RimFire007
asked on
OWA DNS Internally + OWA DNS Externally
Hi
A SBS 2003 R2 where the ISP started today to point mails. Clients can send mail and fetch mail but https://mail.publicdomain.fi/exchange does not work Internally nor externally. the IP works. I run CEIICW today to have the certificate. This site haven't use Exchange before. The ISP did DNS change almost two hours ago. This server has built apx two years ago.
Any ideas how to fix this?
Thanks,
Juha
A SBS 2003 R2 where the ISP started today to point mails. Clients can send mail and fetch mail but https://mail.publicdomain.fi/exchange does not work Internally nor externally. the IP works. I run CEIICW today to have the certificate. This site haven't use Exchange before. The ISP did DNS change almost two hours ago. This server has built apx two years ago.
Any ideas how to fix this?
Thanks,
Juha
Dns can take up to 36 - 72 hours to propagate the network. Although it has been my experience that it normally does not take that long, I would wait and see. 2 hours may not be long enough.
ASKER
Thanks CincyItSolutions
OK, I drive home and see what happens.
Rgs, Juha
OK, I drive home and see what happens.
Rgs, Juha
Make sure to create the zone on your internal DNS server with the necessary A records to have it work internally I'm guessing your have the MX set up as you can send and receive e-mail. As cincy said it can take a while for the DNS entries to propogate externally. Make sure to set up the SPF and PTR records externally.
ASKER
Hi boed
Can you please give me an exsample of the A record and where to place it:
Maildomain: publicdomain.fi
Name in the Certificate (exchange server name): mail.publicdomain.fi
Server NetBIOS name: server.publicdomain.local
Internal IP: 192.168.2.10
The DHCP comes from HW Firewall
server.publicdomain.local is a local DNS server
The server now works (the problem is solved) but while I Googled I noticed a comment just like yours and as far as I know there is not such a recors in the DNS
Thanks,
Juha
Can you please give me an exsample of the A record and where to place it:
Maildomain: publicdomain.fi
Name in the Certificate (exchange server name): mail.publicdomain.fi
Server NetBIOS name: server.publicdomain.local
Internal IP: 192.168.2.10
The DHCP comes from HW Firewall
server.publicdomain.local is a local DNS server
The server now works (the problem is solved) but while I Googled I noticed a comment just like yours and as far as I know there is not such a recors in the DNS
Thanks,
Juha
Juha
Can you run ExRCA
https://www.testexchangeconnectivity.com/
Test for inbound and outbound mail.
Also test for outlook anywhere (if you are using RPC/HTTPS)
Another good idea would be to run SBS 2003 BPA
http://www.microsoft.com/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en
This checks for your SBS configuration against the standard practices.
Please run a health scan
Please report back errors.
Can you run ExRCA
https://www.testexchangeconnectivity.com/
Test for inbound and outbound mail.
Also test for outlook anywhere (if you are using RPC/HTTPS)
Another good idea would be to run SBS 2003 BPA
http://www.microsoft.com/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en
This checks for your SBS configuration against the standard practices.
Please run a health scan
Please report back errors.
Hello,
Depending on whether you have serveral internal dns entries to make .e.g. ftp.mydomain.com if you have an FTP server in an addition to exchange.mydomain.com - you will create a new mydomain.com zone on your dns servers and create A records for each IP you want to resolve internally. If the only thing with that domain you need to resolve internally is your exchange server then you would just create the exchange.mydomain.com zone.
Depending on whether you have serveral internal dns entries to make .e.g. ftp.mydomain.com if you have an FTP server in an addition to exchange.mydomain.com - you will create a new mydomain.com zone on your dns servers and create A records for each IP you want to resolve internally. If the only thing with that domain you need to resolve internally is your exchange server then you would just create the exchange.mydomain.com zone.
ASKER
Thanks Boed
Excelent links. I'm out of Site without VPN. The RPC over HTTPS Outlook works fine. I need to leave for apx. 45 mins. Hopefully you are still there.
There is no companyweb or FTP or www (and not even Smart Phones). Only HW VPN for Terminal Server and now Exchange Outlook.
45-60 mins.
Rgs,
Juha
Excelent links. I'm out of Site without VPN. The RPC over HTTPS Outlook works fine. I need to leave for apx. 45 mins. Hopefully you are still there.
There is no companyweb or FTP or www (and not even Smart Phones). Only HW VPN for Terminal Server and now Exchange Outlook.
45-60 mins.
Rgs,
Juha
ASKER
Boed
Here are the results (performed Out of Site)
Failed to test inbound SMTP mail flow.
Test Steps
Attempting to retrieve DNS MX records for domain humberg.fi
One or more MX records were successfully retrieved from DNS.
Additional Details
Testing Mail Exchanger mail.humberg.fi.
One or more SMTP tests failed for this Mail Exchanger.
Test Steps
*******************
Performing Outbound SMTP Test
Outbound SMTP Test Successful
Test Steps
Attempting reverse DNS lookup for IP 83.150.90.53
Successfully resolved IP 83.150.90.53 via Reverse-DNS lookup
Additional Details
Resolved IP address 83.150.90.53 to host mail.humberg.fi
Performing Real-Time Blackhole List (RBL) Test
Your IP address wasn't found on any of the block lists selected.
Test Steps
Checking Block List "SpamHaus Block List (SBL)"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "SpamHaus Exploits Block List (XBL)"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "SpamHaus Policy Block List (PBL)"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "SpamCop Block List"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "NJABL.ORG Block List"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "SORBS Block List"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "MSRBL Combined Block List"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "UCEPROTECT Level 1 Block List"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "AHBL Block List"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Performing Sender ID validation
Sender ID validation performed successfully
Test Steps
ExRCA is attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
Additional Details
No records were found.
Rgs,
Juha
Here are the results (performed Out of Site)
Failed to test inbound SMTP mail flow.
Test Steps
Attempting to retrieve DNS MX records for domain humberg.fi
One or more MX records were successfully retrieved from DNS.
Additional Details
Testing Mail Exchanger mail.humberg.fi.
One or more SMTP tests failed for this Mail Exchanger.
Test Steps
*******************
Performing Outbound SMTP Test
Outbound SMTP Test Successful
Test Steps
Attempting reverse DNS lookup for IP 83.150.90.53
Successfully resolved IP 83.150.90.53 via Reverse-DNS lookup
Additional Details
Resolved IP address 83.150.90.53 to host mail.humberg.fi
Performing Real-Time Blackhole List (RBL) Test
Your IP address wasn't found on any of the block lists selected.
Test Steps
Checking Block List "SpamHaus Block List (SBL)"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "SpamHaus Exploits Block List (XBL)"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "SpamHaus Policy Block List (PBL)"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "SpamCop Block List"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "NJABL.ORG Block List"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "SORBS Block List"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "MSRBL Combined Block List"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "UCEPROTECT Level 1 Block List"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Checking Block List "AHBL Block List"
The address isn't on the block list.
Additional Details
IP 83.150.90.53 was not found on RBL
Performing Sender ID validation
Sender ID validation performed successfully
Test Steps
ExRCA is attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
Additional Details
No records were found.
Rgs,
Juha
ASKER
Cincy
Sureley you were right. After 2,5 hrs the "DNS" started working. After your words I decided to drive home rather than stay OnSIte on Friday doing nothing special.
Rgs,
Juha
Sureley you were right. After 2,5 hrs the "DNS" started working. After your words I decided to drive home rather than stay OnSIte on Friday doing nothing special.
Rgs,
Juha
ExRCA wasn't able to find the SPF record.
Tests from mxtoolbox
220 humberg.fi Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 2 Jul 2010 19:10:21 +0300
>>>>>> May be an open relay.
0 seconds - Good on Connection time
0.624 seconds - Good on Transaction time
OK - 83.150.90.53 resolves to mail.humberg.fi
>>>>>> Warning - Reverse DNS does not match SMTP Banner
Tests from mxtoolbox
220 humberg.fi Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 2 Jul 2010 19:10:21 +0300
>>>>>> May be an open relay.
0 seconds - Good on Connection time
0.624 seconds - Good on Transaction time
OK - 83.150.90.53 resolves to mail.humberg.fi
>>>>>> Warning - Reverse DNS does not match SMTP Banner
ok you did part 1 of the tests.
Now do part-2
Another good idea would be to run Exchange 2003 BPA
http://www.microsoft.com/downloads/details.aspx?FamilyID=dbab201f-4bee-4943-ac22-e2ddbd258df3&displaylang=en
Download and run a health scan.
Let us know warnings and errors
Now do part-2
Another good idea would be to run Exchange 2003 BPA
http://www.microsoft.com/downloads/details.aspx?FamilyID=dbab201f-4bee-4943-ac22-e2ddbd258df3&displaylang=en
Download and run a health scan.
Let us know warnings and errors
from your SBS server
go to command prompt
start > run > Cmd
type
dcdiag /v /e /TEST:DNS > c:\dcdiag1.txt
upload dcdiag1.txt here
---
Also check the event logs
Under application
Check any errors from MsExchange IS / MTA etc.
start > run > eventvwr
Please upload errors here.
go to command prompt
start > run > Cmd
type
dcdiag /v /e /TEST:DNS > c:\dcdiag1.txt
upload dcdiag1.txt here
---
Also check the event logs
Under application
Check any errors from MsExchange IS / MTA etc.
start > run > eventvwr
Please upload errors here.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
boed
I suspect there is something else going on there too..most likely related to transport
Rimfire
Go to services.msc
Verify all Microsoft Exchange Services are running
(no replication if you are not using any..
Specifically
Info Store / system attendant / MTA etc.
Also check if Simple Mail Transfer Protocol service is running
I suspect there is something else going on there too..most likely related to transport
Rimfire
Go to services.msc
Verify all Microsoft Exchange Services are running
(no replication if you are not using any..
Specifically
Info Store / system attendant / MTA etc.
Also check if Simple Mail Transfer Protocol service is running
Is SMTP service down ?
a) I dont get a Exchange Header for mail.humberg.fi
b) go to dos prompt and type this
netstat -ab > c:\netstat.txt
Check for
192.168.0.1:25 >
Where 192.168.0.1 = IP address of your SBS server.
See if you can find that.
If you cant - we have a problem.
Please check my prior posts too.
thanks
a) I dont get a Exchange Header for mail.humberg.fi
b) go to dos prompt and type this
netstat -ab > c:\netstat.txt
Check for
192.168.0.1:25 >
Where 192.168.0.1 = IP address of your SBS server.
See if you can find that.
If you cant - we have a problem.
Please check my prior posts too.
thanks
ASKER
Hi
1. I won't be on the Site before Sunday or Monday (no VPN or ILO).
2. I can send and receive via RPC over HTTPS.
3. The secmx1.nebula.fi is the ISPs secondary MX wisch holds mails on queue if my server is down. There might be some filtering too, I'm not sure.
4. I won't close this case now since I'm a little worry.
5. I will do these tests surely on post results here.
6. The smtp banner, If I remember correctly I had this problem before in some other server. Really want to reunderstand since in some of my servers were might be problems with this
7. I have not installed this so far: http://support.microsoft.com/kb/950757
Thanks you very much.
Juha
1. I won't be on the Site before Sunday or Monday (no VPN or ILO).
2. I can send and receive via RPC over HTTPS.
3. The secmx1.nebula.fi is the ISPs secondary MX wisch holds mails on queue if my server is down. There might be some filtering too, I'm not sure.
4. I won't close this case now since I'm a little worry.
5. I will do these tests surely on post results here.
6. The smtp banner, If I remember correctly I had this problem before in some other server. Really want to reunderstand since in some of my servers were might be problems with this
7. I have not installed this so far: http://support.microsoft.com/kb/950757
Thanks you very much.
Juha
Juha
You are saying that your mailflow is working.
Please test again using ExRCA
inbound email.
www.testexchangeconnectivity.com/
You are saying that your mailflow is working.
Please test again using ExRCA
inbound email.
www.testexchangeconnectivity.com/
ASKER
Hi
At www.testexchangeconnectivity.com/ The Inbound smtp email test fails. I'm little worried about the situation. Also https://mail.publicdomain.fi/exchange does not work Internally fails internally. Something to do with DNS perhaps. I have done nothing for the DNS server, should I?
I start other tests guided above next.
BTW. The small company who previoisly provided us emails hotel told me that they are not too sure how to configure dns.
Rgs,
Juha
At www.testexchangeconnectivity.com/ The Inbound smtp email test fails. I'm little worried about the situation. Also https://mail.publicdomain.fi/exchange does not work Internally fails internally. Something to do with DNS perhaps. I have done nothing for the DNS server, should I?
I start other tests guided above next.
BTW. The small company who previoisly provided us emails hotel told me that they are not too sure how to configure dns.
Rgs,
Juha
ASKER
Sunny7
"netstat -ab > c:\netstat.txt
Check for
192.168.0.1:25 >
Where 192.168.0.1 = IP address of your SBS server."
Id did this check and there were no lines for protocol 25.
"netstat -ab > c:\netstat.txt
Check for
192.168.0.1:25 >
Where 192.168.0.1 = IP address of your SBS server."
Id did this check and there were no lines for protocol 25.
ASKER
Sunny
I have huge amount of error event id 3018 Source MXExchange Transport (NDR) which asks me to check DNS using nslookup.
The dcdiag is not regognized sw on this server.
Any ideas?
I have huge amount of error event id 3018 Source MXExchange Transport (NDR) which asks me to check DNS using nslookup.
The dcdiag is not regognized sw on this server.
Any ideas?
ASKER
Hi
This is what how mx records are set with mail hotel's DNS server:
HOST RECORD VALUE
-------------------------- ---------- ---------- ---
humberg.fi. NS ns2.servia.fi.
humberg.fi. NS ns1.servia.fi.
humberg.fi. A 84.234.78.xx
mail.humberg.fi. A 83.150.90.yy
webmail.humberg.fi. A 83.150.90.53
ftp.humberg.fi. CNAME humberg.fi.
lists.humberg.fi. CNAME humberg.fi.
www.humberg.fi. CNAME humberg.fi.
humberg.fi. MX (10) mail.humberg.fi.
humberg.fi. MX (20) secmx1.nebula.fi.
84.234.78.xx / 24 PTR humberg.fi.
This is what how mx records are set with mail hotel's DNS server:
HOST RECORD VALUE
--------------------------
humberg.fi. NS ns2.servia.fi.
humberg.fi. NS ns1.servia.fi.
humberg.fi. A 84.234.78.xx
mail.humberg.fi. A 83.150.90.yy
webmail.humberg.fi. A 83.150.90.53
ftp.humberg.fi. CNAME humberg.fi.
lists.humberg.fi. CNAME humberg.fi.
www.humberg.fi. CNAME humberg.fi.
humberg.fi. MX (10) mail.humberg.fi.
humberg.fi. MX (20) secmx1.nebula.fi.
84.234.78.xx / 24 PTR humberg.fi.
Juha
I ran some tests.
MX for humberg.fi = mail.humberg.fi
mail.humberg.fi > should point to your exchange server on a public IP
-- > this is setup already. Your Exchange server is running and listening on Port 25
tested on www.mxtoolbox.com
220 mail.humberg.fi Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 5 Jul 2010 15:36:46 +0300
May be an open relay.
0 seconds - Good on Connection time
0.640 seconds - Good on Transaction time
OK - 83.150.90.53 resolves to mail.humberg.fi
OK - Reverse DNS matches SMTP Banner
STEP-2
a) Download this tool and run it on SBS 2003
http://www.microsoft.com/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en
Run a health scan.
Post back errors and warnings here.
I ran some tests.
MX for humberg.fi = mail.humberg.fi
mail.humberg.fi > should point to your exchange server on a public IP
-- > this is setup already. Your Exchange server is running and listening on Port 25
tested on www.mxtoolbox.com
220 mail.humberg.fi Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 5 Jul 2010 15:36:46 +0300
May be an open relay.
0 seconds - Good on Connection time
0.640 seconds - Good on Transaction time
OK - 83.150.90.53 resolves to mail.humberg.fi
OK - Reverse DNS matches SMTP Banner
STEP-2
a) Download this tool and run it on SBS 2003
http://www.microsoft.com/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en
Run a health scan.
Post back errors and warnings here.
ASKER
Hi
Nice to hear from you Sunnyc7!
I'm currently installing updates to the server - it is not yet on the SP2 level. So it will take an hour or two untila I can reply.
Btw I changed ont the SMTP virtual server / Delivery / Advanced the fully Qualified domain name from: mydomain.fi to mail.mydomain.fi. Didn't notice any special impack.
Thanks,
Juha
Nice to hear from you Sunnyc7!
I'm currently installing updates to the server - it is not yet on the SP2 level. So it will take an hour or two untila I can reply.
Btw I changed ont the SMTP virtual server / Delivery / Advanced the fully Qualified domain name from: mydomain.fi to mail.mydomain.fi. Didn't notice any special impack.
Thanks,
Juha
thats fine. You should have that configured for rDNS tests to not fail
After you are done with updates - run the health scan for SBS 2003 BPA
After you are done with updates - run the health scan for SBS 2003 BPA
ASKER
Actually when I now test
SMTP virtual server / Delivery / Advanced the fully Qualified domain name: mail.mydomainname.fi I get the "Domain name is not valid" error. Should I change it back. Suppose when you just made a tests it were set up: mail.mydomainname.fi.
Rgs,
Juha
SMTP virtual server / Delivery / Advanced the fully Qualified domain name: mail.mydomainname.fi I get the "Domain name is not valid" error. Should I change it back. Suppose when you just made a tests it were set up: mail.mydomainname.fi.
Rgs,
Juha
Did you click on check DNS next to it @@
that should be set to mail.humberg.fi > that's correct.
Dont change it.
that should be set to mail.humberg.fi > that's correct.
Dont change it.
What happens when you do this
go to command prompt
start > run > Cmd
type
dcdiag /v /e /TEST:DNS > c:\dcdiag1.txt
then type
dcdiag1.txt
Save DcDiag1.txt on desktop
then
upload dcdiag1.txt here
go to command prompt
start > run > Cmd
type
dcdiag /v /e /TEST:DNS > c:\dcdiag1.txt
then type
dcdiag1.txt
Save DcDiag1.txt on desktop
then
upload dcdiag1.txt here
ASKER
Hi
I don't have dcdiag program. But, I got a huge amount of these which indicates I believe that this server is Open Relay:
Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3030
Date: 5.7.2010
Time: 18:47:13
User: N/A
Computer: SERVER
Description:
A non-delivery report with a status code of 5.2.0 was generated for recipient rfc822;richardsneider@inte runitygrou p.com (Message-ID <a28641276eccc668268587c12 b806805@lo calhost.lo caldomain> ).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
*********************
Those addresses are unfamiliar to this organication, IIK.
Juha
I don't have dcdiag program. But, I got a huge amount of these which indicates I believe that this server is Open Relay:
Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3030
Date: 5.7.2010
Time: 18:47:13
User: N/A
Computer: SERVER
Description:
A non-delivery report with a status code of 5.2.0 was generated for recipient rfc822;richardsneider@inte
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
*********************
Those addresses are unfamiliar to this organication, IIK.
Juha
Dcdiag is there on every computer which is a domain controller
Go to dos prompt
Click start then run
Then type
Command
You can check al switches by typing
Dcdiag /?
Go to dos prompt
Click start then run
Then type
Command
You can check al switches by typing
Dcdiag /?
ASKER
C:\Users\juha rimmi.TUKIKOMPPANIA>dcdiag /?
'dcdiag' is not recognized as an internal or external command,
operable program or batch file.
'dcdiag' is not recognized as an internal or external command,
operable program or batch file.
Juha
Please confirm that you are getting that error when you run that command from sbs 2003 command prompt and not from your workstation ?
Please confirm that you are getting that error when you run that command from sbs 2003 command prompt and not from your workstation ?
ASKER
Yes, this happens from server.
I'm installing .NET ServicePack and it takes a long time (doesen't want to cancel it). After that I pressume that I can instal Support Tools where I should find the program.
Also I'm updating the server so I can run: http://www.microsoft.com/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en
I don't understand what you mean by this: "Did you click on check DNS next to it @@"
Rgs, Juha
I'm installing .NET ServicePack and it takes a long time (doesen't want to cancel it). After that I pressume that I can instal Support Tools where I should find the program.
Also I'm updating the server so I can run: http://www.microsoft.com/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en
I don't understand what you mean by this: "Did you click on check DNS next to it @@"
Rgs, Juha
SMTP virtual server / Delivery / Advanced the fully Qualified domain name: mail.mydomainname.fi I get the "Domain name is not valid" error. Should I change it back
>> Over there on smtp virtual server when you change the fqdn
Do you see test dns. Click that and see if it resolves
Will wait for the updates report
>> Over there on smtp virtual server when you change the fqdn
Do you see test dns. Click that and see if it resolves
Will wait for the updates report
ASKER
Ok
Here is dcdiag results:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine humhp, is a DC.
* Connecting to directory service on server humhp.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\HU MHP
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... HUMHP passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\HU MHP
Test omitted by user request: Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: Advertising
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: RidManager
Test omitted by user request: MachineAccount
Test omitted by user request: Services
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: ObjectsReplicated
Test omitted by user request: frssysvol
Test omitted by user request: frsevent
Test omitted by user request: kccevent
Test omitted by user request: systemlog
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : DomainDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Schema
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Configuration
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Humberg
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running enterprise tests on : Humberg.local
Test omitted by user request: Intersite
Test omitted by user request: FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: humhp.Humberg.local
Domain: Humberg.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003 for Small Business Server (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] HP NC373i Multifunction Gigabit Server Adapter:
MAC address is 00:1F:29:08:B6:12
IP address is static
IP address: 192.168.200.10
DNS servers:
192.168.200.10 (humhp.humberg.local.) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found (primary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
217.30.180.230 (<name unavailable>) [Valid]
217.30.182.230 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: Humberg.local.
Delegated domain name: _msdcs.Humberg.local.
DNS server: humhp.humberg.local. IP:192.168.200.10 [Valid]
TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone Humberg.local.
Test record _dcdiag_test_record added successfully in zone Humberg.local.
Test record _dcdiag_test_record deleted successfully in zone Humberg.local.
TEST: Records registration (RReg)
Network Adapter [00000001] HP NC373i Multifunction Gigabit Server Adapter:
Matching A record found at DNS server 192.168.200.10:
humhp.Humberg.local
Matching CNAME record found at DNS server 192.168.200.10:
875fb63a-599b-4006-b674-fd d9f569961a ._msdcs.Hu mberg.loca l
Matching DC SRV record found at DNS server 192.168.200.10:
_ldap._tcp.dc._msdcs.Humbe rg.local
Matching GC SRV record found at DNS server 192.168.200.10:
_ldap._tcp.gc._msdcs.Humbe rg.local
Matching PDC SRV record found at DNS server 192.168.200.10:
_ldap._tcp.pdc._msdcs.Humb erg.local
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 192.168.200.10 (humhp.humberg.local.)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
Delegation to the domain _msdcs.Humberg.local. is operational
DNS server: 217.30.180.230 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
DNS server: 217.30.182.230 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ ________
Domain: Humberg.local
humhp PASS PASS PASS PASS PASS PASS n/a
......................... Humberg.local passed test DNS
Here is dcdiag results:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine humhp, is a DC.
* Connecting to directory service on server humhp.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\HU
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... HUMHP passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\HU
Test omitted by user request: Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: Advertising
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: RidManager
Test omitted by user request: MachineAccount
Test omitted by user request: Services
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: ObjectsReplicated
Test omitted by user request: frssysvol
Test omitted by user request: frsevent
Test omitted by user request: kccevent
Test omitted by user request: systemlog
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : DomainDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Schema
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Configuration
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Humberg
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running enterprise tests on : Humberg.local
Test omitted by user request: Intersite
Test omitted by user request: FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: humhp.Humberg.local
Domain: Humberg.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003 for Small Business Server (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] HP NC373i Multifunction Gigabit Server Adapter:
MAC address is 00:1F:29:08:B6:12
IP address is static
IP address: 192.168.200.10
DNS servers:
192.168.200.10 (humhp.humberg.local.) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found (primary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
217.30.180.230 (<name unavailable>) [Valid]
217.30.182.230 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: Humberg.local.
Delegated domain name: _msdcs.Humberg.local.
DNS server: humhp.humberg.local. IP:192.168.200.10 [Valid]
TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone Humberg.local.
Test record _dcdiag_test_record added successfully in zone Humberg.local.
Test record _dcdiag_test_record deleted successfully in zone Humberg.local.
TEST: Records registration (RReg)
Network Adapter [00000001] HP NC373i Multifunction Gigabit Server Adapter:
Matching A record found at DNS server 192.168.200.10:
humhp.Humberg.local
Matching CNAME record found at DNS server 192.168.200.10:
875fb63a-599b-4006-b674-fd
Matching DC SRV record found at DNS server 192.168.200.10:
_ldap._tcp.dc._msdcs.Humbe
Matching GC SRV record found at DNS server 192.168.200.10:
_ldap._tcp.gc._msdcs.Humbe
Matching PDC SRV record found at DNS server 192.168.200.10:
_ldap._tcp.pdc._msdcs.Humb
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 192.168.200.10 (humhp.humberg.local.)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
Delegation to the domain _msdcs.Humberg.local. is operational
DNS server: 217.30.180.230 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
DNS server: 217.30.182.230 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: Humberg.local
humhp PASS PASS PASS PASS PASS PASS n/a
......................... Humberg.local passed test DNS
Ok your dns is ok. Dcdiag passed all tests
ASKER
HI
Here is BPA results. I'm currently downloading Exchange SP2 and will install it when the download is complite.
****************
The functional level of your Exchange Server 2003 organization is: Mixed Mode (can support pre-Exchange 2000 servers). This must be changed to native mode before attempting to migrate to Windows Small Business Server 2008
***************
The Default instance should use the latest available service pack for Microsoft SQL Server 2005
****************
This server is running Microsoft Exchange Server 2003 with Service Pack 1 and SP2 is available
**************
You should install the Update for Exchange 2003 (KB911829). Doing so will ensure that your Outlook Web Access installation is compatible with Windows Vista.
*****************
You should configure Reverse Lookup Zone: 200.168.192.in-addr.arpa to allow only secure dynamic updates
***************
SQLAgent$SBSMONITORING service should be set to automatic and started
***************
You should install the appropriate Time Zone Update on the server. For more information, see the Knowledge Base article "August 2008 .........
**************
This server is running Windows SBS 2003 Service Pack 1 and Microsoft Exchange Server 2003 Service Pack 1. Exchange Server 2003 SP2 is available.
*******************
To configure Windows SBS Monitoring go to Start/Server Management/To Do List/Configure Monitoring
So,I start Installing Exchange SP2 now.
rgs,
Juha
Here is BPA results. I'm currently downloading Exchange SP2 and will install it when the download is complite.
****************
The functional level of your Exchange Server 2003 organization is: Mixed Mode (can support pre-Exchange 2000 servers). This must be changed to native mode before attempting to migrate to Windows Small Business Server 2008
***************
The Default instance should use the latest available service pack for Microsoft SQL Server 2005
****************
This server is running Microsoft Exchange Server 2003 with Service Pack 1 and SP2 is available
**************
You should install the Update for Exchange 2003 (KB911829). Doing so will ensure that your Outlook Web Access installation is compatible with Windows Vista.
*****************
You should configure Reverse Lookup Zone: 200.168.192.in-addr.arpa to allow only secure dynamic updates
***************
SQLAgent$SBSMONITORING service should be set to automatic and started
***************
You should install the appropriate Time Zone Update on the server. For more information, see the Knowledge Base article "August 2008 .........
**************
This server is running Windows SBS 2003 Service Pack 1 and Microsoft Exchange Server 2003 Service Pack 1. Exchange Server 2003 SP2 is available.
*******************
To configure Windows SBS Monitoring go to Start/Server Management/To Do List/Configure Monitoring
So,I start Installing Exchange SP2 now.
rgs,
Juha
Don't install sp2 exchange
There are some changes which you need to make otherwise your exchange will stop working
There are some changes which you need to make otherwise your exchange will stop working
Google search for
Install exchange 200r sp2 on sbs 2003
I am outside and don't have access to a computer so can't send you the link
Check the first result from microsoft support
Install exchange 200r sp2 on sbs 2003
I am outside and don't have access to a computer so can't send you the link
Check the first result from microsoft support
ASKER
Hi Sunny
I stopped the Exchange SP2 installation (only extracted) and Found an article involved Intelligent Message Filtering. It is just that I can't see intelligetn filter under Message Delivery. Also I don't have a MSCFV2 -folder to rename as guided in kb/935916.
Coudn't it be so that I can carry on ninstalling Exch SP2?
Rgs,
Juha
I stopped the Exchange SP2 installation (only extracted) and Found an article involved Intelligent Message Filtering. It is just that I can't see intelligetn filter under Message Delivery. Also I don't have a MSCFV2 -folder to rename as guided in kb/935916.
Coudn't it be so that I can carry on ninstalling Exch SP2?
Rgs,
Juha
Juha
Lets skip exchange SP2 installation and focus on getting the mail flow working for SBS 2003
Your dcdiag's passed.
Lets test ExRCA
http://www.testexchangeconnectivity.com/
If OWa still fails we will reset OWA to default virtual directories.
please confirm that you are not running any ASP or ASP.Net applications through IIS.
Also please confirm that you are not using Sharepoint Services.
thanks
Lets skip exchange SP2 installation and focus on getting the mail flow working for SBS 2003
Your dcdiag's passed.
Lets test ExRCA
http://www.testexchangeconnectivity.com/
If OWa still fails we will reset OWA to default virtual directories.
please confirm that you are not running any ASP or ASP.Net applications through IIS.
Also please confirm that you are not using Sharepoint Services.
thanks
ASKER
Ok Sunny
ExRCA inbound fails and also I can't currently access mails externally via https://mail.mydomain.fi/exchgange
This is ExRCA result:
Testing Inbound SMTP Mail flow for domain testi2@humberg.fi
Failed to test inbound SMTP mail flow.
Test Steps
Attempting to retrieve DNS MX records for domain humberg.fi
One or more MX records were successfully retrieved from DNS.
Additional Details
MX Records Host mail.humberg.fi, Preference 10
, Host secmx1.nebula.fi, Preference 20
Testing Mail Exchanger mail.humberg.fi.
One or more SMTP tests failed for this Mail Exchanger.
Test Steps
Attempting to resolve the host name mail.humberg.fi in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 83.150.90.53
Testing TCP Port 25 on host mail.humberg.fi to ensure it is listening and open.
The port was opened successfully.
Additional Details
Banner Received: 220 humberg.fi Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 5 Jul 2010 22:17:44 +0300
Attempting to send test email message to testi2@humberg.fi using MX mail.humberg.fi.
Delivery of the test message failed.
Additional Details
Server returned status code 452 - Insufficient system storage. The server response was: 4.3.1 Out of memory
Exception details:
Message: Insufficient system storage. The server response was: 4.3.1 Out of memory
Type: System.Net.Mail.SmtpExcept ion
Stack trace:
at System.Net.Mail.MailComman d.CheckRes ponse(Smtp StatusCode statusCode, String response)
at System.Net.Mail.SmtpTransp ort.SendMa il(MailAdd ress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientExcepti on& exception)
at System.Net.Mail.SmtpClient .Send(Mail Message message)
at Microsoft.Exchange.Tools.E xRca.Tests .SmtpMessa geTest.Per formTestRe ally()
************************** *
Also I still has hundreds of these:
Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3008
Date: 5.7.2010
Time: 22:19:56
User: N/A
Computer: HUMHP
Description:
A non-delivery report with a status code of 5.0.0 was generated for recipient rfc822;amigo_sony@amigodog .com.tw (Message-ID <59451947f9620901a730e5a9e 9ea67dc@lo calhost.lo caldomain> ).
Cause: This indicates a permanent failure. Possible causes : 1)No route is defined for a given address space. For example, an SMTP connector is configured, but this recipient address does not match the address spaces for which it routes mail. 2)Domain Name Server (DNS) returned an authoritative host not found for the domain. 3)The routing group does not have a connector defined û mail from one server in the routing group has no way to get to another routing group.
Solution: Verify that this error is not caused by a DNS lookup problem, and then check the address spaces configured on your STMP connectors. If you are delivering Internet mail through an SMTP connector, consider adding an address space of type SMTP with value ô*ö (an asterisk) to one of the SMTP connectors to make routing possible. Verify all routing groups are connected to each other through a routing group connector or another connector.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Rgs, Juha
ExRCA inbound fails and also I can't currently access mails externally via https://mail.mydomain.fi/exchgange
This is ExRCA result:
Testing Inbound SMTP Mail flow for domain testi2@humberg.fi
Failed to test inbound SMTP mail flow.
Test Steps
Attempting to retrieve DNS MX records for domain humberg.fi
One or more MX records were successfully retrieved from DNS.
Additional Details
MX Records Host mail.humberg.fi, Preference 10
, Host secmx1.nebula.fi, Preference 20
Testing Mail Exchanger mail.humberg.fi.
One or more SMTP tests failed for this Mail Exchanger.
Test Steps
Attempting to resolve the host name mail.humberg.fi in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 83.150.90.53
Testing TCP Port 25 on host mail.humberg.fi to ensure it is listening and open.
The port was opened successfully.
Additional Details
Banner Received: 220 humberg.fi Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 5 Jul 2010 22:17:44 +0300
Attempting to send test email message to testi2@humberg.fi using MX mail.humberg.fi.
Delivery of the test message failed.
Additional Details
Server returned status code 452 - Insufficient system storage. The server response was: 4.3.1 Out of memory
Exception details:
Message: Insufficient system storage. The server response was: 4.3.1 Out of memory
Type: System.Net.Mail.SmtpExcept
Stack trace:
at System.Net.Mail.MailComman
at System.Net.Mail.SmtpTransp
at System.Net.Mail.SmtpClient
at Microsoft.Exchange.Tools.E
**************************
Also I still has hundreds of these:
Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3008
Date: 5.7.2010
Time: 22:19:56
User: N/A
Computer: HUMHP
Description:
A non-delivery report with a status code of 5.0.0 was generated for recipient rfc822;amigo_sony@amigodog
Cause: This indicates a permanent failure. Possible causes : 1)No route is defined for a given address space. For example, an SMTP connector is configured, but this recipient address does not match the address spaces for which it routes mail. 2)Domain Name Server (DNS) returned an authoritative host not found for the domain. 3)The routing group does not have a connector defined û mail from one server in the routing group has no way to get to another routing group.
Solution: Verify that this error is not caused by a DNS lookup problem, and then check the address spaces configured on your STMP connectors. If you are delivering Internet mail through an SMTP connector, consider adding an address space of type SMTP with value ô*ö (an asterisk) to one of the SMTP connectors to make routing possible. Verify all routing groups are connected to each other through a routing group connector or another connector.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Rgs, Juha
ASKER
Forgot
We don't use SharePoint and suppose not any asp solutions. There is a SQL server used for 3rd Party accountting SW.
Rgs, Juha
We don't use SharePoint and suppose not any asp solutions. There is a SQL server used for 3rd Party accountting SW.
Rgs, Juha
ASKER
Additionally
The inbound smtp test says that:
Server returned status code 452 - Insufficient system storage. The server response was: 4.3.1 Out of memory
I do have 1,7 GB free memory right now.
One External USB disk is full. I just made 10 GB space available in there but seems that it didn't fix the problem.
Rgs,
Juha
Juha
The inbound smtp test says that:
Server returned status code 452 - Insufficient system storage. The server response was: 4.3.1 Out of memory
I do have 1,7 GB free memory right now.
One External USB disk is full. I just made 10 GB space available in there but seems that it didn't fix the problem.
Rgs,
Juha
Juha
ASKER
Hi
I'm preparing to do this procedure: http://support.microsoft.com/kb/883380
How to reset the default virtual directories that are required to provide Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services in Exchange Server 2003
Method 2: Use Adsutil.vbs
Back up your IIS Metabase. To do this, follow these steps:
Start IIS Manager.
Right-click Default Web Site, point to All Tasks, and then click Save Configuration to a File.
Delete the virtual directories for Outlook Web Access. To do this, right-click Exadmin in the left pane of IIS Manager, and then click Delete. Click Yes when you are prompted with the question of whether you want to delete this item.
Repeat this step for the following virtual directories:
Exchange
ExchWeb
Microsoft-Server-ActiveSyn c
OMA
Public
Quit IIS Manager. .........
OK?
I'm preparing to do this procedure: http://support.microsoft.com/kb/883380
How to reset the default virtual directories that are required to provide Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services in Exchange Server 2003
Method 2: Use Adsutil.vbs
Back up your IIS Metabase. To do this, follow these steps:
Start IIS Manager.
Right-click Default Web Site, point to All Tasks, and then click Save Configuration to a File.
Delete the virtual directories for Outlook Web Access. To do this, right-click Exadmin in the left pane of IIS Manager, and then click Delete. Click Yes when you are prompted with the question of whether you want to delete this item.
Repeat this step for the following virtual directories:
Exchange
ExchWeb
Microsoft-Server-ActiveSyn
OMA
Public
Quit IIS Manager. .........
OK?
dont use adsutilvbs
I have a better one.
I have a better one.
Use Method-1 > IIS metabase explorer.
Also about insufficient storage
a) Let me know the amount of space left in all drives.
b) On what drive is Exchange installed on
c) Go to Exchange System Manager
Expand Administrative Groups
- first storage group
- expand servers
- right click on your exchange server name go to properties
you will find the location of your exchange EDB files and log Files
Check if you have sufficient space for Exchange + log files
Also about insufficient storage
a) Let me know the amount of space left in all drives.
b) On what drive is Exchange installed on
c) Go to Exchange System Manager
Expand Administrative Groups
- first storage group
- expand servers
- right click on your exchange server name go to properties
you will find the location of your exchange EDB files and log Files
Check if you have sufficient space for Exchange + log files
ASKER
Hi
I actually just finnished adsutil procedure which went through just like in the instructions. It Didn't change/fix anything. The SMTP inbound test fails. Note that OWA works externally and I can install the self signed certificate.
But, Internally I can't access another companys OWA too, doesn't that indicate that perhaps there is something in the firewall Policy Routes or DNS. The DNS comes from Win Server but DHCP comes from firewall.
Rgs,
Juha
I actually just finnished adsutil procedure which went through just like in the instructions. It Didn't change/fix anything. The SMTP inbound test fails. Note that OWA works externally and I can install the self signed certificate.
But, Internally I can't access another companys OWA too, doesn't that indicate that perhaps there is something in the firewall Policy Routes or DNS. The DNS comes from Win Server but DHCP comes from firewall.
Rgs,
Juha
ASKER
Hi
I just noticed that these errors are gone - no new one appeared for last 15 mins.
Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3008
Date: 5.7.2010
I need to drive home now and I'll be back after 40 mins.
I just noticed that these errors are gone - no new one appeared for last 15 mins.
Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3008
Date: 5.7.2010
I need to drive home now and I'll be back after 40 mins.
ASKER
Drice C: 24,6 GB of 68,3 GB free
Drive E: 95 GB of 136 GB free
Dirve F 10 GB of 465 GB free (External BU disk - earlier on today there were on 20 MB free space)
Exchange is installed on drive E:
E:\Program Files\Exchsrvr\MDBDATA\pri
E:\Program Files\Exchsrvr\MDBDATA\pri
Rgs, Juha
ASKER
Hi
I'm here if you have any ideas.
Rgs, Juha
I'm here if you have any ideas.
Rgs, Juha
Juha
I am really sorry i havent responded. I have guests over. Give me about 3-4 hrs.
Just came in here to leave a quick msg.
I am really sorry i havent responded. I have guests over. Give me about 3-4 hrs.
Just came in here to leave a quick msg.
ASKER
Ok thanks
Actually I had a little sleep. The clock is now 5 am here in Finland.
Juha
Actually I had a little sleep. The clock is now 5 am here in Finland.
Juha
I am back. Sorry I had guests over.
Lets focus on getting exchange to receive emails first.
I just noticed something you mentioned above ?
I actually just finnished adsutil procedure which went through just like in the instructions. It Didn't change/fix anything. The SMTP inbound test fails. Note that OWA works externally and I can install the self signed certificate.
>>
STEP-1
Check
All Exchange services are running
Start > run > type services.msc
Necessary for Exchange
Exchange - Info Store
Management
MTA Stacks
System Attendant
Routing engine
Event
Simple Mail Tranfer protocol
WWW Publishing
Optional ---
IMAP4
POP3
Site Replication
STEP-2 - > check if your Exchange is configured properly to receive emails.
Screenshot help -->http://www.petri.co.il/configure_exchange_2000_2003_to_receive_email_for_other_domains.htm
On your Exchange Server ESM
Go to Recipients
Recipient policy
Default Recipient policy
Right click properties
click on email-address policy
> SMTP -- what does it say ?
**** Which one is bold. Let me know that
------
How to set-up exchange to receive emails using Internet Mail Wizard.
http://www.msexchange.org/tutorials/Using_Exchange_2003_Mail_Wizard.html
------
But, Internally I can't access another companys OWA too, doesn't that indicate that perhaps there is something in the firewall Policy Routes or DNS. The DNS comes from Win Server but DHCP comes from firewall.
>> Are you saying that you have configured your exchange to receive emails from 2 domains ??
Let me know if you are up. It's 6:45 AM in Finland. - 11:40 PM in US. East coast.
Lets focus on getting exchange to receive emails first.
I just noticed something you mentioned above ?
I actually just finnished adsutil procedure which went through just like in the instructions. It Didn't change/fix anything. The SMTP inbound test fails. Note that OWA works externally and I can install the self signed certificate.
>>
STEP-1
Check
All Exchange services are running
Start > run > type services.msc
Necessary for Exchange
Exchange - Info Store
Management
MTA Stacks
System Attendant
Routing engine
Event
Simple Mail Tranfer protocol
WWW Publishing
Optional ---
IMAP4
POP3
Site Replication
STEP-2 - > check if your Exchange is configured properly to receive emails.
Screenshot help -->http://www.petri.co.il/configure_exchange_2000_2003_to_receive_email_for_other_domains.htm
On your Exchange Server ESM
Go to Recipients
Recipient policy
Default Recipient policy
Right click properties
click on email-address policy
> SMTP -- what does it say ?
**** Which one is bold. Let me know that
------
How to set-up exchange to receive emails using Internet Mail Wizard.
http://www.msexchange.org/tutorials/Using_Exchange_2003_Mail_Wizard.html
------
But, Internally I can't access another companys OWA too, doesn't that indicate that perhaps there is something in the firewall Policy Routes or DNS. The DNS comes from Win Server but DHCP comes from firewall.
>> Are you saying that you have configured your exchange to receive emails from 2 domains ??
Let me know if you are up. It's 6:45 AM in Finland. - 11:40 PM in US. East coast.
ASKER
Nice to hear from you again Sunny. Here are the results
STEP-1
Event: Startup type Manual / Stopped
POP/IMAP not involved
STEP-2
SMTP (in bold) @mypublicdomain.fi
SMTP (not in bold) @ublicdomain.local
Also x400 is in bold
"How to set-up exchange to ..."
I have run CEICW wizard allready (SBS Spesific). Do you really suggest I should run ESM Internet Mail Wizard? In CEICW I have created the certificate and published to the Internet OWA
AHA. I JUST CHECKED CEICW and OWA and OMA where not published to Internet. They have dissapeared from there during the process we have here. Perhaps the adsutil or updates I installed 1-2 hours ago have changed that.
">> Are you saying that you .."
No, my focus were to point that https/DNS works padly/Strangly internally. In other quite similiar enviroments I can access the customer Company's OWA or my companys OWA without problems.
Rgs,
Juha
Btw. I noticed somewhere in the event viewer something like this: After defragmentation the Public Store has 3GB available space. I'll try to track it down in case that it is meaningful.
OWA and OMA
STEP-1
Event: Startup type Manual / Stopped
POP/IMAP not involved
STEP-2
SMTP (in bold) @mypublicdomain.fi
SMTP (not in bold) @ublicdomain.local
Also x400 is in bold
"How to set-up exchange to ..."
I have run CEICW wizard allready (SBS Spesific). Do you really suggest I should run ESM Internet Mail Wizard? In CEICW I have created the certificate and published to the Internet OWA
AHA. I JUST CHECKED CEICW and OWA and OMA where not published to Internet. They have dissapeared from there during the process we have here. Perhaps the adsutil or updates I installed 1-2 hours ago have changed that.
">> Are you saying that you .."
No, my focus were to point that https/DNS works padly/Strangly internally. In other quite similiar enviroments I can access the customer Company's OWA or my companys OWA without problems.
Rgs,
Juha
Btw. I noticed somewhere in the event viewer something like this: After defragmentation the Public Store has 3GB available space. I'll try to track it down in case that it is meaningful.
OWA and OMA
ASKER
Sunny
The inbound SMTP test gives now diferent results. It seems that the mail flow problem is now FIXED!!!!! and the Open Relay is the only thing left. Here:
Testing Inbound SMTP Mail flow for domain testi2@humberg.fi
Failed to test inbound SMTP mail flow.
Test Steps
Attempting to retrieve DNS MX records for domain humberg.fi
One or more MX records were successfully retrieved from DNS.
Additional Details
MX Records Host mail.humberg.fi, Preference 10
, Host secmx1.nebula.fi, Preference 20
Testing Mail Exchanger mail.humberg.fi.
One or more SMTP tests failed for this Mail Exchanger.
Test Steps
Attempting to resolve the host name mail.humberg.fi in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 83.150.90.153
Testing TCP Port 25 on host mail.humberg.fi to ensure it is listening and open.
The port was opened successfully.
Additional Details
Banner Received: 220 humberg.fi Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Tue, 6 Jul 2010 07:43:28 +0300
Attempting to send test email message to testi2@humberg.fi using MX mail.humberg.fi.
The test message was delivered successfully.
Testing the MX mail.humberg.fi for open relay by trying to relay to user Admin@TestExchangeConnecti vity.com
The Open Relay test failed. See additional details.
Tell me more about this issue and how to resolve it
Additional Details
Open relay test message delivered successfully to Admin@TestExchangeConnecti vity.com
The inbound SMTP test gives now diferent results. It seems that the mail flow problem is now FIXED!!!!! and the Open Relay is the only thing left. Here:
Testing Inbound SMTP Mail flow for domain testi2@humberg.fi
Failed to test inbound SMTP mail flow.
Test Steps
Attempting to retrieve DNS MX records for domain humberg.fi
One or more MX records were successfully retrieved from DNS.
Additional Details
MX Records Host mail.humberg.fi, Preference 10
, Host secmx1.nebula.fi, Preference 20
Testing Mail Exchanger mail.humberg.fi.
One or more SMTP tests failed for this Mail Exchanger.
Test Steps
Attempting to resolve the host name mail.humberg.fi in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 83.150.90.153
Testing TCP Port 25 on host mail.humberg.fi to ensure it is listening and open.
The port was opened successfully.
Additional Details
Banner Received: 220 humberg.fi Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Tue, 6 Jul 2010 07:43:28 +0300
Attempting to send test email message to testi2@humberg.fi using MX mail.humberg.fi.
The test message was delivered successfully.
Testing the MX mail.humberg.fi for open relay by trying to relay to user Admin@TestExchangeConnecti
The Open Relay test failed. See additional details.
Tell me more about this issue and how to resolve it
Additional Details
Open relay test message delivered successfully to Admin@TestExchangeConnecti
ASKER
Sunny
I'm in process of deleting 150 000 spam mails in Queye.I think that the server were quite busy managing these.
https://www.experts-exchange.com/questions/26308658/Open-Relay-SPAM-Default-SMTP-Virtual-Server-Access.html?anchorAnswerId=33142932#a33142932
At least a NDR attack were involved.
Rgs,
Juha
I'm in process of deleting 150 000 spam mails in Queye.I think that the server were quite busy managing these.
https://www.experts-exchange.com/questions/26308658/Open-Relay-SPAM-Default-SMTP-Virtual-Server-Access.html?anchorAnswerId=33142932#a33142932
At least a NDR attack were involved.
Rgs,
Juha
Hi,
Check this article:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2527-How-to-prevent-Spoofed-Emails-in-Exchange-2003.html
Hope this helps,
Shree
Check this article:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2527-How-to-prevent-Spoofed-Emails-in-Exchange-2003.html
Hope this helps,
Shree
ASKER
Hi
This case seem to be closed. I really took awile to solve all issues. I'll grant point laiter on and explain what has happened. I need to have some rest now.
Thank you all and specially Sunnyc7 for helping me.
Rgs,
Juha
This case seem to be closed. I really took awile to solve all issues. I'll grant point laiter on and explain what has happened. I need to have some rest now.
Thank you all and specially Sunnyc7 for helping me.
Rgs,
Juha
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi
I can close the case now. The attact came probably from Taiwan. Additionally what Sunny says above (which is the fact) the customer decided to use D-Fence service. Their servers filters the spam and in the HW FW I'll forward SMTP only from their IP addresses. ISP noticed the SPam situation and asked explanation. I admit the spam but in that time the spamming has stopped cause the server were fixed. I'll also let them know that we hired D-Fence to filter spam in the future. The ISP sayd OK but we will monitor the behavior of the internet taraffic of that Internet Connection awhile.
The domain is balcklisted at Barracuda and Tiopan. I'll try to contact them today. Now when the D-Fence filters spam the the test mxtoolbox blacklist says that the domain is Ok but I believe that I have to contakt them anyway.
Very special thanks to Sunny who helped me out from this nightmare! Without that direct help I don't know how I could guide out from the terrible situation.
Also great thanks to all you other. Exchange-Experts can save lives.
In the future I won't setup a Exchange as carelesly. The good thing that I learned in the hard way to take care immdiently the Open Relay situation! I also believe that I can now fix the SMTP Banner problem perhaps by my self.
Again thank you all for helping me solve the multiple problems i had. Have a Great Summer!
With Best Regards,
Juha
I can close the case now. The attact came probably from Taiwan. Additionally what Sunny says above (which is the fact) the customer decided to use D-Fence service. Their servers filters the spam and in the HW FW I'll forward SMTP only from their IP addresses. ISP noticed the SPam situation and asked explanation. I admit the spam but in that time the spamming has stopped cause the server were fixed. I'll also let them know that we hired D-Fence to filter spam in the future. The ISP sayd OK but we will monitor the behavior of the internet taraffic of that Internet Connection awhile.
The domain is balcklisted at Barracuda and Tiopan. I'll try to contact them today. Now when the D-Fence filters spam the the test mxtoolbox blacklist says that the domain is Ok but I believe that I have to contakt them anyway.
Very special thanks to Sunny who helped me out from this nightmare! Without that direct help I don't know how I could guide out from the terrible situation.
Also great thanks to all you other. Exchange-Experts can save lives.
In the future I won't setup a Exchange as carelesly. The good thing that I learned in the hard way to take care immdiently the Open Relay situation! I also believe that I can now fix the SMTP Banner problem perhaps by my self.
Again thank you all for helping me solve the multiple problems i had. Have a Great Summer!
With Best Regards,
Juha
ASKER
With honor I grade 400 to Sunny for excelent job and direct hands on work. Unfortunatelly I have only 100 points left to grade all other.
I grant 100 to Boyed since he sayd "disable openrelay on your server (RIGHT AWAY!)". I have to admit that I pretty much ignored that and started having weekend. I learned a lesson in the hard way.
I grant 100 to Boyed since he sayd "disable openrelay on your server (RIGHT AWAY!)". I have to admit that I pretty much ignored that and started having weekend. I learned a lesson in the hard way.