nocalerts
asked on
Exchange 2003 SMTP queue keeps backing up
I have my Exchange 2003 bridgehead server talking to a Barracuda Spam Firewall 300 appliance for it's smart host. It hums along for a while and then all of a sudden gets a 'The connection was dropped by the remote host.' error and goes into retry mode. It retries the three times one minute appart, then waits 10 minutes for the fourth try which usually reconnects and flushes the queue. Barracuda claims there is nothing wrong on their end. Any ideas? Is there a log I can check to get more info as to what is going on with the Exchange server?
If I force a connection manually it seems to connect, change to active and flush the queue.
Thanks,
If I force a connection manually it seems to connect, change to active and flush the queue.
Thanks,
Hi,
I suspect the issue has been caused by the Barracuda Spam Firewall.
Bypass the Barracuda Spam Firewall and monitor the mail queue.
I hope this helps,
Shree
I suspect the issue has been caused by the Barracuda Spam Firewall.
Bypass the Barracuda Spam Firewall and monitor the mail queue.
I hope this helps,
Shree
ASKER
Can't do that because of the way my MX records are setup, won't survive a reverse look up. Barracuda suspects all is fine. Logs somewhere on the Exchange server maybe that would give more detail about the errors?
Event viewer might give you some help, but you might have to increase the logging levels in Exchange.
The basic telnet test I mentioned might at least tell us where to start looking.
The basic telnet test I mentioned might at least tell us where to start looking.
ASKER
PS...I can telnet fine, issue is intermittent.
http://www.msexchange.org/tutorials/Logging_the_SMTP_Service.html
http://support.microsoft.com/kb/821910
Turn your logging on and then look at the logs to see what is going on with the connection. Is the smart host using a FQDN or an IP address?
http://support.microsoft.com/kb/821910
Turn your logging on and then look at the logs to see what is going on with the connection. Is the smart host using a FQDN or an IP address?
ASKER
Thanks, I've enabled the logging, I talk to the smart host by IP address.
Miles
Miles
ASKER
Might be a stupid question, but in the Microsoft KB it talks about enabling the diagnostic logging, but no info on where to read them. I assume this just logs to the Windows Application Event Log then?
Diag logging is in the event viewer.. the smtp creates its own text file logs.
ASKER
figured...thanks, already found this which does point to the Spam filter even though they swore it was not...
Message delivery to the host '10.5.1.160' failed while delivering to the remote domain '[10.5.1.160]' for the following reason: An SMTP protocol error occurred.
The SMTP verb which caused the error is 'MAIL'. The response from the remote server is '421 Error: too many messages in one session
'.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Message delivery to the host '10.5.1.160' failed while delivering to the remote domain '[10.5.1.160]' for the following reason: An SMTP protocol error occurred.
The SMTP verb which caused the error is 'MAIL'. The response from the remote server is '421 Error: too many messages in one session
'.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, added my server to the exception for the rate limiting and mail seems to flow right away now...so that was the core of my problem. Still seeing these however:
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: Routing Engine/Service
Event ID: 952
Date: 4/13/2010
Time: 5:23:14 AM
User: N/A
Computer: GMBEXFEND01
Description:
Subordinate routing node failed to connect to its master
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 4c 27 00 00 L'..
Miles
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: Routing Engine/Service
Event ID: 952
Date: 4/13/2010
Time: 5:23:14 AM
User: N/A
Computer: GMBEXFEND01
Description:
Subordinate routing node failed to connect to its master
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 4c 27 00 00 L'..
Miles
ASKER
Also seeing this, which concerns me:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1006
Date: 4/13/2010
Time: 9:40:31 AM
User: GBR_NT\PMarchand
Computer: GMBEXFEND01
Description:
Windows cannot bind to GMI-BOSTON.COM domain. (Invalid Credentials). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1006
Date: 4/13/2010
Time: 9:40:31 AM
User: GBR_NT\PMarchand
Computer: GMBEXFEND01
Description:
Windows cannot bind to GMI-BOSTON.COM domain. (Invalid Credentials). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Also check the event logs on the Exchange server to see if there are any indications of a problem.