Solved

SMTPSVC - DNS Problem

Posted on 2004-04-20
10
6,888 Views
Last Modified: 2012-06-27
Hi all,

I've recently installed Exchange server 2003, and have the following message pop up in event viewer 5-6 times over the last day or so

event id 2012
SMTP could not connect to the DNS server 'xxx.xxx.xxx.xxx'. The protocol
used was 'UDP'. It may be down or inaccessible.

followed by event 2013

SMTP could not connect to any DNS server. Either none are configured, or all are down.

These event both relate to IIS 6.0, according to the more info button.

Now 'xxx.xxx.xxx.xxx' is the external DNS server for our ISP, and these settings are in place under default smtp virtual server.  All mail incoming & outcoming is fine, although some outgoing gets queued.

My question is what does this event message mean and how can I get rid of it ?  I've read somewhere that you have to change the meta data in IIS to use TCP, rather than UDP, as UPD can only handle certain number of packets.........If so how do I do this ?

Regards
Steven
0
Comment
Question by:stevendunne
  • 5
  • 4
10 Comments
 

Author Comment

by:stevendunne
ID: 10916852
Does anyone have any ideas about this behaviour ?
0
 
LVL 1

Expert Comment

by:mfa073198
ID: 11022440
This won't help much, but we've got the same problem, only worse.  Ours can't find either of our internal DNS servers.  We actually get three messages:

(Warning 2012) SMTP could not connect to the DNS server '10.230.48.200'. The protocol used was 'UDP'. It may be down or inaccessible.
(Warning 2012) SMTP could not connect to the DNS server '10.230.48.199'. The protocol used was 'UDP'. It may be down or inaccessible.
(Error 2013) SMTP could not connect to any DNS server. Either none are configured, or all are down.

The ...200 server is especially worrisome, since it's on the same switch as the Exchange server, so there's definitely Layer 2 connectivity. Pings succeed, so there's no Layer 3 problem.   No errors or warnings appear in either DNS server's logs.  We can run for days with no problem, then these messages pop up, usually in groups of three, roughly once per hour.  Yesterday, for example, they popped up at:

3:30-4:21-4:21 (1st warning, 2nd, error)
4:46-5:33-5:33
5:47 (1st warning only)
6:50-6:51-6:51
7:50-7:51-7:51
9:09-9:10-9:10
10:30-10:31-10:31

and it's been quiet ever since.

I'll kick in another 500 points for the answer to this one, assuming there's a way to do that.
0
 

Author Comment

by:stevendunne
ID: 11029357
Yes, ok, it will be good to get to the bottom of this one.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 1

Expert Comment

by:mfa073198
ID: 11045974
I think I understand what's going on here; hopefully some real expert can comment.  I turned on the network monitor trace, and traced all traffic between the Exchange server and the first DNS server (10.230.48.200).  I had to wait for a couple of days, but eventually a 2012 error popped up.  In the 3 or 4 minutes preceding the error, the Exchange server issued 3 "Std Qry" requests for a FQDN that the DNS server never replied to.  I don't know if the server was busy (not likely), it couldn't get a resolution, or what, but in any event it never replied to Exchange (for THAT query.  It was replying for other queries -- typically instantaneously -- all along.).  I think Exchange decided to give up at that point and declared that ...200 was "down or inaccessible."  It changed its mind 3 minutes later, though, and issued a query for the 2nd DNS server by FQDN (why, I don't know, since it knows the IP; maybe it was looking for it in another role, e.g., DC or GC) and got an immediate reply.  I wasn't logging traffic to both DNS servers at the time, so I don't know if the same query was then issued to the 2nd server, but I'm modifying my netmon filter to watch both servers and will let you know what happens.

Bottom line: I think this is a normal situation, where the DNS query goes unanswered for whatever reason.  Exchange, rather than issuing a warning along the lines of "Unable to resolve domain x.y.z.com" or whatever, says the DNS server is down, and most likely goes on to try another DNS server.  I'll bet that inspecting the delivery queue would show that the message for x.y.z.com was queued for a while.  

Stay tuned.
0
 
LVL 1

Expert Comment

by:mfa073198
ID: 11064157
I've pretty much confirmed my previous comment.  These messages should really say something along the lines of "No response received from DNS server a.b.c.d in X seconds, for a query for FQDN x.y.z." for each server queried, followed by something like "DNS unable to resolve FQDN x.y.z".  A more comprehensive trace shows Exchange trying the first DNS server, receiving no response, issuing the first 2012 Warning.  Then it tries the 2nd server, receives no response, and issues the 2nd 2012 Warning, followed by the 2013 Error.  The failed domains do appear in the server queue, so I imagine there's some retry interval that eventually expires and the process repeats until Exchange gives up and returns some kind of an undeliverable error to the sender.

I just don't have time to dig any deeper right now, so I'm going to call the basic problem solved.
0
 

Author Comment

by:stevendunne
ID: 11066474
Basically then these messages relate to mails that can't find the destination domain and time out ?  Then you'll see these messages sitting in the queue's........
0
 
LVL 1

Expert Comment

by:mfa073198
ID: 11066864
Right.  On my server, for every DNS lookup that fails in this way, there is a queue entry for the failed domain sourced from the virtual SMTP server. Section 4.5.4 of RFC 2821 (the SMTP RFC) describes retry strategies generally, and says "Retries continue until the message is transmitted or the sender gives up; the give-up time generally needs to be at least 4-5 days."  The RFC also requires that DNS be used to resolve the FQDN, and goes on at some length about what to do if the lookup succeeds, but doesn't explicitly say what to do if the lookup fails.

So, I'm happy as far as Exchange mail delivery goes.  However, I'm not happy that the DNS server doesn't give SOME response.  If I use nslookup on the DNS server to try to resolve one of the failed domains (e.g., "verison.net" -- give it a try on your system) I receive a "*** <servename> can't find verison.net: Server failed" message.  "Server failed" sounds pretty serious, but the DNS event logs show nothing, and it is in fact one of the three valid responses from a DNS server (Authoritative, Non-Authoritative (cached data) and Server failed).  I don't know why a "server failed" response wasn't sent to Exchange.

Time to post a question in the DNS area.
0
 
LVL 1

Accepted Solution

by:
mfa073198 earned 500 total points
ID: 11067174
Hold the presses.  "Server failed" responses ARE returned to Exchange.  However, others aren't -- I just looked in the queue, and there are 3 messages queued for the "icinaz.co.cu" domain.  I then did an nslookup on that domain and received:

C:\>nslookup icinaz.co.cu
Server:  <servername>
Address:  10.230.48.200

Name:    icinaz.co.cu


C:\>

So even nslookup didn't give me much of a reply; I'm not sure what this means.  In most cases, the domains are for foreign countries, but I don't know if that's significant.
0
 

Author Comment

by:stevendunne
ID: 11350901
I've found that if I remove the ISP DNS servers from the settings in default SMTP server, this then removes these two events from the event viewer.  It seems using the internal DNS is good enough.  Although I still getting the warning event here and there but the critical events are not logged anymore.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question