Solved

Error when moving Exchange server to new subnet

Posted on 2006-07-08
2
263 Views
Last Modified: 2010-03-06
Hello--

I'm having an odd problem with my Exchange server.  Here's the setup:

Windows 2003 native domain, two internal DCs running AD DNS, DHCP, etc.
Exchange 2003 front-end server
Exchange 2003 back-end server
Firewall DMZ between them, but opened wide for testing purposes
Multiple sites configured, with all subnets in their correct sites.

Front end server is on the DMZ subnet with a 192.168.100.x IP address  Back end server is on a corporate subnet with a 192.168.1.x IP address.  This is the subnet I'm trying to get rid of, so I'm moving all of my servers and users to a new one 10.1.0.x   I moved the back end exchange server to 10.1.0.x, rebooted, made sure it was correct in DNS, restarted SMTP on the front-end server, made sure that both servers could ping each other by name, and removed all firewall rules on the DMZ temporarily to make sure nothing there was blocking anything.  With the back-end server on the new network, outgoing mail fails with the "cannot relay for <user>.domain.org" error.  Incoming mail works fine, Outlook client connects fine, internal mail works fine, and exchange services are all running.  I rebooted both servers a couple of times, but still no outgoing mail.  I have one domain controller on the new network and one on the old network--both are global catalog servers, and both are also the internal DNS servers.  When I move the back-end server back to the old network everything works fine.  Both DCs can ping the Exchanger server by name.

This seems like some kind of authentication issue, but I have no idea what it might be.  I have Outlook Web Access running on the front-end server, and it has the same problem--it can see the internal mailbox but if you try to send from OWA the mail bounces with the same error.  The mail is bouncing from the back-end server in all cases.

Any idea what's going on here?

Thanks.
0
Comment
Question by:bsternfield
2 Comments
 
LVL 26

Assisted Solution

by:Vahik
Vahik earned 250 total points
ID: 17066778
first ipconfig /flushdns     ipconfig /registerdns....also flush DNS catche on dns server..
make sure on the smtp virtual server and iis all ip addresses are UNASSIGNED....and on the relay section make sure old subnet does not show up(add the new subnet ...wont hurt)....and in the IIS  on the ip restriction section make sure all ips are allowed....
0
 
LVL 9

Accepted Solution

by:
Exchgen earned 250 total points
ID: 17067520
hmmm...

You know what try this...

keep the original configuration, send an email to an external domain... confirm that its coming from the frontend server.

If the email is coming from backend, then just add 10.1.0.x IP of the backend to the firewall after your frontend server.

If email is indeed originating from frontend then try telnet from backend to frontend and try dropping an email to yourself.

If all fails remove the DMZ firewall between backend and frontend and test mailflow, i have seen cases where removing rules does not work all the way...

You may want to try a network trace to get some idea..

Raghu
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Find out what you should include to make the best professional email signature for your organization.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now