[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 988
  • Last Modified:

Exchange won;t send e-mail

Hi all,

i am not able to send e-mail from outlook, owa or iphone but i am able to recevie.

I have deleted the SMTP connector and recreated but still unable to send e-mail.

I have been to https://www.testexchangeconnectivity.com/ and done a test on activesync and it came back all fine.

any ideas?

Regards
0
Waynepre
Asked:
Waynepre
  • 69
  • 48
  • 6
  • +2
1 Solution
 
tbsgadiCommented:
Have a look at the following:

http://www.slipstick.com/problems/nosend.htm

Gary
0
 
leakim971PluritechnicianCommented:
Hello Waynepre,

Which Exchange version ?
What about your mail queue ?
Could you resolve domain name with the mail server DNS ?

Did you try to run BPA : http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-4BEE-4943-AC22-E2DDBD258DF3&displaylang=en

Regards.
0
 
Glen KnightCommented:
Which version if exchange?
Check the queues are they filling up?

can you uninstall any antivirus software you have installed this can often cause this sorts of problem.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
WaynepreAuthor Commented:
Hi all thanks for the reply.
I will take a look at all websites in just a sec,
I am running Exchange 2007, and in queue there is 2 entry one submission -delivery type undefined, message count 0.
and the other saying domain.org.uk - Delivery type: SmartHostConnectorDelivery Message count 14
In the messages tab there are 14 messages i am guessing waiting to send.
There are currently no antivirus installed on this computer as I have only just rebuilt it.
SMTP Connector is already configured to use the domain name DNS.
Regards
0
 
Glen KnightCommented:
Check your send connector under Org Configuration > Hub Transport is it set to use a smart host?

Do you have access to the smarthost? Can you telnet to it from your exchange server on port 25?

I.e: telnet smart-host-name 25
0
 
tusharnextgenCommented:
Hello Waynepre

As you mentioned mails are stuck in the queue for "domain.org.uk"

As I think smtp domain name of your users is @domain.org.uk i.e. any users email address is username@domain.org.uk and all your internal user has this email address please let us know if it is so.

What is the FQDN of your exchange server.
I guess if it is so please add that entry again in DNS so that it would get that entry and resolve this issue.


0
 
Glen KnightCommented:
Can you access the Internet from the exchange server?

Can you screenshot the connector tabs and post the images?
0
 
WaynepreAuthor Commented:
Yes i can access the internet will post in 2 secs
0
 
WaynepreAuthor Commented:
Screens print as requested,

SMTP-1.jpg
SMTP-2.jpg
SMTP-3.jpg
SMTP-4.jpg
0
 
WaynepreAuthor Commented:
Hi tusharnextgen:
Take a look at this,
This was call i logged a little ago regarding an issue i had with DNS, but to be honest i don;t think we were able to send e-mails before hand anyways.
http://www.experts-exchange.com/Q_25012442.html
0
 
WaynepreAuthor Commented:
Of course you knew that anyways tusharnextgen as you helped me :).
I have just noticed that in the queue that the last error say 451 4.4.0 DNS Query Failed
0
 
tusharnextgenCommented:
please try following steps (Please after every command press enter)

Please share the results

Telnet your.mailserver.com 25
ehlo
mail from: fromemail@server.com
rcpt to: emailaddress of your internal user
data
.  (enter a dot/period to end the data)

250 2.6.0 Queued mail for delivery

quit
Connection to host lost.



telnet <ipaddress of your exchange server>  25
ehlo
0
 
WaynepreAuthor Commented:
Do i do this from the server or another pc? sorry...
0
 
WaynepreAuthor Commented:
This is the telnet from ther server.
telnet-from-server.jpg
0
 
WaynepreAuthor Commented:
Now trying from another pc
0
 
Glen KnightCommented:
Can you confirm it's a problem sending mail or receivg if it's receiving then telnetting to your own mailserver is not going to help.

Can you do the following:

from your exchange server.
Open a command prompt
telnet outgoing.gkvirtualdomain.co.uk 25
then follow this document: http://support.microsoft.com/kb/153119

when you do the ehlo enter ehlo yourdomain.co.uk (use your actual domain)
and then mail from: use a valid email address on your exchange server.

When you get to the rcpt to: enter glen@gkvirtualdomain.co.uk

follow the rest of the document what happens?
0
 
WaynepreAuthor Commented:
This is from a pc not connected to the network
telnet-from-pc.jpg
0
 
Glen KnightCommented:
As it's exchange 2007 the client connector uses port 587 this has absolutely nothing to do with sending email it's purely for receving mail.

You will not be able to telnet to your server on port 25 from inside your network unless you have specifically added it in.  So by default you won't be able to.
0
 
WaynepreAuthor Commented:
It does recevie e-mail will follow your next instructions now
0
 
WaynepreAuthor Commented:
Thanks Demazter what can i do now is it worth me following your previous instructions?
0
 
Glen KnightCommented:
Please try the telnet instructions I posted to see
if I can receive your message
0
 
WaynepreAuthor Commented:
When i try to ehlo my domain it comes up and says Invalid domain name.
0
 
tusharnextgenCommented:
There are two receive connectors one listen on port 587 and another on 25

Any ways we  do not have to concentrate on this as its issue when user try to send mail to any external email address

my question is is it happening even when two internal user try to send email between them.
0
 
WaynepreAuthor Commented:
Sorry i should of said before hand that user internally can e-mail between them its only not sending to external addresses.
0
 
Glen KnightCommented:
The receive connector for clients (internal to the network) is 587, unless you have specifically added the servers IP address to the connector that listens on port 25 then you will not be able to telnet to this port.

When you do the telnet test you do the following:

telnet outgoing.gkvirtualdomain.co.uk
ehlo micah.org.uk
mail from:valid-email-address@micah.org.uk
rcpt to:glen@gkvirtualdomain.co.uk

then follow the rest of the microsoft link I posted.

0
 
WaynepreAuthor Commented:
220 outgoing.gkvirtualdomain.co.uk Microsoft ESMTP MAIL Service ready at Thu, 31
 Dec 2009 14:18:32 +0000
ehlo micah.org.uk
501 5.5.4 Invalid domain name
0
 
tusharnextgenCommented:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22838060.html

please check this post it may be issue related to internal DNS
0
 
Glen KnightCommented:
interesting!
It works perfectly from here!!

220 outgoing.gkvirtualdomain.co.uk Microsoft ESMTP MAIL Service ready at Thu, 31
 Dec 2009 14:15:11 +0000
ehlo micah.org.uk
250-outgoing.gkvirtualdomain.co.uk Hello
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN
250-8BITMIME
250-BINARYMIME
250 CHUNKING

can you post ipconfig /all from your exchange server?
Is it the only server (ie does it have DNS/Domain Controller roles) or do you have additional servers?  If so what are they?

Looks like whoever answered your DNS question didn't finish the job!

It could also be caused by your lack of an SPF record see here for a DNS report from your domain:

WARN SPF record Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).  

You need to setup an SPF record, follow this wizard for the required content: http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Then contact whoever hosts your external DNS and tell them you need an TXT record configured with this information.
0
 
Glen KnightCommented:
Although in saying that you use a smarthost so the SPF shouldn't be an issue.

can you ping the smarthost from your exchange server? Do you get a IP lookup?
0
 
WaynepreAuthor Commented:


C:\Users\Administrator>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : MCM-DC1-SBS2008
   Primary Dns Suffix  . . . . . . . : micah.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : micah.local
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Generic Marvell Yukon Chipset based Ether
net Controller
   Physical Address. . . . . . . . . : 00-22-15-1E-7C-7A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.10
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 8:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{8E71DDA6-1286-4132-91F5-4EA114C72
59F}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
C:\Users\Administrator>
0
 
WaynepreAuthor Commented:
Sorry can you please explain to me what SPF is / means?
It is the only server I have on site and when i try to ping micah.org.uk i get the following error message.
Ping request cound not find host micah.org.uk
Regards
0
 
tusharnextgenCommented:
could you try
nslookup micah.org.uk
and check if it resolves to ip address
0
 
Glen KnightCommented:
So this server is also the DNS server? Is it also the Domain Controller?

Is this SBS by chance?
0
 
Glen KnightCommented:
OK, in the DNS Console can you right click on the servername select properties then the forwarders tab do you have any entries here?

Can you also disable any network connection that is not The primary network connection.
0
 
WaynepreAuthor Commented:
Tusharnextgen - please see below


C:\Users\Administrator>nslookup micah.org.uk
Server:  mcm-dc1-sbs2008.micah.local
Address:  192.168.1.10
Name:    micah.org.uk

C:\Users\Administrator>
 
Demazter.
Yes this server is the DNS, DHCP, EXCHANGE, IIS, AD, Domain Controller and yup its SBS 2008.
p.s. i am following the above instruction now
Regards
 
0
 
Glen KnightCommented:
Donyou have a zone in your internal DNS for Micah.org.uk?
0
 
WaynepreAuthor Commented:
Demazter,  
No SPF Record Found. A and MX Records Available No SPF record has been found for the domain micah.org.uk. However, MX and/or A records currently exist for this domain.
0
 
Glen KnightCommented:
OK sorry ignore my previous post, SBS2008 has split DNS.

Can you run the Fix My Network Wizard
0
 
WaynepreAuthor Commented:
Please see below a screen print of DNS
DNS.jpg
0
 
WaynepreAuthor Commented:
0
 
Glen KnightCommented:
OK the router error is normal.

Can you restart the exchange services now? Does mail start to flow after restarting them?
0
 
WaynepreAuthor Commented:
ok we are back to our old issues now where is it asking for a usernae and password for mail.micah.org.uk see screen print below.
password.jpg
0
 
WaynepreAuthor Commented:
I have no clue where it is getting the domain MAIL from?
0
 
Glen KnightCommented:
When do you get this screen?
0
 
WaynepreAuthor Commented:
When i open up MS Outlook
0
 
WaynepreAuthor Commented:
Demazter would it help if i gave you access to the server?
0
 
Glen KnightCommented:
Outlook itself? From a client?

We are not allowed to offer remote support.  Dome do however offer this via their profile but I don't think it's necessary.
0
 
WaynepreAuthor Commented:
Ok not not from a client but the client can't send emails either it justcsticks in the queue.
0
 
WaynepreAuthor Commented:
Would it help if I upgrade Exchange to SP2?
0
 
WaynepreAuthor Commented:
I have just checked the Application Event Log and i am getting the following error
 

Event.jpg
0
 
WaynepreAuthor Commented:
On one of the other events it says.
Process MAD.EXE (PID=1532). All domain Controller Servers in use are not responding. mcm-dc1-sbs2008.micah.local
0
 
Glen KnightCommented:
Have you restarted the exchange services since running the fix my network wizard?

Also once you have dine that, close outlook on the client and run IPCONFIG /FLUSHDNS from the command prompt then try outlook again.
0
 
Glen KnightCommented:
presumably your server is called Mcm-Dc1-sbs2008?
0
 
WaynepreAuthor Commented:
yes it is called mcm-dc1-sbs2008,
I have restarted the exchange but haven;t flushed the DNS will try that now
0
 
WaynepreAuthor Commented:
nope still no luck, webmail doesn;t work nor does the iphone
0
 
Glen KnightCommented:
If you browse to https://localhost/owa from the server does it work?
0
 
WaynepreAuthor Commented:
Yes it does, it loads logging on page.
And it will let me log on.
it will send but get stuck in the Queue.
0
 
WaynepreAuthor Commented:
Its strange when i deleted the host A file in the DNS for mail.micah.org.uk it never came up wit hthe username and password screen for mail.micah.org.uk (screen print above) but when we fix the networking it reinserted the host a file and we are getting this logon box.
 
0
 
Glen KnightCommented:
Can you give the server a reboot?
Are you fully upto date? You should have at least rollup 9 installed for exchange.

Goto windows update in control panel and click the link that says check online for updates.
0
 
WaynepreAuthor Commented:
ok running an update now and then i will reboot.
This could take awhile.
0
 
WaynepreAuthor Commented:
The server has been apply computer setting for over 11 minutes now and still counting.
0
 
Glen KnightCommented:
That's OK that's normal if you have a DNS problem.
0
 
WaynepreAuthor Commented:
Oh ok  thanks mate will keep you posted.
0
 
Glen KnightCommented:
How's it looking?
0
 
WaynepreAuthor Commented:
Still applying computer settings
0
 
Glen KnightCommented:
OK that's a long time!
If you unplug the network cable does it go through?
0
 
WaynepreAuthor Commented:
I can't do that as i am not on site. I am logged on remotely.
0
 
WaynepreAuthor Commented:
now it applying more updates.
0
 
WaynepreAuthor Commented:
Ok i have just been able to log on.
0
 
Glen KnightCommented:
How's it looking now?
0
 
WaynepreAuthor Commented:
got logged on as said above but none of the exchange services had started see attached,

Services.jpg
0
 
Glen KnightCommented:
And if you try to start them?
0
 
WaynepreAuthor Commented:
Trying to do that now some are failing at the moment
0
 
Glen KnightCommented:
Also check see if there are any further updates available.
0
 
WaynepreAuthor Commented:
Will do :)
0
 
WaynepreAuthor Commented:
All services but the Information Store had started, see screen print attached for error.
Windows has been fully updated.
Is it worth me updating Exchange to SP2?
 

MEIS.jpg
0
 
Glen KnightCommented:
No let's getthis sorted first.

What is the event log error?
0
 
WaynepreAuthor Commented:
0
 
Glen KnightCommented:
OK, that ones nice and easy it's because (hopefully) you are missing the Manage Auditing permission.  See here on how to fix it.  Use the 2nd option for editing the default domain controller policy.
http://balld31.blogspot.com/2008/09/exchange-servers-need-manage-auditing.html

As per:
2. Edit the Default Domain Controller, or create a new GPO and go to: Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment. From there, add the required Exchange Servers group to the Manage Auditing and Security Log privilege

it's all explained in the article.
0
 
WaynepreAuthor Commented:
Doing it now sorry for the late reply had to go out and get pizza.
0
 
WaynepreAuthor Commented:
On that website do i need to follow the instructions on
http://support.microsoft.com/kb/896703#
as well?
0
 
Glen KnightCommented:
No it's all on the website just the section I posted should be sufficient?
0
 
WaynepreAuthor Commented:
I have completed the instructions what do u recommend now?
 
0
 
Glen KnightCommented:
Try starting the services?
0
 
WaynepreAuthor Commented:
Just tried no luck still same error when starting the Information store.
0
 
Glen KnightCommented:
OK can you try the whole procedure in the link I posted?

If you run secpol.msc can you see the change?
0
 
WaynepreAuthor Commented:
Including the microsoft link?
0
 
Glen KnightCommented:
Yes why not :-)
nothing to loose.
0
 
WaynepreAuthor Commented:
ok another issue when running policytest .exe these are the results
 

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.
C:\Users\Administrator>policytest.exe
This tool will check every domain controller in the local
domain to see if the "Manage auditing and security logs"
privilege granted to the "Exchange Enterprise Servers"
group by DomainPrep has replicated to that DC.  If the
policy change has not yet replicated to all DCs, then
you should avoid making policy changes on any DC that
has not received those changes yet.
You must have Domain Admin rights to run this tool
successfully.  If you see an error that says:
  !! LsaEnumerateAccountRights returned error 5 !!
then you don't have permission to open the LSA on the
given DC.

===============================================
Local domain is "micah.local" (MICAH)
LookupAccountName returned error 1332
Abnormal exit from PolicyTest
C:\Users\Administrator>
0
 
Glen KnightCommented:
OK in Active Directory Users and Conputers find your servername and check the properties of it to find out what groups it's in?

When you edited the Default Domain Controller Policy is this the group you added in to the Manage Auditng and Security section?

Did you browse to the group or manually add it (you need to browse for it)

can you screenshot the policy and post it?
0
 
WaynepreAuthor Commented:
Hello mate happy new year, please see attached screen prints as requested.

Administrator-Properties.jpg
GPO.jpg
0
 
Glen KnightCommented:
Happy New Year to you too!!

Can you check the servername properties rather than the administrator account?

What groups is the server in?
0
 
WaynepreAuthor Commented:
Screen print of the server properties
Server.jpg
0
 
WaynepreAuthor Commented:
Looking at that last screen prints it looks like not all of ther required tabs are there. Don't you think
0
 
Glen KnightCommented:
Ahh! Spotted it!

The policy you have above is the Default Domain Policy.  The one you need to edit is the Default Domain Controller Policy
0
 
WaynepreAuthor Commented:
Ah well spotted,
I have just checked the default domain controllers policy and the required group is there.
Regards

GPO.jpg
0
 
Glen KnightCommented:
Can't see the JPG for some reason?

Can you run secpol.msc on the server and check the setting and see what I says?
0
 
WaynepreAuthor Commented:
I will re upload the image.
GPO3.jpg
0
 
Glen KnightCommented:
I can't see that one either? Can you attach them
the same way you did before?
0
 
WaynepreAuthor Commented:
this time it will work

GPO.jpg
0
 
WaynepreAuthor Commented:
The file that i was attaching wouldn't open up on my comptuer either so i deleted and recreated.
0
 
Glen KnightCommented:
Can you find the same setting using secpol.msc is it bein applied?
0
 
WaynepreAuthor Commented:
Sorry i thought the screen print i attached was from secpol.msc if its not can you please tell me how to check the answer for your question.
Regards
0
 
WaynepreAuthor Commented:
Under local prolicies, User Rights Assignment, Manage Auditing and security log properties, Exhcnage servers and administrators has been assigned.
 
 
0
 
Glen KnightCommented:
Is that when you goto start > Run > Secpol.msc ?
0
 
WaynepreAuthor Commented:
yes
0
 
Glen KnightCommented:
Can you run the policy check again?
0
 
WaynepreAuthor Commented:
not a problem please see the results.
Untitled-1.jpg
0
 
Glen KnightCommented:
The group should be DOMAIN\Exchange Servers

can you run rsop.msc on the server to see what policies are being applied?
0
 
WaynepreAuthor Commented:
Ah i c, and it will not let me change it either.
I just ran rsop.msc

1.jpg
2.jpg
0
 
Glen KnightCommented:
Doesn't make sense!
Have you restarted the exchange services?

If not can you and post any event log errors?
0
 
WaynepreAuthor Commented:
No i have restarted them, but i can do if need be i have tried to start the information store but with no luck.
App-log-1.jpg
App-log-2.jpg
App-log-3.jpg
app-log-4.jpg
app-log-5.jpg
app-log-6.jpg
0
 
WaynepreAuthor Commented:
0
 
WaynepreAuthor Commented:
There are another two updates that have downloaded and i need to reboot the server.
Is it worth me upgrade to SP2 on exchange now do you think?
This is really weird..
0
 
tusharnextgenCommented:
0
 
Glen KnightCommented:
I don't think SP2 is SBS ready yet so I would leave it for now.

It's not going to help you.  Do the restart for the updates.
0
 
WaynepreAuthor Commented:
tusharnextgen thank you for your help again i'm taking a look at the website now
Just rebooting server now also may take a while to boot back up
0
 
WaynepreAuthor Commented:
If i go the way of reinstalling Exchange 2007, how would i go about doing this using the setup.com file?
thanks wayne
0
 
Glen KnightCommented:
It's getting a bit tricky now without actually seeing your server.

It should work but for some reason isn't!
0
 
WaynepreAuthor Commented:
Would u like to see it?

I can arrange it?
0
 
Glen KnightCommented:
See my profile!
0
 
Glen KnightCommented:
Just noticed looking at the IPCONFIG above you don't have IPv6 configured?

This is absolutely essential for SBS2008 and should not be disabled.  Re-enable it and restart the server.

Also make sure you only have your internal domain name and remote.domainname.com in the forward lookup zones on your DNS there should be no others listed.
0
 
Glen KnightCommented:
If you have a host on your internal DNS for mail.micah.org.uk that points to your internal servers IP address and then point your send connector to a smarthost of mail.micah.org.uk then you will cause a loop because the exchange server is trying to forward to itself.

This will also japan if you have an A record in your external DNS for mail.micah.org.uk that points to the extenal IP of your exchange server which explains why your mail wasn't being sent out of your organisation.
0
 
WaynepreAuthor Commented:
Demazter brilliant this is now working many thanks for all you help.
Sorry for the late reply I got called away.
Regards
Wayne
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 69
  • 48
  • 6
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now