Solved

Mail flows in one direction between internal mail servers

Posted on 2007-11-15
31
1,222 Views
Last Modified: 2008-02-01
Two exchange servers for company. Mail only flows in one direction internally. Can receive and send external mail.

Any clue?

0
Comment
Question by:Vegas16Lax
  • 19
  • 12
31 Comments
 

Author Comment

by:Vegas16Lax
ID: 20289867
This is what I get in the Message tracking center:

SMTP: Message submitted to advanced queuing
SMTP: started message submission to advanced queue
SMTP: message submitted to categorizer
SMTP: message categorized and queued for routing
SMTP: message routed and queued for remote delivery

This is trying to go from one internal mail server to another internal mail server.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20289898
Has it ever worked?
If so, what has changed?
If it hasn't worked then the usual reasons are a smart host on the SMTP virtual server of the one that will not send, name resolution, AV software blocking the port. You need to verify connectivity on port 25 and name resolution.

Simon.
0
 

Author Comment

by:Vegas16Lax
ID: 20290199
I checked the SMTP virtual server properties for both servers. There is no smart host listed. The name of each respective server is listed under the FQDN section. I have connected to port 25 many times back and forth from each server and it works using the usual commands for checking smtp connectivity. Unless there is something else with I have checked AD replication and topologies using replmon, netdiag, winroute, etc. all comes back fine.

I just inherited this because I started working here a few days ago. As far as I know, it has never worked. It was installed with all of the default settings but was never checked. I am doing many, many tests based on what I am reading.

Does the main server in NY need to be designated as a Front-End server?

The code below is a result of using smtpdiag. the name of the mail server in GA is never mentioned in this process and that makes me wonder about DNS?? At the end, it states: "Successfully connected to stantonemail.stantoncarpet.com." Shouldn't it state successfully connected to the email server in GA?

It makes me feel like it is not sending to GA because it doen't know that the user's mailbox is in GA.

Thanks for you help. I'm just trying to solve it, but it's clearly very dense problem. I appreciate your assistance.
C:\>smtpdiag jcarey@stantoncarpet.com jtest@stantoncarpet.com /v
 

Searching for Exchange external DNS settings.

Computer name is STANTONEMAIL.

VSI 1 has the following external DNS servers:

There are no external DNS servers configured.
 

Checking SOA for stantoncarpet.com.

Checking external DNS servers.

Checking internal DNS servers.
 

Checking TCP/UDP SOA serial number using DNS server [192.168.110.3].

TCP test succeeded.

UDP test succeeded.

Serial number: 16079
 

Checking TCP/UDP SOA serial number using DNS server [192.168.110.7].

TCP test succeeded.

UDP test succeeded.

Serial number: 16079

SOA serial number match: Passed.
 

Checking local domain records.

Starting TCP and UDP DNS queries for the local domain. This test will try to

validate that DNS is set up correctly for inbound mail. This test can fail for

3 reasons.

    1) Local domain is not set up in DNS. Inbound mail cannot be routed to

local mailboxes.

    2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail,

but will affect outbound mail.

    3) Internal DNS is unaware of external DNS settings. This is a valid

configuration for certain topologies.

Checking MX records using TCP: stantoncarpet.com.

  MX:    stantonemail.stantoncarpet.com (10)

  A:     stantonemail.stantoncarpet.com [192.168.110.3]

Checking MX records using UDP: stantoncarpet.com.

  MX:    stantonemail.stantoncarpet.com (10)

  A:     stantonemail.stantoncarpet.com [192.168.110.3]

Both TCP and UDP queries succeeded. Local DNS test passed.
 

Checking remote domain records.

Starting TCP and UDP DNS queries for the remote domain. This test will try to

validate that DNS is set up correctly for outbound mail. This test can fail for

3 reasons.

    1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows

2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP

queries first, then fall back to TCP queries.

    2) Internal DNS does not know how to query external domains. You must

either use an external DNS server or configure DNS server to query external

domains.

    3) Remote domain does not exist. Failure is expected.

Checking MX records using TCP: stantoncarpet.com.

  MX:    stantonemail.stantoncarpet.com (10)

  A:     stantonemail.stantoncarpet.com [192.168.110.3]

Checking MX records using UDP: stantoncarpet.com.

  MX:    stantonemail.stantoncarpet.com (10)

Both TCP and UDP queries succeeded. Remote DNS test passed.
 

Checking MX servers listed for jtest@stantoncarpet.com.

Connecting to stantonemail.stantoncarpet.com [192.168.110.3] on port 25.

Received:

220 stantonemail.stantoncarpet.com Microsoft ESMTP MAIL Service, Version: 6.0.37

90.3959 ready at  Thu, 15 Nov 2007 10:09:06 -0500
 
 

Sent:

ehlo stantoncarpet.com
 

Received:

250-stantonemail.stantoncarpet.com Hello [192.168.110.3]

250-TURN

250-SIZE

250-ETRN

250-PIPELINING

250-DSN

250-ENHANCEDSTATUSCODES

250-8bitmime

250-BINARYMIME

250-CHUNKING

250-VRFY

250-X-EXPS GSSAPI NTLM LOGIN

250-X-EXPS=LOGIN

250-AUTH GSSAPI NTLM LOGIN

250-AUTH=LOGIN

250-X-LINK2STATE

250-XEXCH50

250 OK
 
 

Sent:

mail from: <jcarey@stantoncarpet.com>
 

Received:

250 2.1.0 jcarey@stantoncarpet.com....Sender OK
 

Sent:

rcpt to: <jtest@stantoncarpet.com>
 

Received:

250 2.1.5 jtest@stantoncarpet.com
 

Sent:

quit
 

Received:

221 2.0.0 stantonemail.stantoncarpet.com Service closing transmission channel
 

Successfully connected to stantonemail.stantoncarpet.com.
 

C:\>

Open in new window

0
 

Author Comment

by:Vegas16Lax
ID: 20290304
The only other info that seems wrong is this. Look at the error at the bottom: No IP addresses for this name!

Does this mean I should delete the internal dns records for that computer and re-register them in DNS?

C:\WINDOWS\system32\inetsrv>dnsdiag stantonemail-ga.stantoncarpet.com -v 1

stantonemail-ga.stantoncarpet.com is in the Exchange Org. Global DNS servers wil

l be used.

Created Async Query:

--------------------

        QNAME = stantonemail-ga.stantoncarpet.com

        Type = MX (0xf)

        Flags =  UDP default, TCP on truncation (0x0)

        Protocol = UDP

        DNS Servers: (DNS cache will not be used)

        192.168.110.3

        192.168.110.7
 

Connected to DNS 192.168.110.3 over UDP/IP.

Received DNS Response:

----------------------

        Error: 0

        Description: Success

        These records were received:

        stantonemail-ga.stantoncarpet.com    MX    20    stantonmail-ga.stantonc

arpet.com
 

Processing MX/A records in reply.

Sorting MX records by priority.

Querying via DNSAPI:

--------------------

        QNAME = stantonmail-ga.stantoncarpet.com

        Type = A (0x1)

        Flags =  DNS_QUERY_TREAT_AS_FQDN, (0x1000)

        Protocol = Default UDP, TCP on truncation

        Servers: (DNS cache will be used)

        Default DNS servers on box.
 

Received DNS Response:

----------------------

        Error: 9003

        Description: No records exist for this name.

Cannot resolve using DNS only, calling gethostbyname as last resort.

This will query

- Global DNS servers.

- DNS cache.

- WINS/NetBIOS.

- .hosts file.
 

Target hostnames and IP addresses

---------------------------------

HostName: "stantonmail-ga.stantoncarpet.com"

        No IP addresses for this name!
 

C:\WINDOWS\system32\inetsrv>

Open in new window

0
 

Author Comment

by:Vegas16Lax
ID: 20290980
It's a network error most likely. Cannot telnet to GA server on port 25, but I can telnet to other ports. So, that is most likely the cause. I'll just have to figure out where port 25 is being blocked.
0
 

Author Comment

by:Vegas16Lax
ID: 20298002
As a test, I changed the smtp port on the other server to port 30. I can now connect via telnet from site A to site B but mail still doen't flow. Do I need to let the exchange server in site A know that site B is now accepting mail on port 30 instead of port 25?

Do I need to wait for replication between the two sites?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20319234
The two servers need to communicate on the same port. You don't "tell" Exchange what port to use, it simply tries to make a connection on the same port to the remote server. Changing the port is not really a good idea as Exchange expects to use port 25, however if the port change works then something is blocking the port.

Simon.
0
 

Author Comment

by:Vegas16Lax
ID: 20319314
OK. We are having issues with our dedicated line between the two offices. Once that is cleared up, I hope the two Exchange servers can communicate with each other properly. If not, then I will post more info on this board to help solve the problem. What is happening is that the dedicated line between the two offices in down and then routers have a route in them which directs all traffic through a vpn if the dedicated line is down. I think port 25 is being blocked on one of the firewalls and that is why port 25 is not working in one direction.
0
 

Author Comment

by:Vegas16Lax
ID: 20322490
Sembee,

We have really isolated the root cause of the problem between the two servers. Our dedicated line between the two offices is now up and running. However, when we try to send from NY to GA, the NY exchange server is still sending all outbound SMTP connections out to the internet. We used telnet from NY server to GA server and basically went like this: tracert 192.168.120.3 25 it went out to the internet instead of going to 192.168.110.1 which is the default gateway to the GA subnet.

Why would the NY Exchange server always send outbound requests to the Internet?  Only on port 25 though. If we tracert without port 25 specified, it goes right down the dedicated line as it should.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20322960
I didn't think you could tracert a specific port traffic? Unless you are using something else to do the trace.
If I try to repeat the command that you have given above I get a trace to 0.0.0.25, not the IP address what I am interested in.

Simon.
0
 

Author Comment

by:Vegas16Lax
ID: 20323063
it's just part of the weirdness going on here. I just can't seem to isolate it enough. Mail flows in one direction internally. I can do a successful telnet from NY server to GA server. So, it can get to port 25 now that the dedicated line is working. It just can't send a message down there.

One of the errors we get  is something like "mail not being accepted due to the administrative policy on the destination server."

The other problem that I didn't mention is that this domain was originally created by another person years ago and the damn FQDN has an underscore character in it. So, that is another possible issue. But why would that allow mail to flow in one direction and not the other?

At this point, I am lost.

When you install a second exchange server, the setup program should have automatically created the connection between the two. Is it possible that the connection is only one way/
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20323207
Exchange doesn't create any connectors automatically. It does with Exchange 2007 being installed in the Exchange 2003 org, but that is to allow them to inter-operate. In a native environment nothing extra is configured. If the servers can see each other then email will flow. Something is blocking the traffic.

If you do have routing groups and RGCs, then I would suggest that you recreate them. Also ensure that on the SMTP VS it is set to a specific IP address, not all unassigned before you recreate them.

Simon.
0
 

Author Comment

by:Vegas16Lax
ID: 20323832
I have one Administrative Group containing both servers and there is one SMTP connector for them. Looking at the properties of the connector, I have checked Use DNS to route to each address space on this connector. Under Local Bridgeheads, each server is listed. Is this wrong? There are no delivery restrictions and there are no connected routing groups. Under address space tab, we have listed the address spaces we are responsible for including * Connector scope is selected for the Entire Organization. Allow messages to be relayed to these domains is unchecked. Under Advanced tab, I have checked "Send HELO instead of EHLO."

For both servers, under properties for SMTP VS, Delivery>Advanced>Configure tabs, there are no external DNS servers configured and no smart hosts. I have checked perform Reverse DNS lookup on incoming messages for both servers.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20324455
Admin groups and routing groups are two different things.
One is for admin of the server, and another is for routing of the email traffic. The reverse DNS lookup option on the SMTP VS is a waste of time, I don't enable it on any of my servers. With both servers listed as bridgeheads that means they send email out externally directly. However that will have nothing to do with inter-server traffic failure. I still think something is blocking the traffic - AV, firewall etc.

Simon.
0
 

Author Comment

by:Vegas16Lax
ID: 20325230
Once we got the dedicated line working (apparently) between the two offices, I was able to telnet on port 25 from NY to GA and from GA to NY.

Does this test not tell me that connectivity is correct between them?
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 104

Expert Comment

by:Sembee
ID: 20327614
If you can telnet to the other server and you know it is the other server responding, then that would indicate that connectivity is good.
Does it connect using all three formats?

telnet ip.add.re.ss 25
telnet servername 25
telnet server.domain.com 25

Do the messages sit in the queue? If so, do they have an error message?
Ensure that there are no external DNS servers on the SMTP virtual server, that the virtual server IP address is set to a specific internal IP address and not "All Unassigned".

Are the servers in the same routing group, or separate routing groups?

Simon.
0
 

Author Comment

by:Vegas16Lax
ID: 20328685
I'll get back to you. We are having our ISP fix our point-to-point connection because we are still experiencing lots of difficulty with that. Not sure when that will be fixed though.

Thanks again for your help. Once the link is solid, I will do those test again and give you the results.
0
 

Author Comment

by:Vegas16Lax
ID: 20331413
I can telnet both ways using all three methods as you said. no problem. It's as if they are physically next to each other. There are no External DNS servers listed on either SMTP Virtual Server. I also removed the use DNS reverse lookup on both servers as you said it was really not necessary. The  VS IP Address is currently set to "All Unassigned" for both of them. Please tell me about this. Should I change both of them to their own IP addresses? And finally, the servers are in the same routing group.

0
 
LVL 104

Expert Comment

by:Sembee
ID: 20331487
In most scenarios the All Unassigned works fine. If they were in separate routing groups then you definitely want to set the specific IP address - it shouldn't affect things, but you are well in to the straw clutching phase.

Simon.
0
 

Author Comment

by:Vegas16Lax
ID: 20331656
One of the error messages that I have seen over the past few days is something like "the destination server did not respond" or the "mail cannot be delivered due to the administrative policy on the remote server."

Does that mean anything to you?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20336642
Those are fairly standard messages. The first one is what happens when the remote server cannot be reached, the second one means the connection was made but something on the remote side blocked the message. However both are possible with internal and external email.

Simon.
0
 

Author Comment

by:Vegas16Lax
ID: 20349985
Sembee,
I am going to uninstall Exchange and Server 2003 from the GA server and reinstall it from scratch. I just can't waste any more time on this thing. So, are there any special tricks or things I need to know about removing exchange? Or is it just a simple process of using add/remove programs?

Thanks.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20350024
You have to ensure that everything has been removed - user accounts, public folders etc. That includes moving any mailboxes that haven't been used so don't appear in the list of mailboxes.
Otherwise using add/remove programs removes Exchange correctly and will generate warnings if there is anything left on the old server.

Simon.
0
 

Author Comment

by:Vegas16Lax
ID: 20350132
OK. The only mailboxes that are on that server are test user accounts. So I will just delete them as they contain no important info. I have read that using the Exchange installation CD is better then using Add/Remove programs. Would you agree?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20351212
Doesn't matter - the CD and add/remove programs do the same thing.

Simon.
0
 

Author Comment

by:Vegas16Lax
ID: 20351692
Sembee,

This is what we are planning on doing. We are going to uninstall Exchange from the GA server, remove the computer from the domain and then have the Georgia people physically ship the server to us in NY. I am then going to reinstall Windows 2003 and Exchange 2003 and make sure that the two email servers can talk to each other here where I am in NY. Once they work, I will then ship the server back down to GA and they can change the IP address.

Is there anything wrong with this scenario?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20354371
Nope.
I have done it myself lots of times. The only thing I do is that when preparing the server to ship I shutdown the Exchange services first and disable them. Then change the IP address information. The server is shipped and tested to ensure it sees the domain. At that point the Exchange services are changed back to Automatic and the server rebooted. If Exchange cannot see the domain (because the IP address has been changed) then server either takes an age to start up or an age to shutdown.

Simon.
0
 

Author Comment

by:Vegas16Lax
ID: 20354697
That's great. At this point I think it is the only solution that I can come up with.

Thanks for your help. I will keep you updated on its progress.
0
 

Author Comment

by:Vegas16Lax
ID: 20375463
Sembee,

Good News! I got the mail server here in NY and blew out the machine. Reinstalled Windows 2003 and Exchange 2003. I installed Exchange SP2. Installation went fine. Mail flows both ways and I can send/receive from outside mail servers. It was a default installation. I changed nothing. The only weird thing that I see is in regards to the order of the two servers in System Manager. The new server is on top, while the old one, the master, is on the bottom. Also, when creating  a new user, the new server shows up first. This should be the other way around, no? The default mail server should be the NY server.

0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 20378729
The servers are listed alphabetically. So if you are using the server names based on location GA (?)  and NY, then the GA server would be listed first. I don't think that behaviour can be changed.

Simon.
0
 

Author Comment

by:Vegas16Lax
ID: 20378871
That's so stupid. Typical Microsoft thinking...
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now