Should be easy!! Troubleshoot external access to Exchange Webmail down

I recently performed some maintenance on an Exchange server (moved the log directory to a more ample hard drive) (and replaced our network switch with one with a Gbit port for our server).

Now we can't access our webmail through  http://mail.nationaleventsllc.com/exchange
though this used to work before. We have DirecPC satellite internet hookup.

when I went to http://whatismyip.com from a machine on the lan it gave me a diff IP than the one given by mail.nat.....  but I don't think that the IP addy changed because that would just be too much coincidence that it happened at the same time as my changes.
The webmail IS available inside the LAN.

I am able to telnet in port 25 to mail....  and also open a connection on port 80 to mail.... but I can't get a browser to pull anything up from that addy

Any Ideas?
LVL 5
acesover2000Asked:
Who is Participating?
 
MarakushConnect With a Mentor Commented:
Oh sorry... yea kinda got off subject.

Have you checked inbound port 80.

Marakush

0
 
MarakushCommented:
Okay here is what I found so far.

Doing a nslookup on your domain name the mail server's MX record is MAIL.nationaleventsllc.com - IP address 69.35.38.18

> set query=all
> nationaleventsllc.com
Server:  xxx.xxx.com
Address:  xxx.xxx.xxx.xxx

nationaleventsllc.com   internet address = 216.168.224.70
nationaleventsllc.com
        primary name server = NS51.WORLDNIC.com
        responsible mail addr = namehost.WORLDNIC.com
        serial  = 2004111600
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 7200 (2 hours)
nationaleventsllc.com   nameserver = NS51.WORLDNIC.com
nationaleventsllc.com   nameserver = NS52.WORLDNIC.com
nationaleventsllc.com   MX preference = 10, mail exchanger = MAIL.nationalevents
llc.com
MAIL.nationaleventsllc.com      internet address = 69.35.38.18


Doing a ping to 69.35.38.18 - dead

Doing a tracert - dead at

14    14 ms    22 ms    22 ms  dpc6682016038.direcpc.com [66.82.16.38]

C:\>tracert 69.35.38.18

Tracing route to dpc693538018.direcpc.com [69.35.38.18]
over a maximum of 30 hops:

  1     2 ms     1 ms     1 ms  xxx.xxx.xxx.xxx
  2     4 ms     4 ms     4 ms  454a094d.cst.lightpath.net [69.74.9.77]
  3     4 ms     4 ms     4 ms  r2-ge13-2-1.cst.bthpny.cv.net [65.19.105.181]
  4     4 ms     4 ms     4 ms  r4-srp11-0.cr.hcvlny.cv.net [65.19.104.50]
  5     4 ms     4 ms     4 ms  65.19.104.2
  6     5 ms     5 ms     5 ms  r2-srp13-0.in.nycmnyzr.cv.net [65.19.96.136]
  7     *        *        *     Request timed out.
  8     6 ms     5 ms     5 ms  ae-1-55.bbr1.newyork1.level3.net [4.68.97.129]
  9    10 ms    10 ms    32 ms  ae-0-0.bbr2.washington1.level3.net [64.159.0.230
]
 10    15 ms    14 ms    10 ms  ge-7-1.hsa1.washington1.level3.net [4.68.121.73]

 11    12 ms    11 ms    12 ms  unknown.level3.net [63.215.128.130]
 12   150 ms    14 ms    16 ms  dpc6682016078.direcpc.com [66.82.16.78]
 13    24 ms    29 ms    17 ms  gmtc-cr-ti-01-gi7-1.direcpc.com [66.82.16.85]
 14    14 ms    22 ms    22 ms  dpc6682016038.direcpc.com [66.82.16.38]
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.

This is the responce I get when I try a test from www.dnsstuff.com

Trying to connect to all mailservers:

   MAIL.nationaleventsllc.com. - 69.35.38.18  [Successful connect: Got a good response [250 2.1.5 postmaster@nationaleventsllc.com ]]

You email server is listed on 4 spam databases and blacklists.

FIVETENSRC       LISTED (127.0.0.2)       Reports CNAME of 69.35.70.43.direcpc.com.misc.spam.blackholes.five-ten-sg.com.
TXT= "miscellaneous address blocks that have sent spam here"       86400 seconds       0 ms

DSBLALL       LISTED (127.0.0.2)       TXT= "http://dsbl.org/listing?69.35.38.18"       2048 seconds       0 ms

DSBL       LISTED (127.0.0.2)       TXT= "http://dsbl.org/listing?69.35.38.18"       2048 seconds       0 ms

DNSBLNETAUT1       LISTED (127.0.0.2)       TXT= "http://dsbl.org/listing?69.35.38.18"       2048 seconds       0 ms

As for a reverse DNS record - which might cause problems because your reverse DNS record is not listed as you.

Location: United States [City: Germantown, Maryland]

Preparation:
The  reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 69.35.38.18 is found by looking up the PTR record for
 18.38.35.69.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking e.root-servers.net for 18.38.35.69.in-addr.arpa PTR record:  
       e.root-servers.net says to go to dill.arin.net. (zone: 69.in-addr.arpa.)
Asking dill.arin.net. for 18.38.35.69.in-addr.arpa PTR record:  
       dill.arin.net [192.35.51.32] says to go to ns2.direcpc.com. (zone: 35.69.in-addr.arpa.)
Asking ns2.direcpc.com. for 18.38.35.69.in-addr.arpa PTR record:  Reports dpc693538018.direcpc.com. [from 66.82.4.12]

Answer:
69.35.38.18 PTR record: dpc693538018.direcpc.com. [TTL 86400s] [A=69.35.38.18]

So okay there are a few problems... But the big thing is I was able to get a reply from postmaster@nationaleventsllc.com

Marakush

0
 
acesover2000Author Commented:
thanks for the info on the black list that is something I neglected to check.. However  I think you got a little side tracked.. My mail server is performing it's SMTP/POP/EXCHANGE duties properly it's just webmail that's down.  

BTW for some reason many cheaper ISP's  (DSL/Sat/Cable) -- you can't tracert to the IP
0
 
acesover2000Author Commented:
well marakush  I'll give you the points because you were the only one to answer and basically made me feel smart by doing everything (almost) I did to troubleshoot the problem

My final blockade was not being able to recover our router's password, so I eventually just reset the PW and rebuilt the LAN IP setup.  Oh well.. it works again (but I have no idea why it failed because I couldn't have changed anything in the router in the first place... Damn Satellite internet was an interesting learning experience)

congrats  that's an easy 500.. don't spend them all in one place!

hehe

oh BTW the the external IP differing from the GW addy given by our ISP is common practice with Satellite WHICH as I JUST FOUND OUT causes the extremely unfortunate side affect of becoming blacklisted on certain lists

As far as Reverse DNS goes.. most cheapo providers don't allow reverse DNS which is also (synonym of happy).

Corrections Comments?


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.