Can&#x27;t send mail from an Exchange 2000 server to an Exchange 5.5 server

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

sorry infotrader lol ... I got caught up talking for a minute and then hit submit to find out you pretty much said the same thing ...

LOL... that hapeens a lot to me as well!!! :-)

- Info

ASKER CERTIFIED SOLUTION

kristinaw

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

I will check into these items and report back. Thanks.

ASKER

Hi,

Here is the routing table from the mail at Biz-B. I tried adding some addtional gateways in to the config without any success.

C:\Documents and Settings\Administrator>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x1000003 ...00 c0 9f 30 34 21 ...... Intel(R) 82544GC Based Network Connection
(Microsoft's Packet Scheduler)
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.20.10 192.168.20.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.20.0 255.255.255.0 192.168.20.2 192.168.20.2 1
192.168.20.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.20.3 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.20.65 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.20.255 255.255.255.255 192.168.20.2 192.168.20.2 1
224.0.0.0 224.0.0.0 192.168.20.2 192.168.20.2 1
255.255.255.255 255.255.255.255 192.168.20.2 192.168.20.2 1
Default Gateway: 192.168.20.10
===========================================================================
Persistent Routes:
None

I'll be checking the routing table in the FW later.

Thanks for your help.

Eric

Is the subnet mask on Biz A also 255.255.255.0 ? Can you dump the routing table from Biz A here as well?

I think your problem is that Biz-B does not understand how to talk to Biz-A.

You should have something like:

192.168.40.0 255.255.255.0 192.168.20.x 192.168.20.x 1

(e.g. You need a routing table that points the 192.168.20.x network to the 192.168.40.x network)

- Info

Definitely so ... if Biz A isn't on the same subnet then you need a route on Biz B or the Router/Firewall for them to talk ... You had your network vendor in eh? Was he the sales guy or the tech? ...

Run IPCONFIG /ALL from Biz A and print results here
Run Tracert BizServerB from Biz A and print results here
Run Tracert BizServerA from Biz B and print results here

We should be able tell you where the breakdown is with that information ...

Actually, another thing... Does Biz-B have a router attached to it? or how does Biz-B "talk" to Bia-A (i.e. VPN from Biz-B to Biz-A, or through a VPN router, etc)

If there is a router involved, we might also need to take a look at the router's routing table as well.

- Info

ASKER

Here is the tracert info from my side and the other side. One thing that occurred to me while I was doing these this morning is that we have an AS400 (on the .40 side) that the .20 network talks to, and they are not having any problems connecting. The .20 admin tried pinging to the .40 mail server and the .40 AS400 and could not ping thru, but could access the resources on our AS400.

Tracert biz-a mail server to biz-b mail server

C:\>tracert 192.168.20.2

Tracing route to mail.orangeburg.sc.us [192.168.20.2]
over a maximum of 30 hops:

1 <10 ms 16 ms <10 ms 192.168.40.1
2 <10 ms <10 ms <10 ms mail.orangeburg.sc.us [192.168.20.2]

Trace complete.

C:\>ipconfig /all

Windows NT IP Configuration

Host Name . . . . . . . . . : mail.orbgdpu.com
DNS Servers . . . . . . . . : 192.168.40.4
192.168.40.6
Node Type . . . . . . . . . : Hybrid
NetBIOS Scope ID. . . . . . :
IP Routing Enabled. . . . . : No
WINS Proxy Enabled. . . . . : No
NetBIOS Resolution Uses DNS : Yes

Ethernet adapter Q57NT42:

Description . . . . . . . . : Compaq NC7770 Gigabit Server Adapter
Physical Address. . . . . . : 00-08-02-ED-EE-5F
DHCP Enabled. . . . . . . . : No
IP Address. . . . . . . . . : 192.168.40.5
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 192.168.40.1
Primary WINS Server . . . . : 192.168.40.5

Tracert biz-b mail server to biz-a mail server

C:\Documents and Settings\Administrator>tracert 206.74.26.72 206.74.26.70

Tracing route to mail.orbgdpu.com [206.74.26.70]
over a maximum of 30 hops:

1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
Tracert biz-b mail server to biz-a mail server

C:\Documents and Settings\Administrator>tracert 192.168.20.2 192.168.40.5

Tracing route to mail.orbgdpu.com [192.168.40.5]
over a maximum of 30 hops:

1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.

Trace complete.

Tracert to 206.74.26.70
Generated by www.DNSstuff.com <http://www.DNSstuff.com> at 12:57:15 GMT on 13 Aug 2004.
Hop      Time 1      Time 2      Time 3      IP      Hostname      Return TTL      Country      Time
1      3 ms      9 ms      9 ms      216.26.129.91      [www.DNSstuff.com 1st hop]      252      UNITED STATES      Unix: 12:57:15.877
2      3 ms      6 ms      6 ms      216.26.128.229      edge-rtr01.ge-0-2-0.sdf.xodiax.net.      252      UNITED STATES      Unix: 12:57:15.884
3      66 ms      89 ms      96 ms      12.125.75.21      [Missing reverse DNS entry]      252      UNITED STATES      Unix: 12:57:15.954
4      11 ms      14 ms      13 ms      12.123.24.210      gbr1-p20.sl9mo.ip.att.net.      251      UNITED STATES
5      11 ms      14 ms      14 ms      12.122.11.113      tbr2-p013502.sl9mo.ip.att.net.      249      UNITED STATES
6      39 ms      48 ms      58 ms      12.122.10.137      [Missing reverse DNS entry]      248      UNITED STATES
7      41 ms      50 ms      60 ms      12.123.149.6      gar1-p390.chlnc.ip.att.net.      248      UNITED STATES
8      47 ms      75 ms      85 ms      12.125.220.30      [Missing reverse DNS entry]      56      UNITED STATES
9      45 ms      54 ms      64 ms      165.166.25.21      [Missing reverse DNS entry]      246      UNITED STATES      Unix: 12:57:16.345
10      50 ms      60 ms      69 ms      165.166.22.42      [Missing reverse DNS entry]      245      UNITED STATES      Unix: 12:57:16.430
11      54 ms      59 ms      69 ms      206.74.26.70      mail.orbgdpu.com.      244      UNITED STATES
12      50 ms      59 ms      69 ms      206.74.26.70       [Reached Destination]mail.orbgdpu.com.      116      UNITED STATES
13
14

Done!

Tracert to 206.74.26.72
Generated by www.DNSstuff.com <http://www.DNSstuff.com> at 12:58:08 GMT on 13 Aug 2004.
Hop      Time 1      Time 2      Time 3      IP      Hostname      Return TTL      Country      Time
1      2 ms      7 ms      7 ms      216.26.129.91      [www.DNSstuff.com 1st hop]      252      UNITED STATES      Unix: 12:58:08.803
2      3 ms      6 ms      6 ms      216.26.128.229      edge-rtr01.ge-0-2-0.sdf.xodiax.net.      252      UNITED STATES      Unix: 12:58:08.809
3      11 ms      75 ms      84 ms      12.125.75.21      [Missing reverse DNS entry]      252      UNITED STATES      Unix: 12:58:08.824
4      11 ms      17 ms      17 ms      12.123.24.210      gbr1-p20.sl9mo.ip.att.net.      251      UNITED STATES
5      10 ms      13 ms      13 ms      12.122.11.113      tbr2-p013502.sl9mo.ip.att.net.      249      UNITED STATES
6      51 ms      60 ms      66 ms      12.122.10.137      [Missing reverse DNS entry]      248      UNITED STATES
7      37 ms      47 ms      56 ms      12.123.149.6      gar1-p390.chlnc.ip.att.net.      248      UNITED STATES
8      51 ms      59 ms      69 ms      12.125.220.30      [Missing reverse DNS entry]      56      UNITED STATES
9      40 ms      52 ms      59 ms      165.166.25.21      [Missing reverse DNS entry]      246      UNITED STATES      Unix: 12:58:09.219
10      51 ms      59 ms      69 ms      165.166.22.42      [Missing reverse DNS entry]      245      UNITED STATES      Unix: 12:58:09.304
11      51 ms      59 ms      69 ms      206.74.26.72       [Reached Destination]mail.orangeburg.sc.us.      117      UNITED STATES      Microsoft: 12:58:17.215
12
13

Thanks and have a great weekend!! Watch out for Charlie if you are on the East coast.

E

Why are you running the tracert to the public IP of Biz Server A from Biz Server B? Run the tracert to the servername or internal IP so we can see where it fails ...

I'm thinking the issue is with a rule on your firewall ... if you can ping Biz Server B from Biz Server A and get a response ... then something on the firewall is probably not letting Biz Server B access the 10.168.20.0 network ... then again, it could still be the subnet mask of Biz Server B since it is 255.255.255.0 ...

It's one of the two I bet ...

yes.. Try to run a tracert from Biz-B to Biz-A instead. Ultimately, I think you need to establish a routing table from network segment 192.168.20.x to 192.168.40.x

I am guessing because the route is missing, and that everything is routed to the WAN (Internet) interface instead of the VPN tunnel, that you are not getting anything on that segment.

I need to know WHAT is the configuration of 192.168.40.1 (i.e. Is that a Cisco box, Win2K server, etc.), and what ther routing table is for 192.168.40.1. We also need to know the same for 192.168.20.1

The problem is simple... If 192.168.20.1 does not know the route, or gateway, to the 192.168.40.X network, it will just send out everything to the Internet interface. Of course, 192.168.X.X being a Private network, it's not going anywhere and you'll not get anything back.

- Info

ASKER

I had the Network Admin add the persistent route below, but that didn't seem to help.
Biz-B does have an Isdn router but it seperates another segement.

Also, here is some access lists entries from my Pix FW.

name 206.74.26.73 gardencityweb
name 206.74.26.72 gardencitymail
name 206.74.26.70 dpuexch1
name 192.168.40.10 dpu400
name 192.168.40.8 dpuexchalias
access-list inbound permit tcp any host dpuexch1 eq smtp
access-list inbound permit tcp any host gardencitymail eq smtp
access-list inbound permit tcp any host gardencitymail eq pop3
access-list inbound permit tcp any host gardencityweb eq ftp
access-list inbound permit tcp any host gardencityweb eq www
access-list inbound permit tcp any host dpuexchalias eq smtp

access-list from_dmz permit tcp 192.168.20.0 255.255.255.0 host dpuexchalias eq smtp

---------------

The only thing I see missing is that the server has both 40.5 and 40.8 addresses
but not an entry for the 40.5 in the access list. It has been like that for years and worked
without it before.

Hope this helps you help me. Thanks a million.

From the Biz-B Mail server

C:\Documents and Settings\Administrator>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x1000003 ...00 c0 9f 30 34 21 ...... Intel(R) 82544GC Based Network Connection
(Microsoft's Packet Scheduler)
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.20.1 192.168.20.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.20.0 255.255.255.0 192.168.20.2 192.168.20.2 1
192.168.20.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.20.3 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.20.63 255.255.255.255 192.168.20.65 192.168.20.65 1
192.168.20.65 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.20.255 255.255.255.255 192.168.20.2 192.168.20.2 1
192.168.40.0 255.255.255.0 192.168.20.1 192.168.20.2 1
224.0.0.0 224.0.0.0 192.168.20.2 192.168.20.2 1
255.255.255.255 255.255.255.255 192.168.20.2 192.168.20.2 1
Default Gateway: 192.168.20.1
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.40.0 255.255.255.0 192.168.20.1 1
192.168.40.0 255.255.255.0 192.168.20.10 1

From the desktop that can access the Biz-A AS400 from the Biz-B side

C:\Documents and Settings\bballard>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 e0 29 87 33 29 ...... NDIS 5.0 driver

===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.20.10 192.168.20.41 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.20.0 255.255.255.0 192.168.20.41 192.168.20.41 1
192.168.20.41 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.20.255 255.255.255.255 192.168.20.41 192.168.20.41 1
224.0.0.0 224.0.0.0 192.168.20.41 192.168.20.41 1
255.255.255.255 255.255.255.255 192.168.20.41 192.168.20.41 1
Default Gateway: 192.168.20.10
===========================================================================
Persistent Routes:
None

E

kristinaw

the sever has a 40.8 address? am i missing it somewhere, cause I don't see it in the NIC config or anywhere else. how about adding 40.5 to the pix access list and see what happens.

kris.

OK... Let's take it one step at a time.

You have TWO networks, 20.X and 40.X... (And if you count the rest of the public network, aka "Internet"), you actually need to access THREE different networks...

SO... Let's look at your routes from Biz-B..

You have TWO persistent route for 192.168.40.0, one pointing to 192.168.20.1 (The Internet), and the other pointing to 192.168.20.10, which I've NO IDEA what it is. Assuming that that is the VPN interface of the Biz-A (when you establish a VPN connection, that connection should have TWO IP's.. one for the 192.168.40.X network, and the other for the 192.168.20.X), then that should be ok.

SO..... Here are the solution ( probably) - remove the persistent route of 192.168.40.0 with gateway of 192.168.20.1.. That is the route to the Internet, and probably is the cause of your problem.

ASKER

The 192.168.20.10 is an ISDN router that seperates a different segment on .20 network, I've been told by the other NA that it has been up for at least a year, and shouldn't effect my .40 network. The mail has been working up to a few months ago, and he says there have not been any changes made to it. The 192.168.20.1 is the interface on the Pix where Biz-B connects as shown here:

interface ethernet2 "alex" is up, line protocol is up55.255.0.0eq ftp
Hardware is i82558 ethernet, address is 00e0.b606.88dbccess-list from_dmz deny gre any 192.168.0.0 255.255.0.0
IP address 192.168.20.1, subnet mask 255.255.255.0
telnet 192.168
MTU 1500 bytes, BW 10000 Kbit half duplexmit tcp any host dpuexchalias eq smtpd
10039774 packets input, 214624566 bytes, 0 no buffer
access-list from_dmz permit esp any any
Received 6387564 broadcasts, 0 runts, 0 giants
access-list from_dmz permit gre any anyo
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
pager lines 24
10463288 packets output, 3760677293 bytes, tampmit icmp any an
605 lost carrier, 0 no carriertu inside 15004.26.93 eq 3389
input queue (curr/max blocks): hardware (128/128) software (0/89)

I'll try some of these other steps. THANKS!!

Ok... Let's look at it one more time.

Assuming that the one computer that can access the AS400 does not have any funcky setup, then perhaps the easiest way to resolve your problem is replicate the routes. I am guessing that the routing between site-A and Site-B is being done on the router level. In which case, Biz-A, Computer-B, and Biz-B server does NOT need to know how to route the packets, but the routers do.

By telling Biz-B server where to route the packets for 192.168.40.X network might actually be our problem. Have you tried removing all routes to the 192.168.40.X network, including the persistent ones, and see if you can ping the 192.168.40.X network now?

- Info

ASKER

Hi folks,

Sorry I have been out of touch, had other issues I've been dealing with. I have tried a number of things mentioned to no avail. I did find that the FW has the IP address for the Exch server of 192.168.40.8 in its config, but during an upgrade that IP address was not put back on the server when we went to a GB nic card, only the 192.168.40.5 IP was configured. I don't think the FW is granting access to the Biz-B interface, I'm hoping that is the problem, and I should know soon. Thanks for all input to this point and I will post the outcome soon.

Eric

ASKER

Hi all,

Problem solved!!

In order to fix the e-mail from the Biz-B to Biz-A mail server, some changes were made to a few routing statements in the Biz-A Pix firewall. The FW was trying to route the mail to that IP address that was evidently taken out during a NIC card upgrade on the Biz-A mail server. An oversight by that same vendor?? We were told to open a case with Microsoft by our vendor, which we did, which led to the discovery of the improperly configured NIC, which I found as I was gathering data requested by MS. The changes made to the FW reflect the new NIC card configuration, this in turn corrected the mail flow problem.

Who should I award the points to, I see where kristinaw mentioned routing and infotrader gave more details. I will split the points if that is alright with you both. A number of folks were also very helpful. Thank you all!!

E

kristinaw

ok with me tec. just glad you got it fixed.

Kris.