Solved

Exchange 2007 - Connection Dropped on attachments to some domains

Posted on 2009-04-08
16
1,193 Views
Last Modified: 2013-11-30
We have been running exchange 2007 for almost two years and I've been having this problem off and on for a while.  For some reason our exchange cannot send attachments larger than 1mb to a handful of domains.  The emails get hung in the queue with error "421 4.4.2 Connection Dropped"  Here's what I've done so far...

Checked Check Point firewall logs...nothing
Ensured certificates are not expired
I can telnet to port 25 on the mail servers in question and send helo commands
Tried disabling trend mailscan on smtp server
Tried disabling trend officescan on smtp server
If I send the same attachments from Gmail to the problem servers, it goes through
If I send the same attachments from my exchange to my gmail, it goes through
called the receiving party and made sure my ip address and domain are whitelisted on their spam filters
used mx toolbox to ensure my domain is blacklisted anywhere

I've seen other posts talk about a TCP offload engine setting for the NIC, however I'm running a Dell Poweredge 1950 with Broadcom BCM5708C NetXtreme II and I don't see any such setting for my NIC.  I think this is related to HP servers only.

Please throw me a bone here...I'm about to start pulling out my hair!!
0
Comment
Question by:exp_exch1
  • 7
  • 6
  • 3
16 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 24101372
as a start can you confirm that this is configuration is done crrectly

http://www.amset.info/exchange/dnsconfig.asp
0
 

Author Comment

by:exp_exch1
ID: 24102461
I went through the link and double-checked each setting.  Everything appears to be configured correctly.  My ISP (charter-fiber) manages our external DNS.   I put in a trouble ticket with them yesterday concerning this issue.  The only problem they found was a missing SPF record.  The SPF record has been added, but did not fix the problem.
0
 

Author Comment

by:exp_exch1
ID: 24103123
Here's some more info... I enabled logging on the send connector.  Here is the transmission log to one of my problem domains.

     attempting to connect
220 lsh0101.uslec.net ESMTP    
EHLO mail.mydomain.com    
250-lsh0101.uslec.net    
250-AUTH=LOGIN CRAM-MD5 PLAIN    
250-AUTH LOGIN CRAM-MD5 PLAIN    
250-STARTTLS    
250-PIPELINING    
250 8BITMIME    
STARTTLS    
220 ready for tls    
     Sending certificate
CN=mail.mydomain.com, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, O=mail.mydomain.com     Certificate subject
E=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, S=Western Cape, C=ZA     Certificate issuer name
xxxxx    Certificate serial number
xxxxx     Certificate thumbprint
mail.mydomain.com     Certificate alternate names
     Received certificate
F0AD9C90F702C18C54DDB6E35A51254DB1593858     Certificate thumbprint
EHLO mail.mydomain.com    
250-lsh0101.uslec.net    
250-AUTH=LOGIN CRAM-MD5 PLAIN    
250-AUTH LOGIN CRAM-MD5 PLAIN    
250-PIPELINING    
250 8BITMIME    
8420537     sending message
MAIL FROM:<esquist@mydomain.com>    
RCPT TO:<bcquist@theirdomain.com>    
RCPT TO:<jefisher@theirdomain.com>    
     attempting to connect
250 ok    
250 ok    
250 ok    
DATA    
354 go ahead    

Thats the last thing I see to this mail server....nothing else.  
0
 

Author Comment

by:exp_exch1
ID: 24132313
No one has any ideas??  Increasing to 500 points
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24132369
Well at this point I would wait for the problem to happen and, once you have an email waiting in the queue

in your exchange 2007 management console -> tool box run the troubleshooting assistant and select "mails are backing off in a queue"

0
 

Author Comment

by:exp_exch1
ID: 24147633
There is one in the queue right now.  Another strange symptom is most of the problem domains are law offices...go figure.  I have run the mail flow troubleshooter quite a few times last week.  The only complaint it had previosly was a missing internal PTR record for my SMTP server.  That was corrected.  

I ran the troubleshooter again for good measure. No Root causes. No Mail Flow issues, and no warnings.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24152878
the troubleshooter gave you no warnings when you have an email sitting in the queue with retry state ? that's unusual


one more question if you go the the queue what is the "last error" of the message ? only " "421 4.4.2 Connection Dropped"" or anything more ?

0
 
LVL 49

Expert Comment

by:Akhater
ID: 24152883
and one more question any anti-virus installed on the server?
0
Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

 
LVL 49

Expert Comment

by:Akhater
ID: 24152955
also regarding the TCP offline Engine for Braodcom


1) Uninstall IE7 (otherwise step 3 fails)
2) Install Broadcom drivers from Dell site
3) Install Microsoft SNP patch - see KB912222
4) Run Broadcom Advanced Control Suite (part of what was installed in setp
1), select first NIC, scroll to Resource Allocations tab, deselect TCP
Offload Engine. Repeat for second NIC.
5) Re-install IE7 if required.

>>copied from http://www.eggheadcafe.com/conversation.aspx?messageid=29501050&threadid=29473569<<
0
 

Author Comment

by:exp_exch1
ID: 24153189
The complete error message in the queue viewer is the following :  451 4.4.0 Primary target IP address responded with: "421 4.4.2 Connection Dropped." Attempted to failover to alternate host, but that did not succeed. Either there are no alternate hosts, or the delivery failed to alternate hosts.

YES - I am running AV on the server.  Trend Officescan and Trend ScanMail for Exchange.  I have tried turning both of these off.

Awesome.  I will be trying the broadcom suggestion tonight!!!  Thanks
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24210593
updates on this ?
0
 

Expert Comment

by:igentics1
ID: 24327447
I have exactly the same problem in my organisation. I can send attachments to other domains without a problem but when sending to one specific destination I get this error. Attachments upto 1mb go through but nothing more. We have control of both ends as they are a client (which makes us look rather stupid!).

I've tried disabling IPV4 checksum offloading and other advanced NIC options as well as run all the troubleshooting assistants but so far not a clue.

Any help would be appreciated. Thanks
0
 

Author Comment

by:exp_exch1
ID: 24345891
I tried the suggestion from Akhater a few weeks ago and problem still not fixed.  My smtp server is running IE6.  

My latest workaround has helped alleviate the problem a little bit.  I created a new send connector specifically for these problem domains.  My new send connector points to an SMTP server running linux behind my firewall.  It seems to have fixed some domains, but not solved the problem completely.  Still welcoming ideas... :-)
0
 

Expert Comment

by:igentics1
ID: 24382669
I've setup a similar workaround using a new SMTP connector but I've narrowed down the problem to our ISP. When using the new SMTP connector, which routes email via a smarthost (IIS server) and out to the internet over a different WAN connection, emails successfully sent to the problematic domains without any problem. The only change as far as I can see is the DSL connection used to route the traffic once it leaves our office.

I'm not in contact with our ISP as I suspect a black hole router may exist at one of the nodes in our route to the destination mail server.
0
 

Expert Comment

by:igentics1
ID: 24382762
Sorry, I meant send connector not "SMTP connector"!
0
 

Accepted Solution

by:
exp_exch1 earned 0 total points
ID: 24455099
Problem solved by increasing the TCP_window size on my check point firewall.  Check point support walked me through doing a "kernel debug" to locate the TCP window errors.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now