redmanjb
asked on
Front-end and Back-end E2k3 Servers Are Not Talking...
Hi all! Gonna start a new thread here. My previous thread (https://www.experts-exchange.com/questions/21027779/Just-added-Front-end-E2k3-what-now.html) had gotten very long, and we had tried several things (thx Sembee, mattisflones, and dstoker509!), but the problem still exists. I’ll rehash all that is going on here, and hope someone can help me out.
I've had a standalone E2k3 server set up for quite awhile (and it worked fine), and have just installed E2k3 as a front-end on another server (for security purposes). I changed my router to forward port 25 to the front-end server. Emails are not coming in, nor are they going out. I have run the Internet Mail Wizard on the front-end server, and set the front-end to both send and receive.
I am not using an SMTP connector, nor am I using a smarthost. I have both exchange servers, for the time being, within my firewall. From my back-end server, and from my front-end server, I am able to telnet to my ISP's SMTP server, no problem. I am able to ping each server from the other. I am able to telnet from my back-end to my front-end, but not from my front-end to my back-end, it said "could not open connection to host, on port 25: connect failed". From an entirely separate computer, I can telnet to my front-end, but not my back-end. Therefore, my only problems telnetting are from either the Front-end or another computer to the back end.
Under both servers, under Default SMTP Virtual Server-->Properties-->Acce
By the way, the front-end server is named “WS1”, back-end is “DOC”.
Under both servers, there are messages stuck in the queues. On the Back-end server, there is a queue for the front-end server (ws1.mydomain.com) that states “the connection was dropped by the remote host”. And under the “Internet Mail SMTP Connector” queue, there are 10 messages in the queue, it is also in a retry state, and says “the connection was dropped by the remote host”.
On the Front-end server, the only queue that has messages in it is the queue to the back-end (doc.mydomain.com), it is in a retry state, and says “the remote server did not respond to a connection attempt”. When I go to “Find Messages” for that queue, every one of the messages are from the sender “WS1-IS@mydomain.com”, and all the messages are 202 bytes in size, except for 1 which is 400 bytes in size (not sure of any relevance).
Is there anything else I can try to get the two to talk?
I've had a standalone E2k3 server set up for quite awhile (and it worked fine), and have just installed E2k3 as a front-end on another server (for security purposes). I changed my router to forward port 25 to the front-end server. Emails are not coming in, nor are they going out. I have run the Internet Mail Wizard on the front-end server, and set the front-end to both send and receive.
I am not using an SMTP connector, nor am I using a smarthost. I have both exchange servers, for the time being, within my firewall. From my back-end server, and from my front-end server, I am able to telnet to my ISP's SMTP server, no problem. I am able to ping each server from the other. I am able to telnet from my back-end to my front-end, but not from my front-end to my back-end, it said "could not open connection to host, on port 25: connect failed". From an entirely separate computer, I can telnet to my front-end, but not my back-end. Therefore, my only problems telnetting are from either the Front-end or another computer to the back end.
Under both servers, under Default SMTP Virtual Server-->Properties-->Acce
By the way, the front-end server is named “WS1”, back-end is “DOC”.
Under both servers, there are messages stuck in the queues. On the Back-end server, there is a queue for the front-end server (ws1.mydomain.com) that states “the connection was dropped by the remote host”. And under the “Internet Mail SMTP Connector” queue, there are 10 messages in the queue, it is also in a retry state, and says “the connection was dropped by the remote host”.
On the Front-end server, the only queue that has messages in it is the queue to the back-end (doc.mydomain.com), it is in a retry state, and says “the remote server did not respond to a connection attempt”. When I go to “Find Messages” for that queue, every one of the messages are from the sender “WS1-IS@mydomain.com”, and all the messages are 202 bytes in size, except for 1 which is 400 bytes in size (not sure of any relevance).
Is there anything else I can try to get the two to talk?
Trippy. I have no idea.
ASKER
Thx for looking though! :). I just had an idea of what the problem MAY be. My mx record is still pointing to my back-end server, should I change it to my front-end? What do you think?
Hi,
Going to mingle in this one to.... Yes, your MX records should point to your Front End. But as far as i can see from reading the thread, there is a connection problem between the fron end and back end. Normally, they need to be able to see eachother, if you can ping them, than that's ok. They also need to be in the same Exchange site (else they cannot see eachother). And last but not least, what's standing between the Front End and BAck End, some sort of firewall?? Is SMTP and HTTP allowed from the FE to the BE???
Going to mingle in this one to.... Yes, your MX records should point to your Front End. But as far as i can see from reading the thread, there is a connection problem between the fron end and back end. Normally, they need to be able to see eachother, if you can ping them, than that's ok. They also need to be in the same Exchange site (else they cannot see eachother). And last but not least, what's standing between the Front End and BAck End, some sort of firewall?? Is SMTP and HTTP allowed from the FE to the BE???
ASKER
Hi there, thx for replying. I changed my mx record to point to my front-end last night, and it's still not working. I thought I had just figured it out though, but I guess I didn't. You see, I had replaced the Network Admin that was working here previously, and I had just remembered that he had plugged in DOC (which was our standalone exchange server, and still is our web server), directly into the router (a 4-port Linksys) with all other computers going to the switch. And I figured that was the reason why I couldn't telnet on port 25 from one computer that's physically plugged into the switch, to one computer physically plugged into the router. So I plugged in DOC (the now back-end server) into the switch, even reset the router and switch, and rebooted both the front-end and back-end servers, and I still cannot telnet to the back-end on port 25. I double-checked my router, and it is set to forward port 25 traffic to my front-end. And the back-end server is still the web-server for the time being, and I can access our website from any other computer no problem, so HTTP is definitely allowed. Any other ideas? BTW, my domain name is "hdcinc.org". I had looked it up on "www.dnsreport.com", and I do have some issues, but I'm not sure if any of those issues could be causing the problems I'm having. What do you think?
ASKER
BTW, I can ping eachother no problem, and I know they're in the same site, as we only have one domain/one site. And looking at ESM on either the front-end or the back-end under First Administrative Group-->Servers, both servers are listed, and I can access all the details about both servers from either server, so they seem to see eachother fine. Oh and, I'm still fairly new to Exchange, but I'm learning! :)
Hi,
It should be possible from the FE to telnet on port 25 to the back-end server (and also port 80). If this isn't possible, then you have a problem with the router.
Also, try to do the HTTP with the ip address in stead of the DNS name, then you know if it is DNS related... Can you ping between the two servers using their domain name?? Is the name being resolved??
It should be possible from the FE to telnet on port 25 to the back-end server (and also port 80). If this isn't possible, then you have a problem with the router.
Also, try to do the HTTP with the ip address in stead of the DNS name, then you know if it is DNS related... Can you ping between the two servers using their domain name?? Is the name being resolved??
ASKER
I just did a "netstat -an" on the back-end server, and it listed tons of ports, but I didn't see port 25 listed. Does that mean the port is closed? If so, how do I open it? This is odd too though, tons of ports have a foreign address listed as "realmedia-a800.d40.net:0"
ASKER
Well, it could be the router, but before when the back-end was the standalone exchange server, the router was forwarding all port 25 traffic to that server, and there was no problem. I now have port 25 being forwarded to the front-end server. Also, I can pull up my webpage using either the DNS name, or the internal or external IP addresses. And I can ping between the two servers using either the FQDN or the IP address.
Hi,
Don't know why all those ports are listening. I do beleive, if you connect to the internet, a new port is opened for every connection. And yes, port 25 should be listening on the server. Normally if you install the Exchange server, than 25 is opened automatically. Did you install some sort of firewall or ip packet filtering on the server??? (try looking at the NIC's TCP/IP properties..
Don't know why all those ports are listening. I do beleive, if you connect to the internet, a new port is opened for every connection. And yes, port 25 should be listening on the server. Normally if you install the Exchange server, than 25 is opened automatically. Did you install some sort of firewall or ip packet filtering on the server??? (try looking at the NIC's TCP/IP properties..
So it isn't DNS..
ASKER
I looked at the nic's TCP/IP properties, under TCP/IP Filtering, and filtering is enabled, and all TCP, UDP, and IP Protocols are set to "Permit All". I have not installed any firewall either on the server.
ASKER
I guess port 25 is not open on my back-end, how do I open it? I think that that is the source of all my problems. Please help someone, my boss is getting really inpatient....thank you much!
Port 25 is always "open" unless you have a firewall or ip filtering. The problem is, nothing is listening on the port. It sounds like SMTP is not running. Check the event viewer for smtp service issues and/or IIS issues. Also check Add/Remove Programs >> Windows Components >> IIS >> SMTP Service and make sure it's checked. If it is, try reinstalling it by unchecking >> apply, rechecking >> apply.
Check smtp in the Exchange System Manager. Administrative Groups >> First Administrative Group >> Routing Groups >> First Routing Group >> Connectors >> Internet Mail SMTP Connector. Make sure Local Bridgehead is using BE >> Default SMTP Virt. Server.
Check smtp in the Exchange System Manager. Administrative Groups >> First Administrative Group >> Routing Groups >> First Routing Group >> Connectors >> Internet Mail SMTP Connector. Make sure Local Bridgehead is using BE >> Default SMTP Virt. Server.
ASKER
In the event viewer, there were only the event id: 101 messages (unable to add the virtual root '/ExchDAV"...), which on microsoft's website, it says it's really no big deal.
I check out the SMTP service, it was installed, but I removed it and reinstalled
I checked out the Internet Mail SMTP Connector, and it says Local Bridgehead is using the Front-end server>>Default SMTP Virt. Server. Should it actually be the Back-end?
I check out the SMTP service, it was installed, but I removed it and reinstalled
I checked out the Internet Mail SMTP Connector, and it says Local Bridgehead is using the Front-end server>>Default SMTP Virt. Server. Should it actually be the Back-end?
On my configuration the local bridgehead is setup as the BE server. That sounds like your problem. I imagine that the bridgehead setting is telling your BE server that it shouldn't bother with SMTP, as the FE will handle it. Try changing it to the BE and see what happens.
ASKER
I just installed e2k3 sp1 on the front-end, then on the back-end. I did a "netstat -a" and I now see port 25 is in a LISTENING state, which I was not seeing before (smtp was not listed at all before). I just tried to telnet to port 25 from my FE to my BE, and it worked!!! I wasn't able to do that before either. So I'm getting there! :).
I changed the local bridgehead to the BE server. I sent an email from my hotmail acct to my work email, and I got this reply:
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
I was getting this before I changed the bridgehead and installed sp1. I tried to send an email out from my work email to my hotmail acct, and the message is just sitting in my outbox. I checked the SMTP queues on both the FE and BE, and they look fine (no messages). So we're definitely getting there, but now I don't really have any clues as to what to check next. Do changes that you make in exchange in a FE/BE configuration take place immediately or do they take a little time? Maybe a reboot of both will help?
I changed the local bridgehead to the BE server. I sent an email from my hotmail acct to my work email, and I got this reply:
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
I was getting this before I changed the bridgehead and installed sp1. I tried to send an email out from my work email to my hotmail acct, and the message is just sitting in my outbox. I checked the SMTP queues on both the FE and BE, and they look fine (no messages). So we're definitely getting there, but now I don't really have any clues as to what to check next. Do changes that you make in exchange in a FE/BE configuration take place immediately or do they take a little time? Maybe a reboot of both will help?
How is your SMTP connector setup? Is it set to use active directory dns, or outside dns? Is your dns server (dc) set with forwarders to your isps dns?
Check this link out... it's a walkthrough for setting up a FE server/OWA, but it could apply to your situation...
http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html
http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html
ASKER
well, if you mean under the Default SMTP Virtual Server Properties-->Advanced-->I do not have any external dns servers configured, so it's using AD DNS right? I do not have any forwarders configured to my ISP. All of the clients here have static IPs, with the first dns server listed our internal one, and as an alternate I put in the ISP's dns. Should I put in a forwarder to my ISP? But ya know, this wasn't an issue when I had the standalone configuration, could it be now?
ASKER
Thx for the link! However, I'm not quite ready to put it in the perimeter. I have been, and am still able, to access my mailbox using OWA. If and when I get this working, I will be setting up an ISA box and put it in the DMZ, then set up forms-based authentication, RPC over HTTP, etc. That was the whole reason I decided to change my standalone configuration to a FE/BE...
Yeah you're right.. if it wasn't an issue before, it shouldn't be now... i'm just trying to check all avenues :)
You ran the Internet Mail Wizard on the FE, right? And told it to use AD DNS? It should work :(
The only thing I can think of now is that since the queues are empty, it's sending the mail...so perhaps the firewall is blocking from sending?
You ran the Internet Mail Wizard on the FE, right? And told it to use AD DNS? It should work :(
The only thing I can think of now is that since the queues are empty, it's sending the mail...so perhaps the firewall is blocking from sending?
Exactly, regarding ISA/RPC over HTTP... I'm doing the same thing here. I posted the link because according to it, everything should just work right out of the box, so it's odd that it doesn't...
Did you run netdiag and dcdiag on the FE server before installing exchange? If not, try it now. It still smells like a dns issue to me :(
Did you run netdiag and dcdiag on the FE server before installing exchange? If not, try it now. It still smells like a dns issue to me :(
ASKER
I did run the Internet Mail Wizard on the FE, and selected AD DNS. I just checked the queues on both servers, and there are no messages. What strikes me as odd though is that before there was a queue on the BE called “Internet Mail SMTP Connector”, but now there isn't. The only things I've really done between then and now is install SP1 on both servers, and change the local bridgehead from FE to BE.
I did run dcdiag (which didn't work because the FE is not a DC) and netdiag before on the FE server before I installed E2k3, and everything was fine. The only issues I had was that it failed the kerberos test (because we're not using it), skipped the WAN configuration test (no active remote connections), and skipped the ipsec test (we're not using ipsec, yet). I just ran it again, same thing, so it seems fine.
I did run dcdiag (which didn't work because the FE is not a DC) and netdiag before on the FE server before I installed E2k3, and everything was fine. The only issues I had was that it failed the kerberos test (because we're not using it), skipped the WAN configuration test (no active remote connections), and skipped the ipsec test (we're not using ipsec, yet). I just ran it again, same thing, so it seems fine.
I'm stumped. Have you tried to send an email to yourself via an external site, like hotmail? That could test the inbound... for outbound, I have no idea! Could be the firewall/router blocking outbound, but if you haven't changed anything since it was working before, it's highly unlikely. At some point, I think bringing down the FE server, returning your BE to it's original configuration and verifying that it works again, then bring the FE back up, remove it from the Exchange Sys Manager, kill the system and reinstall Windows/Exchange, try again. It's a big pain in the ass, but I have no clue at this point :(
ASKER
Yes, I've tried sending an email from hotmail to my work email, and it gave me a "Delivery Status Notification (Failure). Is there any way that I could move all the mailboxes from my BE to my FE, uncheck the "this is a front-end server" checkbox on my FE to make it standalone, then wiping out the BE, and doing a reinstall and making that computer the FE? That computer has been in service here for quite a long time, with win2000 on it, and wiping it out and setting up win2003, and making that one the FE server and setting it up right from the get-go may solve some problems.
If not, if the simplest way would be to bring down the FE, how exactly do I do that? BTW, thank you so much for your help techleet, you've been very patient :).
If not, if the simplest way would be to bring down the FE, how exactly do I do that? BTW, thank you so much for your help techleet, you've been very patient :).
ASKER
I don't mind reinstalling windows/exchange on the FE, that is all I have on the computer and I just set it up a couple days ago.
Before you reinstall... did you remove the mailbox store on the FE server? You should! This might even be your problem...
Yes, you could reinstall the BE, but it's a little tricky...
First, uncheck "Make this a front end server" on the FE. Reboot.
Next, move the mailboxes to the FE server. Do this at System Manager >> Administrative Groups >> Servers >> BE >> select all mailboxes >> Right-click, Exchange Tasks >> Move mailboxes >> move to FE.
Next set the FE as the master server. Do this at System Manager >> Administrative Groups, Right-Click servers, choose Set as Master (I believe... this is from memory)
From there, you could be able to remove the BE server and reinstall. However, I remember doing this before and it slowing down exchange, because for some reason it was still looking for the old server. You might want to google "removing master exchange 2003 server" or something. I would advise reinstalling the FE instead, but I'm not an exchange guru :)
Yes, you could reinstall the BE, but it's a little tricky...
First, uncheck "Make this a front end server" on the FE. Reboot.
Next, move the mailboxes to the FE server. Do this at System Manager >> Administrative Groups >> Servers >> BE >> select all mailboxes >> Right-click, Exchange Tasks >> Move mailboxes >> move to FE.
Next set the FE as the master server. Do this at System Manager >> Administrative Groups, Right-Click servers, choose Set as Master (I believe... this is from memory)
From there, you could be able to remove the BE server and reinstall. However, I remember doing this before and it slowing down exchange, because for some reason it was still looking for the old server. You might want to google "removing master exchange 2003 server" or something. I would advise reinstalling the FE instead, but I'm not an exchange guru :)
Before you reinstall... try more stuff:
open a command prompt, type "nslookup", then type "set type=mx", then type "hdcinc.org". It should spit out your FE's ip address. If not, go to your domain registrar's dns manager and set your mx record right! If you have both the FE and BE in your dns, make sure you set priority to 10 for FE and 100 for BE, or better yet, get rid of BE altogether.
Once you verify that outside dns is pointing to your FE, try telneting to port 25 on your FE from an outside line. You can do this using a modem and dialup account, or just take a wireless laptop to starbucks :)
If you can telnet in, you're cool. If not, you have problems with your firewall/router. TRIPLE CHECK your firewall/router settings. Make sure everything is correct!!
open a command prompt, type "nslookup", then type "set type=mx", then type "hdcinc.org". It should spit out your FE's ip address. If not, go to your domain registrar's dns manager and set your mx record right! If you have both the FE and BE in your dns, make sure you set priority to 10 for FE and 100 for BE, or better yet, get rid of BE altogether.
Once you verify that outside dns is pointing to your FE, try telneting to port 25 on your FE from an outside line. You can do this using a modem and dialup account, or just take a wireless laptop to starbucks :)
If you can telnet in, you're cool. If not, you have problems with your firewall/router. TRIPLE CHECK your firewall/router settings. Make sure everything is correct!!
By the way, it just so happens that I'm setting up the same configuration as you today, so if I run into any problems, i'll let you know... and i'll tell you my config. Could help!
ASKER
Man you're good! :). I waited for a reply for a little bit, then just decided to go for it! :) I unchecked the box on the FE, and rebooted. I'm currently moving all the mailboxes, in fact, in about 20 minutes or so it should be complete. I didn't know about the "master server" setting, very glad you pointed that out! Since the FE was a clean install anyways, and I really didn't do much to it, I just decided to try it as we're discussing now and to clean up the BE. The FE is actually a better (and brand new) computer anyways.
Now that the move mailbox process is going on, I had tried to connect to a user's mailbox through OWA that has already been moved. I got a "HTTP Error 404 - File or directory not found" page. Is that because I have to wait for all the mailboxes to move and to make the FE the master server? And will I have to reinstall OWA or is it installed by default? I can't remember right now, it's been too long since I set it up....
Thank you again techleet, you are extremely helpful! :)
Now that the move mailbox process is going on, I had tried to connect to a user's mailbox through OWA that has already been moved. I got a "HTTP Error 404 - File or directory not found" page. Is that because I have to wait for all the mailboxes to move and to make the FE the master server? And will I have to reinstall OWA or is it installed by default? I can't remember right now, it's been too long since I set it up....
Thank you again techleet, you are extremely helpful! :)
ASKER
I had changed the old mx record which was pointing to the standalone e2k3 server (which became the BE) to the front-end server, and I only have the 1 mx record. The router settings are correct, port 25 being forwarded to the FE. I can check telnetting to port 25 from outside, but not until late tonight.
Oh and, good luck to you on your setup! :)
Oh and, good luck to you on your setup! :)
Thanks - re: the thanks for help, and good luck on my setup :)
OWA is installed by default, and I don't believe you can disable it, except on a user-level basis.
Before you take down the BE server, READ THIS:
http://www.msexchange.org/tutorials/Exchange_Server_2003_Message_Flow.html
OWA is installed by default, and I don't believe you can disable it, except on a user-level basis.
Before you take down the BE server, READ THIS:
http://www.msexchange.org/tutorials/Exchange_Server_2003_Message_Flow.html
ASKER
Thx for the links! First article was great, but the second one kinda scared me. My BE is win2k, FE in win2k3, so I guess I wouldn't be able to use the disasterrecovery option. Also, I wasn't planning on keeping the same server name, is there any reason I should? As long as my mx record is updated, which it is, this shouldn't be a problem right?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Wonderful! Wonderful! Wonderful! That doc is just what I need! I'm still moving mailboxes (I keep telling my boss he needs to clean out his darn account!), then I'm going to go through step by step. I'm sure the problems I was having had to be related to a crappy BE, that's had tons of software installed/uninstalled, etc., by the admin I replaced. I'm sure things will work when I finish the changeout. I'm going to close this thread, and will open up another if things don't work out like they should.
Thank you so very much for your assistance today techleet! You've been great! :)
500 points awarded (sure wish I could award more :) )
Thank you so very much for your assistance today techleet! You've been great! :)
500 points awarded (sure wish I could award more :) )
Just found another great site... filled with a bunch of how-tos for exch2k3.
http://support.microsoft.com/common/canned.aspx?R=d&H=Exchange%20Server%202003%20How-to%20Guide&product=exch2003&LL=kbexchangeserv2003search&Sz=kbhowto%20or%20kbhowtomaster
Included in the above link is:
Telneting to test smtp: http://support.microsoft.com/default.aspx?scid=kb;en-us;153119&Product=exch2003
http://support.microsoft.com/common/canned.aspx?R=d&H=Exchange%20Server%202003%20How-to%20Guide&product=exch2003&LL=kbexchangeserv2003search&Sz=kbhowto%20or%20kbhowtomaster
Included in the above link is:
Telneting to test smtp: http://support.microsoft.com/default.aspx?scid=kb;en-us;153119&Product=exch2003
Thanks bud, No problem :)