Solved

Cant Send External Emails after SSL Certificate Update (Receive is fine)

Posted on 2006-10-27
13
251 Views
Last Modified: 2010-08-05
Can't send emails from exchange.  We just changed our SSL certificate.  Does anyone know if this would effect send emails?

We can send and receive internally.  We can receive from the outside. Internet access is fine.

Event log is not showing any obvious errors.
0
Comment
Question by:Dennis_Atkins
  • 7
  • 6
13 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17819751
Did you attempt to put the certificate on to the SMTP virtual server? An SSL certificate should have nothing to do with email delivery - they are on separate virtual servers.

Simon.
0
 

Author Comment

by:Dennis_Atkins
ID: 17819823
Certificate was only applied to the Default Web Site under IIS.  I have contacted our provider to check.

Also getting a token 80090308 error on the Public Folders directory in ESM.  Is this related?

Dennis
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17819866
Public Folders access through ESM is done through ESM, so that could be causing a problem.
Ensure that REQUIRE SSL is not enabled on /exchange, /exadmin, /exchweb and /public virtual directories in IIS Admin. If it is enabled, disable it and then close the IIS manager. Drop in to a command prompt and type

iisreset

That ensures the change is written to the IIS metabase.

When you try to send email what happens?

Simon.
0
 

Author Comment

by:Dennis_Atkins
ID: 17820296
Check SSL on the Virtual Directories.  All were fine.  Ran iisreset anyway.  Stop and Restart OK.

When a user sends a message it seems to go OK.  Email moves to the sent folder and no errors are reported or bounced back.  Our service provider (BellSouth) was able to test our domain and send emails from it.

It definitally seems to be our Exchange box.

How about a reboot????

Dennis
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17820691
Are the messages sitting in the queues?
What does message tracking say?

Simon.
0
 

Author Comment

by:Dennis_Atkins
ID: 17826279
Did a reboot just in case - no change

Messages are sitting in the queues.  

Tracking on a sample message indicates these events:
SMTP submittal, advance queue, categorizer, queued for routing, queued for remote delivery at 12: 30pm
The whole process shows repeated again at 12:40 pm

User are now getting delayed deliver notices.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:Dennis_Atkins
ID: 17826773
Also getting "smtp could not connect to any DNS server" for each queue.  Our provider did just change DNS hosts.  I corrected the DNS under the SMTP virtual directory.

Is there any place else it needs to be changed?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17826944
You shouldn't have DNS settings on the SMTP virtual server. Remove them from there.
Check the DNS settings in the DNS Server applet on your domain controllers. The best practise configuration is to use forwarders set in the DNS server applet.

Simon.
0
 

Author Comment

by:Dennis_Atkins
ID: 17833305
Forwarders are already set in the DNS Server.  I found the "old" DNS numbers hidden under the SMTP virtual server.  They have been there since the Exchange server was setup a few years ago by a contracted data company.

Since changing the numbers under the SMTP Virtual server, all is working fine.  I would like to avoid this in the future.

If I remove the DNS info from the SMTP Virtual Server will it default to using the info from our DNS server?

Dennis
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17833407
If you remove the DNS servers from the SMTP virtual server, then Exchange asks its host machine to find the DNS information that it needs...

So the DNS request will be local machine, domain controllers, forwarders, internet.

That is how Exchange is designed to work - I never configure DNS servers on the SMTP virtual server.

Simon.
0
 

Author Comment

by:Dennis_Atkins
ID: 17833555
Thanks for the info.  I will give it a try today and let you know.

Any thoughts on why Exchange would have been set this way to begin with?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17833576
No idea. However I see lots of stupid things done to Exchange that nothing surprises me any more. There are lots of people out there who think they know Exchange but don't have a clue. They can get it to work, but it comes back and bites them (or more often, their client) later on.

Simon.
0
 

Author Comment

by:Dennis_Atkins
ID: 17893467
Finally removed the embedded DNS info in Exchange.  All is working fine.  Thanks for the help!!!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now