Can't telnet to exchange server on the server using FQDN but can if I use the direct IP - DNS problem?

I've recently setup exchange and after a lot of configuring with my webhost and isp (and assitance on here) with the a records, mx records and reverse DNS lookup I have managed to finally get exchange successfully sending emails out.

However emails cannot be received. An external port check on 25 says that there is no route to host although the port is open on the router.

If I telnet on my exhange server (ruunning Server 2003 enterprise) I can only access the exchange server if I telnet the actual IP address of the server. If I telnet using it says "Could not open connection to the host, on port 25: Connection failed".

When I do a nslookup on I get:
Server:       my.sbs2003server.local
Address:     (This is the internal IP for my SBS2003 server NOT my Exchange Server)

Non-Authoritative answer:
Address:    x.x.x.x  (My permenant IP as assigned by my ISP)

Any ideas?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jian An LimSolutions ArchitectCommented:
normally, you would have a seperate DNS for internal IP

I will create a new DNS zone for

then create a A record for mail and point it to internal IP address

and for your information, you cannot telnet to your external IP address when you are inside your own network.

goto to see whether you can telnet from outside to your IP address

slater27Author Commented:
I don't currently have a dns zone for   however I do have a dns zone for mydomain.local Are you saying that I should create another zone actually called and then create an MX record or an A record?

In fact even in the .local zone there is only a mx record for not - is this correct?

Also I wasn't telneting to the external IP. I was telneting to the internal IP of the server to ensure exchange was functioning correctly which it appears it was. Telneting to the FQDN failed.

The test from returned:
Validation results
confidence rating: 2 - DNS
The email address passed this level of validation
before the validation stopped due to the error below.
This does not indicate a problem with the address, but
it does not guarantee a good address, either.  more info
error at level 3: Timed out
canonical address: <>  

MX records
preference exchange IP address (if included)

SMTP session
[Contacting [xx.xx.xx.xx]...] (My correct permenant IP)
[Timed out]
-- end --

I thought I should at least be able to telnet to the server by actually running telnet on the server with the FQDN. Because the NSlookup is returning two different addresses it seems like something internally in the DNS between the exchange box and the SBS2003 box is not right thus preventing connection externally.

Just so you know all internet traffic goes in and out through the sbs2003 box as it connects directly to adsl router to the internet on a different subnet.
Jian An LimSolutions ArchitectCommented:
Can you check something for me?
goto your exchange server and run

can you check whether this IP address is the same as your permenant IP address?
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Jian An LimSolutions ArchitectCommented:
you should able to telnet to the IP address and the exchange host name (i.e. exchange.mydomain.local).
you should not able to telnet to the external name ( as it is located at the outside interface of your network.

I want to troubleshoot whether it is your exchange problem or your firewall problem here.

Most likely it will be firewall if your IP address is the same..

do you run ISA server on your SBS server?

slater27Author Commented:
OK, on the exchange server returns my correct permenant IP as allocated by my ISP.

Ok, no probs re telneting to the external name. I understand.

I don't believe I had installed ISA on the SBS2003 server although when I went to check the normal windows firewall in control panel on the SBS2003 box it came up with an error which may suggest ISA has/was enabled? How can I really check as I don't see any admin task for it in the start menu?

"Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)."

Also I set up the additional zone for on the exchange box and added one A record for to point to the IP of the exchange box. I hope this is correct. (It still made no difference in trying to connect externally through port 25).

Jian An LimSolutions ArchitectCommented:
The other issue i might think off is your smtp virtual server properties

goto exchange system manager
right click on the smtp virtual server and click on properties
goto Access tab
click on connection

please check whether it is selected on all except the list below.
slater27Author Commented:
OK, think I've found it under Routing and Remote Access

NAT and the basic firewall is enabled.
There are no inbound or outbound filters set.
There is nothing in the address pool
SMTP is checked under the Services and Ports section but the IP address it was going to was that of the SBS2003 server. I have changed this to the IP of the exchange server however still can't access through port 25
ICMP has nothing checked.

What next to try?
slater27Author Commented:
I di dthe check on the exchange system manager for the SMTP protocol and YES the selection is "All except the list below" (and there isn't anything in the box). So it should allow any connection.
Jian An LimSolutions ArchitectCommented:
Let's go back to basic

1. telnet to <localIP> port 25 - OK
2. telnet to <xxx.domain.local> port 25 - OK
3. telnet from outside to <> - FAILED

tell me what is your IPconfig on your SBS server.

Do you have 2 NIC?

slater27Author Commented:
Let's go back to basic

1. telnet to <localIP> port 25 - OK   -  YES
2. telnet to <xxx.domain.local> port 25 - OK  - NO, just tried this with mail.mydomain.local and it said could not open connection to the host on port 25.
3. telnet from outside to <> - FAILED - Correct

So not sure why point 2 is not working?

IPconfig on SBS server.
Host Name: mysbsserver
Primary DNS suffix: mysbsdomain.local
Node Type: Unknown
IP Routing Enabled: Yes
WINS Proxy Enabled: Yes
DNS suffix Search List: mysbsdomain.local

Ethernet adapter Server Local Area Connection
DHCP Enabled: No
IP Address:
Default gateway: <blank>
DNS Servers:
Primary WINS:
NEtBios of Tcpip: Disabled

Ethernet adapter Network Connection:
DHCP Enabled: No
IP address:
subnet mask:
Default gateway
DNS servers
Netbios over TCPip: Disabled.

TWO cards yes. One is connected to the Billion ADSL router on 10.x.x.x and the other (internal LAN) is on 192.168.2.x  

Do you have 2 NIC?
Jian An LimSolutions ArchitectCommented:
try mysbsserver.mysbsdomain.local port 25.

by looking at this design, I am sure you wont get it working.
As you can see
your Billion ADSL router has a default IP of
you need to setup your ADSL router to forward the port 25 to

thats why it is not working!


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
slater27Author Commented:
Excellent - That's dead right...quite simple when I think about it but obviously I didn't...!!!

The external test  using now successfully gets to the server with the following info:
Checking mail server (PRI=10) [xx.xx.xx.xx]  
  Mail server[xx.xx.xx.xx] answers on port 25  
  <<< 220 myexchangeserver.mydomain.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Wed, 19 Nov 2008 16:01:29 +0900  
  >>> HELO 
  <<< 250 myexchangeserver.mydomain.local Hello [xx.xx.xx.xx]  
  >>> MAIL FROM: <>
  <<< 250 2.1.0 OK
  >>> RCPT TO: <>
  <<< 250 2.1.5  
  >>> QUIT
  Mail server [xx.xx.xx.xx]  accepts mail for  
  All MX are configured properly  

Hoiwever I've sent a test email internally which reached my external address ok. But when I send back from the external address it still doesn't appear in my internal in-box.... So there still looks to be a problem with receiving, but it's no longer related to port access.

Any ideas of what I can check?

slater27Author Commented:
OK - I'm going to close this and award the points because I already have another question open regarding the actual non delivery in exchange. Now that the port open problem is sorted I'll continue investigation in the other question for why I'm still not receiving emails.

So points awarded for fixing the Telnet problem. Thanks!
slater27Author Commented:
Excellent thanks - If you want to continue helping on the email problem then please see my other open question.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.