• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 350
  • Last Modified:

How do I configure a Windows Server 2000 server to have two IP addresses -- one for the web server and one for the exchange server?

I'm having problems with emails bouncing back and it was suggested that it might be due to the fact that we have more than one domain. I was told that if each server could have its own IP address, I could use NAT to assign a unique outside address to it and then have my ISP change the IP of the mail record in hopes of resolving our email issue.
0
fondulac
Asked:
fondulac
  • 19
  • 10
  • 7
  • +2
2 Solutions
 
MessHallManCommented:
You will need to add a 2nd network card to the server for the 2nd IP address.
0
 
fondulacAuthor Commented:
I can add a second NIC easy enough, but have no clue as to how to configure exchange to use one IP and the web server the other. Could you help -- or is it too complicated?
0
 
fondulacAuthor Commented:
Also, isn't there a way to do this without adding a physical NIC?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Rant32Commented:
No, first of all you can not have two IP addresses within the same network assigned to different network adapters. If you use 2 NICs, then you must assign unique subnets to the interfaces. If not, the server won't know which adapter to use to send out IP datagrams.

You also don't need 2 physical NICs, you can assign multiple IP addresses to a single network interface, the interface will respond to all addresses but will only use the primary address to initiate traffic. Click the Advanced button on the TCP/IP configuration and you can add as many IP-addresses as you wish.

I seriously doubt that multiple IP addresses will help you any further. Please detail the e-mail bouncing problem or explain why you were told that 2 IP address would help you, and we'll go from there.
0
 
Rant32Commented:
If you use IIS, it is easy enough to configure the web server to use a specific IP address, it's on the properties of the Web site.

The same SEEMS to apply to the SMTP virtual server (look at the properties, you can select an IP there), but that doesn't work! The SMTP Virtual Service is ALWAYS bound to 0.0.0.0 (any interface), unless you disable IIS Socket Pooling:

http://support.microsoft.com/kb/q281760/

(Hey, look at the NIC configuration there... the adapter order or metric determines which adapter is used for LAN communication - you must have a good reason to do so or this could cause unexpected results).
0
 
fondulacAuthor Commented:
http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21814177.html
The above link is a question I have open regarding the email problem.

When I called our ISP, I was told that the problem is possibly related to the fact that we have our exchange server on the same box as our web server. The website has two domain names: fondulac.lib.il.us and fondulaclibrary.org . He thought that if we could have a separate outside IP for the exchange server, then we wouldn't be denied connection.
0
 
fondulacAuthor Commented:
We do use IIS. That sounds like it might really help. I know so little about all this. So, there is a virtual SMTP server? I'll look at the linked kb article.  Thanks!
0
 
fondulacAuthor Commented:
I looked at it and it seems too risky. I take care of the network maintenance here, but little training. In light of the additionial info I sent does it even sound like a plausible solution?
0
 
Rant32Commented:
I will post back in the original question, thanks.
0
 
Rant32Commented:
I wouldn't jump into reconfiguring the IIS/SMTP and socket pooling on a production server. I'm quite sure you have a DNS problem.
0
 
Keith AlabasterCommented:
Can we get the basics straight first?

Having the web and mail on the same server is no issue at all regardless of where you are publishing to. Many organisations for example have exchange and Outlook Web Access (uses IIS) on the same box with both being published.

Can you advise on your external firewall/router?
Is the mail/web server in the DMZ or on your internal LAN?
If you can give a few details of your setup please? A small diagram would assist.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Can you please post an IPCONFIG /ALL from your server?  This will definitely help in determining where you currently stand and what the issues may be.

I agree with keith... that there are generally NO problems with hosting Exchange and IIS on the same machine... as long as everything is configured properly.

Jeff
TechSoEasy
0
 
fondulacAuthor Commented:
Sorry for the delay in responding--due to the weekend. We use a Cisco Pix 501 firewall and a CISCO 1720 router. We do have NAT configured on the firewall so that we can have more than one external IP.

Regarding the IPCONFIG /ALL, it is:
Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : fondulac-gytydy
        Primary DNS Suffix  . . . . . . . : fondulac.lib.il.us
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : fondulac.lib.il.us
                                            lib.il.us
                                            il.us

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Cont
roller
        Physical Address. . . . . . . . . : 00-0F-FE-14-BE-5F
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.10.251
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.10.1
        DNS Servers . . . . . . . . . . . : 192.168.10.2
0
 
fondulacAuthor Commented:
Our web/mail server is on our internal LAN.
0
 
fondulacAuthor Commented:
The library's ISP has made some DNS changes, but the problem is still not resolved. Any thoughts?
0
 
Rant32Commented:
The MX in DNS looks alright now, but they changed it april 17. Might take another day to take effect?
0
 
fondulacAuthor Commented:
Mail worked for a short time on April 17, but hasn't since. Any thoughts?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
According to MXToolbox.com it's working fine for the inbound:
http://mxtoolbox.com/diagnostic.aspx?HOST=mail.fondulac.lib.il.us
http://mxtoolbox.com/diagnostic.aspx?HOST=mail.fondulaclibrary.org

Can you provide specifics of what is not working at the moment?  If email is bouncing... to what domain is it addressed?  

Do all users have both domain names listed in their email addresses properties?

Jeff
TechSoEasy

0
 
fondulacAuthor Commented:
Email is not getting through to hotmail.com, romolocpa.com, bhc.edu, and a few others
0
 
fondulacAuthor Commented:
The only domain used for mail is fondulac.lib.il.us
fondulaclibrary.org is only for our website and should have nothing to do with email.
The DNS resolves to fondulaclibrary.org because of our website--I guess.
0
 
Rant32Commented:
The bhc.edu mail server doesn't look very special... Exchange 2003 SP1 I think.

Can you run the smtpdiag tool again on the bhc.edu domain:

smtpdiag "postmaster@fondulac.lib.il.us" "postmaster@bhc.edu" /v

This produces a little less output than testing hotmail's servers :)
0
 
fondulacAuthor Commented:
Here it is:

C:\>smtpdiag "postmaster@fondulac.lib.il.us" "postmaster@bhc.edu" /v

Searching for Exchange external DNS settings.
Computer name is FONDULAC-GYTYDY.
VSI 1 has the following external DNS servers:
There are no external DNS servers configured.

Checking SOA for bhc.edu.
Checking external DNS servers.
Checking internal DNS servers.

Checking TCP/UDP SOA serial number using DNS server [192.168.10.2].
TCP test succeeded.
UDP test failed.
Serial number: 2002165714
SOA serial number match: Passed.

Checking local domain records.
Starting TCP and UDP DNS queries for the local domain. This test will try to
validate that DNS is set up correctly for inbound mail. This test can fail for
3 reasons.
    1) Local domain is not set up in DNS. Inbound mail cannot be routed to
local mailboxes.
    2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail,
but will affect outbound mail.
    3) Internal DNS is unaware of external DNS settings. This is a valid
configuration for certain topologies.
Checking MX records using TCP: fondulac.lib.il.us.
  MX:    fondulac-gytydy.fondulac.lib.il.us (10)
  A:     fondulac-gytydy.fondulac.lib.il.us [192.168.10.251]
Checking MX records using UDP: fondulac.lib.il.us.
  MX:    fondulac-gytydy.fondulac.lib.il.us (10)
  A:     fondulac-gytydy.fondulac.lib.il.us [192.168.10.251]
Both TCP and UDP queries succeeded. Local DNS test passed.

Checking remote domain records.
Starting TCP and UDP DNS queries for the remote domain. This test will try to
validate that DNS is set up correctly for outbound mail. This test can fail for
3 reasons.
    1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows
2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP
queries first, then fall back to TCP queries.
    2) Internal DNS does not know how to query external domains. You must
either use an external DNS server or configure DNS server to query external
domains.
    3) Remote domain does not exist. Failure is expected.
Checking MX records using TCP: bhc.edu.
  MX:    bhc-frontend.bhc.edu (10)
  A:     bhc-frontend.bhc.edu [216.125.96.26]
Checking MX records using UDP: bhc.edu.
  MX:    bhc-frontend.bhc.edu (10)
Both TCP and UDP queries succeeded. Remote DNS test passed.

Checking MX servers listed for postmaster@bhc.edu.
Connecting to bhc-frontend.bhc.edu [216.125.96.26] on port 25.
Received:
220 bhc-frontend.bhc.edu Microsoft ESMTP MAIL Service, Version: 6.0.3790.211 rea
dy at  Wed, 19 Apr 2006 17:09:40 -0500


Sent:
ehlo fondulac.lib.il.us

Received:
250-bhc-frontend.bhc.edu Hello [216.124.238.226]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK


Sent:
mail from: <postmaster@fondulac.lib.il.us>

Received:
250 2.1.0 postmaster@fondulac.lib.il.us....Sender OK

Sent:
rcpt to: <postmaster@bhc.edu>

Received:
250 2.1.5 postmaster@bhc.edu

Sent:
quit

Received:
221 2.0.0 bhc-frontend.bhc.edu Service closing transmission channel

Successfully connected to bhc-frontend.bhc.edu.
0
 
fondulacAuthor Commented:
Here is a copy of the message I received stating this email was undeliverable: (The recipients name was changed to "someone" for this posting.)

Your message did not reach some or all of the intended recipients.

      Subject:      This is just a test
      Sent:      4/19/2006 5:48 PM

The following recipient(s) could not be reached:

      someone@bhc.edu on 4/20/2006 6:11 AM
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <fondulac-gytydy.fondulac.lib.il.us #4.4.7>
0
 
fondulacAuthor Commented:
On the day that the ISP made some changes mail went through to hotmail for a short time. I called the guy there yesterday and he said he'd only made two changes and that he'd change the seemingly insignificant thing back and wait until today. But nothing changed. Anyone have any clue why it would work for such a short time?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
That looks like port 25 is blocked either on your own firewall or your ISP is blocking it.

Jeff
TechSoEasy
0
 
fondulacAuthor Commented:
Thanks. I'll find out if our ISP is blocking port 25. Are there any reaons to block port 25? In other words why do some ISPs block it. Does blocking it prevent you from being able to send mail to certain domains like hotmail?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
They block it to stop spammers from using their network to distribute spam.  Some ISP's will unblock it by request, while others will not.  If yours is blocking it and won't unblock you can use a 3rd party SMTP relay service such as http://gosmtp.com, http://authsmtp.com, or even http://mxtoolbox.com now offers one.

Jeff
TechSoEasy
0
 
Rant32Commented:
Using a different SMTP relay is only a workaround in this case but if you have to, use your own ISP's relay. In that case it's free.

To get mail going to the specific domains you're having trouble with, set up a special SMTP connector in Exchange ESM. Instead of using DNS to deliver mail, send it to your ISP's relay server. Set the connector preference at a higher cost than the default  SMTP connector, and use the address space tab to specify the domains you want to use relay for (hotmail.com, romolocpa.com, bhc.edu, etc.).

The trouble with this workaround is, that you'll never know when a new problem domain will pop up, as the source of the problem hasn't been solved.

If mail delivery through the ISP seems more reliable, consider switching to the relay method for all mail.

I don't agree with port 25 being blocked, because the SmtpDiag tool has been able to connect to the relevant mail servers without problem. The poster has a bonafide IP-address with a reverse lookup, and is not listed in any spam blacklists.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Well, that may be true... and in fact, a 4.4.7 error is generally a receiving server problem.  

fondulac... take a look at your Queues and see if there's a backlog of items there.  ESM > Servers > <servername> > Queues.

Also, do you get these type of NDR's from any other domain you send to?

Jeff
TechSoEasy
0
 
Rant32Commented:
There are more people that are experiencing this.

http://www.mcse.ms/archive79-2004-9-966138.html (Resolved by changing/removing external DNS servers from SMTP VS)

http://www.mcse.ms/message942503.html (unresolved, no replies)

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21308193.html (changed to SMTP relay)

list goes on and on...
0
 
fondulacAuthor Commented:
I've been watching the queue. The domains that won't receive mail are listed there until the mail that is trying to be sent to them expires.
The domains that are listed vary. I've never heard of most the domains that bounce the mail back. (Most are probably eithery viruses or spam since the sender is "postmaster@fondulac.lib.il.us") Here are some examples:
essent.com
cliffordhackett.com
britneyclub.com
tsga.de
gendesigner.com
seeucorp.com
infogenic.com
chase.com
10-75.com
nev.hfmgt.com
bscdebilt.nl
expert.net
homre.com
nminet.com
regiomontano.com
cix.compulink.co.uk
0733.com
frameusa.com

0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You should NOT have anything in your queues most of the time... Mail should move through there rather quickly.

So, follow Sembee's directions at his site here:  http://www.amset.info/exchange/spam-cleanup.asp

Jeff
TechSoEasy
0
 
Rant32Commented:
To eliminate unnecessary NDR generation for bogus/spam mail, enable recipient filtering for addresses that are not in the Active Directory.

ESM > ... > Message Delivery, properties > tab Recipient filtering > toggle Filter recipients not in Active Directory should be enabled.

That should keep the queues nice and clean.
0
 
fondulacAuthor Commented:
Thanks Rant32, for the links above and the advice on how to eliminate unnecessary NDR gereration. I didn't know you could do that.

I'm going to try the SMTP connector work-around suggested. That may be the perfect solution for us since in about two or three months, we are planning to upgrade, redesign and pretty much rebuild our entire network from the ground up.

I'll let you know soon if it works.

Thanks TechSoEasy and Rant32!
0
 
fondulacAuthor Commented:
I've added and SMTP connector to relay outbound mail. How long do I have to wait to see if I made a mistake. I'm sure I did everything right except for ISP outbound server IP --I'm not sure if that is the 206.166.83.22 and 206.17.200 listed in the DNSreport.
0
 
Rant32Commented:
If you need to use an IP address then it should be enclosed in square brackets [x.x.x.x] but iirc it warns you about that.

The first IP you mention is a nameserver and the 2nd is incomplete. I recommend you use mail.illinois.net as the relay server (not an ip address).

Send a message to any of the affected domains and look at the message tracking center. It should say that the message was transferred to mail.illinois.net and there should be no NDR.
0
 
fondulacAuthor Commented:
I just found out why the SMTP connector doesn't work--our ISP does not have an email service. They only have internal mail. Not sure what I'm going to do now.

I'm going to go ahead and close this and split the points between Rant32 and TechSoEasy since they did come up with the solution that would work if my ISP had an email service.

Thanks everyone who took time to help.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Please see my comment above regarding a 3rd Party SMTP relay service.

Jeff
TechSoEasy
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 19
  • 10
  • 7
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now