EXCHANGE 3499 (000B09B6) Host unreachable

Hello,

There are certain domains that we send mail to that get rejected back to us with the message: EXCHANGE 3499 (000B09B6) Host unreachable.

After searching the Experts Exchange site and reading some of the other similar posts, I have confirmed that we are not on any blacklists and a test of reverse DNS does in fact indentify us.

Any ideas on why this would be happening?

Thanks!
Gene  

PepfontanaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SembeeCommented:
Host unreachable normally means what it says.
If you know what domains it is, then you could first do an nslookup on the domain from the Exchange server, to see whether you get anything, then compare it with the results from something like dnsstuff.com


C:\>nslookup
Default Server:  server.domain.co.uk
Address:  192.168.1.1

> set type=mx
> microsoft.com
Server:  server.domain.co.uk
Address:  192.168.1.1

Non-authoritative answer:
microsoft.com   MX preference = 10, mail exchanger = mailc.microsoft.com
microsoft.com   MX preference = 10, mail exchanger = maila.microsoft.com
microsoft.com   MX preference = 10, mail exchanger = mailb.microsoft.com

maila.microsoft.com     internet address = 131.107.1.7
maila.microsoft.com     internet address = 131.107.1.6
mailb.microsoft.com     internet address = 131.107.3.123
mailb.microsoft.com     internet address = 205.248.102.77
mailc.microsoft.com     internet address = 205.248.102.78
mailc.microsoft.com     internet address = 205.248.102.79
>

When you have the MX server information, see if you can telnet to port 25 of the remote server.
For example (using the above information)

telnet maila.microsoft.com 25

Simon.
0
PepfontanaAuthor Commented:
Thanks Simon,

When I try the nslookup, it finds the server and IP address, but it also returns the message "DNS request timed out".

Thanks again!
Gene
0
SembeeCommented:
That would indicate the server is having problems with DNS lookups, which would explain the messages.

The best practise that I use for DNS is quite simple.

On the Exchange server itself, on the network card, configure the DNS servers as the domain controllers ONLY.

On the domain controllers, configure the DNS servers on the network card to be itself as primary and another domain controller as secondary (if available). If you only have one DC, then only enter one DNS server.

No external DNS servers are in the network configuration.

Then open up the DNS server Administrative Tool, and configure forwarders, using your ISPs DNS servers as forwarders.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.