thomaslongas
asked on
Exchange 2003 cannot send to external recipients with failover ISP
Current network setup (public services):
ISP1----
ISP2---- ]----Sonicwall TZ170----[ Exchange 2003 Server, HTTP Server (IIS) /FTP
-Sonicwall TZ170 is setup in failover mode. ISP1 is primary WAN and ISP2 is OPT WAN.
-NAT Rules in place for each ISP (DNS aside, all services available via IP)
When ISP1 is connected (original ISP before failover setup), Everything works fine.
When ISP1 goes down (or is unplugged), web/ftp server is available, Exchange OWA works fine. Exchange SMTP to external recipients fails. You can send mail to internal addresses, but external mail doesn't go and the queue fills up.
All other clients and servers on the network can access the internet when failover occurs and ISP2 is primary with the exception of Exchange. The Exchange server cannot access the web, ping external addresses, etc...
When the primary ISP1 comes back up, internet works fine on Exchange, OWA works, but some Exchange servers crash.
I'm stumped... all responses appreciated....
ISP1----
ISP2---- ]----Sonicwall TZ170----[ Exchange 2003 Server, HTTP Server (IIS) /FTP
-Sonicwall TZ170 is setup in failover mode. ISP1 is primary WAN and ISP2 is OPT WAN.
-NAT Rules in place for each ISP (DNS aside, all services available via IP)
When ISP1 is connected (original ISP before failover setup), Everything works fine.
When ISP1 goes down (or is unplugged), web/ftp server is available, Exchange OWA works fine. Exchange SMTP to external recipients fails. You can send mail to internal addresses, but external mail doesn't go and the queue fills up.
All other clients and servers on the network can access the internet when failover occurs and ISP2 is primary with the exception of Exchange. The Exchange server cannot access the web, ping external addresses, etc...
When the primary ISP1 comes back up, internet works fine on Exchange, OWA works, but some Exchange servers crash.
I'm stumped... all responses appreciated....
Do you have ISP1 configured as a smarthost? You will probably not be allowed to relay throught them when you are connected to ISP2.
ASKER
Under Exchange SMTP Advanced Delivery, I do not have a smarthost configured.
FQDN is set and TCP/IP settings for the DNS is set to our primary domain controller.
FQDN is set and TCP/IP settings for the DNS is set to our primary domain controller.
Do you have any SMTP connectors? It is also possible to add a smarthost there.
I think it would be a good idea to try a telnet test on port 25 to an external mail server (when connected to ISP2). It will be instructive to see if, and at what point, it fails. Choose an external address, find the SMTP server for its domain, and try to send an email with:
telnet servername 25
helo
mail from: your.address@domain.com
rcpt to: test.address@otherdomain.c om
data
hello
.
quit
see if the message gets delivered.
I think it would be a good idea to try a telnet test on port 25 to an external mail server (when connected to ISP2). It will be instructive to see if, and at what point, it fails. Choose an external address, find the SMTP server for its domain, and try to send an email with:
telnet servername 25
helo
mail from: your.address@domain.com
rcpt to: test.address@otherdomain.c
data
hello
.
quit
see if the message gets delivered.
ASKER
The Exchange server used to filter mail through an another server that did all spam processing. There was a smarthost configured in SMTP settings.
Is there anywhere else this could be configured... right now mail is sent directly from Exchange through ISP1 and we have no issues...
Actually... I take that back... we do have trouble sending to Earthlink accounts, but that may or may not be related...
Is there anywhere else this could be configured... right now mail is sent directly from Exchange through ISP1 and we have no issues...
Actually... I take that back... we do have trouble sending to Earthlink accounts, but that may or may not be related...
ASKER
No SMTP connectors. I cannot test the failover right now, but I can tell you that I cannot ping/telnet any external addresses (time out). The names are not resolving. I can only ping/telnet internal IPs...
I can however ping/telnet from other servers on the network no problem...
The interesting thing about this is the problem occurs when I enable the NAT from ISP2 xxx.xxx.xxx.xxx:25 (external) to xxx.xxx.xxx.xxx:25 (internal). I don't even have to disable the primary ISP and mail just stops flowing...
I don't understand that at all...
I can however ping/telnet from other servers on the network no problem...
The interesting thing about this is the problem occurs when I enable the NAT from ISP2 xxx.xxx.xxx.xxx:25 (external) to xxx.xxx.xxx.xxx:25 (internal). I don't even have to disable the primary ISP and mail just stops flowing...
I don't understand that at all...
As far as I am aware, you can only configure a smarthost on the Virtual Server, or on an SMTP Connector.
The only other thing I can think of is that you may have the server's TCP/IP properties configured with the DNS servers at ISP1. When connected to ISP2, you may not have access to them.
Of course, the fact that you probably have a different Public IP address when connected to ISP2 could be very relevant, but I daresay you've allowed for this.
The only other thing I can think of is that you may have the server's TCP/IP properties configured with the DNS servers at ISP1. When connected to ISP2, you may not have access to them.
Of course, the fact that you probably have a different Public IP address when connected to ISP2 could be very relevant, but I daresay you've allowed for this.
ASKER
As far as I'm aware it is DNS not smarthost.
TCP/IP properties DNS is set to my internal DNS server (domain controller). I have even tried putting ISP2 DNS server address in as secondary.
It is a different public IP address at the gateway, but I have allowed for this in the NAT rules.
Like I said, as soon as I enable the NAT rule for ISP2, it kills Exchange server's ability to connect to anything externally, doesn't matter if ISP1 is up or down.
TCP/IP properties DNS is set to my internal DNS server (domain controller). I have even tried putting ISP2 DNS server address in as secondary.
It is a different public IP address at the gateway, but I have allowed for this in the NAT rules.
Like I said, as soon as I enable the NAT rule for ISP2, it kills Exchange server's ability to connect to anything externally, doesn't matter if ISP1 is up or down.
ASKER
Surely Exchange can "correct" itself automatically. I wouldn't think Exchange would necessarily "see" the change. Since the machine cannot access the internet (ie: from browser), it may be some kind of other strange DNS problem and I posted in the wrong section...
ASKER
But, the web server (OWA) works fine and is accessible via public IP or FQDN if switched... but I guess that is incoming requests, not outgoing...
Maybe ISP blocks port 25? But why block 25 and not 80/443?
Maybe ISP blocks port 25? But why block 25 and not 80/443?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.