We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Cant Send External Emails after SSL Certificate Update (Receive is fine)

Dennis_Atkins
on
Medium Priority
317 Views
Last Modified: 2010-08-05
Can't send emails from exchange.  We just changed our SSL certificate.  Does anyone know if this would effect send emails?

We can send and receive internally.  We can receive from the outside. Internet access is fine.

Event log is not showing any obvious errors.
Comment
Watch Question

Expert of the Year 2007
Expert of the Year 2006

Commented:
Did you attempt to put the certificate on to the SMTP virtual server? An SSL certificate should have nothing to do with email delivery - they are on separate virtual servers.

Simon.

Author

Commented:
Certificate was only applied to the Default Web Site under IIS.  I have contacted our provider to check.

Also getting a token 80090308 error on the Public Folders directory in ESM.  Is this related?

Dennis
Expert of the Year 2007
Expert of the Year 2006

Commented:
Public Folders access through ESM is done through ESM, so that could be causing a problem.
Ensure that REQUIRE SSL is not enabled on /exchange, /exadmin, /exchweb and /public virtual directories in IIS Admin. If it is enabled, disable it and then close the IIS manager. Drop in to a command prompt and type

iisreset

That ensures the change is written to the IIS metabase.

When you try to send email what happens?

Simon.

Author

Commented:
Check SSL on the Virtual Directories.  All were fine.  Ran iisreset anyway.  Stop and Restart OK.

When a user sends a message it seems to go OK.  Email moves to the sent folder and no errors are reported or bounced back.  Our service provider (BellSouth) was able to test our domain and send emails from it.

It definitally seems to be our Exchange box.

How about a reboot????

Dennis
Expert of the Year 2007
Expert of the Year 2006

Commented:
Are the messages sitting in the queues?
What does message tracking say?

Simon.

Author

Commented:
Did a reboot just in case - no change

Messages are sitting in the queues.  

Tracking on a sample message indicates these events:
SMTP submittal, advance queue, categorizer, queued for routing, queued for remote delivery at 12: 30pm
The whole process shows repeated again at 12:40 pm

User are now getting delayed deliver notices.

Author

Commented:
Also getting "smtp could not connect to any DNS server" for each queue.  Our provider did just change DNS hosts.  I corrected the DNS under the SMTP virtual directory.

Is there any place else it needs to be changed?
Expert of the Year 2007
Expert of the Year 2006

Commented:
You shouldn't have DNS settings on the SMTP virtual server. Remove them from there.
Check the DNS settings in the DNS Server applet on your domain controllers. The best practise configuration is to use forwarders set in the DNS server applet.

Simon.

Author

Commented:
Forwarders are already set in the DNS Server.  I found the "old" DNS numbers hidden under the SMTP virtual server.  They have been there since the Exchange server was setup a few years ago by a contracted data company.

Since changing the numbers under the SMTP Virtual server, all is working fine.  I would like to avoid this in the future.

If I remove the DNS info from the SMTP Virtual Server will it default to using the info from our DNS server?

Dennis
Expert of the Year 2007
Expert of the Year 2006
Commented:
If you remove the DNS servers from the SMTP virtual server, then Exchange asks its host machine to find the DNS information that it needs...

So the DNS request will be local machine, domain controllers, forwarders, internet.

That is how Exchange is designed to work - I never configure DNS servers on the SMTP virtual server.

Simon.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Thanks for the info.  I will give it a try today and let you know.

Any thoughts on why Exchange would have been set this way to begin with?
Expert of the Year 2007
Expert of the Year 2006

Commented:
No idea. However I see lots of stupid things done to Exchange that nothing surprises me any more. There are lots of people out there who think they know Exchange but don't have a clue. They can get it to work, but it comes back and bites them (or more often, their client) later on.

Simon.

Author

Commented:
Finally removed the embedded DNS info in Exchange.  All is working fine.  Thanks for the help!!!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.