icepick94
asked on
SBS 2003 Exchange server holding all mail
I have a SBS 2003 server that I hate. This thing is a real piece of crap.
I have it all setup to for e-mail/exchange services. I have the right DNS settings. I have a MX record setting. I was previously running this client's email on a really nice Linux based Zimbra server with no issues. The client wanted his mail moved in house. I moved it in house. Now I'm having a migraine.
The Exchange server is holding all mail up. It is sitting in the outgoing mail queues and I don't know why. I do not know anything about Exchange. The client is getting NDR's and handing me my ass. He has a business to run and the mail is not flowing.
So, I need a little help. I have no need to use the SBS POP3 connector. All mail comes here and leaves here. The client owns the domain name. I have looked in the queues. I am holding mail up for everybody: Hotmail, yahoo, etc.. I can telnet from the server to the hotmail mail servers just fine so I know its not a connectivity issue. Its just sitting there. I can select force connection, but it does nothing. With Linux I could figure it out with logs. The logs for this thing are a joke.
The only thing I did was add another port to the SMTP Virtual server. The client has Comcast at home. Comcast is blocking all port 25 traffic from his connection. I have setup an alternate port (2525) in the SMTP server settings. I left the default port 25 there and added the extra.
Can someone help me with this? I'm really hating exchange right now.
I have it all setup to for e-mail/exchange services. I have the right DNS settings. I have a MX record setting. I was previously running this client's email on a really nice Linux based Zimbra server with no issues. The client wanted his mail moved in house. I moved it in house. Now I'm having a migraine.
The Exchange server is holding all mail up. It is sitting in the outgoing mail queues and I don't know why. I do not know anything about Exchange. The client is getting NDR's and handing me my ass. He has a business to run and the mail is not flowing.
So, I need a little help. I have no need to use the SBS POP3 connector. All mail comes here and leaves here. The client owns the domain name. I have looked in the queues. I am holding mail up for everybody: Hotmail, yahoo, etc.. I can telnet from the server to the hotmail mail servers just fine so I know its not a connectivity issue. Its just sitting there. I can select force connection, but it does nothing. With Linux I could figure it out with logs. The logs for this thing are a joke.
The only thing I did was add another port to the SMTP Virtual server. The client has Comcast at home. Comcast is blocking all port 25 traffic from his connection. I have setup an alternate port (2525) in the SMTP server settings. I left the default port 25 there and added the extra.
Can someone help me with this? I'm really hating exchange right now.
You need to make sure that port 25 outgoing on the router is not blocked for some reason. It's possible that someone blocked this on the router at some point in the past (possibly as a spam preventive measure). I would remove the additional port, since it is not doing anything at this point anyway.
Also, in the properties of the SMTP virtual server, go to the Delivery tab/Advanced button and make sure that there is not a smart host or external DNS servers set up. If there is an SMTP connector set up (under Connectors in the Exchange System Manager) also make sure that it is not set to use an external host. If it is, there may be a problem connecting and/or authenticating to that host. You can at least temporarily disable the SMTP connector and test outoing email without it. Using an SMTP connector on SBS is not strictly necessary, although it is the standard configuration.
Is the incoming mail working?
In terms of logging, you need to enable SMTP logging in the properties of the virtual server as well - this is on the General tab. Once you do this, you will be able to check the SMTP logs, which will give you a very clear picture of exactly what's going on with the SMTP gateway.
Also, in the properties of the SMTP virtual server, go to the Delivery tab/Advanced button and make sure that there is not a smart host or external DNS servers set up. If there is an SMTP connector set up (under Connectors in the Exchange System Manager) also make sure that it is not set to use an external host. If it is, there may be a problem connecting and/or authenticating to that host. You can at least temporarily disable the SMTP connector and test outoing email without it. Using an SMTP connector on SBS is not strictly necessary, although it is the standard configuration.
Is the incoming mail working?
In terms of logging, you need to enable SMTP logging in the properties of the virtual server as well - this is on the General tab. Once you do this, you will be able to check the SMTP logs, which will give you a very clear picture of exactly what's going on with the SMTP gateway.
ASKER
Incoming mail is working just fine.
The first thing I did was remove the alternate port config. No difference.
I checked the SMTP Virtual server - Delivery Tab - Advanced. I do not have a smart host set there. I did have a DNS server set there but it was the local DNS server (192.168.0.5). I removed it to see what happens.
Here is an example of the log:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-04-29 12:45:39
#Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port cs-method sc-status cs-version cs-host
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionCommand SMTPSVC1 SERVER - 25 EHLO 0 SMTP -
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionResponse
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionCommand SMTPSVC1 SERVER - 25 MAIL 0 SMTP -
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionResponse
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionCommand SMTPSVC1 SERVER - 25 RCPT 0 SMTP -
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionResponse
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionCommand SMTPSVC1 SERVER - 25 BDAT 0 SMTP -
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionResponse
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionCommand SMTPSVC1 SERVER - 25 EHLO 0 SMTP -
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionResponse
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionCommand SMTPSVC1 SERVER - 25 MAIL 0 SMTP -
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionResponse
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionCommand SMTPSVC1 SERVER - 25 RCPT 0 SMTP -
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionResponse
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionCommand SMTPSVC1 SERVER - 25 BDAT 0 SMTP -
2009-04-29 12:47:17 166.135.160.2 [10.13.252.139] SMTPSVC1 SERVER 192.168.1.5 0 EHLO 250 SMTP -
2009-04-29 12:47:17 166.135.160.2 [10.13.252.139] SMTPSVC1 SERVER 192.168.1.5 0 STARTTLS 220 SMTP -
2009-04-29 12:47:17 166.135.160.2 [10.13.252.139] SMTPSVC1 SERVER 192.168.1.5 0 STARTTLS 220 SMTP -
2009-04-29 12:47:20 166.135.160.2 [10.13.252.139] SMTPSVC1 SERVER 192.168.1.5 0 EHLO 250 SMTP -
2009-04-29 12:47:27 166.135.160.2 [10.13.252.139] SMTPSVC1 SERVER 192.168.1.5 0 QUIT 240 SMTP -
2009-04-29 12:47:29 67.220.166.158 [192.168.25.184] SMTPSVC1 SERVER 192.168.1.5 0 EHLO 250 SMTP -
2009-04-29 12:47:29 67.220.166.158 [192.168.25.184] SMTPSVC1 SERVER 192.168.1.5 0 STARTTLS 220 SMTP -
2009-04-29 12:47:29 67.220.166.158 [192.168.25.184] SMTPSVC1 SERVER 192.168.1.5 0 STARTTLS 220 SMTP -
2009-04-29 12:47:29 67.220.166.158 [192.168.25.184] SMTPSVC1 SERVER 192.168.1.5 0 EHLO 250 SMTP -
2009-04-29 12:47:35 67.220.166.158 [192.168.25.184] SMTPSVC1 SERVER 192.168.1.5 0 QUIT 240 SMTP -
That is the whole log. About 40 pages of that with different times and IP addresses. This is not a clear picture. What is this? This doesn't tell me much about the SMTP server does it?
I really appreciate the help. I'm a bit aggravated and frustrated. I'm running blind here because Exchange is not giving me the level of logging I'm used to in Linux. I cannot see what is going on. All I can do is click the nice little GUI buttons and hope that Exchange is doing the right thing.
The first thing I did was remove the alternate port config. No difference.
I checked the SMTP Virtual server - Delivery Tab - Advanced. I do not have a smart host set there. I did have a DNS server set there but it was the local DNS server (192.168.0.5). I removed it to see what happens.
Here is an example of the log:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-04-29 12:45:39
#Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port cs-method sc-status cs-version cs-host
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionCommand SMTPSVC1 SERVER - 25 EHLO 0 SMTP -
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionResponse
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionCommand SMTPSVC1 SERVER - 25 MAIL 0 SMTP -
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionResponse
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionCommand SMTPSVC1 SERVER - 25 RCPT 0 SMTP -
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionResponse
2009-04-29 12:45:39 65.55.37.104 OutboundConnectionCommand SMTPSVC1 SERVER - 25 BDAT 0 SMTP -
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionResponse
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionCommand SMTPSVC1 SERVER - 25 EHLO 0 SMTP -
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionResponse
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionCommand SMTPSVC1 SERVER - 25 MAIL 0 SMTP -
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionResponse
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionCommand SMTPSVC1 SERVER - 25 RCPT 0 SMTP -
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionResponse
2009-04-29 12:46:43 65.55.37.120 OutboundConnectionCommand SMTPSVC1 SERVER - 25 BDAT 0 SMTP -
2009-04-29 12:47:17 166.135.160.2 [10.13.252.139] SMTPSVC1 SERVER 192.168.1.5 0 EHLO 250 SMTP -
2009-04-29 12:47:17 166.135.160.2 [10.13.252.139] SMTPSVC1 SERVER 192.168.1.5 0 STARTTLS 220 SMTP -
2009-04-29 12:47:17 166.135.160.2 [10.13.252.139] SMTPSVC1 SERVER 192.168.1.5 0 STARTTLS 220 SMTP -
2009-04-29 12:47:20 166.135.160.2 [10.13.252.139] SMTPSVC1 SERVER 192.168.1.5 0 EHLO 250 SMTP -
2009-04-29 12:47:27 166.135.160.2 [10.13.252.139] SMTPSVC1 SERVER 192.168.1.5 0 QUIT 240 SMTP -
2009-04-29 12:47:29 67.220.166.158 [192.168.25.184] SMTPSVC1 SERVER 192.168.1.5 0 EHLO 250 SMTP -
2009-04-29 12:47:29 67.220.166.158 [192.168.25.184] SMTPSVC1 SERVER 192.168.1.5 0 STARTTLS 220 SMTP -
2009-04-29 12:47:29 67.220.166.158 [192.168.25.184] SMTPSVC1 SERVER 192.168.1.5 0 STARTTLS 220 SMTP -
2009-04-29 12:47:29 67.220.166.158 [192.168.25.184] SMTPSVC1 SERVER 192.168.1.5 0 EHLO 250 SMTP -
2009-04-29 12:47:35 67.220.166.158 [192.168.25.184] SMTPSVC1 SERVER 192.168.1.5 0 QUIT 240 SMTP -
That is the whole log. About 40 pages of that with different times and IP addresses. This is not a clear picture. What is this? This doesn't tell me much about the SMTP server does it?
I really appreciate the help. I'm a bit aggravated and frustrated. I'm running blind here because Exchange is not giving me the level of logging I'm used to in Linux. I cannot see what is going on. All I can do is click the nice little GUI buttons and hope that Exchange is doing the right thing.
"STARTTLS". That would cause a problem.
Have you attempted to enable something on the SMTP connector or the SMTP virtual server to use TLS or SSL? If so that will stop email from flowing for most sites.
What is between Exchange and the internet? A firewall of some kind? Any SMTP scanning functionality on that?
The SMTP logging can be changed on the properties of the SMTP virtual server in ESM.
Simon.
Have you attempted to enable something on the SMTP connector or the SMTP virtual server to use TLS or SSL? If so that will stop email from flowing for most sites.
What is between Exchange and the internet? A firewall of some kind? Any SMTP scanning functionality on that?
The SMTP logging can be changed on the properties of the SMTP virtual server in ESM.
Simon.
Just agreeing with Simon - it looks like you have your system set up to use TLS or SSL. The reason you're seeing that lack of detail in your logs is because your email isn't going anywhere.
What you should be seeing in your logs is something more like this. I've changed all relevant IP address and domain name information. Also, I have my logs set to use NSA format, which I personally think is a bit easier to read, instead of the default:
987.654.321.1 - OutboundConnectionResponse
987.654.321.1 - OutboundConnectionCommand [01/May/2009:09:35:17 -0500] "EHLO -?myserver.mydomain.com SMTP" 0 4
987.654.321.1 - OutboundConnectionResponse
987.654.321.1 - OutboundConnectionCommand [01/May/2009:09:35:17 -0500] "MAIL -?FROM:<me@mydomain.com> SMTP" 0 4
987.654.321.1 - OutboundConnectionResponse
987.654.321.1 - OutboundConnectionCommand [01/May/2009:09:35:17 -0500] "RCPT -?TO:<recipient@recipientd
987.654.321.1 - OutboundConnectionResponse
987.654.321.1 - OutboundConnectionCommand [01/May/2009:09:35:17 -0500] "XEXCH50 -?2516 2 SMTP" 0 7
987.654.321.1 - OutboundConnectionResponse
987.654.321.1 - OutboundConnectionCommand [01/May/2009:09:35:17 -0500] "EHLO -?myserver.mydomain.com SMTP" 0 4
987.654.321.1 - OutboundConnectionResponse
987.654.321.1 - OutboundConnectionCommand [01/May/2009:09:35:17 -0500] "MAIL -?FROM:<me@mydomain.com> SMTP" 0 4
987.654.321.1 - OutboundConnectionResponse
987.654.321.1 - OutboundConnectionCommand [01/May/2009:09:35:17 -0500] "RCPT -?TO:<recipient@recipientd
987.654.321.1 - OutboundConnectionResponse
987.654.321.1 - OutboundConnectionCommand [01/May/2009:09:35:17 -0500] "XEXCH50 -?2516 2 SMTP" 0 7
ASKER
I have checked the SMTP Virtual server. I do have a certificate generated for the SMTP virtual server. I have checked the Access/Authentication area and TLS is not checked. I have also checked the Secure CommunicationCommunicaton area and the box is not checked for "require secure channel".
I have checked the SmallBusiness SMTP connector properties. I have checked the Advanced/Outbound security and the TLS encryption box is not checked.
Where else would I check this?
I have checked the SmallBusiness SMTP connector properties. I have checked the Advanced/Outbound security and the TLS encryption box is not checked.
Where else would I check this?
ASKER
Should the SMTP Virtual server be set to an IP or can I leave it "all unassigned"?
Maybe what I'm missing is some basic config options. I ran the ceicw wizard. I read that this will setup everything in a basic fashion. I'm not doing much with this server. I'm only servicing one domain and all the basic config options should work for me. I did enable the IMF on it for spam control.
Maybe what I'm missing is some basic config options. I ran the ceicw wizard. I read that this will setup everything in a basic fashion. I'm not doing much with this server. I'm only servicing one domain and all the basic config options should work for me. I did enable the IMF on it for spam control.
ASKER
The SBS server is multi-homed. The only firewall is the built in one and I have all the ports that need to be open, open on it.
I do have a basic router/nat device connecting the server to the internet. All ports are forwarded on this as well. I couldn't get Comcast to turn NAT off on their modem so I'm double nat'ed. But all relevant ports are open. I can also connect via telnet to port 25 of all of the servers that the mail is queued for from the SBS server. Its not a connection problem. I have verified connectivity. I am recieving mail just fine.
I do have a basic router/nat device connecting the server to the internet. All ports are forwarded on this as well. I couldn't get Comcast to turn NAT off on their modem so I'm double nat'ed. But all relevant ports are open. I can also connect via telnet to port 25 of all of the servers that the mail is queued for from the SBS server. Its not a connection problem. I have verified connectivity. I am recieving mail just fine.
This is not something that would normally happen, but if you go into the ESM, expand down to the Server name and then click on the Queues object. There is a button in this view that says "Disable Outbound Mail." Or, if you have it disabled, it says "Enable Outbound Mail." Just in case, check here to be sure outbound mail is not disabled.
ASKER
Outbound mail is not disabled.
What services would I stop/start to restart the exchange server without rebooting the whole server?
Any more ideas? I'm stumped on this one.
Thanks!
What services would I stop/start to restart the exchange server without rebooting the whole server?
Any more ideas? I'm stumped on this one.
Thanks!
You could try restarting the SMTP service. If you run it from the Services console and it hangs, then open a command prompt and run IISRESET. The other Exchange services would not need to be restarted.
Another question that could be silly, but I'm grasping at straws here - Can you browse the Internet from this server? Are you seeing any issues with DNS resolution, either internally or externally? Are both your NICs (internal and external) pointing to the internal DNS server for name resolution?
Also, on the NDRs that your users are getting, is there a reason code? This would be the numerical code - something like 5.5.0, etc.
Another question - when you say you have a certificate generated for the SMTP server - what exactly do you mean by this? Are you referring to an SSL certificate that is installed on the SBS default web site? This would not affect the SMTP virtual server, but I'm just trying to be sure about this.
Another question that could be silly, but I'm grasping at straws here - Can you browse the Internet from this server? Are you seeing any issues with DNS resolution, either internally or externally? Are both your NICs (internal and external) pointing to the internal DNS server for name resolution?
Also, on the NDRs that your users are getting, is there a reason code? This would be the numerical code - something like 5.5.0, etc.
Another question - when you say you have a certificate generated for the SMTP server - what exactly do you mean by this? Are you referring to an SSL certificate that is installed on the SBS default web site? This would not affect the SMTP virtual server, but I'm just trying to be sure about this.
ASKER
I can browse the internet just fine. DNS resolution seems to be working just fine. I can resolve from the command prompt as well as in IE.
In the SMTP Virutal server/Acces/Secure Communcation tab there is an option to use a cert with this sever. I just told it to use the same cert that was created on the SBS Server when it was installed. I did not generate a new cert.
I restarted the server and all the mail in the queues went out. Now, its backing up again. Weird. I am really stumped on this one.
This is the NDR message. It does not really tell me anything:
This is an automatically generated Delivery Status Notification.
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipients has been delayed.
In the SMTP Virutal server/Acces/Secure Communcation tab there is an option to use a cert with this sever. I just told it to use the same cert that was created on the SBS Server when it was installed. I did not generate a new cert.
I restarted the server and all the mail in the queues went out. Now, its backing up again. Weird. I am really stumped on this one.
This is the NDR message. It does not really tell me anything:
This is an automatically generated Delivery Status Notification.
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipients has been delayed.
Remove the certificate from the SMTP virtual server. You don't need it and it shouldn't be applied to the SMTP virtual server. Then restart the SMTP service and see what happens.
What you posted is a delivery delay message, not an NDR. The NDR only gets generated after the retry period on the message has expired and the server has stopped trying to deliver it. That usually takes a couple of days.
What you posted is a delivery delay message, not an NDR. The NDR only gets generated after the retry period on the message has expired and the server has stopped trying to deliver it. That usually takes a couple of days.
ASKER
Rebooted the server. Now all the mail is out of the queues. Go figure! The only message that is not being delivered is one that I cannot connect to the delivery server.
I'm gonna leave this queston open for a few days! This is not making me feel all fuzzy inside. I'm sure that this problem will come up again..
Thanks for the help so far!
I'm gonna leave this queston open for a few days! This is not making me feel all fuzzy inside. I'm sure that this problem will come up again..
Thanks for the help so far!
ASKER
Ok. I am back to the server holding all the mail in the queues. If I reboot the server, it will send out the mail. What the hell?
What am I missing with this server. Any ideas?
What am I missing with this server. Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did send test messages via telnet to port 25. It worked just fine.
I think I found the solution. It is a known problem with Exchange 2003 SP2. Here is the link:
http://support.microsoft.com/kb/950757. It has something to do with mismatched time stamps.
I ran the hotfix and the mail seems to be flowing. It is not getting hung up in the queues anymore.
I'm keeping my fingers crossed.
I think I found the solution. It is a known problem with Exchange 2003 SP2. Here is the link:
http://support.microsoft.com/kb/950757. It has something to do with mismatched time stamps.
I ran the hotfix and the mail seems to be flowing. It is not getting hung up in the queues anymore.
I'm keeping my fingers crossed.
Sounds good - we didn't get any event error information from you - probably something we should have checked earlier. Hope that fix does the trick!
ASKER
Looks like it did the trick! This error would not have shown up in the event logs. I had to actually download the mfcmapi.exe application and look at the actual mail files in the store. It was a pain in the butt!
All this because I installed SP2. I wish MS would make a stable product!
Thanks a million guys!!!
All this because I installed SP2. I wish MS would make a stable product!
Thanks a million guys!!!
Did you run the Configure Internet and Email wizard to setup the server?
Was the additional port so that the user could send email from home? If so, then may as well configure them to use the SMTP server of their ISP. It makes no difference. The sent item will not be stored in the mailbox. If you want the mail to be stored in their mailbox in the office then you need to use Outlook over the Internet - that is enabled in the same wizard as above and setup instructions are in the Remote Web Workplace site.
Simon.