?
Solved

Should be easy!! Troubleshoot external access to Exchange Webmail down

Posted on 2005-04-06
4
Medium Priority
?
1,007 Views
Last Modified: 2012-08-13
I recently performed some maintenance on an Exchange server (moved the log directory to a more ample hard drive) (and replaced our network switch with one with a Gbit port for our server).

Now we can't access our webmail through  http://mail.nationaleventsllc.com/exchange
though this used to work before. We have DirecPC satellite internet hookup.

when I went to http://whatismyip.com from a machine on the lan it gave me a diff IP than the one given by mail.nat.....  but I don't think that the IP addy changed because that would just be too much coincidence that it happened at the same time as my changes.
The webmail IS available inside the LAN.

I am able to telnet in port 25 to mail....  and also open a connection on port 80 to mail.... but I can't get a browser to pull anything up from that addy

Any Ideas?
0
Comment
Question by:acesover2000
  • 2
  • 2
4 Comments
 
LVL 8

Expert Comment

by:Marakush
ID: 13718045
Okay here is what I found so far.

Doing a nslookup on your domain name the mail server's MX record is MAIL.nationaleventsllc.com - IP address 69.35.38.18

> set query=all
> nationaleventsllc.com
Server:  xxx.xxx.com
Address:  xxx.xxx.xxx.xxx

nationaleventsllc.com   internet address = 216.168.224.70
nationaleventsllc.com
        primary name server = NS51.WORLDNIC.com
        responsible mail addr = namehost.WORLDNIC.com
        serial  = 2004111600
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 7200 (2 hours)
nationaleventsllc.com   nameserver = NS51.WORLDNIC.com
nationaleventsllc.com   nameserver = NS52.WORLDNIC.com
nationaleventsllc.com   MX preference = 10, mail exchanger = MAIL.nationalevents
llc.com
MAIL.nationaleventsllc.com      internet address = 69.35.38.18


Doing a ping to 69.35.38.18 - dead

Doing a tracert - dead at

14    14 ms    22 ms    22 ms  dpc6682016038.direcpc.com [66.82.16.38]

C:\>tracert 69.35.38.18

Tracing route to dpc693538018.direcpc.com [69.35.38.18]
over a maximum of 30 hops:

  1     2 ms     1 ms     1 ms  xxx.xxx.xxx.xxx
  2     4 ms     4 ms     4 ms  454a094d.cst.lightpath.net [69.74.9.77]
  3     4 ms     4 ms     4 ms  r2-ge13-2-1.cst.bthpny.cv.net [65.19.105.181]
  4     4 ms     4 ms     4 ms  r4-srp11-0.cr.hcvlny.cv.net [65.19.104.50]
  5     4 ms     4 ms     4 ms  65.19.104.2
  6     5 ms     5 ms     5 ms  r2-srp13-0.in.nycmnyzr.cv.net [65.19.96.136]
  7     *        *        *     Request timed out.
  8     6 ms     5 ms     5 ms  ae-1-55.bbr1.newyork1.level3.net [4.68.97.129]
  9    10 ms    10 ms    32 ms  ae-0-0.bbr2.washington1.level3.net [64.159.0.230
]
 10    15 ms    14 ms    10 ms  ge-7-1.hsa1.washington1.level3.net [4.68.121.73]

 11    12 ms    11 ms    12 ms  unknown.level3.net [63.215.128.130]
 12   150 ms    14 ms    16 ms  dpc6682016078.direcpc.com [66.82.16.78]
 13    24 ms    29 ms    17 ms  gmtc-cr-ti-01-gi7-1.direcpc.com [66.82.16.85]
 14    14 ms    22 ms    22 ms  dpc6682016038.direcpc.com [66.82.16.38]
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.

This is the responce I get when I try a test from www.dnsstuff.com

Trying to connect to all mailservers:

   MAIL.nationaleventsllc.com. - 69.35.38.18  [Successful connect: Got a good response [250 2.1.5 postmaster@nationaleventsllc.com ]]

You email server is listed on 4 spam databases and blacklists.

FIVETENSRC       LISTED (127.0.0.2)       Reports CNAME of 69.35.70.43.direcpc.com.misc.spam.blackholes.five-ten-sg.com.
TXT= "miscellaneous address blocks that have sent spam here"       86400 seconds       0 ms

DSBLALL       LISTED (127.0.0.2)       TXT= "http://dsbl.org/listing?69.35.38.18"       2048 seconds       0 ms

DSBL       LISTED (127.0.0.2)       TXT= "http://dsbl.org/listing?69.35.38.18"       2048 seconds       0 ms

DNSBLNETAUT1       LISTED (127.0.0.2)       TXT= "http://dsbl.org/listing?69.35.38.18"       2048 seconds       0 ms

As for a reverse DNS record - which might cause problems because your reverse DNS record is not listed as you.

Location: United States [City: Germantown, Maryland]

Preparation:
The  reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 69.35.38.18 is found by looking up the PTR record for
 18.38.35.69.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking e.root-servers.net for 18.38.35.69.in-addr.arpa PTR record:  
       e.root-servers.net says to go to dill.arin.net. (zone: 69.in-addr.arpa.)
Asking dill.arin.net. for 18.38.35.69.in-addr.arpa PTR record:  
       dill.arin.net [192.35.51.32] says to go to ns2.direcpc.com. (zone: 35.69.in-addr.arpa.)
Asking ns2.direcpc.com. for 18.38.35.69.in-addr.arpa PTR record:  Reports dpc693538018.direcpc.com. [from 66.82.4.12]

Answer:
69.35.38.18 PTR record: dpc693538018.direcpc.com. [TTL 86400s] [A=69.35.38.18]

So okay there are a few problems... But the big thing is I was able to get a reply from postmaster@nationaleventsllc.com

Marakush

0
 
LVL 5

Author Comment

by:acesover2000
ID: 13718203
thanks for the info on the black list that is something I neglected to check.. However  I think you got a little side tracked.. My mail server is performing it's SMTP/POP/EXCHANGE duties properly it's just webmail that's down.  

BTW for some reason many cheaper ISP's  (DSL/Sat/Cable) -- you can't tracert to the IP
0
 
LVL 8

Accepted Solution

by:
Marakush earned 1000 total points
ID: 13718433
Oh sorry... yea kinda got off subject.

Have you checked inbound port 80.

Marakush

0
 
LVL 5

Author Comment

by:acesover2000
ID: 13721793
well marakush  I'll give you the points because you were the only one to answer and basically made me feel smart by doing everything (almost) I did to troubleshoot the problem

My final blockade was not being able to recover our router's password, so I eventually just reset the PW and rebuilt the LAN IP setup.  Oh well.. it works again (but I have no idea why it failed because I couldn't have changed anything in the router in the first place... Damn Satellite internet was an interesting learning experience)

congrats  that's an easy 500.. don't spend them all in one place!

hehe

oh BTW the the external IP differing from the GW addy given by our ISP is common practice with Satellite WHICH as I JUST FOUND OUT causes the extremely unfortunate side affect of becoming blacklisted on certain lists

As far as Reverse DNS goes.. most cheapo providers don't allow reverse DNS which is also (synonym of happy).

Corrections Comments?


0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question