Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Error when moving Exchange server to new subnet

Posted on 2006-07-08
2
Medium Priority
?
270 Views
Last Modified: 2010-03-06
Hello--

I'm having an odd problem with my Exchange server.  Here's the setup:

Windows 2003 native domain, two internal DCs running AD DNS, DHCP, etc.
Exchange 2003 front-end server
Exchange 2003 back-end server
Firewall DMZ between them, but opened wide for testing purposes
Multiple sites configured, with all subnets in their correct sites.

Front end server is on the DMZ subnet with a 192.168.100.x IP address  Back end server is on a corporate subnet with a 192.168.1.x IP address.  This is the subnet I'm trying to get rid of, so I'm moving all of my servers and users to a new one 10.1.0.x   I moved the back end exchange server to 10.1.0.x, rebooted, made sure it was correct in DNS, restarted SMTP on the front-end server, made sure that both servers could ping each other by name, and removed all firewall rules on the DMZ temporarily to make sure nothing there was blocking anything.  With the back-end server on the new network, outgoing mail fails with the "cannot relay for <user>.domain.org" error.  Incoming mail works fine, Outlook client connects fine, internal mail works fine, and exchange services are all running.  I rebooted both servers a couple of times, but still no outgoing mail.  I have one domain controller on the new network and one on the old network--both are global catalog servers, and both are also the internal DNS servers.  When I move the back-end server back to the old network everything works fine.  Both DCs can ping the Exchanger server by name.

This seems like some kind of authentication issue, but I have no idea what it might be.  I have Outlook Web Access running on the front-end server, and it has the same problem--it can see the internal mailbox but if you try to send from OWA the mail bounces with the same error.  The mail is bouncing from the back-end server in all cases.

Any idea what's going on here?

Thanks.
0
Comment
Question by:bsternfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 26

Assisted Solution

by:Vahik
Vahik earned 750 total points
ID: 17066778
first ipconfig /flushdns     ipconfig /registerdns....also flush DNS catche on dns server..
make sure on the smtp virtual server and iis all ip addresses are UNASSIGNED....and on the relay section make sure old subnet does not show up(add the new subnet ...wont hurt)....and in the IIS  on the ip restriction section make sure all ips are allowed....
0
 
LVL 9

Accepted Solution

by:
Exchgen earned 750 total points
ID: 17067520
hmmm...

You know what try this...

keep the original configuration, send an email to an external domain... confirm that its coming from the frontend server.

If the email is coming from backend, then just add 10.1.0.x IP of the backend to the firewall after your frontend server.

If email is indeed originating from frontend then try telnet from backend to frontend and try dropping an email to yourself.

If all fails remove the DMZ firewall between backend and frontend and test mailflow, i have seen cases where removing rules does not work all the way...

You may want to try a network trace to get some idea..

Raghu
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question