the self signed certificate.
>> 

STEP-1
Check
All Exchange services are running
Start > run > type services.msc

Necessary for Exchange
Exchange - Info Store
Management
MTA Stacks
System Attendant
Routing engine
Event
Simple Mail Tranfer protocol
WWW Publishing

Optional ---
IMAP4
POP3
Site Replication

STEP-2 - > check if your Exchange is configured properly to receive emails.
Screenshot help -->http://www.petri.co.il/configure_exchange_2000_2003_to_receive_email_for_other_domains.htm

On your Exchange Server ESM
Go to Recipients
Recipient policy
Default Recipient policy
Right click properties
click on email-address policy
> SMTP -- what does it say ?
**** Which one is bold. Let me know that

------
How to set-up exchange to receive emails using Internet Mail Wizard.
http://www.msexchange.org/tutorials/Using_Exchange_2003_Mail_Wizard.html

------

But, Internally I can't access another companys OWA too, doesn't that indicate that perhaps there is something in the firewall Policy Routes or DNS. The DNS comes from Win Server but DHCP comes from firewall.

>> Are you saying that you have configured your exchange to receive emails from 2 domains ??

Let me know if you are up. It's 6:45 AM in Finland. - 11:40 PM in US. East coast.

Nice to hear from you again Sunny. Here are the results

STEP-1
Event: Startup type Manual / Stopped
POP/IMAP not involved

STEP-2
SMTP (in bold) @mypublicdomain.fi
SMTP (not in bold) @ublicdomain.local
Also x400 is in bold

"How to set-up exchange to ..."
I have run CEICW wizard allready (SBS Spesific). Do you really suggest I should run ESM Internet Mail Wizard? In CEICW I have created the certificate and published to the Internet OWA

AHA. I JUST CHECKED CEICW and OWA and OMA where not published to Internet. They have dissapeared from there during the process we have here. Perhaps the adsutil or updates I installed 1-2 hours ago have changed that.

">> Are you saying that you .."
No, my focus were to point that https/DNS works padly/Strangly internally. In other quite similiar enviroments I can access the customer Company's OWA or my companys OWA without problems.
Rgs,

Juha

Btw. I noticed somewhere in the event viewer something like this: After defragmentation the Public Store has 3GB available space. I'll try to track it down in case that it is meaningful.


OWA and OMA

Sunny

The inbound SMTP test gives now diferent results. It seems that the mail flow problem is now FIXED!!!!! and the Open Relay is the only thing left. Here:

 Testing Inbound SMTP Mail flow for domain testi2@humberg.fi
  Failed to test inbound SMTP mail flow.
   Test Steps
   Attempting to retrieve DNS MX records for domain humberg.fi
  One or more MX records were successfully retrieved from DNS.
   Additional Details
  MX Records Host mail.humberg.fi, Preference 10
, Host secmx1.nebula.fi, Preference 20
 
 
 Testing Mail Exchanger mail.humberg.fi.
  One or more SMTP tests failed for this Mail Exchanger.
   Test Steps
   Attempting to resolve the host name mail.humberg.fi in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: 83.150.90.153
 
 Testing TCP Port 25 on host mail.humberg.fi to ensure it is listening and open.
  The port was opened successfully.
   Additional Details
  Banner Received: 220 humberg.fi Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Tue, 6 Jul 2010 07:43:28 +0300  
 
 Attempting to send test email message to testi2@humberg.fi using MX mail.humberg.fi.
  The test message was delivered successfully.
 Testing the MX mail.humberg.fi for open relay by trying to relay to user Admin@TestExchangeConnectivity.com
  The Open Relay test failed. See additional details.
   Tell me more about this issue and how to resolve it
   Additional Details
  Open relay test message delivered successfully to Admin@TestExchangeConnectivity.com
 
 
 
 
 

Sunny

I'm in process of deleting 150 000 spam  mails in Queye.I think that the server were quite busy managing these.

https://www.experts-exchange.com/questions/26308658/Open-Relay-SPAM-Default-SMTP-Virtual-Server-Access.html?anchorAnswerId=33142932#a33142932

At least a NDR attack were involved.

Rgs,

Juha

Hi,

Check this article:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2527-How-to-prevent-Spoofed-Emails-in-Exchange-2003.html

Hope this helps,
Shree

Hi

This case seem to be closed. I really took awile to solve all issues. I'll grant point laiter on and explain what has happened. I need to have some rest now.

Thank you all and specially Sunnyc7 for helping me.

Rgs,

Juha

Hi

I can close the case now. The attact came probably from Taiwan. Additionally what Sunny says above (which is the fact) the customer decided to use D-Fence service. Their servers filters the spam and in the HW FW I'll forward SMTP only from their IP addresses. ISP noticed the SPam situation and asked explanation. I admit the spam but in that time the spamming has stopped cause the server were fixed. I'll also let them know that we hired D-Fence to filter spam in the future. The ISP sayd OK but we will monitor the behavior of the internet taraffic of that Internet Connection awhile.

The domain is balcklisted at Barracuda and Tiopan. I'll try to contact them today. Now when the D-Fence filters spam the the test mxtoolbox blacklist says that the domain is Ok but I believe that I have to contakt them anyway.

Very special thanks to Sunny who helped me out from this nightmare! Without that direct help I don't know how I could guide out from the terrible situation.
Also great thanks to all you other. Exchange-Experts can save lives.

In the future I won't setup a Exchange as carelesly. The good thing that I learned in the hard way to take care immdiently the Open Relay situation! I also believe that I can now fix the SMTP Banner problem perhaps by my self.

Again thank you all for helping me solve the multiple problems i had. Have a Great Summer!

With Best Regards,

Juha

With honor I grade 400 to Sunny for excelent job and direct hands on work. Unfortunatelly I have only 100 points left to grade all other.

I grant 100 to Boyed since he sayd "disable openrelay on your server (RIGHT AWAY!)". I have to admit that I pretty much ignored that and started having weekend. I learned a lesson in the hard way.