Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 566
  • Last Modified:

Exchange 2003 cannot send to external recipients with failover ISP

Current network setup (public services):
ISP1----
ISP2---- ]----Sonicwall TZ170----[ Exchange 2003 Server, HTTP Server (IIS) /FTP

-Sonicwall TZ170 is setup in failover mode.  ISP1 is primary WAN and ISP2 is OPT WAN.
-NAT Rules in place for each ISP (DNS aside, all services available via IP)

When ISP1 is connected (original ISP before failover setup), Everything works fine.

When ISP1 goes down (or is unplugged), web/ftp server is available, Exchange OWA works fine.  Exchange SMTP to external recipients fails.  You can send mail to internal addresses, but external mail doesn't go and the queue fills up.

All other clients and servers on the network can access the internet when failover occurs and ISP2 is primary with the exception of Exchange.  The Exchange server cannot access the web, ping external addresses, etc...

When the primary ISP1 comes back up, internet works fine on Exchange, OWA works, but some Exchange servers crash.

I'm stumped... all responses appreciated....
0
thomaslongas
Asked:
thomaslongas
  • 6
  • 4
2 Solutions
 
LeeDerbyshireCommented:
Do you have ISP1 configured as a smarthost?  You will probably not be allowed to relay throught them when you are connected to ISP2.
0
 
thomaslongasAuthor Commented:
Under Exchange SMTP Advanced Delivery, I do not have a smarthost configured.

FQDN is set and TCP/IP settings for the DNS is set to our primary domain controller.
0
 
LeeDerbyshireCommented:
Do you have any SMTP connectors?  It is also possible to add a smarthost there.

I think it would be a good idea to try a telnet test on port 25 to an external mail server (when connected to ISP2).  It will be instructive to see if, and at what point, it fails.  Choose an external address, find the SMTP server for its domain, and try to send an email with:

telnet servername 25
helo
mail from: your.address@domain.com
rcpt to: test.address@otherdomain.com
data
hello
.
quit

see if the message gets delivered.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
thomaslongasAuthor Commented:
The Exchange server used to filter mail through an another server that  did all spam processing.  There was a smarthost configured in SMTP settings.

Is there anywhere else this could be configured... right now mail is sent directly from Exchange through ISP1 and we have no issues...

Actually... I take that back... we do have trouble sending to Earthlink accounts, but that may or may not be related...
0
 
thomaslongasAuthor Commented:
No SMTP connectors.  I cannot test the failover right now, but I can tell you that I cannot ping/telnet any external addresses (time out).  The names are not resolving.  I can only ping/telnet internal IPs...

I can however ping/telnet from other servers on the network no problem...

The interesting thing about this is the problem occurs when I enable the NAT from ISP2 xxx.xxx.xxx.xxx:25 (external) to xxx.xxx.xxx.xxx:25 (internal).  I don't even have to disable the primary ISP and mail just stops flowing...

I don't understand that at all...
0
 
LeeDerbyshireCommented:
As far as I am aware, you can only configure a smarthost on the Virtual Server, or on an SMTP Connector.

The only other thing I can think of is that you may have the server's TCP/IP properties configured with the DNS servers at ISP1.  When connected to ISP2, you may not have access to them.

Of course, the fact that you probably have a different Public IP address when connected to ISP2 could be very relevant, but I daresay you've allowed for this.
0
 
thomaslongasAuthor Commented:
As far as I'm aware it is DNS not smarthost.

TCP/IP properties DNS is set to my internal DNS server (domain controller).  I have even tried putting ISP2 DNS server address in as secondary.

It is a different public IP address at the gateway, but I have allowed for this in the NAT rules.

Like I said, as soon as I enable the NAT rule for ISP2, it kills Exchange server's ability to connect to anything externally, doesn't matter if ISP1 is up or down.
0
 
thomaslongasAuthor Commented:
Surely Exchange can "correct" itself automatically.  I wouldn't think Exchange would necessarily "see" the change.  Since the machine cannot access the internet (ie: from browser), it may be some kind of other strange DNS problem and I posted in the wrong section...
0
 
thomaslongasAuthor Commented:
But, the web server (OWA) works fine and is accessible via public IP or FQDN if switched... but I guess that is incoming requests, not outgoing...

Maybe ISP blocks port 25?  But why block 25 and not 80/443?  
0
 
LeeDerbyshireCommented:
They're not likely to block outgoing port 25, because otherwise plain SMTP/POP email clients (like OE) would stop working.  Besides, didn't you also say that you lose all outgoing connectivity, not just email?

You say that you can't ping external addresses - does that apply even if you use the IP address, as well as the name?
0
 
SembeeCommented:
You need to do some basic DNS and connectivity tests when the second ISP connection is live. That will tell you where the problem is. It could be either one or the other.

For example... microsoft.com:

C:\>nslookup
Default Server:  server.domain.co.uk
Address:  192.168.1.1

> set type=mx
> microsoft.com
Server:  server.domain.co.uk
Address:  192.168.1.1

Non-authoritative answer:

microsoft.com   MX preference = 10, mail exchanger = mailc.microsoft.com
microsoft.com   MX preference = 10, mail exchanger = maila.microsoft.com
microsoft.com   MX preference = 10, mail exchanger = mailb.microsoft.com

maila.microsoft.com     internet address = 131.107.1.7
maila.microsoft.com     internet address = 131.107.1.6
mailb.microsoft.com     internet address = 131.107.3.123
mailb.microsoft.com     internet address = 205.248.102.77
mailc.microsoft.com     internet address = 205.248.102.78
mailc.microsoft.com     internet address = 205.248.102.79
>

When you have the MX server information, see if you can telnet to port 25 of the remote server.

For example (using the above information)
telnet maila.microsoft.com 25

Simon.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now