Exchange 2007 won't receive emails

Hi all,

i currently have a Windows 2008 SBS Std server with Exchange 2007. Out of the blue on thursday night our internet went off line. After speaking with our ISP we have finally got our internet back.

Our issue now is that we are able to send e-mails but not receive external e-mails. We can send and receive internally it just external.

i have checked the Router / Firewall and all seems to be ok that end.

i have checked the event log and the only thing I can see wrong is the following

Microsoft Forefront Server security encoutered an error while performing a scan engine update.

Scan Enginer: AhnLab
Error Code: 0x800004005
Description: The product license has expired.

If this licence is expired does this mean that it will disable all incoming external e-mail?

Thanks for your help in advance regards

Wayne
LVL 3
WaynepreAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hilal1924Commented:
Here is the strategy to deal with this issue:

1. Since the Forefront Security License has expired, it could play spoilsport (although Unlikely), So go to services and Disable the service. Send yourself a test mail and see if it reaches you.
2. Do a test from Outside using Telnet "yourserver" 25. And see if you can send a test mail to yourself. You should recieve 220 and 250 SMTP codes.
3. Check your Mail Tracking Log, (EMC -->Toolbox --->Message Tracking Center). See the status of the message that you sent to yourself. See if it even made it to the mailserver.

Do these tests and post the results here and I will be happy to assist you further.

Hilal
0
WaynepreAuthor Commented:
Hi Hilal thanks for the swift reply.
1) I have just disabled the Forefront Security and it stops the Exchange Information store and won't allow it to start again.
2) How do I send a mail using telnet its been a long time since i have done this.
3) will give a reply to this one in a sec
 
0
WaynepreAuthor Commented:
When I go to Message Tracking, and do a search with eventid as RECEIVE no results found.
 
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

WaynepreAuthor Commented:
Ok I tell a lie,
I have just changed the date range so it is showing all email since thursday in the message tracking.
 
0
Hilal1924Commented:
Hmm To use Telnet do The following:

http://www.activexperts.com/activemail/telnet/

OK So you found that Some mail was delivered from External World. Did you check the details if it was delivered to Mailbox or not?

Hilal
0
Mahmoud SabrySenior IT Systems EngineerCommented:
dear Waynepre
First, make sure your IP address and MX record hasnot changed
to check this, go to http://mxtoolbox.com/ and type there your domain name, and see your IP address
and also perform SMTP test and give us the result, or just give us your public domain name

second, from your HUB server, go to http://www.whatismyip.com/ and check that your real ip is exactly like your IP in MX record
0
Hilal1924Commented:
Why would forefront Not allow Information Store Service to Start ? Do you get any error message ?

Hilal
0
Hilal1924Commented:
Anyway Here is a proper way to disable ForeFront Services:

The Forefront Security for Exchange Services can be disabled using the Enable Forefront Security for Exchange Scan option in the General Options work pane.

To disable the Forefront Security for Exchange Server services
1.Open the Forefront Server Security Administrator.

2.In the SETTINGS section of the Shuttle Navigator, click General Options. The General Options work pane opens.

3.In the Enable Forefront Security for Exchange Scan field in the Scanning section, select Disable all.

4.Click Save.

5.Recycle Forefront Security services for the change to take effect. (For more information, see Recycling the Forefront Security for Exchange Server services.)


Hilal
0
WaynepreAuthor Commented:
Hi msabry,
I have already checked the MX records yesterday and it is correct I have just ran an SMTP check this is the result i got
421 4.3.2 Service not available, closing transmission channel

Not an open relay.
 0 seconds - Good on Connection time
 0 seconds - Good on Transaction time
 OK - 81.142.11.9 resolves to
 Warning - Reverse DNS does not match SMTP Banner
 
The IP Address you see is the correct IP.
Regards
0
Hilal1924Commented:
@msabry  .. Let him finish the basic tests first before we move onto DNS. Telnet should tell if he is able to recieve mail or not.


@ Wayne : Bro Use this to automatically Test your server :

http://www.mxtoolbox.com/diagnostic.aspx

Post the results here please.

Hilal
0
WaynepreAuthor Commented:
Hilal,
I have already disabled this in FF then i rebooted the server do I still need to recycle if so how do i do this?
 
0
WaynepreAuthor Commented:
I have just tried to telnet inot the server and i get the following error
421 4.3.2 Service not available, closing transmission channel
 
0
WaynepreAuthor Commented:
@Hilal
421 4.3.2 Service not available, closing transmission channel


Not an open relay.
 0 seconds - Good on Connection time
 0 seconds - Good on Transaction time
 OK - 81.142.11.9 resolves to
 Warning - Reverse DNS does not match SMTP Banner
0
Hilal1924Commented:
OK I think you have narrowed it down to : 421 4.3.2 Service not available, closing transmission channel

Check this One:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23500416.html


Hilal

0
Mahmoud SabrySenior IT Systems EngineerCommented:
please confirm now that ur Real IP address is exactly like your MX record

from HUB server go to http://www.whatismyip.com/ 

and confirm this first
0
WaynepreAuthor Commented:
@msabry - The IP address are the same.
@Hilal - I have checked the permissions as it shows in the screen print and I am still not receiving any emails.
0
Hilal1924Commented:
@msabry: Internet Traffic and SMTP traffic is always segregated in 99% of the cases. So even if he goes to whatismyip.com , he might see his gateway or firewall address which might not be the Public IP (81.142.11.9) which is NAT'ed for SMTP. So it is only going to add to the confusion.

Wayne: Please do One thing, If you have access to your firewall, Can you see SMTP traffic hitting this IP (81.142.11.9). It will be in the logs.

Hilal
0
Hilal1924Commented:
OK , Now let us take a step back.

Restart the Forefront Services and then disable them like this:

Anyway Here is a proper way to disable ForeFront Services:

The Forefront Security for Exchange Services can be disabled using the Enable Forefront Security for Exchange Scan option in the General Options work pane.

To disable the Forefront Security for Exchange Server services
1.Open the Forefront Server Security Administrator.

2.In the SETTINGS section of the Shuttle Navigator, click General Options. The General Options work pane opens.

3.In the Enable Forefront Security for Exchange Scan field in the Scanning section, select Disable all.

4.Click Save.

5.Recycle Forefront Security services for the change to take effect. (For more information, see Recycling the Forefront Security for Exchange Server services.)

Once this is done, ForeFront will be out of picture.  Also Please do check the amil queue and see if there is anything ?

Hilal
0
Mahmoud SabrySenior IT Systems EngineerCommented:
good
from any other computer on uor internal network
from command prompt

type the following
telnet HUB_Internal_IP 25

what is the result
0
WaynepreAuthor Commented:
Plz see below some examples from my firewall log
Apr 10 12:42:56
kernel
allow in eth0 48 tcp 20 110 65.55.90.13 192.168.10.1 26657 25 syn (SMTP)
Apr 10 12:42:06
kernel
allow in eth0 48 tcp 20 109 65.55.90.235 192.168.10.1 54995 25 syn (SMTP)  
0
Hilal1924Commented:
C:\>ping -a 81.142.11.9

Pinging host81-142-11-9.in-addr.btopenworld.com [81.142.11.9] with 32 bytes of data: ( This does not look like proper DNS record)

Reply from 81.142.11.9: bytes=32 time=236ms TTL=43
Reply from 81.142.11.9: bytes=32 time=236ms TTL=43
Reply from 81.142.11.9: bytes=32 time=236ms TTL=43
Reply from 81.142.11.9: bytes=32 time=236ms TTL=43

Ping statistics for 81.142.11.9:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 236ms, Maximum = 236ms, Average = 236ms

Bottom Line is that your DNS setup looks to be wrong. Could you send me your domain name in a private message, Could you be your email address. Send it to hilal.lone@gmail.com

Hilal
0
Hilal1924Commented:
One the firewall see if this address is getting hit from outside 81.142.11.9. I belive this is your internal Mail server IP (192.168.10.1)

Hilal
0
WaynepreAuthor Commented:
@msabry - the message i am getting when I telnet the router on port 25 is Could not open the connection to the host on port 25 : connection failed.
@Hilal - I have already tried this but the service is still running. But If i try to stop them it wants to stop the Exchange IS. The Exchange IS won't start without FF.
0
WaynepreAuthor Commented:
thats correct hilal
0
Mahmoud SabrySenior IT Systems EngineerCommented:
Still waiting your reply
0
Hilal1924Commented:
I was able to go here https://81.142.11.9/owa. Which means That indeed 192.168.10.1 is Nat'ed to 81.142.11.9 and is also accepting connections (At least on port 443). Ok Stop all the Forefront Services and then manually start IS service.

Or Just uninstall the Forefron Security, You can always install it later, It is anyways doing nothing right now except cause nuisance.

I still need your domain name.

Hilal
0
Mahmoud SabrySenior IT Systems EngineerCommented:
ok
go to the following URL and put your real IP

http://mxtoolbox.com/PortScan.aspx

and see what is the opened ports in your firewall, and look if SMTP is allowed or not
0
Hilal1924Commented:
This will not work "the message i am getting when I telnet the router on port 25 is Could not open the connection to the host on port 25 : connection failed." Since port 25 is always blocked for Router/Firewall IP unless it is a UTM Device.

Hilal
0
Hilal1924Commented:
@msabry : Dude It is already established that port 25 traffic is getting dropped on that IP (421 4.3.2 Service not available, closing transmission channel). So it is essential to explore other options. Don't confuse the user please.

Hilal
0
Mahmoud SabrySenior IT Systems EngineerCommented:
for this IP 81.142.11.9  if it related to u, yes port 25 is open

if this is your real ip

so try to telnet HUB_Internal_IP 25 from your Internal network not from outside the firewall to identify that the problem is in firewall publish or internally from server
0
WaynepreAuthor Commented:
@msabry here are the results mate.
  25 smtp Success 140 ms  
  53 dns Success 140 ms  
443 https Success 156 ms  

These ports were closed:

  21 ftp Timeout 0 ms   22 ssh Timeout 0 ms   23 telnet Timeout 0 ms   80 http Timeout 0 ms   110 pop3 Timeout 0 ms   143 imap Timeout 0 ms   139 netbios Timeout 0 ms   389 ldap Timeout 0 ms   587 msa-outlook Timeout 0 ms   1433 sql server Timeout 0 ms   3306 my sql Timeout 0 ms   8080 webcache Timeout 0 ms
 
 
0
Hilal1924Commented:
4 open ports:

  25 smtp Success 156 ms
  53 dns Success 156 ms
  443 https Success 140 ms


This is very very good News.
it means that we can route SMTP traffic through it.

Hilal
0
WaynepreAuthor Commented:
msabry - If i telnet the router (internal_hub) 25 from another computer internal then i get the following error "coule not open connection to the host on port 25.
If i telnet the exchange server address from another computer i get the 220 etc
0
Mahmoud SabrySenior IT Systems EngineerCommented:
very good

as you receive this reply, then the problem not in forefront

and the issue was in the publish of Exchange server on the firewall, see if SMTP inspection is enabled on the firewall or not, if enabled please disable it, and try to reveiw your publish rules again
0
WaynepreAuthor Commented:
hi MS,
I have already tried this but no joy :(
0
Mahmoud SabrySenior IT Systems EngineerCommented:
at this point, I can say that the problem in the publish rule and the firewall, try track the incoming SMTP traffic  ans see at any point the connection is dropping and try to overcome this

Msabry
0
Hilal1924Commented:
Ah finally we got it done. Recieve Connector Settings were not proper :)
Also Forefront was acting Up :)

Hilal
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mahmoud SabrySenior IT Systems EngineerCommented:
if you need the permission that XXX@domain.com has for any another user mailbox, then you can try the following from the exchange management shell

Get-Mailbox | Get-MailboxPermission -User XXX@domain.com | fl identity,user, accessrights

this will give you alist of all mailboxes that XXX user has full access
0
Mahmoud SabrySenior IT Systems EngineerCommented:
sorry i sent it by error as a reply to anothe question
0
WaynepreAuthor Commented:
Brilliant many thanks mate.

And thanks to all other users who tried to help.

Regards
0
765techCommented:
So what was the fix for this? I am having this same problem?????
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.