[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now



Posted on 2004-04-20
Medium Priority
Last Modified: 2012-06-27
Hi all,

I've recently installed Exchange server 2003, and have the following message pop up in event viewer 5-6 times over the last day or so

event id 2012
SMTP could not connect to the DNS server 'xxx.xxx.xxx.xxx'. The protocol
used was 'UDP'. It may be down or inaccessible.

followed by event 2013

SMTP could not connect to any DNS server. Either none are configured, or all are down.

These event both relate to IIS 6.0, according to the more info button.

Now 'xxx.xxx.xxx.xxx' is the external DNS server for our ISP, and these settings are in place under default smtp virtual server.  All mail incoming & outcoming is fine, although some outgoing gets queued.

My question is what does this event message mean and how can I get rid of it ?  I've read somewhere that you have to change the meta data in IIS to use TCP, rather than UDP, as UPD can only handle certain number of packets.........If so how do I do this ?

Question by:stevendunne
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4

Author Comment

ID: 10916852
Does anyone have any ideas about this behaviour ?

Expert Comment

ID: 11022440
This won't help much, but we've got the same problem, only worse.  Ours can't find either of our internal DNS servers.  We actually get three messages:

(Warning 2012) SMTP could not connect to the DNS server ''. The protocol used was 'UDP'. It may be down or inaccessible.
(Warning 2012) SMTP could not connect to the DNS server ''. The protocol used was 'UDP'. It may be down or inaccessible.
(Error 2013) SMTP could not connect to any DNS server. Either none are configured, or all are down.

The ...200 server is especially worrisome, since it's on the same switch as the Exchange server, so there's definitely Layer 2 connectivity. Pings succeed, so there's no Layer 3 problem.   No errors or warnings appear in either DNS server's logs.  We can run for days with no problem, then these messages pop up, usually in groups of three, roughly once per hour.  Yesterday, for example, they popped up at:

3:30-4:21-4:21 (1st warning, 2nd, error)
5:47 (1st warning only)

and it's been quiet ever since.

I'll kick in another 500 points for the answer to this one, assuming there's a way to do that.

Author Comment

ID: 11029357
Yes, ok, it will be good to get to the bottom of this one.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Expert Comment

ID: 11045974
I think I understand what's going on here; hopefully some real expert can comment.  I turned on the network monitor trace, and traced all traffic between the Exchange server and the first DNS server (  I had to wait for a couple of days, but eventually a 2012 error popped up.  In the 3 or 4 minutes preceding the error, the Exchange server issued 3 "Std Qry" requests for a FQDN that the DNS server never replied to.  I don't know if the server was busy (not likely), it couldn't get a resolution, or what, but in any event it never replied to Exchange (for THAT query.  It was replying for other queries -- typically instantaneously -- all along.).  I think Exchange decided to give up at that point and declared that ...200 was "down or inaccessible."  It changed its mind 3 minutes later, though, and issued a query for the 2nd DNS server by FQDN (why, I don't know, since it knows the IP; maybe it was looking for it in another role, e.g., DC or GC) and got an immediate reply.  I wasn't logging traffic to both DNS servers at the time, so I don't know if the same query was then issued to the 2nd server, but I'm modifying my netmon filter to watch both servers and will let you know what happens.

Bottom line: I think this is a normal situation, where the DNS query goes unanswered for whatever reason.  Exchange, rather than issuing a warning along the lines of "Unable to resolve domain x.y.z.com" or whatever, says the DNS server is down, and most likely goes on to try another DNS server.  I'll bet that inspecting the delivery queue would show that the message for x.y.z.com was queued for a while.  

Stay tuned.

Expert Comment

ID: 11064157
I've pretty much confirmed my previous comment.  These messages should really say something along the lines of "No response received from DNS server a.b.c.d in X seconds, for a query for FQDN x.y.z." for each server queried, followed by something like "DNS unable to resolve FQDN x.y.z".  A more comprehensive trace shows Exchange trying the first DNS server, receiving no response, issuing the first 2012 Warning.  Then it tries the 2nd server, receives no response, and issues the 2nd 2012 Warning, followed by the 2013 Error.  The failed domains do appear in the server queue, so I imagine there's some retry interval that eventually expires and the process repeats until Exchange gives up and returns some kind of an undeliverable error to the sender.

I just don't have time to dig any deeper right now, so I'm going to call the basic problem solved.

Author Comment

ID: 11066474
Basically then these messages relate to mails that can't find the destination domain and time out ?  Then you'll see these messages sitting in the queue's........

Expert Comment

ID: 11066864
Right.  On my server, for every DNS lookup that fails in this way, there is a queue entry for the failed domain sourced from the virtual SMTP server. Section 4.5.4 of RFC 2821 (the SMTP RFC) describes retry strategies generally, and says "Retries continue until the message is transmitted or the sender gives up; the give-up time generally needs to be at least 4-5 days."  The RFC also requires that DNS be used to resolve the FQDN, and goes on at some length about what to do if the lookup succeeds, but doesn't explicitly say what to do if the lookup fails.

So, I'm happy as far as Exchange mail delivery goes.  However, I'm not happy that the DNS server doesn't give SOME response.  If I use nslookup on the DNS server to try to resolve one of the failed domains (e.g., "verison.net" -- give it a try on your system) I receive a "*** <servename> can't find verison.net: Server failed" message.  "Server failed" sounds pretty serious, but the DNS event logs show nothing, and it is in fact one of the three valid responses from a DNS server (Authoritative, Non-Authoritative (cached data) and Server failed).  I don't know why a "server failed" response wasn't sent to Exchange.

Time to post a question in the DNS area.

Accepted Solution

mfa073198 earned 1500 total points
ID: 11067174
Hold the presses.  "Server failed" responses ARE returned to Exchange.  However, others aren't -- I just looked in the queue, and there are 3 messages queued for the "icinaz.co.cu" domain.  I then did an nslookup on that domain and received:

C:\>nslookup icinaz.co.cu
Server:  <servername>

Name:    icinaz.co.cu


So even nslookup didn't give me much of a reply; I'm not sure what this means.  In most cases, the domains are for foreign countries, but I don't know if that's significant.

Author Comment

ID: 11350901
I've found that if I remove the ISP DNS servers from the settings in default SMTP server, this then removes these two events from the event viewer.  It seems using the internal DNS is good enough.  Although I still getting the warning event here and there but the critical events are not logged anymore.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question