Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 990
  • Last Modified:

Help setting up all email on exchange with a record mx record

OK, I've searched other threads but they don't seem to say exactely how to set this up.

I have windows server 2003 running exchange 2003.

I want to replace my existing webhosted POP email with mail to be delivered directly to exchange.

So far (from what I've read) I have:
1. Obtained a static IP address
2. Setup a reverse lookup on my static IP address at my ISP to be: corp.mydomain.com.au
3. Created an 'A' record at my web/domain host to point to my static IP address
4. I then notified my web/domain host to ask him to set the server to deliver email messages to the exchange server. (He hasn't responded however so I'm unsure if he has done this - anyway to check?)
5. I opened up port 25 on my router to pass through to the Server 2003 running exchange

I can't receive emails in or send any out. Where can I start diagnosis - and/or what have I done wrong/not completed?
0
slater27
Asked:
slater27
  • 56
  • 47
  • +1
4 Solutions
 
JoWickermanCommented:
Hi

Firstly, you need to make sure an mx record have been create on your side:

http://www.computerperformance.co.uk/exchange2003/exchange2003_MX_records.htm

The ISP is supposed to do this on their side as well. It might take up to 48 hours for replication, depending on your ISP's settings.

Cheers.
0
 
dathhoCommented:
You need an MX record at your Web/Domain host also.
It currently points to their mailserver.  You need it to point to your outside router interface.
Check with >nslookup -i
>set q=MX
>mail.mydomain.com
 
0
 
slater27Author Commented:
Jowickerman - I looked on that page and couldn't see what to do specifically.

datthho:
nslookup - i       returned Invalid option -i

So I did a nslookup on the corp.mydomain.com.au
this returned:
server: corp.mydomain.com.au
address: <correct statis IP address>

DNS request timed out
timeout was 2 seconds
*****request to corp.mydomain.com.au timed-out

I then did a:
> set q=mx
> corp.mydomain.com.au

which returned
Server: <The name of my SBS 2003 server NOT my exchange server>
Address: 192.168.2.8 <IP of my SBS2003 server NOT my exchange server>

then:
mydomain.com.au
   primary name server = mydomain.com.au
   responsible mail addr = hostmaster.mydomain.com.au
  then serial/retry/expire/default ttl info.

Retryed sending and still no good. Next step?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
JoWickermanCommented:
Ok, in your DNS console under your Forward Lookup zone, you have to create a mx record. You can right click anywhere in the "white area" and select "New Mail Exchanger (MX)"

Host or Child domain: (same as parent folder)

Fully qualified domain name (FQDN): mydomain.com.au

Fully qualified domain name (FQDN) of mail server: smtp.mydomain.com.au (or whatever you want)

Mail server priority: 10
0
 
slater27Author Commented:
ok do I create this under:

_msdcs_mydomain.local or
mydomain.local ?


0
 
slater27Author Commented:
While waiting I created it under mydomain.local.

Host or Child domain: <left blank as recommended on screen>

Fully qualified domain name (FQDN): mydomain.com.au

Fully qualified domain name (FQDN) of mail server: smtp.mydomain.com.au

Mail server priority 10

Tryed sending a message and it just got stuck in the Find message queue (Status Queued)
0
 
JoWickermanCommented:
In your DNS console you should have "domain.com.au"? And mx record cannot point to .local as this will fail to resolve from the internet.

What I'm trying to say is:

"Your public presence FQDN which is .com/net/org extension can be hosted away from your private network. Even if they whom would try to break in know the private .local extension, they can't get to the private network using it."
0
 
JoWickermanCommented:
Oh yes, after creating the mx record in the right domain, you can test it here:

http://www.mxtoolbox.com/
0
 
slater27Author Commented:
Hmmm... sorry I am confused. my FQDN for mydomain.com.au is hosted at a remote webhost.. I only have the two .local containers under my Forward Lookup Zones in dnsmgmt on my exchange server. I'm not hosting my domain.

ie, all I have is:
_msdcs_mydomain.local and
mydomain.local

Your thoughts?
0
 
JoWickermanCommented:
Oh...

Ok, well, then you should contact your ISP responsible for hosting your DNS Domain name. They will ask you for your FQDN (Fully Qualified Domain Name) and IP address of your mail server and they will host the mx record.

Ask them how long teh replication will take.
0
 
slater27Author Commented:
um, that;s what I said I had already done in my first post - point 4.

Is there any way to test if they have completed that step?
0
 
slater27Author Commented:
sorry you already listed a tool to check. I used that (mxtoolbox.com) and got the following response:

ns2.enetica.com.au reports the following MX records:
 
Preference Host Name                       IP Address           TTL    
10               mail.mydomain.com.au     203.26.41.138     86400
 
Is this right? I put in corp.mydomain.com.au but it returns mail.mydomain.com.au ?
The IP address looks like the hosting server ip on Enetica.

Enetica is my domain hosting provider so that part is correct.
0
 
slater27Author Commented:
sorry you already listed a tool to check. I used that (mxtoolbox.com) and got the following response:

ns2.enetica.com.au reports the following MX records:
 
Preference Host Name                       IP Address           TTL    
10               mail.mydomain.com.au     203.26.41.138     86400
 
Is this right? I put in corp.mydomain.com.au but it returns mail.mydomain.com.au ?
The IP address looks like the hosting server ip on Enetica.

Enetica is my domain hosting provider so that part is correct.
0
 
slater27Author Commented:
Next steps to check?
0
 
JoWickermanCommented:
According to what you showed in your post, it seems as though your ISP has completed the setup. Now... Did you change the recipient policy within Exchange?
0
 
slater27Author Commented:
OK, What do I change in the receipient policy and where is it?
0
 
JoWickermanCommented:
If you open Exchange System Manager:

Expand Recipients
--- Click on Recipient  Policies

What is display in the right pane?

0
 
slater27Author Commented:
There is a default policy. I had added the following to the policy previously:

Under Email Address Tab:

SMTP        @mydomain.com.au

(The box is also ticked for this exchange organisation is responsible for all mail delivery to this address)

Is this correct? If so, what else to check as email still doesn't work.
0
 
JoWickermanCommented:
Yeah, that is the way it should be.

What happen if you ping mail.mydomain.com.au?

Who's ip address does it respond with?
0
 
slater27Author Commented:
I get 203.26.41.138 returned (Same as the IP address above when I used mxtoolbox)
0
 
JoWickermanCommented:
Ok, that's good.

Now to test. Can you mail someone inside your organzation? Someone who has an Exchange mail account as well?
0
 
slater27Author Commented:
unfortunately not, I am the only person currently on this domain.
0
 
JoWickermanCommented:
Ooohhhh.... Hhhmmm...

Can you create a dummy user just for testing purposes? We need to send an "internal" mail to ensure that all Exchange settings are correct. After that, you can delete the user again...
0
 
slater27Author Commented:
ok, well this returned an interesting result.

I created test.user including an exchange account.

1. Went to send an email from my account to test.user, but test.user is not shown in the address book.
2. Logged off and logged back on as test.user. Setup outlook and sent an email to my account (I was in test.user's address book).
3. Logged off test.user and logged back on as myself.
4. The test.user email had arrived successfully.
5. Went to send an email to test.user - still not showing in address book. Only my name and administrator.

How could this be?

Of course the only difference is that test.user was created after we did all these changes.

As a further test I sent an email to an outside domain from test.user. The email ended up in the queue in Exchange System Manager with status 'queued' without being sent.

Thoughts?
0
 
JoWickermanCommented:
Ok, this means that Exchange works internally. Strange about the address book, unless replication takes a little while... Might be up to 4 hours.

Anyway, what happens if you send from an external account to your domain account?
0
 
slater27Author Commented:
OK, I waited a while after sending to both my account and test.user from an external account and sure enough I received two undeliverable messages back after about 10 minutes.

The details are:

Your message did not reach some or all of the intended recipients.

      Subject:      test
      Sent:      12/11/2008 10:36 PM

The following recipient(s) cannot be reached:

      test.user@mydomain.com.au on 12/11/2008 11:16 PM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < outbound.icp-qv1-irony-out1.iinet.net.au #5.0.0 smtp; 5.1.0 - Unknown address error 550-'(outbound.icp-qv1-irony-out1.iinet.net.au) [203.59.1.108] is currently not\npermitted to relay through this server. Perhaps you have not logged into\nthe pop/imap server in the last 30 minutes or do not have SMTP\nAuthentication turned on in your email client.' (delivery attempts: 0)>

I'm wondering is there any problem with the fact that I set up the original reverse lookup on my ISP (iinet) to be corp.mydomain.com.au instead of mail.mydomain.com.au ??
0
 
JoWickermanCommented:
Ok... According to this message, your mail is relayed through your ISP (iinet is your ISP, right?) Which can only mean that DNS is not properly configured.
0
 
slater27Author Commented:
iinet is my ISP yes.

So is the problem the reverse lookup at iinet which is currently set at corp.mydomain.com.au? Or is it some other problem with the DNS?

Where to look now?
0
 
JoWickermanCommented:
No, the reverse lookup will not affect your mail in such a way. There must be a problem with the Host (A) record...
0
 
slater27Author Commented:
ok - anything specific you can advise for me to check?
0
 
JoWickermanCommented:
Hi,

On your server, do you use your ISP's DNS server as secondary DNS?
0
 
slater27Author Commented:
No, I have no secondary DNS. My primary DNS is my SBS2003 server which was setup first. The SBS2003 server acts as the gateway out to my adsl router to the internet.
0
 
JoWickermanCommented:
Ok, just thought of something...

Open Exchange System Manager
Expand Administrative Groups -> First Administrative Group -> Servers -> your_server -> Protocols -? SMTP

Right click on Default SMTP Virtual server and click on properties.

On the General tab, what is the IP address filled in there?
0
 
slater27Author Commented:
OK, well this was set to "all undefined"... So I changed it to the IP of itself (the Windows 2003 server running exchange)...Unfortuatnely however this made no difference to the tests. Still undeliverable to/from external addresses.

Also even after a good 24-48 hours I still can't see the test.user account in my outlook although the test.user account can see me. Strange....

Is it possible that the SBS2003 server is getting in the way somehow? After all it is acting as the gateway so I gather all mail traffic traverses through it?

Not sure, just having a punt.... What next to check?
0
 
JoWickermanCommented:
Hi,

Your SBS server's gateway is the "internal" IP address of the router, right? Speaking of the router, was it configured by your ISP?
0
 
JoWickermanCommented:
Try opening port 587 on your router as well.
0
 
slater27Author Commented:
Yes the SBS gateway is the internal IP of the ADSL router 10.0.0.1

OK, I've opened port 587 (and I am in the process of sending a test message).

In fact here is the list of ports on the ADSL router all pointing direct to the exchange server (ie: not the SBS server):

These are all under the "Virtual Server" tab in the admin section of a Billion BiPAC 7300A ADSL router
TCP 1723
UDP 1701
UDP 500
TCP 25
TCP 587

Note that there is no option to select the GRE protocol. So no ports are open for GRE. I thought that this may not be needed as the router supports GRE through opening the ports in this Virtual Server section?...Not sure if this is right? Anyway to test the ports?
0
 
JoWickermanCommented:
Ports 25 and 587 is used for SMTP.
Port 1723 is used for VPN. (GRE protocol)

Can you VPN to your server from the outside?

The more I think about this, I come to think that it HAS to be a DNS and ISP issue...
0
 
slater27Author Commented:
OK, well my last email came back undeliverable after opening port 587 so that didn't help unfortunately.

I had started the VPN setup but didn't have any success with that either, so I gave up for the moment as getting email working was more of a prioirty. I do want to get it going though but I was going to open another case on experts exchange after I get the email working.

Thanks for your diligent help so far...we just haven't quite isolated the root cause yet have we? Anything else to try?
0
 
JoWickermanCommented:
No... It's quite frustrating that I can't sort this out for you!

I was reading your question again... Have you completely stopped your POP mail?
0
 
slater27Author Commented:
No, pop mail for this mydomain.com.au is still active. Would this be a problem? I thought that in setting up the 'a' and mx records it wouldn't even get to the existing popmail?....In fact I didn't know this could even be disabled as such?

Also, I'm still concerned about the fact that I setup corp.mydomain.com.au for the reverse lookup on my ISP and yet the mx record points to mail.mydomain.com.au In trying to make sense of it all I've worked out that:

On Enitica (My Domain name webhost for mydomain.com.au) has the following configured (203.26.41.138 is the enitica webhost server which is where my domain and pop email accounts are stored also):
*.mydomain.com.au 203.26.41.138
@.mydomain.com.au 203.26.41.138
corp.mydomain.com.au xx.xx.xx.xx (Address for my permanent IP)  
ftp.mydomain.com.au 203.26.41.138
mail.mydomain.com.au 203.26.41.138
www.mydomain.com.au 203.26.41.138

MX Record - mail.mydomain.com.au
---------------------------
And at my ISP account I have:
Reverse DNS Lookup -  corp.mydomain.com.au  xx.xx.xx.xx (Address for my permanent IP)  
-----------------------------

Now I can't see how the above works? Shouldn't the mail.mydomain.com.au record also point to my permanent IP?...
 
0
 
JoWickermanCommented:
Yes, the mail.mydomain.com.au should point to your "permanent IP address".

So, you're telling me that you can send and receive mail with your "old" pop3 account?
0
 
slater27Author Commented:
OK, well I've changed the mail.mydomain.com.au to point to my permanent address. I'm not sure if this takes time to update, but I've tryed to send another email off to test.

Clarification on the old pop email. Actually I never setup pop accounts for mydomain.com.au. I only setup mail forwarders to send to a pop account at another one of my domains (which then got popped down to the SBS2003 server using the built in connector).

There is no forwarding setup for test.user@mydomain.com.au which is who I am using to test sending mail to.
0
 
JoWickermanCommented:
Yeah, depending on your ISP, it' can take about 8 hours before replication.

Oh... So this new domain has never been used in terms of mail being sent to you@mydomain.com.au?
0
 
slater27Author Commented:
The new domain has been used...but emails to it have been auto forwarded through cpanel for that domain to go straight to my other domain pop account. So emails would correctly get to the domain only to be forwarded off to another domain's pop account (to be poped by the SBS2003 server).

This was just a work around until I got exchange setup to take emails direct which is what led me to this problem.

OK, well if domain replication can take up to 8 hours I guess there is not much more I can do but wait until maybe tomorrow to see if changing the IP address on the mail.mydomain.com.au 'a' record worked or not.

What I still don't quite understand is why did I need to setup a reverse DNS lookup for corp.mydomain.com.au on my ISP (iinet) when there is an 'a' record already on the webhost (enetica) pointing to my permanent address? I gather this will be useful to use as my vpn access address although I still don't see why it is needed in both locations...?
0
 
JoWickermanCommented:
Ohhh.... Ok, now I understand better. Reverse DNS is mostly used for mail purposes. Many companies setup their incoming mail to do a reverse DNS lookup on mail to establish if the sender of the mail is really the true sender. Just to make spam less.

Let me know tomorrow what's happening. This is getting really interesting...
0
 
slater27Author Commented:
Ok...but doesn't that mean that my reverse dns address on my isp is incorrect also?....Currently it is set to be corp.mydomain.com.au  ...... by the sounds of things it should be mail.mydomain.com.au ??

If what you are saying is correct then this is how I see things are currently working:

1. An email is sent to mydomain.com.au which resolves to my webhost (enetica).
2. Enetic then checks it's 'a' records for mail.mydomain.com.au and sends it to my permanent IP address
3. My permanent IP address is actually owned by my ISP (iinet) and therefore goes to iinet first
4. iinet then do a reverse lookup on the IP address to see if it matches corp.mydomain.com.au (Which is how I currently have it set) to ensure it is not spam
5. Now I'm guessing iinet will currently fail the request because the FQDN that the email is being sent to is mail.mydomain.com.au and it is trying to match it against the reverse lookup information which is currently corp.mydomain.com.au. No match - No dice?

If this is the case then I need to get my isp to change the reverse lookup to be mail.mydomain.com.au? What do you think?
0
 
JoWickermanCommented:
Most ISP do not do a reverse lookup, but it'll be worthwhile to change the PTR record as this will ensure that you do not have to worry about 2 different FQDN's.

My issue with this is, why aren't you able to send?
0
 
slater27Author Commented:
Ok, well I put a request in to change the isp reverse lookup to point to mail.mydomain.com.au. Haven't received confirmation that this has changed yet so can't test sending from an external email account.

I agree that it is perplexing that I can't send outwards either. I just retryed and again the message gets stuck in the outbound queue for the domain I am sending to with a Retry status.

I think it may be worth going through all the relevant settings in the SMTP connector properties again. I know we checked some of them before but I'm uncertain if they are all correct. ANy ideas what I can check? After all, I should be able to send outwards?...
0
 
JoWickermanCommented:
Howzit?

Did you try again today?
0
 
slater27Author Commented:
Yes, no luck.

Although I did see the mail.mydomain.com.au change from the webhost IP to my permenant IP so that is good.

I think I might have an issue with the way that my internal network is configured.

If I tell you what I have then maybe you can suggest some things to check? I'll start with how it was configured before I added the new Server 2003 Enterprise server as that may highlight any potential issues.

So to start with I had:
Billion BIPAC ADSL router (10.0.0.1) - This connects to my ISP (allocated permenant IP x.x.x.x). I have one cat 5 cable going to the SBS2003 box.

The SBS2003 box is configured so that the Billion is the gateway out to the internet on one network card. The other network card is connected via cat5 to a Belkin 5 port switch. THe SBS box is defined in the 192.168.2.x address space and is the active DHCP server.

The Belkin 5 port switch has a couple of workstations attached to it. However one connection goes off to a separate D-Link DIR-655 wireless router which serves a couple of wireless notebooks.

The new Server 2003 Enterprise box (with exchange) has two network cards. When I set the box up it asked me which one was connecting internally and which one was connecting to the internet. I may have selected the wrong cards (1 is 1gig the other 100meg). The 1gig should have been internal and the 1gig extrenal. I think I swapped the ports around (Physically) to fix the mixup and I'm not sure what this means to the original questions about the role of each during setup.  

Currently 1 card has a fixed IP and it is connected to the Belkin switch
This fixed IP is the same IP that is in the Billion ADSL router to pass through for SMTP traffic for exchange (although this has to go through the SBS2003 box first and I believe the SBS2003 box has ISA which may be blocking the ports now that I think about it?)

Card 2 gets a dynamic IP address from the SBS2003 box and is connected to the Dlink DIR-655 wireless router (because the ports were ful on the switch).

Does this all sound right or could the SBS2003 ISA be getting in the way of the SMTP IP pass through? If so can I connect the exchange box direct to the ADSL router or will this just confuse things?

I guess I need confirmation of what the correct network setup should be when starting with an SBS2003 with ISA as the gateway to the internet and then adding the Enterprise 2003 Server with exchange.

If something is worng it may explain why I can't send out or receive, especially if the sbs2003 ISA is in between...it could very well be the culprit.


0
 
JoWickermanCommented:
Thanx for the explanation!

Ok... I didn't think about the ISA server. Is it running?

When you swapped the network cables around on the SBS server, you swopped the IP addresses on the NICs as well, right?

The card connecting to the ADSL router has an ip address of 10.0.0.x?

I would suggest making the 2nd card connected to the wireless router have a static address in the 192.168.2.x range.

Wait a minute... Do you have 2 sbs boxes? The second box (Exchange) is connected to the Belkin switch AND the wireless router???
0
 
slater27Author Commented:
:o)

Ok, to clarify with respect to your questions:

I had only one SBS2003 box with ISA enabled (So yes it is running). I then added a Server 2003 Enterprise server with exchange. Note that they are different domains (different businesses) but on the same subnet with the SBS2003 box acting as the DHCP server. So just two servers all up.

The network cables I swapped around was on the Server 2003 Enterprise with exchange box NOT the SBS2003 box. I physically swapped them after the wizard had completed regarding their role. The IP addresses were swapped on the NICs.

The card connecting to the ADSL router has a GATEWAY IP of 10.0.0.1 as that is the IP of the Billion ADSL Router. From my recolection it is recommended that the ADSL router/gateway be on a different subnet to the rest of internal network. The IP address themselves for both cards are within the 192.168.2.x space.

Does that clear things up and shed anymore light on the situation?


By the way I've been doing some more testing and for some reason if I try and ping my exchange box with the permenant IP I get Request TImed out. If I look at the card itself on the server box I can see a packet received for each timout that occurs. If I ping the SBS2003 server it comes back fine. So something is definitly not right here!!!
0
 
JoWickermanCommented:
Ah... Ok, that make sense. Although you didn't answer me on the one question:

Exchange is connected to the Belkin switch AND the wireless router? If it is, there will be NO WAY that mail will work as this is creating a loop... Taking the Exchange box out of the equation. You will not be able to ping it either.

Just to clarify again:
1. The Belkin switch and wireless router is connected to each other?
2. The Exchange box is connected to both?
0
 
slater27Author Commented:
1. The Belkin switch and wireless router is connected to each other? YES
2. The Exchange box is connected to both? YES

Although since then while we have been conversing I thought that may be the issue so I now have both network cables into the Belkin switch,

The interesting thing is I still can';t ping the nic with the permanent IP (comes back Request timeout) however I CAN ping the other NIC (Which was assigned a dynamic IP).

So what gives? Both cables into the same switch. A different workstation also on the same switch attempting to ping both Nics. Only one responds?
0
 
JoWickermanCommented:
You have to take one out and discard it. You don't need both nic's in this scenario! Use the one with the 192 address and disable the other one.
0
 
slater27Author Commented:
OK cool.. I've disabled the 100meg NIC (it's onboard) and made the gigabit nic the permanent manual IP for the exchange server.

Pinged it and it responded ok.

So I wonder if this now changes everything. I'll send some emails and see what happens!
0
 
JoWickermanCommented:
LOL! I think it MIGHT have a lot to do with it! I'll cross my fingers on this side!
0
 
slater27Author Commented:
Some GOOD news at last!!! LOL

I have managed to send OUT to an external address which was successfully received! Horray!!! :o)

Unfortunately though my message sent from an external address is yet to arrive... :o(

Still after all this it is at least 50% solved!

Now what to check for the incoiming....
0
 
JoWickermanCommented:
Hahahahahahaha!!!

We're getting there!!! Did you check the ISA settings yet?
0
 
slater27Author Commented:
Just noticed this thread has exceeded 60 posts!!! Must be a new record!!!.... Thanks so much for sticking by me and helping me out - it's been quite an adventure, and if nothing else I've learnt alot along the way!!

Now back to the taks in hand - well I'm embarrassed to say that I can't see that ISA has been installed or has been enabled. It was about 4 years ago when I set it up and I know I did at least one maybe 2 rebuilds in that time. Looks like I didn't reinstall it.

I'm going to attempt to telnet to the exchange box via my notebook and mobile 3 network (so I am outside my router and firewall). I'll post back the result sin a moment...
0
 
JoWickermanCommented:
LOL! It's my second longest post so far... But only just!!!

I'm glad I could assist! I like sorting out something that I start, plus I tend to learn along the way of new issues as well. It's really cool to sort something out with someone instead of alone.

You can check your services on the machine and see if ISA is runnig, but as you said, I doubt if it is. I think mail should be coming in shortly!
0
 
slater27Author Commented:
Nope - Cannot telnet (using Putty) to mail.mydomain.com.au  port 25  :o(

What to check now...?
0
 
slater27Author Commented:
ISA service is definitly not running
0
 
JoWickermanCommented:
Hhhhmmm....

Did you get a failure notice on the mail that you sent from outside?

The router is open for port 25 outgoing AND incoming?
0
 
slater27Author Commented:
Actually no. I haven't received any failure messages but it's been at least 30 minutes and still nothing either delivered or failure messages...hmmmm...

The router lets you open ports in the 'Virtual server' section of the menu but doesn't specify out or in? just which ports/protocol and where to pass through.
0
 
JoWickermanCommented:
Strange...

Can you specify to which server it should pass the information to?

You don't use secure SMTP, hey?
0
 
slater27Author Commented:
Yes via specifying the IP address and port of the internal network you want to pass through to. I think that given this is the case at minimum it would make sense that it will allow traffic in through the ports your specify.

Clearly though a telnet doesn't work so there has to be something stopping it unless it is something weird on the SBS2003 server. I can't just turn that off though as it is the DHCP server and gateway.

I know - I'll plug my PC into the back of the ADSL router and see if I can ping the exchange server as it will have to go through the sbs box to do it.....BRB
0
 
JoWickermanCommented:
Cool.
0
 
slater27Author Commented:
Well I set myself up on the other side of the router. Gave myself  a 10.0.0.100 IP with a gateway of 10.0.0.1 (ie: the router).

When I try to ping the sbs2003 server I get "Destination net unreachable"  and the reply is from 203.59.14.16 ??? Don't even know what that IP is?...

Regardless either there is an issue or my test is setup incorrectly.

I wonder if having the 10.x.x.x on the router is the issue?  Can't be though otherwise normal access to the internet wouldn't work if it wasn't allowing packets through across subnets.

Hmmm, stuck again.
0
 
JoWickermanCommented:
Hhhhmmm...

You have to add an alternate configuration to your PC. You have to specify in your NIC's properties under advanced that you have a second IP address, which must be in the 192 range.

I'm just thinking now... If you change the IP address of your router to the 192 range as well as the one nic of the dhcp server (meaning the DHCP server will have 2 nics and both will have addresses within the 192 range, like 192.168.2.20 and 192.168.2.21).

This might solve the routing issue. Try it, mail from outside and let me know.

I'm off now to go get my little girl from the day-mother, so I'll probably only see your results tomorrow.

Hope THIS works!!!

Cheers mate!
0
 
JoWickermanCommented:
Howzit?

Any luck?
0
 
slater27Author Commented:
Hey, some luck yes although I had some grief last night...

I went through and changed the router ip to be on the same subnet and then when I tryed to reaccess it I couldn't. After investigation I found it was the same IP as my switch. So I hooked into the back of it got the web interface and changed it to another IP that I had reserved. Somehow it didn't flash properly and was no longer accessible at all! I then had to do a hard reset and then attempt to get all the settings right to get my ADSL working again! All up took around 3 hours from 12 midnight to 3am in the morning!! Arrggh...And the problem still wasn't solved so I went back to the 10.x.x.x setup.

However I got a (partial) breakthrough today from another thread I opened specifically for the port 25 access problem. THe root cause was I needed to port forward to the SBS2003 interface address which is 10.0.0.7 and NOT to the exchange Server as the SBS then does a NAT and passes it through. In doing all that I had also reconfigured the NAT on the SBS server to pass SMTP through to the exchange server as it was currently set to the SBS box.  All of this resulted in clean external tests through to the mail server which is good.

However for some reason I'm still not receiving mail!! I can still send ok, but I'm not getting anything back. At least now it doesn't have anything to do with the path through to exchange as that checked out all right.

While typing I just received 6 undeliverable messages in my external email account. These were from tests yesterday and today. FUnny how they have all come through at once. The most recent test done after I got the port working has not come back in this bunch though...so it's out there floating somewhere....

So now I'm at a bit of a loss what I can check next. But we have to be close!!!
0
 
JoWickermanCommented:
hahahahaha!!! Yeah, I remember the late nights!!!

Ok, this all sounds promising... What is the NDR that you received?

Off the topic: Are you a rugby fan?
0
 
slater27Author Commented:
Hey Jo,

OK well I just received the latest NDR for the message I sent after the port was opened. Interesting that the NDR came back pretty quick where as the ones before took over 24 hours. I guess because it is talking direct to the exchange server now it can get through. Anyway this is what the NDR says (Unfortunately not very helpful):

------------------------------------------------------------------
Your message did not reach some or all of the intended recipients.

      Subject:      wow test
      Sent:      19/11/2008 4:02 PM

The following recipient(s) cannot be reached:

      Test User on 19/11/2008 4:46 PM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            <myexchangeserver.mydomain.local #5.0.0>
----------------------------------------------------------------------

As for the Ruby...well I'm an ex-pat from New Zealand so I had a strong upbringing on Rugby! Now I'm in Australia I do go for the Wallabies but win either way when the all blacks also play... ;o)
0
 
JoWickermanCommented:
Oh ok... I'm from SA, but we're very p1ssed off at the status of our rugby administrators at the moment...

Anyway...

SMTP 500 reply code means an unrecognised command.  You get this NDR when you make a typing mistake when you manually try to send email via telnet.
More likely, a routing group error, no routing connector, or no suitable address space in the connector.  (Try adding * in the address space)

I think we need to examine you Exchange server now.

Firstly, check:

Exchange System Manager -> Recipients -> Recipient Policies:

How many policies are there and is your domain listed under Default Recipient policy under the E-Mail addresses?
0
 
slater27Author Commented:
OK, I've managed to locate a mail transport error in the event viewer on the exchange server for the test that I did after the port was opened:

Here it is:
-----------------------------------------------------------------------------------------------------------------
A non-delivery report with a status code of 5.0.0 was generated for recipient rfc822;test.user@mydomain.com.au (Message-ID  <0876E4E0068C844F8AA69E462E23884D072964@mysbs2003server.mysbs2003domain.local>).  
Cause:  This indicates a permanent failure. Possible causes :  1)No route is defined for a given address space. For example, an SMTP connector is configured, but this recipient address does not match the address spaces for which it routes mail.  2)Domain Name Server (DNS) returned an authoritative host not found for the domain.  3)The routing group does not have a connector defined û mail from one server in the routing group has no way to get to another routing group.    
Solution: Verify that this error is not caused by a DNS lookup problem, and then check the address spaces configured on your STMP connectors. If you are delivering Internet mail through an SMTP connector,  consider adding an address space of type SMTP with value ô*ö (an asterisk) to one of the SMTP connectors to make routing possible. Verify all routing groups are connected to each other through a routing group connector or another connector.
-------------------------------------------------------------------------------------------------------

I don't like that the email address is correct but then the message ID includes references to my SBS2003 server (see top three lines of the error)...

So I've got something mixed up in the configuration. Any ideas?...
0
 
slater27Author Commented:
Ah, actually that header is alright because it is refering to the message sender which is correct. I found another one which was sent by a work collegue who had their message bounce and their domain was in the message header. So no probs there...

Just what to check with respect to the rest of the message (I'll also go and check what you previously said).
0
 
JoWickermanCommented:
Address space was my second question:

Check under:

Exchange System Manager -> Administrative Group -> First Administrative Group -> Routing Groups -> (your group) -> Connectors

What do you have here?
0
 
slater27Author Commented:
ok under Exchange System Manager -> Recipients -> Recipient Policies:

One default policy
Under the Email Addresses (Policy) I have:
SMTP   @mydomain.com.au
SMTP   @mydomain.local
x400    c=US;a= ;p=My DOmain;o=Exchange;
0
 
JoWickermanCommented:
I think you should untick the .local
0
 
slater27Author Commented:
Hmmm... I don't seem to have these options in Exchange System Manager?

Exchange System Manager -> Administrative Group -> First Administrative Group -> Routing Groups -> (your group) -> Connectors
0
 
slater27Author Commented:
ok unticked the .local
0
 
JoWickermanCommented:
Test mail?

Weird. What do you have under:

Exchange System Manager -> Administrative Group -> First Administrative Group -> Routing Groups ->
0
 
slater27Author Commented:
I don't have the option of 'Administrative Group' ??

The containers in Exchange System Manager under the root "My Domain (Exchange)" are:
- Global Settings
- Recipients
- Servers
- Connectors
- Tools
- Folders

0
 
slater27Author Commented:
And yes another test was sent and I received the same NDR and event in the log
0
 
JoWickermanCommented:
Ok. Go to connectors and tell me what's under that?
0
 
slater27Author Commented:
Ok, nothing is under that.
0
 
JoWickermanCommented:
Hhhhmmm...

If you right click connectors, can you create a new connector?
0
 
slater27Author Commented:
Yes...I gather by this there should be one here for SMTP?...

What name and details/options should I configure it with?
0
 
JoWickermanCommented:
Name it default SMTP connector.

General:

Use DNS to route
You can add a bridgehead if you want to. Leave it blank for now.

Content Restriction:

Select all options. Make the defaut message size: 6144

Address Space:

Add SMTP with an address of * (asterix) Cost of 20
Connector scope: Entire organization
Tick: Allow messages to be relayed to these domains.

Test and let me know.
0
 
slater27Author Commented:
OK, I've done this and I'm doing a test.

I had to set the bridgehead it wouldn't allow me to select ok without one being set so I chose the only option (Which was myexchangeserver name)
0
 
Jian An LimCommented:
For SBS, you just need to configure rerun the wizard
goto server management/standard management /internet and e-mail
Repair Internet and e-mail settings

but wait ... is this sbs 2003 issue? or exchange 2003 issue?

as you see, sbs2003 have a lot of wizard that can be used that exchange 2003 do not have that.

let's confirm then i continue to have a think aboout that

0
 
slater27Author Commented:
Hmmm...15 minutes have passed since sending the test email and nothing....no NDR, no additional error on the exchange server, no mail in the in-box....just nothing? :(
0
 
slater27Author Commented:
All these changes are on the Server 2003 Enterprise box with exchange.

The SBS box has exchange also but for a completely different domain. That box also isn't set up to receive emails direct. Instead it simply pops the ISP mailboxes and delivers them.  For the purpose of this exercise the SBS2003 box is simply a server in between the Server 2003 Enterprise and the internet.

Server 2003 Enterpise and Exchange combination doesn't allow for the pop connector so I was forced into going this route to directly receive and send email from the exchange box rather than pop accounts.  
0
 
slater27Author Commented:
Ok,still nothing back. Any idea why the addition of the connector would effectively delay a NDR or do something else with the email?

At least before we had some errors to work with! Now the only thing we have is the addition of the connector which has changed the symptoms of the problem.

0
 
JoWickermanCommented:
If it fails, we probably missed a setting on the connector, but now that it doesn't fail immediately, we know that it's communicating with the server at least!
0
 
slater27Author Commented:
In the meantime I also sent a message out to the external domain and that took 9mins to deliver.

So this other externally sent test message seems to have dissappeared for 40 minutes now?

0
 
JoWickermanCommented:
So the sending works still? Good.

It might be delayed at the ISP as well... A bit long though...
0
 
slater27Author Commented:
OK, finally got NDR and error in the server logs. Same NDR and error as before unfortunately.

0
 
JoWickermanCommented:
DAMMIT!!!

Ok... What have we missed... I need you to send me a couple of screen shots of all the tabs for the connector you created.
0
 
slater27Author Commented:
OK, well first of all I've downloaded Microsofts Exchange Troubleshooting assistant v1.1. Ive run all the tests which have passed except for the Mail flow troubleshooter as this required tracking to be on. I've enabled tracking and I'm going to see what I get from another test.

After that I've noticed that SP2 hasn't been installed so I think it would be worthwhile being on the latest service pack just to dismiss any gremlins. I'll let you know how I go.
0
 
slater27Author Commented:
PROBLEM SOLVED!!!

The SP2 didn't make any difference and the troubleshooting assistant didn't tell me more than we alredy knew. So I started searching on the net for the specific event error and came across two people that said the only way to fix it was to uninstall IIS, reinstall IIS and then reinstall exchange. I didn't really want to go through the hassle of this but given we were practically out of alternatives I thought what the heck.

Well guess what. It worked! So for anyone else who may get a similar problem (in terms of the last NDR and event ID) then this MS support article will tell you how to do the uninstall/reinstall to get it all working: http://support.microsoft.com/?id=320202

The only side effect I had was I had to reinstall Sharepoint and my other sharepoint apps and I had a bit of an issue with sharepoint installing again but as I type I think I found the right fix for that so my reinstall of sharepoint should hopefully go through smoothly.

Jo - even though you didn't quite get to the solution you provided incredible help along the way and helped solve many other things that were potentially wrong with the configuration. So mad props to you!! Thanks so much for sticking with me over the last 4 days to help resolve this!!!  Awesome commitment, I wish I could give you more points!!

My next job wil  be VPN - but I think this will be ok now I've sussed the correc IP t pass the ports to from the router!

Anyway thanks again for everything. This case is closed! Horray!
0
 
slater27Author Commented:
Awesome work and commitment! Thanks again for all your help!!
0
 
JoWickermanCommented:
YAY!!!! Cool man, I'm glad it's all sorted! Oh and by the way, this IS officially now the most posts in one question that I have participated in!!!

Has been awsome and it's cool to work in conjuction with someone that WANTS to learn!

Have a good one and good luck to New Zeeland and the Aussies for the weekend (As though they need it!)

Cheers mate!
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 56
  • 47
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now