chris_certified-nets
asked on
GW6.5 message delivery slow across GWIA.
Two Netware 6 servers running Gw6.5. PO/POA on server1, MTA and GWIA on server2. Server2 was also runing Bordermanager, now it is not (Installed a hardware firewall), but server2 is still multihomed, one NIC on lan, one on Internet with the domain's MX record IP, internet router only permitting port 25 to that IP. Bordermanager has been gone for a year, this problem appeared about two weeks ago.
Messages come in from the Internet to the GWIA but are not delivered to the PO for hours, likewise outgoing messages from the PO are hanging somewhere (I don't know how to figure out where) for several hours before remote delivery.
What I think is either the problem or the telling symptom is this. The MTA on server2 loads and connects to the GWIA, but when it connects to server1 it opens and closes the domain in under a second, and it stays closed. I have changed the connection method from TCP/IP to UNC to Mapped and back again, all do the same thing.
Any good ideas?
Thank You.
Messages come in from the Internet to the GWIA but are not delivered to the PO for hours, likewise outgoing messages from the PO are hanging somewhere (I don't know how to figure out where) for several hours before remote delivery.
What I think is either the problem or the telling symptom is this. The MTA on server2 loads and connects to the GWIA, but when it connects to server1 it opens and closes the domain in under a second, and it stays closed. I have changed the connection method from TCP/IP to UNC to Mapped and back again, all do the same thing.
Any good ideas?
Thank You.
I don't think it's an issue between GWIA and the MTA, but rather an issue between the MTA and the POA. If it's been working fine for over a year with this setup (minus 2 weeks) then the second IP can't be an issue.
Plus, since the direct link types still exist, I don't think it's necessarily true that TCP/IP is used for everything, other than the fact that a UNC link on 2 different servers would run on NCP over IP.
What might have changed on your network a couple of weeks ago? Something changed that affected the MTA-to-POA link. Have you checked the POA side of things? Have you checked to make sure that IP filtering is turned off on the GWIA/MTA server? Since it once had BorderManager on it, it may have some leftovers that accidentally got activated, like maybe someone did a "reinitialize system" for some reason, and now FILTSRV and IPFILT are running again? Maybe something changed on the POA server?
Plus, since the direct link types still exist, I don't think it's necessarily true that TCP/IP is used for everything, other than the fact that a UNC link on 2 different servers would run on NCP over IP.
What might have changed on your network a couple of weeks ago? Something changed that affected the MTA-to-POA link. Have you checked the POA side of things? Have you checked to make sure that IP filtering is turned off on the GWIA/MTA server? Since it once had BorderManager on it, it may have some leftovers that accidentally got activated, like maybe someone did a "reinitialize system" for some reason, and now FILTSRV and IPFILT are running again? Maybe something changed on the POA server?
Any news?
Hello?
ASKER
I apologize for neglecting this, this server has become the bane of my existance.
I moved the GWIA to the same server as the POA and MTA, and in fact shut down the second server.
Messages that get into the GWIA now deliver promptly, but many/most outgoing messages result in "450 host down" messages, even though I can in fact resolve the names, ping the remote hosts from the server console, and telnet to port on the remote hosts from a workstation. some but not all internal messages are also giving me "450 host down" when looking for the local machine!
Is there a known thing between Exchange 2003 and GW6.5 that I don't know about...testing from/to every mail server I have access to revealed this system will not send to or receive from any Exchange 2003 system I have testing access from....
I moved the GWIA to the same server as the POA and MTA, and in fact shut down the second server.
Messages that get into the GWIA now deliver promptly, but many/most outgoing messages result in "450 host down" messages, even though I can in fact resolve the names, ping the remote hosts from the server console, and telnet to port on the remote hosts from a workstation. some but not all internal messages are also giving me "450 host down" when looking for the local machine!
Is there a known thing between Exchange 2003 and GW6.5 that I don't know about...testing from/to every mail server I have access to revealed this system will not send to or receive from any Exchange 2003 system I have testing access from....
1) Is GWIA using a separate interface dedicated to the public (internet) network, or does the server only have one NIC with one IP address, or are you multihoming to a single NIC on the server with a secondary address set aside for GWIA?
2) Are you behind a NAT firewall? How is SMTP allowed through to GWIA - what kind of filter exception is in place?
3) Sounds like you have a GWIA setting set wrong - there should be no problem sending/receiving email from Exchange, unless Microsoft suddenly changed how Exchange 2003 interacts with non-Exchange 2003 servers over the Internet, which is unlikely since they'd be shooting themselves in the foot... and breaking email connectivity with pre-Exchange 2003 Exchange servers as well. Can you post your GWIA.CFG file (with IP addresses/host names masked or aliased)?
2) Are you behind a NAT firewall? How is SMTP allowed through to GWIA - what kind of filter exception is in place?
3) Sounds like you have a GWIA setting set wrong - there should be no problem sending/receiving email from Exchange, unless Microsoft suddenly changed how Exchange 2003 interacts with non-Exchange 2003 servers over the Internet, which is unlikely since they'd be shooting themselves in the foot... and breaking email connectivity with pre-Exchange 2003 Exchange servers as well. Can you post your GWIA.CFG file (with IP addresses/host names masked or aliased)?
ASKER
1.) Single NIC, Single IP. NAT at the firewall (Sonicwall).
2.) Nat from public 66.128.xxx.yyy to private 10.10.10.1. aloow rule all port 25 from WAN/Internet to that address.
3.) Yeah that's what I thought, but it also wouldn't be the first time they fixed one thing that broke three others.
;=========================
; GroupWise 6 GWIA
; Startup File
;-------------------------
; This contains the configuation options for GroupWise Internet Agent.
; Use ConsoleOne to modify this file with Advanced Settings.
; For further documentation on the switches use help under Advanced
; Settings.
; ***Warning*** If you move this file from its present location,
; there is a file in the GWIA home directory, exepath.cfg, you will
; need to modify the path inside that file to reflect the location of
; the gwia.cfg. Be certain this remains a UNC path and there is a
; <CR><LF> at the end of the path statement.
;-------------------------
;=========================
/Home-\\IMMANUEL_1\VOL1\ea
/DHome-\\IMMANUEL_1\VOL1\e
/DSN
/DSNAGE-4
/SMTP
/LDAP
/MIME
/MUDAS=2
/MailView-Internet
/SD-8
/RD-16
/P-10
/TE-2
/TG-5
/TC-5
/TR-5
/TD-3
/TT-10
/PT-10
/IT-10
/LdapThrd-10
/ST-4
/RT-4
/ARI-NEVER
/ATTACHMSG
/fut=pniewald@immanuel-lcm
/badmsg=BOTH
2.) Nat from public 66.128.xxx.yyy to private 10.10.10.1. aloow rule all port 25 from WAN/Internet to that address.
3.) Yeah that's what I thought, but it also wouldn't be the first time they fixed one thing that broke three others.
;=========================
; GroupWise 6 GWIA
; Startup File
;-------------------------
; This contains the configuation options for GroupWise Internet Agent.
; Use ConsoleOne to modify this file with Advanced Settings.
; For further documentation on the switches use help under Advanced
; Settings.
; ***Warning*** If you move this file from its present location,
; there is a file in the GWIA home directory, exepath.cfg, you will
; need to modify the path inside that file to reflect the location of
; the gwia.cfg. Be certain this remains a UNC path and there is a
; <CR><LF> at the end of the path statement.
;-------------------------
;=========================
/Home-\\IMMANUEL_1\VOL1\ea
/DHome-\\IMMANUEL_1\VOL1\e
/DSN
/DSNAGE-4
/SMTP
/LDAP
/MIME
/MUDAS=2
/MailView-Internet
/SD-8
/RD-16
/P-10
/TE-2
/TG-5
/TC-5
/TR-5
/TD-3
/TT-10
/PT-10
/IT-10
/LdapThrd-10
/ST-4
/RT-4
/ARI-NEVER
/ATTACHMSG
/fut=pniewald@immanuel-lcm
/badmsg=BOTH
Not being that familiar with Sonicwall, does that NAT filter exception allow port 25 from the GWIA IP address out to any address as well as in from any address?
ASKER
My sonicwall guy swears that the firewall filters NOTHING outbound, so I gotta say yeah...
Oooh. Sounds perhaps like generic stateful outbound stuff. I don't know if that's adequate to the task for SMTP. Both servers need to connect on port 25.
Do you have a route.cfg file in your <domain>\wpgate\gwia directory? If not, create one. It's kinda necessary when you're NATting GWIA, 'specially if you're getting 450 Host Down errors on the GWIA address.
The route.cfg file is a simple ascii text file which will contain the following:
company.com [Internal IP address of GWIA server] (The square brackets are necessary)
Do you have internal DNS? Does it show the local IP address of the server with the hostname you have registered as your public MX host name, and does the GWIA configuration have that same host name indicated? More often than not, 450 Host Down is either a name resolution issue or a non-response from the target host because you're not sending the right host name in your SMTP connection to the target host so it doesn't send its reply back to port 25 on the NATted public IP. It might even refuse your connection if your hostname doesn't match your MX record.
Do you have a route.cfg file in your <domain>\wpgate\gwia directory? If not, create one. It's kinda necessary when you're NATting GWIA, 'specially if you're getting 450 Host Down errors on the GWIA address.
The route.cfg file is a simple ascii text file which will contain the following:
company.com [Internal IP address of GWIA server] (The square brackets are necessary)
Do you have internal DNS? Does it show the local IP address of the server with the hostname you have registered as your public MX host name, and does the GWIA configuration have that same host name indicated? More often than not, 450 Host Down is either a name resolution issue or a non-response from the target host because you're not sending the right host name in your SMTP connection to the target host so it doesn't send its reply back to port 25 on the NATted public IP. It might even refuse your connection if your hostname doesn't match your MX record.
ASKER
OK, have added route.cfg.
Rechecked my resolv.cfg and restarted the server. Nameservers listed in resolv.cfg are the authoratative for my domain.
Do you have internal DNS? yes, but I don't know if it is set up right...
Does it show the local IP address of the server with the hostname you have registered as your public MX host name, and does the GWIA configuration have that same host name indicated? I have no idea how to find this, or to enter it.
More often than not, 450 Host Down is either a name resolution issue or a non-response from the target host because you're not sending the right host name in your SMTP connection to the target host so it doesn't send its reply back to port 25 on the NATted public IP. It might even refuse your connection if your hostname doesn't match your MX record.
I don't have any idea how to change the hostname in the SMTP on Groupwise, unfortunately.
what's most f'ed up is I spent three hours on the phone with novell, and you have had more good ideas in three posts than they did.......
Rechecked my resolv.cfg and restarted the server. Nameservers listed in resolv.cfg are the authoratative for my domain.
Do you have internal DNS? yes, but I don't know if it is set up right...
Does it show the local IP address of the server with the hostname you have registered as your public MX host name, and does the GWIA configuration have that same host name indicated? I have no idea how to find this, or to enter it.
More often than not, 450 Host Down is either a name resolution issue or a non-response from the target host because you're not sending the right host name in your SMTP connection to the target host so it doesn't send its reply back to port 25 on the NATted public IP. It might even refuse your connection if your hostname doesn't match your MX record.
I don't have any idea how to change the hostname in the SMTP on Groupwise, unfortunately.
what's most f'ed up is I spent three hours on the phone with novell, and you have had more good ideas in three posts than they did.......
On the GWIA object, there's an SMTP/MIME tab, with a "Settings" page. Make sure the DNS "A" record field matches your company's domain "A" record associated to the MX record, that resolves to the public IP address, IIRC.
That setting corresponds with the GWIA.CFG /hn setting, which I don't see in your GWIA.CFG.
I have a sneaking suspicion that might be the problem.
That setting corresponds with the GWIA.CFG /hn setting, which I don't see in your GWIA.CFG.
I have a sneaking suspicion that might be the problem.
For example, if your domain is mycompany.com and your mx record points to mail.mycompany.com on 10.10.10.10, and 10.10.10.10 is natted to 192.168.1.1 which has your GWIA, your /hn should be mail.mycompany.com, I think...
If that doesn't work, just use the mycompany.com part and see if that works..
I think that field is multivalued, so you could put both in just for kicks. I don't remember if it's comma-delimited or space-delimited.
If that doesn't work, just use the mycompany.com part and see if that works..
I think that field is multivalued, so you could put both in just for kicks. I don't remember if it's comma-delimited or space-delimited.
The name in your route.cfg should be the same as what's in your /hn, by the way, but with the local server's IP. That's so internal mail to joe@mycompany.com doesn't try to go out to the internet and back in...
I think...
;)
;)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, got rid of the MX Lookup errors to the local host with route.cfg, though I had to manually edit all the messages in the DEFER folder to change them to include the address rather than the domain name. Nice, that.
Found DNS Servers that work for external resolution (ISP would not let the mail server query it's DNS because they are not authoratative for the domain, Hosting company wouldn't let the server resolve to it's servers because they were not on that companies network. ISP apologized and un-f-ed that.)
Still getting some 450 host downs to Exchange, especially 2K3, and my Exchange server is unable to send to this server, but I mostly think it is an issue with Firewalls somewhere now. Thank You.
Found DNS Servers that work for external resolution (ISP would not let the mail server query it's DNS because they are not authoratative for the domain, Hosting company wouldn't let the server resolve to it's servers because they were not on that companies network. ISP apologized and un-f-ed that.)
Still getting some 450 host downs to Exchange, especially 2K3, and my Exchange server is unable to send to this server, but I mostly think it is an issue with Firewalls somewhere now. Thank You.
When you configure the MTA, which IP address do you give to it as the GWIA's IP address?
Any reason you can't ditch the second IP now that BorderManager is gone?