Solved

Cannot Recieve Mail - Exchange 2003 on SBS 2003

Posted on 2008-06-15
30
714 Views
Last Modified: 2012-08-13
Background: We have and old server with SBS2003 / Exhcange 2003 running our small business. We have got new hardware and installed SBS 2003 SP2 and exchange 2003 and manually created the same domain name, users, mailboxes, dns, DHCP, RRAS, network settings, etc. We may have missed a setting somewhere but we think we have copied it all. We unpluged the old server and plugged in the new one.

Both servers have two NICS. Settings are,

Internal NIC:
IP-192.168.10.1
SN-255.255.255.0
GW-
DNS-192.168.10.1

External/Internet NIC:
IP-192.168.0.2
SN-255.255.255.0
GW-192.168.0.1 (router/modem)
DNS-192.168.10.1

The problem is we can send mail (SMTP connector points to smart host at our ISP), but we can not recieve mail. When we plug the old server in the mail comes flowing in. It may just be a simple setting somwhere?

Thanks for the help.
0
Comment
Question by:TawVb
  • 13
  • 9
  • 4
  • +2
30 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 21790321
The MX-record for your domain in the DNS at the ISP nead to point to the new server.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21790324
I'm suspecting the windows firewall maybe blocking incoming port 25..
0
 

Author Comment

by:TawVb
ID: 21790426
henjoh, How will the ISP's MX record need to be change when the server IP address is the same and the router/modem is the same?

debuggerau, How would I check this? Windows firewall in control panel does not open because it says "another program is using the NAT component", I'm assuming this is RRAS.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21790463
Is the server's name the same as the old server? If it is different then you will need to update the MX record.
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 21790481
okay you say that you installed SBS 2003 AND Exchange. Exchange is part of SBS, so should be installed as part of the SBS installation.

if you run the connect to internet wizard then this will set all the server firewall settings. It is important with an SBS machine to use the wizards where they appear.

as this is a small network then i assume that the setup is as follows
you have a router which has a dedicated IP from your ISP.
your MX record will point to the EXTERNAL IP of the router and the router will be set to port forward inbound mail to the private IP of the SBS Server.

so when you put the new server on did you give it the same IP as the old server?
If you gave it a different IP then you will need to adjust the port forwarding setting in the router (some routers may call this by other names, Dedicated servers, or the like).

regardless i would re-run the connect to internet wizard on the sbs machine (to ensure all settings are correct), then check your portforwarding is set correctly.

Cheers
Andrew
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 21790492
the servers name has zero to do with the MX record!
the MX record simply converts a name to a number, and flags it as the number for mail.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21790505
The reason I say it could be the MX record was that I had the same problem last year with moving Exchange over to a new server with a different name once we updated the FQDN in the MX record then we started to recieve mail. The port mappng is problem the issue though but if it isn't then the FQDN might need to be updated in the MX record.

TawVB Here is a little overview of configuring the MX record if you are using NAT.

When NAT is being used

In cases where NAT (Network Address Translation) is being used you will need to provide them with the IP address of your external NAT interface, and configure your NAT device with Static Mapping for TCP Port 25, and have all TCP Port 25 traffic forwarded to the internal IP address of your mail server.

Let's say you have the following LAN configuration:

                                        Internet
                                             |
                                             |
                                             |
                                             |
                                             |
                                   192.90.1.1/29 (Real IP from ISP)
                                             |
                                Internet Router + NAT
                                             |
                                   192.168.0.1 (Bogus IP)
                                             |
                                             |
                                             |
                                             |
                                             |
Mail Server----------------Switching Hub
192.168.0.10                          |  
(Bogus IP)                              |  
                                             |
                                             |
                                             |
                                             |
                                             |
                                             |
                              Rest of internal network

In the above example you need to give the NAT's IP address as your MX Record.

Domain name: dpetri.net

Record FQDN
 Record Type
 Record Value
 MX Pref
 
mail.dpetri.net
 A
 192.90.1.1
 
 
dpetri.net
 MX
 mail.dpetri.net
 10
 

Note: Make sure you properly configure the NAT device to forward all TCP Port 25 traffic to 192.168.0.10.

0
 

Author Comment

by:TawVb
ID: 21790506
dariusq, Yes the server name is the same.

AndrewJdavis, Sorry I did not install exchange 2003 I installed SBS 2003, which includes exchange.

I did not use the connect internet wizzard. <B> How do I check firewall setting to make sure it is not blocking my exchange traffic manually? </B>

Yes, router has static IP from ISP. Yes, port forwarding is on the router forwarging ports to sbs server. ISP hosts the email domain name DNS.

New server has all the same IP's as the old server, so port forwarding does not need to change.
0
 
LVL 18

Accepted Solution

by:
Andrew Davis earned 300 total points
ID: 21790523
USE THE WIZARD!
i cannot stress it enough.
it will save you hours of work.

you can test the ports/firwall with a client computer and telnet
see http://support.microsoft.com/kb/153119
go to a computer internal to the lan, and at dos prompt type telnet 192.168.0.2 25
then try the other IP address, (incase it is listening on the wrong adapter.
once you know it works internally you need to check it from outside your network. so from some computer that is not sharing the same router try telnet {yourdomain usually something like mail.domain.com.au} 25
this will highlight if where the issue is.

I will read dariusq post now.

Cheers
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 21790541
okay i just read the comment from dariusq. what he is saying is all about portforwarding and is correct, as to adjusting the FQDN, i fail to see how this will effect anything other than the posibility that in his case the router was doing the portforwarding by way of hostheaders. In that case the router looks at the fqdn that the packet was sent to and the port number and routes the traffic by computer name. I have never seen a router that does it this way but that does not mean that it doesnt exist ;)

0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 50 total points
ID: 21790620
I agree with Andrew the connect internet wizard is very important and should be run.
0
 

Author Comment

by:TawVb
ID: 21790787
On the internal subnet I get the "220" response on both telnet 192.168.0.2 25 and 192.168.10.1 25.
On the external subnet (If I give a PC a manual IP address of 192.168.0.111 and plub it into the router subnet), I get a blank screen to both telnet 192.168.0.2 25 and 192.168.10.1 25.

Does this mean port 25 is blocked on the exteral NIC?

I try to run the internet connection wizard and it will not run saying "cannot set the dhcp scope".
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21790847
Nice discussion, but I am wondering if you are able to get webmail up on it?
can you see http://192.168.0.2/exchange in a browser remotely?
or http://192.168.10.1/exchange
That should tell us that port-forwarding is working, well, to the ip anyway..

Another thing, those addresses on the old server were static addresses right? Not DHCP assigned ones?
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 21790871
do you have any other DHCP Server running (perhaps the router)?
2003 server (SBS or otherwise) will not run the dhcp server if it detects that there is an existing DHCP server on the network. Regardless of this you should be able to continue past this and the wizard will coninue with the rest of the configuration.
to tell if there is another DHCP server sitting on the network, go to one of your network computers and set it to obtain ip, then at dos prompt type "ipconfig /all" and in the result it will tell you the ip address of the dhcp server. A lot of devices these days come with built in dhcp servers.

also you say that on the original you got a 220 on both ip's. this says that the server is not firewalling the connection. with your secondary setup, can you even ping the ip adresses? it looks to me that there is a different problem with that.

what i meant by testing from the outside, was to get onto a computer in the outside world and try to "telnet {yourdomain} 25" Example "telnet mail.ntbm.com.au 25" you will notice a 220 then the connection will be dropped (this is due to our antispam, whole nother subject).

This must be done from outside your router (not a computer that gets to the internet via your router) as it requires the router to portforward the incoming request and in cannot do this when the request originates from within the network.

hope this helps.
http://support.microsoft.com/kb/875422
this article talks about the dhcp scope error, however the most common reason a dhcp service fails to run is due to a second dhcp server existing.


0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 21790892
WHAT THE!!!!
debugger i see what you are saying but fail to see how plugging any internal ip address (therefore the requesting pc must be internal) into a browser is goign to tell you anything at all about the port forwarding of the router (when the trafic is not going through it). That aside, webmail utilizes SSL ports and is overcomplecating a simple issue.

Outgoing mail works. Therfore exchange services are running.
220 is received from internal client. Therefore smtp service is running and listening.
what is web mail going to tell you?

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 23

Expert Comment

by:debuggerau
ID: 21790976
LoL!
Ok, maybe you should reread AndrewJDavis, because I did say remotely....



0
 

Author Comment

by:TawVb
ID: 21790996
DHCP is fine. There is no other DHCP.

I noticed method 3 http://support.microsoft.com/kb/875422 the lannic was wrong it was reading the wan nic!

We dont plan to use webmail so I beleive this is ireelevant. We only use outlook from the LAN that is all. I think the external interface may be dropping port 25 AND SBS is mixed up about which is the LAN and WAN nics! How do we fit this?
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 21790997
OK
remotley to 192.168.0.2!!!!
That is a class c private IP it is not public and would never work. The user would have to go to http://{Public IP as assigned by their ISP}/exchange
however i still fail to see what this is going to tell you other than taking a simple problem and making it more difficult by throwing SSL and IIS into the mix.

i am not trying to be sarcastic, although even my own reading of most of my comments today does appear that way, perhaps i need more coffee.. Too many hours writing procedures for end users who cant think for themselves ;)

Happy to know what your reasoning of going down this testing route was as i see no benefit.

Cheers
0
 

Author Comment

by:TawVb
ID: 21791023
I ran the IC wizard and now it doesnt give the error it just comes up then when I click next it goes away.
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 21791033
you run the connect to internet wizard......
after you fix the error as above, you should be able to run the wizard fine.
Alternativley you can run this all on one NIC, you do not have to have two nics for this, although you may be using other services that require you to use two nics, like proxy/filetering

Sorry for the delay
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 21791045
if you want me to test the port forwading from external just let me know your domain name. There is no danger to this as it is not telling me anything that isnt told to everyone that you send an email to.

Cheers
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 21791077
sorry didnt read your last post, about it disappearing again on you.
i would suggest a reboot.
0
 

Author Comment

by:TawVb
ID: 21791092
Obviously, I reebooted. Thanks.

I think the external interface may be dropping port 25 AND SBS is mixed up about which is the LAN and WAN nics! How do we fit this?
0
 
LVL 23

Assisted Solution

by:debuggerau
debuggerau earned 150 total points
ID: 21791222
looks like we need to change the binding order, reconfigure the IP's on each adapter or alternatively you could swap the leads...

But since you cant connect to either ip address using port 25, I suspect its more a exchange issue, or even windows firewall...
Do you have any other security suites on this box?

Another helpful hint would be to disable each cable and surf to http://whatismyip.com and observe which address each adapter is mapped (port-forwarded) too.


0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 21791247
i assume you have double checked the fix from the MS KB.
if you follow through sll the steps from the telnet post ( http://support.microsoft.com/kb/153119 ) you should be able to send yourself an email from a command prompt. Does the connection drop out during this?

re the wizard failing. Have you checked the event log?

Cheers
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 21791283
i like the thought behind bind order, its a posible.
but up above we have been able to connect to port 25, and what is my ip is going to report the same thing for both as it will report the external ip of the router. it wont matter what subnet you are running inside. in fact once you disconnect the cable to the router's subnet you will have no internet at all.
Whatismyip only reports the IP address that you are displaying to the world, it has nothing to do with port forwarding.

Cheers
0
 

Author Comment

by:TawVb
ID: 21798633
Should the Internal (LAN) or external (WAN/Internet) NIC be first in the bind order.

We dont need to change the IP's or change the leads. The IPs and leads are correct, we just need to make sure all other settings that tell sbs 2003 which is the internal and external are correct. Does anyone know where these settings are (I've already changed the registry one)?
0
 

Author Comment

by:TawVb
ID: 21798775
I may have solved it. In RRAS NAT/Firewall I went to the external interface and then services and ports and ticked the SMTP protocal on the 192.168.0.2 (external IP) checkbox. Now from a client on the external interface (192.168.0.111) the telnet 192.168.0.2 25 command connects.

I can't prove it will recieve email as I have the server with me on a test LAN while the real LAN is running two hours away. I cannot go their and pull them off the air unless I am sure the issue is fixed. How can I prove it 100% in my test environment?
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 21801889
Sorry for the delay. there is a couple of ways.
easy way: send an email from a dos prompt with telnet, as per the microsoft post.
Hard way: configure the servers DNS with an mx record pointing at the WAN interface. Then from a client configured to look at the server for its DNS you could install some free email server software (like smartermail http://www.smartertools.com/ ) and then get it to configure mail to go between the two.

this will confirm mail transfer. Personally i have never seen a server that would work with Telnet then fail in receiving from another server.

Hope this helps.
Andrew
0
 

Author Closing Comment

by:TawVb
ID: 31467440
Solved. It was a combo of the firewall droping port 25 in RRAS on the external NIC AND 2003 server being confused at which was the internal and external NIC's.
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
how to add IIS SMTP to handle application/Scanner relays into office 365.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now