Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Problem with DNS

Posted on 2008-06-09
14
Medium Priority
?
292 Views
Last Modified: 2010-04-21
I have an Email server (Win 2K8 & Exchange 2007 SP1)  that is unable to connect to another email server on port 25. I have tested the connection via telnet from both my desktop and the email server. My desktop connects just fine but the email server fails. The email server is the (Active Directory) DNS server for both my desktop and email server itself.

NSLOOKUP works on both machines:
Non-authoritative answer:
Name:    mail.domainname.com
Address:  63.229.xx.xxx

I have tried: 'ipconfig /flushdns' and clearing the cache from the DNS server but neither worked.

Any held would be appreciated.
0
Comment
Question by:gbarcalow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +2
14 Comments
 
LVL 16

Expert Comment

by:gurutc
ID: 21745427
Hi,

Does the email server connect to the other server if you use the other server's IP address instead of hostname?

- gurutc
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 21745513
Turn logging on on the virtual server then see what the logs say
0
 
LVL 3

Author Comment

by:gbarcalow
ID: 21745653
I cannot connect using the IP address either.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 16

Expert Comment

by:gurutc
ID: 21745832
Ok,

It sounds like there may be an access restriction by address that's in place.  Or it may be a firewall on the email server itself.  Are you able to telnet into the email server that's unable to connect to the other one on port 25?

- gurutc
0
 
LVL 3

Author Comment

by:gbarcalow
ID: 21746018
The external firewall device is not blocking anything and the Windows firewall is Off. I am able to telnet to our email server.

Also; I should mention that our email server connects to every other address I tried (yahoo, Hotmail, Comcast), just not this one domain.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21758193

Tracert to the IP Address you're trying to connect to, see if there's a routing problem for that.

Chris
0
 
LVL 3

Author Comment

by:gbarcalow
ID: 21761379
Both workstation and server show identical tracerts. This is really starting to bug me.
Tracing route to mail.reedermgt.com [63.229.21.185]
over a maximum of 30 hops:
 
  1     1 ms     1 ms     1 ms  66-224-144-89.atgi.net [66.224.144.89]
  2     3 ms     3 ms     3 ms  172.23.0.53
  3    24 ms    24 ms    24 ms  core0-gi6-0.tiw.eschelon.com [64.42.50.37]
  4    23 ms    23 ms    23 ms  64-42-50-46.atgi.net [64.42.50.46]
  5    26 ms    23 ms    24 ms  209.210.12.29
  6    63 ms    24 ms    24 ms  tg1-1.br01.sttlwawb.integra.net [209.63.114.134]
 
  7    34 ms    23 ms    25 ms  sl-gw12-sea-4-2-2.sprintlink.net [144.223.84.17]
 
  8    23 ms    23 ms    23 ms  sl-bb20-sea-4-0-0.sprintlink.net [144.232.6.121]
 
  9    25 ms    23 ms    23 ms  sea-brdr-01.inet.qwest.net [63.146.26.197]
 10    50 ms    86 ms    24 ms  sea-core-01.inet.qwest.net [205.171.26.81]
 11     *       54 ms    24 ms  tukw-agw1.inet.qwest.net [67.14.4.90]
 12    24 ms    26 ms    24 ms  tukw-dsl-gw24-186.tukw.qwest.net [71.217.184.186]
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

Open in new window

0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 21825282
I recommend checking to see if there is an underlying DNS or MX record issue. Use the following sites to gather a DNS and MX report on the intended mail server site:

MX ToolBox: http://www.mxtoolbox.com
DNS Stuff: http://www.dnsstuff.com
intoDNS: http://www.intodns.com

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21854149

Well that's quite puzzling. You could try a packet sniffer and see what requests it's sending.

It still leads me to believe it's a Firewall issue, but that we'd expect to see it block SMTP more consistently if it were.

Chris
0
 
LVL 3

Author Comment

by:gbarcalow
ID: 21856781
Unfortunately I spent the better part of my day yesterday on the phone with SonicWall, and the better part of the day before on the phone at Microsoft. So now all I have is the two of them pointing the finger at one another. MS says it the firewall blocking the packets from coming back into our office, and while the firewall is dropping the return packets, SonicWall says its because the packets leaving our windows server (that are accepted by the destination server and returned) are malformed.

I really, really hate computers. Today I will try to update drivers or change hardware. I have been trying to avoid having to take the server down completely because, well its a production server.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1000 total points
ID: 21856813

Ouch, that's a really horrible situation.

I hope the drivers do some good...

Chris
0
 
LVL 3

Author Comment

by:gbarcalow
ID: 21888203
OK Problem solved...

Here is the DL

It was an issue with Windows Server 2008, because it ships with "Receive Window Auto-Tuning Level" on by default. (Note: Vista is also on by default) This setting is available in Windows XP, and Server 2003 but is off by default. All this because my SonicWall does not support this TCP flag.

How do you check this you ask?
Run this command: "netsh interface tcp show global" and you will get something like this:
TCP Global Parameters
----------------------------------------------
Receive-Side Scaling State          : enabled
Chimney Offload State               : enabled
Receive Window Auto-Tuning Level    : normal
Add-On Congestion Control Provider  : ctcp
ECN Capability                      : disabled
RFC 1323 Timestamps                 : disabled

So how do you disable this?
Run this command: "netsh interface tcp set autotuninglevel=disabled"
http://forums.technet.microsoft.com/en-US/winserverprint/thread/82c6a5f9-c7d5-4c34-9139-a05fc0706f3b/

This setting is available on windows server 2003, windows xp, vista and windows server 2008. But only on by default with vista and server 08.
0
 
LVL 3

Author Closing Comment

by:gbarcalow
ID: 31465498
See above for solution.

Thanks for trying.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21888321

Interesting, thank you for posting back with the final solution.

Thought I'd add a couple more bits in case anyone else bumps into it (now you've identified it).

MS have a test for support of Window Scaling (aka Receive Window Auto-Tuning Level) here (as part of the TCP High Performance test). I hope it works as expected (or doesn't, as appropriate):

http://www.microsoft.com/windows/using/tools/igd/default.mspx

Window Scaling requires the the router / firewall support RFC 1323:

http://www.ietf.org/rfc/rfc1323.txt

There's an incomplete KB Article detailing devices that are known not to support Window Scaling here:

http://support.microsoft.com/kb/934430

I suspect they should be adding Windows 2008 to the "Applies to" section.

Chris
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question