Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 294
  • Last Modified:

Problem with DNS

I have an Email server (Win 2K8 & Exchange 2007 SP1)  that is unable to connect to another email server on port 25. I have tested the connection via telnet from both my desktop and the email server. My desktop connects just fine but the email server fails. The email server is the (Active Directory) DNS server for both my desktop and email server itself.

NSLOOKUP works on both machines:
Non-authoritative answer:
Name:    mail.domainname.com
Address:  63.229.xx.xxx

I have tried: 'ipconfig /flushdns' and clearing the cache from the DNS server but neither worked.

Any held would be appreciated.
0
gbarcalow
Asked:
gbarcalow
  • 6
  • 4
  • 2
  • +2
1 Solution
 
gurutcCommented:
Hi,

Does the email server connect to the other server if you use the other server's IP address instead of hostname?

- gurutc
0
 
ryansotoCommented:
Turn logging on on the virtual server then see what the logs say
0
 
gbarcalowAuthor Commented:
I cannot connect using the IP address either.
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
gurutcCommented:
Ok,

It sounds like there may be an access restriction by address that's in place.  Or it may be a firewall on the email server itself.  Are you able to telnet into the email server that's unable to connect to the other one on port 25?

- gurutc
0
 
gbarcalowAuthor Commented:
The external firewall device is not blocking anything and the Windows firewall is Off. I am able to telnet to our email server.

Also; I should mention that our email server connects to every other address I tried (yahoo, Hotmail, Comcast), just not this one domain.
0
 
Chris DentPowerShell DeveloperCommented:

Tracert to the IP Address you're trying to connect to, see if there's a routing problem for that.

Chris
0
 
gbarcalowAuthor Commented:
Both workstation and server show identical tracerts. This is really starting to bug me.
Tracing route to mail.reedermgt.com [63.229.21.185]
over a maximum of 30 hops:
 
  1     1 ms     1 ms     1 ms  66-224-144-89.atgi.net [66.224.144.89]
  2     3 ms     3 ms     3 ms  172.23.0.53
  3    24 ms    24 ms    24 ms  core0-gi6-0.tiw.eschelon.com [64.42.50.37]
  4    23 ms    23 ms    23 ms  64-42-50-46.atgi.net [64.42.50.46]
  5    26 ms    23 ms    24 ms  209.210.12.29
  6    63 ms    24 ms    24 ms  tg1-1.br01.sttlwawb.integra.net [209.63.114.134]
 
  7    34 ms    23 ms    25 ms  sl-gw12-sea-4-2-2.sprintlink.net [144.223.84.17]
 
  8    23 ms    23 ms    23 ms  sl-bb20-sea-4-0-0.sprintlink.net [144.232.6.121]
 
  9    25 ms    23 ms    23 ms  sea-brdr-01.inet.qwest.net [63.146.26.197]
 10    50 ms    86 ms    24 ms  sea-core-01.inet.qwest.net [205.171.26.81]
 11     *       54 ms    24 ms  tukw-agw1.inet.qwest.net [67.14.4.90]
 12    24 ms    26 ms    24 ms  tukw-dsl-gw24-186.tukw.qwest.net [71.217.184.186]
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

Open in new window

0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
I recommend checking to see if there is an underlying DNS or MX record issue. Use the following sites to gather a DNS and MX report on the intended mail server site:

MX ToolBox: http://www.mxtoolbox.com
DNS Stuff: http://www.dnsstuff.com
intoDNS: http://www.intodns.com

0
 
Chris DentPowerShell DeveloperCommented:

Well that's quite puzzling. You could try a packet sniffer and see what requests it's sending.

It still leads me to believe it's a Firewall issue, but that we'd expect to see it block SMTP more consistently if it were.

Chris
0
 
gbarcalowAuthor Commented:
Unfortunately I spent the better part of my day yesterday on the phone with SonicWall, and the better part of the day before on the phone at Microsoft. So now all I have is the two of them pointing the finger at one another. MS says it the firewall blocking the packets from coming back into our office, and while the firewall is dropping the return packets, SonicWall says its because the packets leaving our windows server (that are accepted by the destination server and returned) are malformed.

I really, really hate computers. Today I will try to update drivers or change hardware. I have been trying to avoid having to take the server down completely because, well its a production server.
0
 
Chris DentPowerShell DeveloperCommented:

Ouch, that's a really horrible situation.

I hope the drivers do some good...

Chris
0
 
gbarcalowAuthor Commented:
OK Problem solved...

Here is the DL

It was an issue with Windows Server 2008, because it ships with "Receive Window Auto-Tuning Level" on by default. (Note: Vista is also on by default) This setting is available in Windows XP, and Server 2003 but is off by default. All this because my SonicWall does not support this TCP flag.

How do you check this you ask?
Run this command: "netsh interface tcp show global" and you will get something like this:
TCP Global Parameters
----------------------------------------------
Receive-Side Scaling State          : enabled
Chimney Offload State               : enabled
Receive Window Auto-Tuning Level    : normal
Add-On Congestion Control Provider  : ctcp
ECN Capability                      : disabled
RFC 1323 Timestamps                 : disabled

So how do you disable this?
Run this command: "netsh interface tcp set autotuninglevel=disabled"
http://forums.technet.microsoft.com/en-US/winserverprint/thread/82c6a5f9-c7d5-4c34-9139-a05fc0706f3b/

This setting is available on windows server 2003, windows xp, vista and windows server 2008. But only on by default with vista and server 08.
0
 
gbarcalowAuthor Commented:
See above for solution.

Thanks for trying.
0
 
Chris DentPowerShell DeveloperCommented:

Interesting, thank you for posting back with the final solution.

Thought I'd add a couple more bits in case anyone else bumps into it (now you've identified it).

MS have a test for support of Window Scaling (aka Receive Window Auto-Tuning Level) here (as part of the TCP High Performance test). I hope it works as expected (or doesn't, as appropriate):

http://www.microsoft.com/windows/using/tools/igd/default.mspx

Window Scaling requires the the router / firewall support RFC 1323:

http://www.ietf.org/rfc/rfc1323.txt

There's an incomplete KB Article detailing devices that are known not to support Window Scaling here:

http://support.microsoft.com/kb/934430

I suspect they should be adding Windows 2008 to the "Applies to" section.

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 6
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now