Link to home
Start Free TrialLog in
Avatar of jmckg
jmckg

asked on

Win2K SMTPSVC event ID 4000 unable to deliver mail directly to the internet

OS: Win2k
SP: Sp4 and all patches
IIS: 5.0
SMTPSVC problem
NO Exchange running on this machine(this is sitting in the DMZ just as a relay server)

Most domain fail with event ID 4000 Unable to bind to destination server in DNS. Sometime they go through fine.  Event viewe is full of this message. If I relay it to our ISP it goes fine.  I need to have this box deliver messages directly without having to go through the smart host/ISP.

Definitely not open relay. Only one other server can relay through this in addtion to my machine, which I am using to test.

I have no DNS problem.  I am able to telnet to port 25 to yahoo's mail server just fine.  I am able to telnet to this server from my machine to port 25 and submit a message but, it goes into the queue but, doesn't get delivered.  If I stop and start smtp it may go through.  some e-mails that I submitted yesterday haven't left the queue yet.  I got this notice from the server..  It is still sitting in the queue.

This is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

       
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Start here

http://www.eventid.net/display.asp?eventid=4000&eventno=803&source=SMTPSVC&phase=1

I'll look around and see if I find anything else.

Thanks
Mike
Avatar of jmckg
jmckg

ASKER

Thanks Mike,
The binding order of the NICs article caught my attention.  The first one bound is for my smtp.  Has a valid public name in our zone file with our ISP.   So, that is not the problem. The rest do not apply to my case..
I just double checked the firewall rules, I am allowing any outbound connection from this server in the  DMZ.
I forgot to mention that I installed Metadata 2.0 yesterday as part of this trouble shooting.. I have run an etherreal trace.  I am yet to analyze it. I will post the solution if I find it.
Pls. help.
Avatar of jmckg

ASKER

I think I fixed the problem.  I am using PIX firewall.  I had quite a few permit statements and then a deny statement to deny any other traffic to the private network and then I had another permit after that allowing any IP traffic out to the internet.

This should work technically but, just in case I specifically added a permit before the deny to allow this server to allow SMTP traffic and it works fantastic.

Before
access-list acl-DMZ permit tcp host 10.100.20.3 host 10.4.20.33 eq smtp (to send e-mail to the private side)
access-list acl-DMZ deny ip 10.100.20.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list acl-DMZ permit ip 10.100.20.0 255.255.255.0 any (I thought this would cover sending e-mail to the public internet)

After:
access-list acl-DMZ permit tcp 10.100.20.3 255.255.255.255 any eq smtp
access-list acl-DMZ deny ip 10.100.20.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list acl-DMZ permit ip 10.100.20.0 255.255.255.0 any (this should have covered to send e-mail out to the internet but, it didn't)

Problem solved.
Thanks

Damn, kick ass troubleshooting, nice owrk man!!

Avatar of jmckg

ASKER

I spoke too soon.  The problem is still there.  It just cleared a couple of tests quickly without any events but, it started to do the same thing again.
Help...!!!
Avatar of jmckg

ASKER

Here is the perfect solution for this problem. At some point yesterday it did work and I broke it again.  Now, I think I have found a solution.

Under the network properties if you have mydomain.com for append DNS and DNS suffix for this connection then, it is looking for a DNS server (first one listed) to be one of the DNS server from mydomain.com.  For the second and third you can use your ISPs DNS servers.

If I change the order and move the internal DNS server all the way down and only use ISP's DNS server(as 1 and 2)it doesn't like it and comes back with event ID 4000 unable to bind to destination server in DNS.  



ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks SO much for this solution.  I toiled around quite a bit with checking DNS and using smtpdiag.  Everything would look fine but I would still get these dreaded 'Event ID 4000' errors balking about DNS issues.

I went under Network Properties for the adapter - and simply CLEARED the checkbox under 'Append PARENT suffixes of the primary DNS suffix - and low and behold, it WORKED again finally!

Another thing to note:  I did not have to add a local DNS server - I kept both my ISP's DNS servers in the DNS.  I think this would be more reliable if you have a case like ours where I DO NOT forward on root hints for anything the locals can't resolve (because I don't want local Terminal Server users browsing the internet - i.e. no DNS for them, no internet - cheap and easy solution).

Thanks guys - Kevin