Posted on 2004-04-20
Medium Priority
Last Modified: 2012-06-27
Hi all,

I've recently installed Exchange server 2003, and have the following message pop up in event viewer 5-6 times over the last day or so

event id 2012
SMTP could not connect to the DNS server 'xxx.xxx.xxx.xxx'. The protocol
used was 'UDP'. It may be down or inaccessible.

followed by event 2013

SMTP could not connect to any DNS server. Either none are configured, or all are down.

These event both relate to IIS 6.0, according to the more info button.

Now 'xxx.xxx.xxx.xxx' is the external DNS server for our ISP, and these settings are in place under default smtp virtual server.  All mail incoming & outcoming is fine, although some outgoing gets queued.

My question is what does this event message mean and how can I get rid of it ?  I've read somewhere that you have to change the meta data in IIS to use TCP, rather than UDP, as UPD can only handle certain number of packets.........If so how do I do this ?

Question by:stevendunne
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4

Author Comment

ID: 10916852
Does anyone have any ideas about this behaviour ?

Expert Comment

ID: 11022440
This won't help much, but we've got the same problem, only worse.  Ours can't find either of our internal DNS servers.  We actually get three messages:

(Warning 2012) SMTP could not connect to the DNS server ''. The protocol used was 'UDP'. It may be down or inaccessible.
(Warning 2012) SMTP could not connect to the DNS server ''. The protocol used was 'UDP'. It may be down or inaccessible.
(Error 2013) SMTP could not connect to any DNS server. Either none are configured, or all are down.

The ...200 server is especially worrisome, since it's on the same switch as the Exchange server, so there's definitely Layer 2 connectivity. Pings succeed, so there's no Layer 3 problem.   No errors or warnings appear in either DNS server's logs.  We can run for days with no problem, then these messages pop up, usually in groups of three, roughly once per hour.  Yesterday, for example, they popped up at:

3:30-4:21-4:21 (1st warning, 2nd, error)
5:47 (1st warning only)

and it's been quiet ever since.

I'll kick in another 500 points for the answer to this one, assuming there's a way to do that.

Author Comment

ID: 11029357
Yes, ok, it will be good to get to the bottom of this one.
Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.


Expert Comment

ID: 11045974
I think I understand what's going on here; hopefully some real expert can comment.  I turned on the network monitor trace, and traced all traffic between the Exchange server and the first DNS server (  I had to wait for a couple of days, but eventually a 2012 error popped up.  In the 3 or 4 minutes preceding the error, the Exchange server issued 3 "Std Qry" requests for a FQDN that the DNS server never replied to.  I don't know if the server was busy (not likely), it couldn't get a resolution, or what, but in any event it never replied to Exchange (for THAT query.  It was replying for other queries -- typically instantaneously -- all along.).  I think Exchange decided to give up at that point and declared that ...200 was "down or inaccessible."  It changed its mind 3 minutes later, though, and issued a query for the 2nd DNS server by FQDN (why, I don't know, since it knows the IP; maybe it was looking for it in another role, e.g., DC or GC) and got an immediate reply.  I wasn't logging traffic to both DNS servers at the time, so I don't know if the same query was then issued to the 2nd server, but I'm modifying my netmon filter to watch both servers and will let you know what happens.

Bottom line: I think this is a normal situation, where the DNS query goes unanswered for whatever reason.  Exchange, rather than issuing a warning along the lines of "Unable to resolve domain x.y.z.com" or whatever, says the DNS server is down, and most likely goes on to try another DNS server.  I'll bet that inspecting the delivery queue would show that the message for x.y.z.com was queued for a while.  

Stay tuned.

Expert Comment

ID: 11064157
I've pretty much confirmed my previous comment.  These messages should really say something along the lines of "No response received from DNS server a.b.c.d in X seconds, for a query for FQDN x.y.z." for each server queried, followed by something like "DNS unable to resolve FQDN x.y.z".  A more comprehensive trace shows Exchange trying the first DNS server, receiving no response, issuing the first 2012 Warning.  Then it tries the 2nd server, receives no response, and issues the 2nd 2012 Warning, followed by the 2013 Error.  The failed domains do appear in the server queue, so I imagine there's some retry interval that eventually expires and the process repeats until Exchange gives up and returns some kind of an undeliverable error to the sender.

I just don't have time to dig any deeper right now, so I'm going to call the basic problem solved.

Author Comment

ID: 11066474
Basically then these messages relate to mails that can't find the destination domain and time out ?  Then you'll see these messages sitting in the queue's........

Expert Comment

ID: 11066864
Right.  On my server, for every DNS lookup that fails in this way, there is a queue entry for the failed domain sourced from the virtual SMTP server. Section 4.5.4 of RFC 2821 (the SMTP RFC) describes retry strategies generally, and says "Retries continue until the message is transmitted or the sender gives up; the give-up time generally needs to be at least 4-5 days."  The RFC also requires that DNS be used to resolve the FQDN, and goes on at some length about what to do if the lookup succeeds, but doesn't explicitly say what to do if the lookup fails.

So, I'm happy as far as Exchange mail delivery goes.  However, I'm not happy that the DNS server doesn't give SOME response.  If I use nslookup on the DNS server to try to resolve one of the failed domains (e.g., "verison.net" -- give it a try on your system) I receive a "*** <servename> can't find verison.net: Server failed" message.  "Server failed" sounds pretty serious, but the DNS event logs show nothing, and it is in fact one of the three valid responses from a DNS server (Authoritative, Non-Authoritative (cached data) and Server failed).  I don't know why a "server failed" response wasn't sent to Exchange.

Time to post a question in the DNS area.

Accepted Solution

mfa073198 earned 1500 total points
ID: 11067174
Hold the presses.  "Server failed" responses ARE returned to Exchange.  However, others aren't -- I just looked in the queue, and there are 3 messages queued for the "icinaz.co.cu" domain.  I then did an nslookup on that domain and received:

C:\>nslookup icinaz.co.cu
Server:  <servername>

Name:    icinaz.co.cu


So even nslookup didn't give me much of a reply; I'm not sure what this means.  In most cases, the domains are for foreign countries, but I don't know if that's significant.

Author Comment

ID: 11350901
I've found that if I remove the ISP DNS servers from the settings in default SMTP server, this then removes these two events from the event viewer.  It seems using the internal DNS is good enough.  Although I still getting the warning event here and there but the critical events are not logged anymore.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question