We help IT Professionals succeed at work.

Win2K SMTPSVC event ID 4000 unable to deliver mail directly to the internet

jmckg
jmckg asked
on
1,550 Views
Last Modified: 2008-09-16
OS: Win2k
SP: Sp4 and all patches
IIS: 5.0
SMTPSVC problem
NO Exchange running on this machine(this is sitting in the DMZ just as a relay server)

Most domain fail with event ID 4000 Unable to bind to destination server in DNS. Sometime they go through fine.  Event viewe is full of this message. If I relay it to our ISP it goes fine.  I need to have this box deliver messages directly without having to go through the smart host/ISP.

Definitely not open relay. Only one other server can relay through this in addtion to my machine, which I am using to test.

I have no DNS problem.  I am able to telnet to port 25 to yahoo's mail server just fine.  I am able to telnet to this server from my machine to port 25 and submit a message but, it goes into the queue but, doesn't get delivered.  If I stop and start smtp it may go through.  some e-mails that I submitted yesterday haven't left the queue yet.  I got this notice from the server..  It is still sitting in the queue.

This is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

       
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2013

Commented:
Start here

http://www.eventid.net/display.asp?eventid=4000&eventno=803&source=SMTPSVC&phase=1

I'll look around and see if I find anything else.

Thanks
Mike

Author

Commented:
Thanks Mike,
The binding order of the NICs article caught my attention.  The first one bound is for my smtp.  Has a valid public name in our zone file with our ISP.   So, that is not the problem. The rest do not apply to my case..
I just double checked the firewall rules, I am allowing any outbound connection from this server in the  DMZ.
I forgot to mention that I installed Metadata 2.0 yesterday as part of this trouble shooting.. I have run an etherreal trace.  I am yet to analyze it. I will post the solution if I find it.
Pls. help.

Author

Commented:
I think I fixed the problem.  I am using PIX firewall.  I had quite a few permit statements and then a deny statement to deny any other traffic to the private network and then I had another permit after that allowing any IP traffic out to the internet.

This should work technically but, just in case I specifically added a permit before the deny to allow this server to allow SMTP traffic and it works fantastic.

Before
access-list acl-DMZ permit tcp host 10.100.20.3 host 10.4.20.33 eq smtp (to send e-mail to the private side)
access-list acl-DMZ deny ip 10.100.20.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list acl-DMZ permit ip 10.100.20.0 255.255.255.0 any (I thought this would cover sending e-mail to the public internet)

After:
access-list acl-DMZ permit tcp 10.100.20.3 255.255.255.255 any eq smtp
access-list acl-DMZ deny ip 10.100.20.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list acl-DMZ permit ip 10.100.20.0 255.255.255.0 any (this should have covered to send e-mail out to the internet but, it didn't)

Problem solved.
Thanks

CERTIFIED EXPERT
Top Expert 2013

Commented:
Damn, kick ass troubleshooting, nice owrk man!!

Author

Commented:
I spoke too soon.  The problem is still there.  It just cleared a couple of tests quickly without any events but, it started to do the same thing again.
Help...!!!

Author

Commented:
Here is the perfect solution for this problem. At some point yesterday it did work and I broke it again.  Now, I think I have found a solution.

Under the network properties if you have mydomain.com for append DNS and DNS suffix for this connection then, it is looking for a DNS server (first one listed) to be one of the DNS server from mydomain.com.  For the second and third you can use your ISPs DNS servers.

If I change the order and move the internal DNS server all the way down and only use ISP's DNS server(as 1 and 2)it doesn't like it and comes back with event ID 4000 unable to bind to destination server in DNS.  



CERTIFIED EXPERT
Top Expert 2013
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
Thanks SO much for this solution.  I toiled around quite a bit with checking DNS and using smtpdiag.  Everything would look fine but I would still get these dreaded 'Event ID 4000' errors balking about DNS issues.

I went under Network Properties for the adapter - and simply CLEARED the checkbox under 'Append PARENT suffixes of the primary DNS suffix - and low and behold, it WORKED again finally!

Another thing to note:  I did not have to add a local DNS server - I kept both my ISP's DNS servers in the DNS.  I think this would be more reliable if you have a case like ours where I DO NOT forward on root hints for anything the locals can't resolve (because I don't want local Terminal Server users browsing the internet - i.e. no DNS for them, no internet - cheap and easy solution).

Thanks guys - Kevin
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.