Solved

Exchange 2007 DNS/MX to be live

Posted on 2009-05-15
20
972 Views
Last Modified: 2012-05-07
Just setup our new Exchange 2007 server.  We currently have POP mail hosted through GoDaddy.  I have been testing all week and am able to send and receive mail internally anfdalso send mail externally.  I tried to make it live today by switching the MX records on GoDaddy to be mail.fidkids.com.  I waited a few hours and when I did a MX Lookup it returned no valid MX records.  I have since switched the MX records back to GoDaddy so emails are coming in again.  Do I need to wait longer for the MX records to appear?  When I switched them back to GoDaddy's MX they went through within a few minutes.  

Are there any tests I can do on the Exchange server to make sure it is setup properly?  Our internal server name is fid-exch.fid.local and I want the external name to be mail.fidkids.com.  I have a multi-SSL cert from GoDaddy with the names mail.fidkids.com, fid-exch, fid-exch.fid.local, and autodiscover.fidkids.com on it.  That seems to be working and installed properly.  It just won't validate the MX records.  Any help would be greatly appreciated.  I would really like to get this going this weekend so they can be up for Monday.
0
Comment
Question by:DDassow01
  • 10
  • 8
  • 2
20 Comments
 

Author Comment

by:DDassow01
ID: 24400755
Couple of more things.  I can get to it externally using the IP address ... https://24.197.228.178/owa
When I create an A record for mail and then point it to 24.197.228.178 I can get to OWA by going to https://mail.fidkids.com/owa .  It is just the MX records that don't want to register/validate/update.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24401056
If you change MX record it should be immediate. Normally the MX records are immediate, but new A records may take time. This depends on how your DNS provider makes the updates. Most of them make it real-time, others every 15 minutes /2hours/12 hours. You may check this with godaddy.

Refer the below KB for how to for create and update MX.
http://help.godaddy.com/topic/163/article/669  (create)
http://help.godaddy.com/topic/332/article/347 (update)

First create mail A record (mail    A   24.197.228.178) then create MX record (@  MX  mail.fidkids.com 0) with high priority than old one. Keep the old ones with less priority, dont remove it, you may remove it later if you want. After that you may check it using http://dnsstuff.com or http://www.mxtoolbox.com
0
 

Author Comment

by:DDassow01
ID: 24401091
I just created the A record for mail pointing to 24.197.228.178.  The other A record listed is @ pointing to 72.167.232.54 which is Godaddy and where our website is hosted.  Should I make the MX record
(mail  MX  mail.fidkids.com 0)?  Or should I have the A record @ point to 24.197.228.178 and then make another A record for www that points to 72.167.232.54?
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24401103
your A recorder should be "mail" -- 24.197.228.178
mx should be mail.fidkids.com

the priority only matters if you have multiple mx records.  0 being the highest.

0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24401118
the other thing to verify if your mx has been set up

go to command prompt (cmd)
type nslookup
type set type=mx
type fidkids.com

if an mx shows up, then that means you're good.

Another thing you want to check is, is your domain name server hosted by godaddy or someone else?  If you go into your domain management, total dns control panel, it should tell you at the bottom.  Mine is from godaddy, but the name server is nsxx.domaincontrol.com.
0
 

Author Comment

by:DDassow01
ID: 24401121
MX Lookup returns mail.fidkids.com as the MX record and is pointing to 24.197.228.178.  When I run DNSStuff report it comes back with no MX records found.  I sent off a few test messages but they haven't gotten there yet (5 minutes) yet I sent one to myself from the users mailbox to a Gmail account and it showed up instantly.
0
 

Author Comment

by:DDassow01
ID: 24401129
Here are the nslookup results ...

> set type=mx
> fidkids.com
Non-authoritative answer:
fidkids.com     MX preference = 0, mail exchanger = mail.fidkids.com
fidkids.com     nameserver = ns51.domaincontrol.com
fidkids.com     nameserver = ns52.domaincontrol.com
mail.fidkids.com        internet address = 24.197.228.178
ns51.domaincontrol.com  internet address = 216.69.185.26
ns52.domaincontrol.com  internet address = 208.109.255.26

Does that look right?  Our DNS is hosted with GoDadddy.
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24401140
I'm able to make connection to your exhange through port 25 (good).  do you have an account I can use to send you a test message(email address)?

I'm going to follow a guide here: http://support.microsoft.com/kb/153119

It may sound like there's an exchange configuration issue than DNS/MX.
0
 

Author Comment

by:DDassow01
ID: 24401146
I have dave@fidkids.com setup as my test account.  I will login to OWA and see if it arrives.
0
 

Author Comment

by:DDassow01
ID: 24401164
When I telnet from a machine on the local network to fid-exch.fid.local I get this response ..
220 FID-EXCH Microsoft ESMTP MAIL Service ready at Fri, 15 May 2009 22:46:26 -05
00

When I do it from the outside I get a black screen.  I have ports 25, 443, 587 and 993 being forwarded to the Exchange server.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 7

Accepted Solution

by:
LANm0nk3y earned 500 total points
ID: 24401166
The problem is that you have your smtp server requiring authentication.

Go to Exchange Management Console (GUI)
go to Server Configuration\Hub Transport.

Select your server, under receive connector.  There should be two created one by microsoft.  One is "Client %ServerName%", the other is "Default %servername%"

Doubleclick on "Default %servername%", under permission groups, select everything except partners.

Under Authentication, for troubleshooting purposes -- make sure you have  Basic Auth, Exchange Auth, Integrated Windows.

Don't check offer basic auth only after starting tls --- you can do this after you get emails coming through.
0
 

Author Comment

by:DDassow01
ID: 24401170
Just tried sending from Gmail and got this back ..

Delivery to the following recipient failed permanently:

    dave@fidkids.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 530 530 5.7.1 Client was not authenticated (state 13).
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24401177
When I telnet from a machine on the local network to fid-exch.fid.local I get this response ..
220 FID-EXCH Microsoft ESMTP MAIL Service ready at Fri, 15 May 2009 22:46:26 -05
00

Great


When I do it from the outside I get a black screen. I have ports 25, 443, 587 and 993 being forwarded to the Exchange server.


You really shouldn't have to forward 587 nor 993. All you need open is 25, 80, 443.

If you want to have client connecting to this server outside of your office -- securely I would recomment reading up on Outlook Anywhere (RPC over HTTP[s]). You can set up outlook client outside over your office, connecting to your exchange server as if they are connected locally. It's more secure and better management.  http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23014474.html
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24401188
You should've gotten an email from postmaster@fidkids.com

should say "Hello dave, this is LANm0nk3y"

Looks like you fixed the auth issue.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24401191
MX Lookup gives the following result
ns52.domaincontrol.com reports the following MX records for 'fidkids.com':
 Preference :- 0
Host Name :- mail.fidkids.com
IP Address :- 24.197.228.178
TTL :- 3600  

One or more cname might be pointing to pointing to "@" A record. So prefer not to change it, here your MX looks ok Please test the mail flow now.

It looks fine for me

Validation results
canonical address: <dave@fidkids.com>
MX records
preference      exchange      IP address (if included)
0      mail.fidkids.com      [24.197.228.178]
SMTP session
[Contacting mail.fidkids.com [24.197.228.178]...]
[Connected]
220 FID-EXCH Microsoft ESMTP MAIL Service ready at Fri, 15 May 2009 23:03:56 -0500
EHLO Network-Tools.com
250-FID-EXCH Hello [67.222.132.194]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM LOGIN
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250 XRDST
VRFY dave
252 2.1.5 Cannot VRFY user
RSET
250 2.0.0 Resetting
EXPN dave
502 5.3.3 Command not implemented
RSET
250 2.0.0 Resetting
MAIL FROM:<admin@Network-Tools.com>
250 2.1.0 Sender OK
RCPT TO:<dave@fidkids.com>
250 2.1.5 Recipient OK
RSET
250 2.0.0 Resetting
QUIT
221 2.0.0 Service closing transmission channel
[Connection closed]
0
 

Author Comment

by:DDassow01
ID: 24401192
That did it!  I am getting emails in from the outside.  I have a couple of doctors with IPhones that will want to get their mail so I was going to do IMAP over SSL (that's why the 993).
0
 

Author Comment

by:DDassow01
ID: 24401201
When I run DNSStuff now it looks good except for a warning ...

WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

mail.fidkids.com claims to be invalid hostname 'FID-EXCH': <br />   220 FID-EXCH Microsoft ESMTP MAIL Service ready at Fri, 15 May 2009 23:09:21 -0500 <br />

Is that something that can be fixed?
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24401203
You're better off using iphone with the exchange client it has.  It uses OWA or Active Sync for it.  If your OWA is working, the iphone will work.  993 is imap and does not keep sent items.  for HIPAA compliancy -- it may be better off that they don't use it.

Plus if you use iphone exchange over active sync, the sent items will be stored for them to look at.  It also syncs calendars and contacts automatically.  Plus it will allow you to do remote wipe.  The user has access to the remote wipe feature inside OWA.  ;-)  
0
 

Author Comment

by:DDassow01
ID: 24401216
I didn't know that.  That's great!  Thank you so much for your help!
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24401220
When I run DNSStuff now it looks good except for a warning ...

WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

mail.fidkids.com claims to be invalid hostname 'FID-EXCH': <br />   220 FID-EXCH Microsoft ESMTP MAIL Service ready at Fri, 15 May 2009 23:09:21 -0500 <br />

Is that something that can be fixed?


--------------

I wouldn't worry about this error message.  use MXtoolbox.com.  Most antispam don't care about it other than that you have rdns.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now