Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 894
  • Last Modified:

Can't telnet to exchange server on the server using FQDN but can if I use the direct IP - DNS problem?

I've recently setup exchange and after a lot of configuring with my webhost and isp (and assitance on here) with the a records, mx records and reverse DNS lookup I have managed to finally get exchange successfully sending emails out.

However emails cannot be received. An external port check on 25 says that there is no route to host although the port is open on the router.

If I telnet on my exhange server (ruunning Server 2003 enterprise) I can only access the exchange server if I telnet the actual IP address of the server. If I telnet using mail.mydomain.com.au it says "Could not open connection to the host, on port 25: Connection failed".

When I do a nslookup on mail.mydomain.com.au I get:
Server:       my.sbs2003server.local
Address:   192.168.2.8     (This is the internal IP for my SBS2003 server NOT my Exchange Server)

Non-Authoritative answer:
Name:         mail.mydomain.com.au
Address:    x.x.x.x  (My permenant IP as assigned by my ISP)

Any ideas?
0
slater27
Asked:
slater27
  • 8
  • 6
1 Solution
 
Jian An LimCommented:
normally, you would have a seperate DNS for internal IP

I will create a new DNS zone for mydomain.com.au

then create a A record for mail and point it to internal IP address

and for your information, you cannot telnet to your external IP address when you are inside your own network.


goto centralops.net to see whether you can telnet from outside to your IP address


0
 
slater27Author Commented:
I don't currently have a dns zone for mydomain.com.au   however I do have a dns zone for mydomain.local Are you saying that I should create another zone actually called mydomain.com.au and then create an MX record or an A record?

In fact even in the .local zone there is only a mx record for smtp.mydomain.com.au not mail.mydomain.com.au - is this correct?

Also I wasn't telneting to the external IP. I was telneting to the internal IP of the server to ensure exchange was functioning correctly which it appears it was. Telneting to the FQDN mail.mydomain.com.au failed.

The test from Centralops.net returned:
Validation results
confidence rating: 2 - DNS
The email address passed this level of validation
before the validation stopped due to the error below.
This does not indicate a problem with the address, but
it does not guarantee a good address, either.  more info
error at level 3: Timed out
canonical address: <test.user@mydomain.com.au>  

MX records
preference exchange IP address (if included)
10 mail.mydomain.com.au  

SMTP session
[Resolving mail.mydomain.com.au...]
[Contacting mail.mydomain.com.au [xx.xx.xx.xx]...] (My correct permenant IP)
[Timed out]
-- end --

I thought I should at least be able to telnet to the server by actually running telnet on the server with the FQDN. Because the NSlookup is returning two different addresses it seems like something internally in the DNS between the exchange box and the SBS2003 box is not right thus preventing connection externally.

Just so you know all internet traffic goes in and out through the sbs2003 box as it connects directly to adsl router to the internet on a different subnet.
0
 
Jian An LimCommented:
Can you check something for me?
goto your exchange server and run www.whatismyip.org

can you check whether this IP address is the same as your permenant IP address?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
Jian An LimCommented:
you should able to telnet to the IP address and the exchange host name (i.e. exchange.mydomain.local).
you should not able to telnet to the external name (mail.mydomain.com.au) as it is located at the outside interface of your network.

I want to troubleshoot whether it is your exchange problem or your firewall problem here.

Most likely it will be firewall if your IP address is the same..

do you run ISA server on your SBS server?

0
 
slater27Author Commented:
OK,

Whatismyip.org on the exchange server returns my correct permenant IP as allocated by my ISP.

Ok, no probs re telneting to the external name. I understand.

I don't believe I had installed ISA on the SBS2003 server although when I went to check the normal windows firewall in control panel on the SBS2003 box it came up with an error which may suggest ISA has/was enabled? How can I really check as I don't see any admin task for it in the start menu?

"Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)."

Also I set up the additional zone for mydomain.com.au on the exchange box and added one A record for mail.mydomain.com.au to point to the IP of the exchange box. I hope this is correct. (It still made no difference in trying to connect externally through port 25).

0
 
Jian An LimCommented:
The other issue i might think off is your smtp virtual server properties

goto exchange system manager
Server/<servername>protocols/smtp
right click on the smtp virtual server and click on properties
goto Access tab
click on connection

please check whether it is selected on all except the list below.
0
 
slater27Author Commented:
OK, think I've found it under Routing and Remote Access

NAT and the basic firewall is enabled.
There are no inbound or outbound filters set.
There is nothing in the address pool
SMTP is checked under the Services and Ports section but the IP address it was going to was that of the SBS2003 server. I have changed this to the IP of the exchange server however still can't access through port 25
ICMP has nothing checked.

What next to try?
0
 
slater27Author Commented:
I di dthe check on the exchange system manager for the SMTP protocol and YES the selection is "All except the list below" (and there isn't anything in the box). So it should allow any connection.
0
 
Jian An LimCommented:
okay.
Let's go back to basic

1. telnet to <localIP> port 25 - OK
2. telnet to <xxx.domain.local> port 25 - OK
3. telnet from outside to <mydomain.com.au> - FAILED

tell me what is your IPconfig on your SBS server.

Do you have 2 NIC?

0
 
slater27Author Commented:
okay.
Let's go back to basic

1. telnet to <localIP> port 25 - OK   -  YES
2. telnet to <xxx.domain.local> port 25 - OK  - NO, just tried this with mail.mydomain.local and it said could not open connection to the host on port 25.
3. telnet from outside to <mydomain.com.au> - FAILED - Correct

So not sure why point 2 is not working?

IPconfig on SBS server.
Host Name: mysbsserver
Primary DNS suffix: mysbsdomain.local
Node Type: Unknown
IP Routing Enabled: Yes
WINS Proxy Enabled: Yes
DNS suffix Search List: mysbsdomain.local

Ethernet adapter Server Local Area Connection
DHCP Enabled: No
IP Address: 192.168.2.8
Subnet: 255.255.255.0
Default gateway: <blank>
DNS Servers: 192.168.2.8
Primary WINS: 192.168.2.8
NEtBios of Tcpip: Disabled

Ethernet adapter Network Connection:
DHCP Enabled: No
IP address: 10.0.0.7
subnet mask: 255.255.255.0
Default gateway 10.0.0.1
DNS servers 192.168.2.8
Netbios over TCPip: Disabled.

TWO cards yes. One is connected to the Billion ADSL router on 10.x.x.x and the other (internal LAN) is on 192.168.2.x  



Do you have 2 NIC?
0
 
Jian An LimCommented:
try mysbsserver.mysbsdomain.local port 25.

by looking at this design, I am sure you wont get it working.
As you can see
your Billion ADSL router has a default IP of 10.0.0.1
you need to setup your ADSL router to forward the port 25 to 10.0.0.7

thats why it is not working!

0
 
slater27Author Commented:
Excellent - That's dead right...quite simple when I think about it but obviously I didn't...!!!

The external test  using http://www.checkdns.net/ now successfully gets to the server with the following info:
------------------------------------------------------------------------------------------------------------------
Checking mail server (PRI=10) mail.mydomain.com.au [xx.xx.xx.xx]  
  Mail server mail.mydomain.com.au[xx.xx.xx.xx] answers on port 25  
  <<< 220 myexchangeserver.mydomain.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Wed, 19 Nov 2008 16:01:29 +0900  
  >>> HELO www.checkdns.net 
  <<< 250 myexchangeserver.mydomain.local Hello [xx.xx.xx.xx]  
  >>> MAIL FROM: <dnscheck@uniplace.com>
  <<< 250 2.1.0 dnscheck@uniplace.com....Sender OK
  >>> RCPT TO: <postmaster@mydomain.com.au>
  <<< 250 2.1.5 postmaster@mydomain.com.au  
  >>> QUIT
  Mail server mail.mydomain.com.au [xx.xx.xx.xx]  accepts mail for mydomain.com.au  
  All MX are configured properly  
--------------------------------------------------------------------------------------------

Hoiwever I've sent a test email internally which reached my external address ok. But when I send back from the external address it still doesn't appear in my internal in-box.... So there still looks to be a problem with receiving, but it's no longer related to port access.

Any ideas of what I can check?

0
 
slater27Author Commented:
OK - I'm going to close this and award the points because I already have another question open regarding the actual non delivery in exchange. Now that the port open problem is sorted I'll continue investigation in the other question for why I'm still not receiving emails.

So points awarded for fixing the Telnet problem. Thanks!
0
 
slater27Author Commented:
Excellent thanks - If you want to continue helping on the email problem then please see my other open question.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now