We help IT Professionals succeed at work.

Exchange 2010 Won't Send to WAN

3,223 Views
Last Modified: 2012-05-09
Exchange 2010 on Server 2008 ::: New install ::: Domain pointed and mail is being received but cannot send to WAN; only LAN.  Accepted domain(s) are in.  Ports 80, 443, 25, and 110 are open and running in service (Sonicwall) set up by Public Service Wizard (then modified to include these, by the way!) ::: Connector has been created. ::: 12 clients.
Comment
Watch Question

Top Expert 2010
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I get a bounce.  OWA lets me log in remotely.  I send an email to myself at a POP address and nothing.  I send it to exchange from the POP and it goes right in.  I can configure my iTouch to connect to exchange from outside the LAN and it see the sent items.  I send mail to a POP from the iTouch and goes nowhere, also.

Author

Commented:
Subject: Test from iPod Exch to nctv
This message hasn't been delivered yet. Delivery will continue to be attempted.
The server will keep trying to deliver this message for the next 1 days, 19 hours and 57 minutes. You'll be notified if the message can't be delivered by that time.

Author

Commented:
These messages just time out.  I get a further message saying it couldn't be delivered.  Sounds like the firewall won't let it out.  It'll go internal, no problem.  Seems like Exchange isn't the problem.

Author

Commented:
CORRECTION ::: Mail does NOT go in either.  I just tried it.

 user@mail.domain.org
    SMTP error from remote mail server after RCPT TO:<user@mail.domain.org>:
    host mail.domain.org [x.x.111.196]: 550 5.7.1 Unable to relay

When the messages are not delivered are they stuck in the SMTP queue of exchange?

Author

Commented:
I just tried telnet on 25, 110, 443, 80 and 587.  No connect.  These were connecting last week.  I have email fron the outside.  It was working.  I did plug in a Barracuda Spam/Email filter appliance about that time but the router is NOT pointed to it yet.  Could it be stopping the incoming and outgoing.  I had it configured and unplugged from the network while I was getting exchange working.  I had planned to repoint the Exchange Service on the SOnicwall to the Barracuda remotely so I plugged it in and left that chore for another time.  I specifically set it up to ignore outgoing mail.

Author

Commented:
Let me check.  Where in the EMC is it?   I see a Queue Length (Copy and Replay), both columns are 0.
Top Expert 2010

Commented:
I think you have a barracuda/sonicwall configuration issue.  I've been involved in a couple of these conversations here on EE and they can get quite hairy.  Here are the links to those...hope they help.

https://www.experts-exchange.com/viewQuestion.jsp?qid=26264949

https://www.experts-exchange.com/viewQuestion.jsp?qid=26282994

Author

Commented:
Maybe my receive connector isn't set right.  I had to correct it once already.  I had an address range 0.0.0.0-255.255.255.255 and had to set it to * in some other properties box.  I do want to receive on port 25, yes?
Top Expert 2010

Commented:
yes...port 25 is smtp.

Author

Commented:
I do have an SMTP send connector.  Telnet used to connect on 25.  I am curious why it has stopped listening.

Author

Commented:
This I found in the event log after sending the email from OWA.  I have installed this certificate per the instructions and it exists in the proper folder.

Microsoft Exchange could not find a certificate that contains the domain name mail.domain.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector domain.org with a FQDN parameter of mail.domain.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

Where is the Enable-ExchangeCertificate -Services SMTP ?
Top Expert 2010

Commented:
they are talking about running it in the powershell for exchange.  you'll find that under Exchange Program Group under the start menu.

http://technet.microsoft.com/en-us/library/aa997231.aspx
Did you create a ceritificate through Powershell?
Example code below.
New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=SomeOrganization, cn=mail1.yourompany.com" -DomainName yourcompanydomainname.com, example.com -PrivateKeyExportable

Also if you could telnet before and can't now did you install recent AV software? Sometimes that is the culprit.

Author

Commented:
Yeah.  Checked that.  Have Trend installed but way before problem started.  Copied the cert from the personal folder to the trusted root cert. auth like the technet told me to.  I notice, however, that the domain.org isn't there only the server.domain.local cert and the server name cert.  Should i have a domain.org cert?

Author

Commented:
Enable-ExchangeCertificate -Services SMTP  wants a Thumbprint.  I know where that is but which one do I use?
Top Expert 2010

Commented:
The error should indicate the thumbprint it's looking for.  You'll want to compare with the existing certificates and match up the thumbprint.

Author

Commented:
Digi ::: We have met in another rhealm.  I am barracude guy.  Its not in yet so this is just exchange problem (or me) right now.  I'll check the error log.   I don't see a thumbprint.  I went through that procedure before to get the cert I needed but then I had the thumbprint as you say and I kept looking until I found it then copied it into the Root Trust Folder.  I did it for the .local domain, though.  I don't have one i nthere for the mail.domain.org name.  Is that necessary, too?  If so, I don't have one to copy.

Ochom's Razor ::: I feel like I am making this too difficult - or it just is.

Top Expert 2010

Commented:
Yes, I remember you...barracuda guy...>GRIN<.  Here are steps for getting the thumbprint.  Once you have the cert installed on the local server, then you should be able to run the command in the steps to reveal the thumbprint.

Hi,

Are you getting the error with event id 12014 if yes than follow these steps.

1. Open "Exchange Management Shell ".
 
2. Write "get-ExchangeCertificate " and press on "Enter " button.
 
3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.
 
4. Review the current certificate that use by the Exchange server and each certificate function.
 
5. EXAMPLE: Write "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP"
 
       and press on 'Enter " button.

    * The value of -Thumbprint obtained in stage 3.

 
6. Restart the Exchange server.

I hope this will work for you.

Regards.

Shafaquat Ali.

Ref: http://social.technet.microsoft.com/Forums/en/exchangesvrdeploy/thread/c3552359-dfa5-42b3-bdc4-085741760e23

Author

Commented:
Digi :::  I get the following.  No restart made because of error.  What does this tell us?


[PS] C:\Windows\system32>get-ExchangeCertificate

Thumbprint                                Services   Subject
----------                                --------   -------
2FA7135918D40F2A787FE504E092B9B3C7233E83  IP.WS.     CN=WPBCDC01


[PS] C:\Windows\system32>Enable-ExchangeCertificate -Thumbprint 2FA7135918d40f2a787fe504e092b9b3c7233e38 -Services "SMTP
"
The certificate with thumbprint 2FA7135918d40f2a787fe504e092b9b3c7233e38 was not found.
    + CategoryInfo          : ObjectNotFound: (:) [Enable-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : 78D09DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificat
   e

[PS] C:\Windows\system32>Enable-ExchangeCertificate -Thumbprint 2FA7135918D40F2A787fE504E092B9B3C7233E38 -Services "SMTP
"
The certificate with thumbprint 2FA7135918D40F2A787fE504E092B9B3C7233E38 was not found.
    + CategoryInfo          : ObjectNotFound: (:) [Enable-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : 78D09DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificat
   e

[PS] C:\Windows\system32>
Top Expert 2010

Commented:

Author

Commented:
The article shows a cert I don't have.  I don't have a digital cert to download or in a zip file, only what exchange installs.  We don't require the clients to use one either.  There is a setting in the OL client for that under options but we don't use it.  I did refresh the cert I do have and it replaced the thumbprint I put in the past post with a new one and said it completed successfully.  I cannot send out from exchange, still, however.

Author

Commented:
I am able to telnet 25 now.   I'll try the exchange analyzer again.   I couldn't before because port 25 was not listening before.  I don't know what fixed or when since last Friday.
Top Expert 2010

Commented:
thinking the refresh probably did it...looking foreward to the analyzer results.

Author

Commented:
Digi :::  Check this out.  Insufficient system storage?  We have tons of space.  I'll check again.  This is a new server.

Attempting to send test email message to jfuller@woodwardpark.org using MX mail.woodwardpark.org.
  Delivery of the test message failed.
   Additional Details
  Server returned status code 452 - Insufficient system storage. The server response was: 4.3.1 Insufficient system resources
Exception details:
Message: Insufficient system storage. The server response was: 4.3.1 Insufficient system resources
Type: System.Net.Mail.SmtpException
Stack trace:
at System.Net.Mail.MailCommand.CheckResponse(SmtpStatusCode statusCode, String response)
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
 
 

Author

Commented:
4 of 8 G B Ram in use.  50% of 500GB HDD Used.

Author

Commented:
Port 25 not available again.
Top Expert 2010

Commented:
hi jdfuller
on exchange system manager
go to toolbox > Best Practices Analyzer

please run a health scan and save the report (.html)

Please upload the report here.

thanks

Author

Commented:
Roger that.  Stand by...
Top Expert 2010

Commented:
also

go here

www.testexchangeconnectivity.com/
Run an Outbound Test

Please post back results here
Top Expert 2010
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
File attached.  Had trouble w export then cut & paste to local screen.  Sent .doc.  Standing by.

Exchange-Analyzer-Best-Practices.doc
Top Expert 2010

Commented:
ok.
Let me know about verizon and ExRCA test connectivity.

thanks
Top Expert 2010

Commented:
Also

Go to your DC

start > run > type
cmd

type this

dcdiag /v /e /TEST:DNS > C:\dcdiagdns.txt

Upload the dcdiagdns.txt file here.

thanks
Top Expert 2010

Commented:
hi.

I think you uploaded the run-time log. I was talking about BPA reports.
After you view the report - it displays an option to Export the report as .HTM.

Please select that.

Also you can just copy paste it  here.

thanks
Top Expert 2010

Commented:
I am going to step out for 45 mins. Will check back here for updates.

thanks
Top Expert 2010

Commented:
hi jdfuller
let me know if you tried those steps. Please post back updates.

thanks

Author

Commented:
Experts.  Appreciate the patience.  This is a primary effort however I must do it after hours so time does pass before the next post.  

Sunnyc7::: I ran the bpa scan as requested and saw the export tab to which you refer.  I saw a lot of dns errors.  Is that the file you saw?  I will cut and paste this time.  I exported from the scan but I suppose I could have attached the wrong file.  I will post again shortly.  It is 10:16pm PST.

Author

Commented:
Btw ::: we are AT&T connected and have the famous Comcast 2wire modem.  Speeds are excellent.

Author

Commented:
MXToolbox gets same message in previous scan.  SBCGLOBAL.NET is AT&T for us here in Fresno, CA

Not an open relay.
 0 seconds - Good on Connection time
 10.327 seconds - Not good! on Transaction time
 OK - 99.3.111.196 resolves to 99-3-111-196.lightspeed.frsnca.sbcglobal.net
 Warning - Reverse DNS does not match SMTP Banner

Session Transcript:
HELO please-read-policy.mxtoolbox.com
250 WPBCDC01.WPBC.local Hello [64.20.227.133] [78 ms]
MAIL FROM: <supertool@mxtoolbox.com>
452 4.3.1 Insufficient system resources [5086 ms]
RCPT TO: <test@example.com>
503 5.5.2 Need mail command [5086 ms]
QUIT
221 2.0.0 Service closing transmission channel [78 ms]

Author

Commented:
Health Check returns this.  The TechNet page on how to resolve it says to run the DOmain Prep.  Doesn't that run on install for Exch 2010?

Domain: WPBC  
 
  Unrecognized Exchange signature Domain: WPBC
 Active Directory domain 'WPBC' has an unrecognized Exchange signature. Current DomainPrep version: 12639.
  Tell me more about this issue and how to resolve it.  

Author

Commented:
Does this help?  See image...
DNS-Settings.jpg
Top Expert 2010

Commented:
hi
a) Can you post the whole BPA file.

b) also from dos prompt run these 2 commands and upload the files here.

go to start > run

type

dcdiag /v /e > c:\dcdiag1.txt

dcdiag /v /e /TEST:DNS > c:\dcdiag2.txt

thanks

Author

Commented:
sunnyc7 ::: Please excuse me for my ignorance but that is all the file returned.  Looks like it ran into a snag and didn't proceed.  Let me run the other commands and get them up here pronto.
Top Expert 2010

Commented:
hey dude thats fine.
I think you posted the wrong BPA file
Can you run it again and copy paste the output here.

thanks

Author

Commented:
I'm giving up!  Now I export it again from the same scan I ran last night - left the session open even - and I get much more.  Here you go.

::: REPORT :::

All Issues  
Domain: WPBC  
 
  Unrecognized Exchange signature Domain: WPBC
 Active Directory domain 'WPBC' has an unrecognized Exchange signature. Current DomainPrep version: 12639.
  Tell me more about this issue and how to resolve it.  
 
Organization: WPBC  
 
  Offline address book site public folder missing Organization: WPBC
 The public folder store where the site offline address book is hosted was not detected. The hosting server may be unreachable or the public folder store does not exist. Public folder store: CN=Public Folder Database 1308425847,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=WPBC,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=WPBC,DC=local.
  Tell me more about this issue and how to resolve it.  
 
Admin Group: Exchange Administrative Group (FYDIBOHF23SPDLT)  
 
Server: WPBCDC01  
 
  DNS 'Host' record appears to be missing Server: WPBCDC01
 The 'Host' (A) record for server WPBCDC01.WPBC.local cannot be retrieved from DNS server '68.94.156.1'. This can cause message routing delays and other service failures. Verify that the DNS server is online and that the 'Host' record is present.
  Tell me more about this issue and how to resolve it.  
 
  Application log size Server: WPBCDC01
 As a best practice, the size of the 'Application' log on server WPBCDC01.WPBC.local should be increased. The current size is 20MB. For servers running Microsoft Exchange, a size of 40MB or more is recommended.
  Tell me more about this setting.  
 
  Exchange resident on global catalog server Server: WPBCDC01
 Exchange server WPBCDC01.WPBC.local is also a global catalog server. This is a supported configuration, but is not recommended.
  Tell me more about this setting.  
 

Author

Commented:
DNS Record Missing :::  This is why I posted the snapshot last night of the DNS seeting from the CMC.

Author

Commented:

:::  dcdiag /v /e > c:\dcdiag1.txt  :::


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine WPBCDC01, is a Directory Server.
   Home Server = WPBCDC01

   * Connecting to directory service on server WPBCDC01.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\WPBCDC01

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         The host 9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local could

         not be resolved to an IP address. Check the DNS server, DHCP, server

         name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... WPBCDC01 failed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\WPBCDC01

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

Top Expert 2010

Commented:
This is interesting:

a) How did you install Exchange 2010 on this server.
Did you follow these steps.
http://technet.microsoft.com/en-us/library/bb125224.aspx

b) Run dcdiag command i gave you above. there are more errors on your way.
I think your exchange is incorrectly setup.

Please provide details on what guides you used to setup exchange.

thanks

Author

Commented:
:::  dcdiag /v /e /TEST:DNS > c:\dcdiag2.txt  :::


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine WPBCDC01, is a Directory Server.
   Home Server = WPBCDC01

   * Connecting to directory service on server WPBCDC01.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\WPBCDC01

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         The host 9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local could

         not be resolved to an IP address. Check the DNS server, DHCP, server

         name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... WPBCDC01 failed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\WPBCDC01

      Skipping all tests, because server WPBCDC01 is not responding to

      directory service requests.

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

            For the partition (DC=ForestDnsZones,DC=WPBC,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=1e20e2d8-fcbe-4d28-9072-494490613fa6,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

             information:
               LDAP Error 0x3a (58).
         ......................... ForestDnsZones failed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=ForestDnsZones,DC=WPBC,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=1e20e2d8-fcbe-4d28-9072-494490613fa6,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

             information:
               LDAP Error 0x3a (58).
         ......................... ForestDnsZones failed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

            For the partition (DC=DomainDnsZones,DC=WPBC,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=87d4280f-8a0e-46ab-884e-24f0721cfb11,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

             information:
               LDAP Error 0x3a (58).
         ......................... DomainDnsZones failed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=DomainDnsZones,DC=WPBC,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=87d4280f-8a0e-46ab-884e-24f0721cfb11,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

             information:
               LDAP Error 0x3a (58).
         ......................... DomainDnsZones failed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (CN=Schema,CN=Configuration,DC=WPBC,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

             information:
               LDAP Error 0x3a (58).
         ......................... Schema failed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (CN=Configuration,DC=WPBC,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

             information:
               LDAP Error 0x3a (58).
         ......................... Configuration failed test CrossRefValidation

   
   Running partition tests on : WPBC

      Starting test: CheckSDRefDom

         ......................... WPBC passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=WPBC,DC=local) we encountered the following

            error retrieving the cross-ref's

            (CN=WPBC,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

            information:
               LDAP Error 0x3a (58).
         ......................... WPBC failed test CrossRefValidation

   
   Running enterprise tests on : WPBC.local

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         GC Name: \\WPBCDC01.WPBC.local

         Locator Flags: 0xe00033fd
         PDC Name: \\WPBCDC01.WPBC.local
         Locator Flags: 0xe00033fd
         Time Server Name: \\WPBCDC01.WPBC.local
         Locator Flags: 0xe00033fd
         Preferred Time Server Name: \\WPBCDC01.WPBC.local
         Locator Flags: 0xe00033fd
         KDC Name: \\WPBCDC01.WPBC.local
         Locator Flags: 0xe00033fd
         ......................... WPBC.local passed test LocatorCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... WPBC.local passed test Intersite

Top Expert 2010

Commented:
let me go through this.

i think there is some fundamental problem in which your Exchange was setup. Please reply to my prior post.

thanks

Author

Commented:
NOTE :::  The tests above are reversed.  The frist post is dcdiag2.txt and the second post is actually dcdiag1.txt.

Sorry for the confusion.  Trying to do it too fast.
Top Expert 2010

Commented:
Your DNS is not setup.
Your AD is not integrated with DNS

a) How did you install Windows Server 2008 and setup Active Directory.
Was this a fresh install, or is this a new setup, where you buy hardware and setup everything from scratch.

we've a long way to go my friend.
Top Expert 2010

Commented:
Both tests failed. see my prior posts and let me know.

thanks

digitap @ I hope you are still here and following this.

Author

Commented:
I looked throught the report and saw the DNS resolution error so tried the nslookup on the server.  :::

C:\Users\Administrator>nslookup WPBCDC01
Server:  UnKnown
Address:  192.168.1.210

Name:    WPBCDC01.WPBC.local
Address:  192.168.1.210


C:\Users\Administrator>

Author

Commented:
Setup was done by dell.  All I did was define rolls.  Set it up as primary AD and DHCP and DNS server using wizards.  Added File Services after that then added Exchange.  All using the setup.exe's.

This was a clean box.  New install.

Author

Commented:
DNS errors abound in the event log.  News flash!  Says I should reset it up.  You think?
Top Expert 2010

Commented:
ok.
do you mean dell came in remotely at $250/hr to set-up your AD / DNS and Exchange ?

If it came pre-installed with windows - that doesnt mean setup was done by dell.

Please see this post.

Did you follow these steps.
http://technet.microsoft.com/en-us/library/bb125224.aspx

Let me think about how to best proceede with this. Give me a day or so.
Top Expert 2010

Commented:
JD
a) Put the Windows 2008 DVD in the drive and run adprep
This will run through the process of installing a domain etc.

check this step-by step guide
http://www.windowsreference.com/windows-server-2008/step-by-step-guide-for-windows-server-2008-domain-controller-and-dns-server-setup/

MS REF
http://technet.microsoft.com/en-us/library/cc725611(WS.10).aspx

b) Step by step guide to install Exchange by Amit Tank MVP
http://www.messagingtalk.org/exchange-2010-rc-quick-installation-guide

MS REF
http://technet.microsoft.com/en-us/library/dd351084.aspx

Hope this helps.

Author

Commented:
No the system was installed without any services.   I added the roles, AD, DNS, DHCP, Print Services, Files Services.  Then installed Exchange 2010 when I was done with the role additions.

Author

Commented:
What will reinstalling the domain, on top of what is there already, do?

Author

Commented:
I did those steps exactly.  I have installed three Server 2008's w ADS and associated services.  Never on with Exchange 2010.  I feel comfortable that ADS was installed with DNS properly but the report says otherwise, I realize.
Top Expert 2010

Commented:
Let me ask you this.

a) if there is nothing on the server - no data / no mails, you aint risking anything.

b) If there is --> take a backup and start with adprep.

Your AD/DNS will not work without it anyway.

Author

Commented:
I followed the Exchange install to the letter and got a perfect install, no errors.
Top Expert 2010

Commented:
ok. And your DNS is showing blanks ?
Top Expert 2010

Commented:
this is strange.

Author

Commented:
There is all their data and their POP mail which has been migrated into (mostly) their Exchange mailboxes.  I hear you loud and clear.  Not what I want to hear but I get it.

Is there a chance that a DNS fix would do it since that is the error I am receiving in the ADS Server Manager Console
Top Expert 2010

Commented:
@JD :: sunny is doing a good job of flushing out some pre-existing DNS issues.  The error that grabs my attention is here:

* Active Directory LDAP Services Check
         The host 9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc.

Sounds like DNS needs to be repaired.  Check out this link and run DCDiag again to see if the error above goes away.  If DNS isn't getting updated properly, then key Exchange functions aren't going to work.

http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/
Top Expert 2010

Commented:
I am going to be in a meeting till 3/4 EST. Will post back after that.

Author

Commented:
Digi ::: Sunny

sorry this taking so long.  I'm sure there are not enough points to make this worthwhile.  I am almost certain you are dedicated to the cause by this point.  I will have more time tomorrow, Saturday, to try and flush this out.  Thanks for staying in the fight.
Top Expert 2010

Commented:

Author

Commented:
Sunny :::  DNS is already installed.  Obviously not working for exchange.  Can I safely remove and reinstall it w AD integration without tearing anything else up in the process?
Top Expert 2010

Commented:
You have to configure it as per the article above.
configure forward and reverse look-up zones and forwarders.
Top Expert 2010

Commented:
Check out my post here, http:#a33221687, to fix DNS.
Top Expert 2010

Commented:
I would second digitap's DNS repair steps.
http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/

You have to do this on the DC.

dcdiag /fix
netdiag /fix
ipconfig /flushdns
ipconfig /registerdns
net stop server
net start server

--
If these dont work then you can go ahead and reinstall DNS and configure it with FW and RV lookup zones.

Author

Commented:
Ok guys.  I'll give it a whirl Monday PST.

Author

Commented:
I have reinstalled DNS.  I went with the existing certs and integration of AD was implied by the role advisor when I added it back in.  This test was quite a bit more successful than before.
=========================

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine WPBCDC01, is a Directory Server.
   Home Server = WPBCDC01

   * Connecting to directory service on server WPBCDC01.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\WPBCDC01

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... WPBCDC01 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\WPBCDC01

      Starting test: Advertising

         The DC WPBCDC01 is advertising itself as a DC and having a DS.
         The DC WPBCDC01 is advertising as an LDAP server
         The DC WPBCDC01 is advertising as having a writeable directory
         The DC WPBCDC01 is advertising as a Key Distribution Center
         The DC WPBCDC01 is advertising as a time server
         The DS WPBCDC01 is advertising as a GC.
         ......................... WPBCDC01 passed test Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test
         Skip the test because the server is running DFSR.

         ......................... WPBCDC01 passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log.
         ......................... WPBCDC01 passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... WPBCDC01 passed test SysVolCheck

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... WPBCDC01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
         ......................... WPBCDC01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC WPBCDC01 on DC WPBCDC01.
         * SPN found :LDAP/WPBCDC01.WPBC.local/WPBC.local
         * SPN found :LDAP/WPBCDC01.WPBC.local
         * SPN found :LDAP/WPBCDC01
         * SPN found :LDAP/WPBCDC01.WPBC.local/WPBC
         * SPN found :LDAP/9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/9184da82-a434-45f1-b221-f3d63e346628/WPBC.local
         * SPN found :HOST/WPBCDC01.WPBC.local/WPBC.local
         * SPN found :HOST/WPBCDC01.WPBC.local
         * SPN found :HOST/WPBCDC01
         * SPN found :HOST/WPBCDC01.WPBC.local/WPBC
         * SPN found :GC/WPBCDC01.WPBC.local/WPBC.local
         ......................... WPBCDC01 passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC WPBCDC01.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=WPBC,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=DomainDnsZones,DC=WPBC,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=WPBC,DC=local
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=WPBC,DC=local
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=WPBC,DC=local
            (Domain,Version 3)
         ......................... WPBCDC01 passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\WPBCDC01\netlogon
         Verified share \\WPBCDC01\sysvol
         ......................... WPBCDC01 passed test NetLogons

      Starting test: ObjectsReplicated

         WPBCDC01 is in domain DC=WPBC,DC=local
         Checking for CN=WPBCDC01,OU=Domain Controllers,DC=WPBC,DC=local in domain DC=WPBC,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local in domain CN=Configuration,DC=WPBC,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... WPBCDC01 passed test ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
         ......................... WPBCDC01 passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 1600 to 1073741823
         * WPBCDC01.WPBC.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1100 to 1599
         * rIDPreviousAllocationPool is 1100 to 1599
         * rIDNextRID: 1159
         ......................... WPBCDC01 passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... WPBCDC01 passed test Services

      Starting test: SystemLog

         * The System Event log test
         A warning event occurred.  EventID: 0x00001695

            Time Generated: 07/20/2010   12:25:44

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'WPBC.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

           

            Possible causes of failure include:  

            - TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers

            - Specified preferred and alternate DNS servers are not running

            - DNS server(s) primary for the records to be registered is not running

            - Preferred or alternate DNS servers are configured with wrong root hints

            - Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

           

            USER ACTION  

            Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

         A warning event occurred.  EventID: 0x00001695

            Time Generated: 07/20/2010   12:25:55

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.WPBC.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

           

            Possible causes of failure include:  

            - TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers

            - Specified preferred and alternate DNS servers are not running

            - DNS server(s) primary for the records to be registered is not running

            - Preferred or alternate DNS servers are configured with wrong root hints

            - Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

           

            USER ACTION  

            Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

         A warning event occurred.  EventID: 0x00001695

            Time Generated: 07/20/2010   12:25:57

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.WPBC.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

           

            Possible causes of failure include:  

            - TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers

            - Specified preferred and alternate DNS servers are not running

            - DNS server(s) primary for the records to be registered is not running

            - Preferred or alternate DNS servers are configured with wrong root hints

            - Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

           

            USER ACTION  

            Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

         A warning event occurred.  EventID: 0x80050004

            Time Generated: 07/20/2010   12:38:14

            Event String:

            Broadcom BCM5709C: The network link is down.  Check to make sure the network cable is properly connected.

         A warning event occurred.  EventID: 0x80050004

            Time Generated: 07/20/2010   12:38:14

            Event String:

            Broadcom BCM5709C: The network link is down.  Check to make sure the network cable is properly connected.

         A warning event occurred.  EventID: 0x8000001D

            Time Generated: 07/20/2010   12:38:37

            Event String:

            The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 07/20/2010   12:38:44

            Event String:

            Name resolution for the name _ldap._tcp.dc._msdcs.WPBC.local timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x00000420

            Time Generated: 07/20/2010   12:39:13

            Event String:

            The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service.   This is not a recommended security configuration.  Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.

         A warning event occurred.  EventID: 0x00001695

            Time Generated: 07/20/2010   12:39:16

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'WPBC.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

           

            Possible causes of failure include:  

            - TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers

            - Specified preferred and alternate DNS servers are not running

            - DNS server(s) primary for the records to be registered is not running

            - Preferred or alternate DNS servers are configured with wrong root hints

            - Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

           

            USER ACTION  

            Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

         A warning event occurred.  EventID: 0x00002724

            Time Generated: 07/20/2010   12:39:17

            Event String:

            This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.

         A warning event occurred.  EventID: 0x00001695

            Time Generated: 07/20/2010   12:39:27

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.WPBC.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

           

            Possible causes of failure include:  

            - TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers

            - Specified preferred and alternate DNS servers are not running

            - DNS server(s) primary for the records to be registered is not running

            - Preferred or alternate DNS servers are configured with wrong root hints

            - Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

           

            USER ACTION  

            Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

         A warning event occurred.  EventID: 0x00001695

            Time Generated: 07/20/2010   12:39:30

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.WPBC.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

           

            Possible causes of failure include:  

            - TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers

            - Specified preferred and alternate DNS servers are not running

            - DNS server(s) primary for the records to be registered is not running

            - Preferred or alternate DNS servers are configured with wrong root hints

            - Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

           

            USER ACTION  

            Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

         A warning event occurred.  EventID: 0x0000000C

            Time Generated: 07/20/2010   12:39:34

            Event String:

            Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

         A warning event occurred.  EventID: 0x000727AA

            Time Generated: 07/20/2010   12:41:59

            Event String:

            The WinRM service failed to create the following SPNs: WSMAN/WPBCDC01.WPBC.local; WSMAN/WPBCDC01.

           

             Additional Data

             The error received was 8344: %%8344.

           

             User Action

             The SPNs can be created by an administrator using setspn.exe utility.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:10

            Event String:

            Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:11

            Event String:

            Driver LANIER LD160c PCL 6 required for printer !!TOSVR01!Copy Room (LANIER LD160c) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:16

            Event String:

            Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:17

            Event String:

            Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TDP (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:18

            Event String:

            Driver HP Color LaserJet 3600 required for printer !!TOSVR01!TDP (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:18

            Event String:

            Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TA Office (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:19

            Event String:

            Driver LANIER MP 4500/LD345 PCL 6 required for printer !!TOSVR01!Reception Area (LANIER MP 4500/LD345) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:20

            Event String:

            Driver Dell Color Laser 3010cn required for printer !!TOSVR01!PreSchool (Dell 3010cn) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:20

            Event String:

            Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!HR HP Color LaserJet 4700dn is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:21

            Event String:

            Driver HP Color LaserJet CP4520 Series PCL6 required for printer !!TOSVR01!Grant Dept (HP CP4525) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:22

            Event String:

            Driver HP Color LaserJet 3600 required for printer !!TOSVR01!Fiscal Dept (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:22

            Event String:

            Driver LANIER MP C4500/LD445c PCL 6 required for printer !!TOSVR01!Enrollment (LANIER MP C4500/LD445c) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:23

            Event String:

            Driver PCL6 Driver for Universal Print required for printer !!TOSVR01!Enrichment Center (LANIER LD540c) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:24

            Event String:

            Driver Canon MX850 series Printer required for printer !!TOSVR01!Canon MX850 series Printer is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:24

            Event String:

            Driver Canon MX850 series FAX required for printer !!TOSVR01!Canon MX850 series FAX is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   12:42:25

            Event String:

            Driver Brother MFC-9440CN Printer required for printer !!tosvr01!A2-Brother MFC-9440CN Printer is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:17

            Event String:

            Driver LANIER LD160c PCL 6 required for printer !!TOSVR01!Copy Room (LANIER LD160c) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:18

            Event String:

            Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:22

            Event String:

            Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:23

            Event String:

            Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TDP (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:24

            Event String:

            Driver HP Color LaserJet 3600 required for printer !!TOSVR01!TDP (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:24

            Event String:

            Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TA Office (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:25

            Event String:

            Driver LANIER MP 4500/LD345 PCL 6 required for printer !!TOSVR01!Reception Area (LANIER MP 4500/LD345) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:26

            Event String:

            Driver Dell Color Laser 3010cn required for printer !!TOSVR01!PreSchool (Dell 3010cn) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:26

            Event String:

            Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!HR HP Color LaserJet 4700dn is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:27

            Event String:

            Driver HP Color LaserJet CP4520 Series PCL6 required for printer !!TOSVR01!Grant Dept (HP CP4525) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:28

            Event String:

            Driver HP Color LaserJet 3600 required for printer !!TOSVR01!Fiscal Dept (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:28

            Event String:

            Driver LANIER MP C4500/LD445c PCL 6 required for printer !!TOSVR01!Enrollment (LANIER MP C4500/LD445c) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:29

            Event String:

            Driver PCL6 Driver for Universal Print required for printer !!TOSVR01!Enrichment Center (LANIER LD540c) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:30

            Event String:

            Driver Canon MX850 series Printer required for printer !!TOSVR01!Canon MX850 series Printer is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:31

            Event String:

            Driver Canon MX850 series FAX required for printer !!TOSVR01!Canon MX850 series FAX is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 07/20/2010   13:06:31

            Event String:

            Driver Brother MFC-9440CN Printer required for printer !!tosvr01!A2-Brother MFC-9440CN Printer is unknown. Contact the administrator to install the driver before you log in again.

         ......................... WPBCDC01 failed test SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=WPBCDC01,OU=Domain Controllers,DC=WPBC,DC=local and backlink on

         CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local

         are correct.
         The system object reference (serverReferenceBL)

         CN=WPBCDC01,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=WPBC,DC=local

         and backlink on

         CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local

         are correct.
         The system object reference (msDFSR-ComputerReferenceBL)

         CN=WPBCDC01,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=WPBC,DC=local

         and backlink on CN=WPBCDC01,OU=Domain Controllers,DC=WPBC,DC=local are

         correct.
         ......................... WPBCDC01 passed test VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : WPBC

      Starting test: CheckSDRefDom

         ......................... WPBC passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... WPBC passed test CrossRefValidation

   
   Running enterprise tests on : WPBC.local

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         GC Name: \\WPBCDC01.WPBC.local

         Locator Flags: 0xe00033fd
         PDC Name: \\WPBCDC01.WPBC.local
         Locator Flags: 0xe00033fd
         Time Server Name: \\WPBCDC01.WPBC.local
         Locator Flags: 0xe00033fd
         Preferred Time Server Name: \\WPBCDC01.WPBC.local
         Locator Flags: 0xe00033fd
         KDC Name: \\WPBCDC01.WPBC.local
         Locator Flags: 0xe00033fd
         ......................... WPBC.local passed test LocatorCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... WPBC.local passed test Intersite

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
Top Expert 2010

Commented:
lets run this

dcdiag /v /e /TEST:DNS > C:\dcdiagdns.txt

Please copy the entire file after the command executes @ with status's in the end PASS / FAIL

Author

Commented:
I thought that was the one I posted but here it is.  Not sure what PASS/FAIL means other than what is already contained in the file.

NOTE:  I have no Reverse lookup entries and the implication that the DNS server is not running because it cannot find the server.  I don't understand DNS enough to understand this since I know the DNS server is running.
=====================================================

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine WPBCDC01, is a Directory Server.
   Home Server = WPBCDC01

   * Connecting to directory service on server WPBCDC01.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\WPBCDC01

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... WPBCDC01 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\WPBCDC01

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results
         ......................... WPBCDC01 passed test DNS

   
   Running partition tests on : ForestDnsZones

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : Schema

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : Configuration

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : WPBC

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running enterprise tests on : WPBC.local

      Starting test: DNS

         Test results for domain controllers:

           
            DC: WPBCDC01.WPBC.local

            Domain: WPBC.local

           

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                  The OS

                  Microsoft Windows Server 2008 R2 Standard  (Service Pack level: 0.0)

                  is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter

                  [00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

                 

                     MAC address is A4:BA:DB:11:A1:A6
                     IP Address is static
                     IP address: 192.168.1.210, fe80::41af:6a6c:b98c:5397
                     DNS servers:

                        192.168.1.210 (wpbcdc01.wpbc.local.) [Valid]
                        Warning:
                        68.94.156.1 (<name unavailable>) [Invalid]
                        Warning: adapter

                        [00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)

                        has invalid DNS server: 68.94.156.1

                        (<name unavailable>)

                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders are not configured on this DNS server
                  Root hint Information:
                     Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
                     Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
                     Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
                     Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
                     Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
                     Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
                     Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
                     Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
                     Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
                     Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
                     Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
                     Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
                     Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
                     Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
                     Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
                     Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
                     Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
                     Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
                     Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
                     Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
                     Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: WPBC.local.
                     Delegated domain name: _msdcs.WPBC.local.
                        DNS server: wpbcdc01.wpbc.local. IP:192.168.1.210 [Valid]
                 
               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone WPBC.local
                  Test record dcdiag-test-record deleted successfully in zone WPBC.local
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

                 

                     Matching CNAME record found at DNS server 192.168.1.210:
                     9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local

                     Matching A record found at DNS server 192.168.1.210:
                     WPBCDC01.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.a91dd835-980f-432d-8726-b7ee89bb9fed.domains._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._tcp.dc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.dc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._tcp.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._udp.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kpasswd._tcp.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.Default-First-Site-Name._sites.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._tcp.Default-First-Site-Name._sites.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.gc._msdcs.WPBC.local

                     Matching A record found at DNS server 192.168.1.210:
                     gc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _gc._tcp.Default-First-Site-Name._sites.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.pdc._msdcs.WPBC.local

                     Warning:
                     Missing CNAME record at DNS server 68.94.156.1:
                     9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Warning:
                     Missing A record at DNS server 68.94.156.1:
                     WPBCDC01.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.a91dd835-980f-432d-8726-b7ee89bb9fed.domains._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _kerberos._tcp.dc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.dc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _kerberos._tcp.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _kerberos._udp.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _kpasswd._tcp.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.Default-First-Site-Name._sites.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _kerberos._tcp.Default-First-Site-Name._sites.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.gc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Warning:
                     Missing A record at DNS server 68.94.156.1:
                     gc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _gc._tcp.Default-First-Site-Name._sites.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.pdc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
               Error: Record registrations cannot be found for all the network

               adapters

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:2f::f (f.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:3::42 (l.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:7fd::1 (k.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:7fe::53 (i.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:dc3::35 (m.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 68.94.156.1 (<name unavailable>)

               1 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.WPBC.local. failed on the DNS server 68.94.156.1
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               
            DNS server: 128.63.2.53 (h.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 128.8.10.90 (d.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.112.36.4 (g.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               DNS delegation for the domain  _msdcs.WPBC.local. is operational on IP 192.168.1.210

               
            DNS server: 192.203.230.10 (e.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.228.79.201 (b.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.33.4.12 (c.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.36.148.17 (i.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.5.5.241 (f.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.58.128.30 (j.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 193.0.14.129 (k.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 198.41.0.4 (a.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 199.7.83.42 (l.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 202.12.27.33 (m.root-servers.net.)

               All tests passed on this DNS server

               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: WPBC.local

               WPBCDC01                     PASS WARN PASS PASS PASS FAIL n/a  
         
         ......................... WPBC.local failed test DNS

      Test omitted by user request: LocatorCheck

      Test omitted by user request: Intersite
Top Expert 2010

Commented:
You need to configure Forwarders in DNS. You have it configured using Root-hints.

Here's how to do it
Configure Forwarders
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
(article is for 2003, but still applies to 2008)

Restart DNS

Run the above test again after you do this.


dcdiag /v /e /TES:DNS > c:\dcdiagdns2.txt

Author

Commented:
sunny :::  Thanks.  I'll work it right now.  Stay tuned - Oh loyal one!
Top Expert 2010

Commented:
hey man. I am here :-)

Author

Commented:
sunny ::: Mailbox store cannot be started.
Top Expert 2010

Commented:
copy paste the error from event log

Are all services running ?
Top Expert 2010

Commented:
Also

Open Exchange Management console
Tools > Best Practices Analyzer

Run a health scan and upload the report here.

lets see what comes up.

thanks
Top Expert 2010

Commented:
Also run this one please

dcdiag /v /e /TES:DNS > c:\dcdiagdns2.txt

Author

Commented:
Can I reinstall Exchange on top of an existing install - in a repair mode - so to speak?  

I see two things happening;

1) their needs to be a certificate in the personal store and

2) the DNS is missing somehting.  There are no Reverse lookup entries.  

There are several Forward lookups.  I added a 'www' and pointed it to the router.
Top Expert 2010

Commented:
Can you upload the dcdiag file.

Top Expert 2010

Commented:
About your queries:
1) You need to buy a UCC/SAN certificate to work with exchange, otherwise you will be getting a lot of errors

Here's how to do it.
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

You can also buy it from there
2) DNS - we need to figure out through Dcdiag

Forward lookup zone should forward to your ISP's DNS.
Check the ISP's DNS from your router / firewall.

You can always reinstall Exchange.
I need to check the repair mode part..

thanks
Top Expert 2010

Commented:
Check this one too
SSL / Exchange 2010

http://technet.microsoft.com/en-us/library/bb266938.aspx

Author

Commented:
Back on it.  Stand by for posts.

Author

Commented:
sunny ::: This mornings test :::  dcdiag /v /e /TEST:DNS > c:\dcdiaDNS.txt

It passes everywhere except Reg and Basic.  It is looking for some missing entry.  I'll bet that between the cert and the Forward we can get this done.
==============================================================

         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: WPBC.local

               WPBCDC01                     PASS FAIL PASS PASS PASS FAIL n/a  
         
         ......................... WPBC.local failed test DNS

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine WPBCDC01, is a Directory Server.
   Home Server = WPBCDC01

   * Connecting to directory service on server WPBCDC01.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\WPBCDC01

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... WPBCDC01 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\WPBCDC01

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         NETLOGON Service is stopped on [WPBCDC01]

         See DNS test in enterprise tests section for results
         ......................... WPBCDC01 passed test DNS

   
   Running partition tests on : ForestDnsZones

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : Schema

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : Configuration

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : WPBC

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running enterprise tests on : WPBC.local

      Starting test: DNS

         Test results for domain controllers:

           
            DC: WPBCDC01.WPBC.local

            Domain: WPBC.local

           

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                  The OS

                  Microsoft Windows Server 2008 R2 Standard  (Service Pack level: 0.0)

                  is supported.

                  Error: NETLOGON service is not running
                  [Error details: 1062 (Type: Win32 - Description: The service has not been started.)]
                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter

                  [00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

                 

                     MAC address is A4:BA:DB:11:A1:A6
                     IP Address is static
                     IP address: 192.168.1.210, fe80::41af:6a6c:b98c:5397
                     DNS servers:

                        192.168.1.210 (wpbcdc01.wpbc.local.) [Valid]
                        Warning:
                        68.94.156.1 (<name unavailable>) [Invalid]
                        Warning: adapter

                        [00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)

                        has invalid DNS server: 68.94.156.1

                        (<name unavailable>)

                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders are not configured on this DNS server
                  Root hint Information:
                     Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
                     Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
                     Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
                     Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
                     Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
                     Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
                     Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
                     Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
                     Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
                     Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
                     Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
                     Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
                     Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
                     Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
                     Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
                     Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
                     Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
                     Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
                     Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
                     Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
                     Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: WPBC.local.
                     Delegated domain name: _msdcs.WPBC.local.
                        DNS server: wpbcdc01.wpbc.local. IP:192.168.1.210 [Valid]
                 
               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone WPBC.local
                  Test record dcdiag-test-record deleted successfully in zone WPBC.local
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

                 

                     Matching CNAME record found at DNS server 192.168.1.210:
                     9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local

                     Matching A record found at DNS server 192.168.1.210:
                     WPBCDC01.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.a91dd835-980f-432d-8726-b7ee89bb9fed.domains._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._tcp.dc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.dc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._tcp.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._udp.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kpasswd._tcp.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.Default-First-Site-Name._sites.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._tcp.Default-First-Site-Name._sites.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.gc._msdcs.WPBC.local

                     Matching A record found at DNS server 192.168.1.210:
                     gc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _gc._tcp.Default-First-Site-Name._sites.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.pdc._msdcs.WPBC.local

                     Warning:
                     Missing CNAME record at DNS server 68.94.156.1:
                     9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Warning:
                     Missing A record at DNS server 68.94.156.1:
                     WPBCDC01.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.a91dd835-980f-432d-8726-b7ee89bb9fed.domains._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _kerberos._tcp.dc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.dc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _kerberos._tcp.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _kerberos._udp.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _kpasswd._tcp.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.Default-First-Site-Name._sites.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _kerberos._tcp.Default-First-Site-Name._sites.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.gc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Warning:
                     Missing A record at DNS server 68.94.156.1:
                     gc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _gc._tcp.Default-First-Site-Name._sites.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 68.94.156.1:
                     _ldap._tcp.pdc._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
               Error: Record registrations cannot be found for all the network

               adapters

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:2f::f (f.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:3::42 (l.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:7fd::1 (k.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:7fe::53 (i.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:dc3::35 (m.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 68.94.156.1 (<name unavailable>)

               1 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.WPBC.local. failed on the DNS server 68.94.156.1
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               
            DNS server: 128.63.2.53 (h.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 128.8.10.90 (d.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.112.36.4 (g.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               DNS delegation for the domain  _msdcs.WPBC.local. is operational on IP 192.168.1.210

               
            DNS server: 192.203.230.10 (e.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.228.79.201 (b.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.33.4.12 (c.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.36.148.17 (i.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.5.5.241 (f.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.58.128.30 (j.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 193.0.14.129 (k.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 198.41.0.4 (a.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 199.7.83.42 (l.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 202.12.27.33 (m.root-servers.net.)

               All tests passed on this DNS server

               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: WPBC.local

               WPBCDC01                     PASS FAIL PASS PASS PASS FAIL n/a  
         
         ......................... WPBC.local failed test DNS

      Test omitted by user request: LocatorCheck

      Test omitted by user request: Intersite

Top Expert 2010

Commented:
a) Start > run > services.msc
Start this service NETLOGON

b) On your NIC Card
Just use the SBS as DNS - remove this 68.94.156.1

c) Configure DNS Forwarders.
Get your ISP's DNS servers. you can also get this from your router /firewall.

Add your ISP's DNS servers.
Configure Forwarders
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
(article is for 2003, but still applies to 2008)

d)  Missing CNAME record at DNS server 68.94.156.1:
This error will go away if you remove this from your NIC card.

Errors;
--------------
 Error: NETLOGON service is not running


68.94.156.1 (<name unavailable>) [Invalid]
                        Warning: adapter
No forwarders configured

TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders are not configured on this DNS server

 Missing CNAME record at DNS server 68.94.156.1:
                     9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Lets try this - and run dcdiag again.

Please post back results.

Author

Commented:
sunny ::: OK.  I removed Certificate Services from AD.  I have no idea how that got started, probably from the DNS reinstall.  Clients went from bad to worse this morning but after removing AD Cert Services everything started working again.  I mean, OWA works from the outside again.  Port 25 telenet is not returning any listener.

I configured the forwarders.  AT&T's DNS servers returned an error so I used another friendly ISP I knew and they came up fine.  Then tried AT&T (sbcglobal.net) again and both worked.  Go figure.  I left all four in the forwarders - saw no harm in that.

Your comment - "just use SBS as DNS" we are using Server 2008R2 w Exchange 2010.  You mena jsut use the server as DNS?
Top Expert 2010

Commented:
yes @ use the server as DNS
You'd need to install Cert's - I will get you a simple way to do this (have it in some bookmark...)
If you dont install the cert's the iPhones will fail.

After mailflow starts working test your exchange

www.testexchangeconnectivity.com/

Do inbound / outbound
EAS / EAS Autdiscover tests

let me know

thanks

Author

Commented:
OK.  All PASS on dcdiag DNS test!! We have to making some headway now.

My iTouch from home is connecting to the Exchange Server now and I can send internal mail to all users (they all replied OK to my OWA mail sent from remote login) but not outbound.  Exchange just delays the send until it times out.  NOW we are back at the original question.  :o)

Connectivity test next post.

JDF
===============  Summary - Detail -scroll down  ========================
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               DNS delegation for the domain  _msdcs.WPBC.local. is operational on IP 192.168.1.210

               
            DNS server: 64.192.0.7 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 64.192.0.8 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 68.94.156.1 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 68.94.157.1 (<name unavailable>)

               All tests passed on this DNS server

               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: WPBC.local

               WPBCDC01                     PASS PASS PASS PASS PASS PASS n/a  
         
         ......................... WPBC.local passed test DNS

      Test omitted by user request: LocatorCheck

      Test omitted by user request: Intersite

===============================================================
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine WPBCDC01, is a Directory Server.
   Home Server = WPBCDC01

   * Connecting to directory service on server WPBCDC01.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\WPBCDC01

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... WPBCDC01 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\WPBCDC01

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results
         ......................... WPBCDC01 passed test DNS

   
   Running partition tests on : ForestDnsZones

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : Schema

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : Configuration

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : WPBC

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running enterprise tests on : WPBC.local

      Starting test: DNS

         Test results for domain controllers:

           
            DC: WPBCDC01.WPBC.local

            Domain: WPBC.local

           

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                  The OS

                  Microsoft Windows Server 2008 R2 Standard  (Service Pack level: 0.0)

                  is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter

                  [00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

                 

                     MAC address is A4:BA:DB:11:A1:A6
                     IP Address is static
                     IP address: 192.168.1.210, fe80::41af:6a6c:b98c:5397
                     DNS servers:

                        192.168.1.210 (wpbcdc01.wpbc.local.) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     64.192.0.7 (<name unavailable>) [Valid]
                     64.192.0.8 (<name unavailable>) [Valid]
                     68.94.156.1 (<name unavailable>) [Valid]
                     68.94.157.1 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: WPBC.local.
                     Delegated domain name: _msdcs.WPBC.local.
                        DNS server: wpbcdc01.wpbc.local. IP:192.168.1.210 [Valid]
                 
               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone WPBC.local
                  Test record dcdiag-test-record deleted successfully in zone WPBC.local
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

                 

                     Matching CNAME record found at DNS server 192.168.1.210:
                     9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local

                     Matching A record found at DNS server 192.168.1.210:
                     WPBCDC01.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.a91dd835-980f-432d-8726-b7ee89bb9fed.domains._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._tcp.dc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.dc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._tcp.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._udp.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kpasswd._tcp.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.Default-First-Site-Name._sites.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _kerberos._tcp.Default-First-Site-Name._sites.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.gc._msdcs.WPBC.local

                     Matching A record found at DNS server 192.168.1.210:
                     gc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _gc._tcp.Default-First-Site-Name._sites.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.WPBC.local

                     Matching  SRV record found at DNS server 192.168.1.210:
                     _ldap._tcp.pdc._msdcs.WPBC.local

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               DNS delegation for the domain  _msdcs.WPBC.local. is operational on IP 192.168.1.210

               
            DNS server: 64.192.0.7 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 64.192.0.8 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 68.94.156.1 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 68.94.157.1 (<name unavailable>)

               All tests passed on this DNS server

               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: WPBC.local

               WPBCDC01                     PASS PASS PASS PASS PASS PASS n/a  
         
         ......................... WPBC.local passed test DNS

      Test omitted by user request: LocatorCheck

      Test omitted by user request: Intersite

Author

Commented:
I received an inbound mail from Exchange COnnect Test - on my iPod Touch no less!!  This is getting good.

Author

Commented:
Inbound/Outbound Exch Conn Tests were successful...
=====================================================

=========================================================================
INBOUND  9:45 PM 7/21/2010
=========================================================================

Testing Inbound SMTP Mail flow for domain jfuller@woodwardpark.org
 Inbound SMTP mail flow was verified successfully.
 Test Steps
 Attempting to retrieve DNS MX records for domain woodwardpark.org
 One or more MX records were successfully retrieved from DNS.
 Additional Details
 MX Records Host mail.woodwardpark.org, Preference 0


Testing Mail Exchanger mail.woodwardpark.org.
 This Mail Exchanger was tested successfully.
 Test Steps
 Attempting to resolve the host name mail.woodwardpark.org in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 99.3.111.196

Testing TCP Port 25 on host mail.woodwardpark.org to ensure it is listening and open.
 The port was opened successfully.
 Additional Details
 Banner Received: 220 WPBCDC01.WPBC.local Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 21:42:07 -0700

Attempting to send test email message to jfuller@woodwardpark.org using MX mail.woodwardpark.org.
 The test message was delivered successfully.
Testing the MX mail.woodwardpark.org for open relay by trying to relay to user Admin@TestExchangeConnectivity.com
 The Open Relay test passed. This mx isn't an open relay.
 Additional Details
 The open relay test message delivery failed (a good thing).
The exception detail is:
Exception details:
Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay
Type: System.Net.Mail.SmtpFailedRecipientException
Stack trace:
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpOpenRelayTest.PerformTestReally()


=========================================================================
OUTBOUND  9:51 PM 7/21/2010
=========================================================================

Performing Outbound SMTP Test
 Outbound SMTP Test Successful
 Test Steps
 Attempting reverse DNS lookup for IP 99.3.111.196
 Successfully resolved IP 99.3.111.196 via Reverse-DNS lookup
 Additional Details
 Resolved IP address 99.3.111.196 to host 99-3-111-196.lightspeed.frsnca.sbcglobal.net

Performing Real-Time Blackhole List (RBL) Test
 Your IP address wasn't found on any of the block lists selected.
 Test Steps
 Checking Block List "SpamHaus Block List (SBL)"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "SpamHaus Exploits Block List (XBL)"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "SpamHaus Policy Block List (PBL)"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "SpamCop Block List"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "NJABL.ORG Block List"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "SORBS Block List"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "MSRBL Combined Block List"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "UCEPROTECT Level 1 Block List"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "AHBL Block List"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL



Performing Sender ID validation
 Sender ID validation performed successfully
 Test Steps
 ExRCA is attempting to find the SPF record using a DNS TEXT record query.
 ExRCA wasn't able to find the SPF record.
 Additional Details
 No records were found.

Author

Commented:
Exchange Active Sync Tests - Not so good but I am pretty sure I didn't set that up anyway.

========================================================================
Exchange Active Sync Test 9:54 PM 7/21/2010
========================================================================

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 ExRCA is attempting the Autodiscover and Exchange ActiveSync test (if requested).
 Testing of Autodiscover for Exchange ActiveSync failed.
 Test Steps
 ExRCA is attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 Test Steps
 Attempting to test potential AutoDiscover URL https://woodwardpark.org/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name woodwardpark.org in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 65.254.248.129

Testing TCP Port 443 on host woodwardpark.org to ensure it is listening and open.
 The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 The certificate name is being validated.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name woodwardpark.org does not match any name found on the server certificate CN=*.fatcow.com, OU=Domain Control Validated - Power Server ID(TM), OU=See www.geotrust.com/resources/cps (c)09, OU=GT80608078, O=*.fatcow.com, C=US





Attempting to test potential AutoDiscover URL https://autodiscover.woodwardpark.org/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name autodiscover.woodwardpark.org in DNS.
 The Host could not be resolved.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host autodiscover.woodwardpark.org could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()




ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 Test Steps
 Attempting to resolve the host name autodiscover.woodwardpark.org in DNS.
 The Host could not be resolved.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host autodiscover.woodwardpark.org could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()




ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
 Failed to contact AutoDiscover using the DNS SRV redirect method.
 Test Steps
 Attempting to locate SRV record _autodiscover._tcp.woodwardpark.org in DNS.
 The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it


========================================================================
Exchange Active Sync AUTODISCOVER Test 9:54 PM 7/21/2010
========================================================================

ExRCA is attempting the Autodiscover and Exchange ActiveSync test (if requested).
 Testing of Autodiscover for Exchange ActiveSync failed.
 Test Steps
 ExRCA is attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 Test Steps
 Attempting to test potential AutoDiscover URL https://woodwardpark.org/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name woodwardpark.org in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 65.254.248.129

Testing TCP Port 443 on host woodwardpark.org to ensure it is listening and open.
 The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 The certificate name is being validated.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name woodwardpark.org does not match any name found on the server certificate CN=*.fatcow.com, OU=Domain Control Validated - Power Server ID(TM), OU=See www.geotrust.com/resources/cps (c)09, OU=GT80608078, O=*.fatcow.com, C=US





Attempting to test potential AutoDiscover URL https://autodiscover.woodwardpark.org/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name autodiscover.woodwardpark.org in DNS.
 The Host could not be resolved.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host autodiscover.woodwardpark.org could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()




ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 Test Steps
 Attempting to resolve the host name autodiscover.woodwardpark.org in DNS.
 The Host could not be resolved.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host autodiscover.woodwardpark.org could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()




ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
 Failed to contact AutoDiscover using the DNS SRV redirect method.
 Test Steps
 Attempting to locate SRV record _autodiscover._tcp.woodwardpark.org in DNS.
 The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it

Author

Commented:
sunny ::: Can you explain this?  This error says I don't have a scope defined.  I beg to differ.  The leases are good, too.

JDF
SCOPE.jpg

Author

Commented:
Cancel that last post ::: I reran the Scan This Role and all is well.
Top Expert 2010

Commented:
hey - was sleeping. just woke up and went through all your posts.

so to summarize.
a) Inbound / outbound working ok. ExRCA pass.
b) Autodiscovery Errors on EAS from ExRCA
We need to fix that.

Did you get a UCC/SAN certificate for Exchange SSL.
http://www.digicert.com/ssl-support/exchange-2010-san-names.htm

I will go through all the ExRCA results and post back if I see something odd.

Author

Commented:
No cert yet.  I have ssl off on iPhones and they do connect.  I can see sent, drafts etc.  Can even make appointments.  Do I need cert to send mail?  Going tones now and will check back in morning.

Author

Commented:
sunny ::: I have been sucked into the vortex of ful time employment.  This is not a bad thing it just leaves little time for two growing boys a wife and some computer magic. (note the time of the post - as do I when I read yours!)  

Even though the ExRCA passed, we cannot send out from this exchange server.  It times out.  It seems to send OK but the message never gets delivered - if that makes sense.

I am connecting well with my iTouch remotley and sending internally with exchange.   I can receive on this domain to the exchange server as well.  No send.

jdfuller
Top Expert 2010

Commented:
jdf - props for load balancing your life :-)

a) Are you saying that when you test for Outbound here - it passes, and it still doesnt deliver emails ?
www.testexchangeconnectivity.com/

Please run that test one more time. @ outbound mail.

Please verify this before we go to step b)

b) I think we can create a send connector.

First Verify if there is something here
 EMC
: Organization Configuration > Hub Transport > Send Connectors
Let me know if there's a send connector already there

If it's not there then you can create a new one

New-SendConnector –Name ‘External’ –Usage ‘Internet’ –AddressSpaces ‘SMTP:*;1’
–DNSRoutingEnabled $true –UseExternalDNSServersEnabled $false –Fqdn ‘mail.woodwardpark.

Will wait for your reply.

thanks

Author

Commented:
Performing Outbound SMTP Test
 Outbound SMTP Test Successful
 Test Steps
 Attempting reverse DNS lookup for IP 99.3.111.196
 Successfully resolved IP 99.3.111.196 via Reverse-DNS lookup
 Additional Details
 Resolved IP address 99.3.111.196 to host 99-3-111-196.lightspeed.frsnca.sbcglobal.net

Performing Real-Time Blackhole List (RBL) Test
 Your IP address wasn't found on any of the block lists selected.
 Test Steps
 Checking Block List "SpamHaus Block List (SBL)"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "SpamHaus Exploits Block List (XBL)"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "SpamHaus Policy Block List (PBL)"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "SpamCop Block List"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "NJABL.ORG Block List"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "SORBS Block List"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "MSRBL Combined Block List"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "UCEPROTECT Level 1 Block List"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL

Checking Block List "AHBL Block List"
 The address isn't on the block list.
 Additional Details
 IP 99.3.111.196 was not found on RBL



Performing Sender ID validation
 Sender ID validation performed successfully
 Test Steps
 ExRCA is attempting to find the SPF record using a DNS TEXT record query.
 ExRCA wasn't able to find the SPF record.
 Additional Details
 No records were found.
Top Expert 2010

Commented:
Did you try sending emails. Looks like your outbound test worked out ok ?

Let me know.
Top Expert 2010

Commented:
Try sending from OWA instead of outlook first.

Author

Commented:
sunny :::  This is a typical response i copied from the queue.  Try, try, try then fail.

Identity: WPBCDC01\242\513
Subject: Delivered: RE: Good job/Encouragement needed
Internet Message ID: <63225b67-1d0d-4767-90c4-bd4a50fabe77@woodwardpark.org>
From Address: <>
Status: Ready
Size (KB): 3
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/27/2010 11:36:38 AM
Expiration Time: 7/29/2010 11:36:38 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: WPBCDC01\242
Recipients:  wgross@waterboards.ca.gov
Top Expert 2010

Commented:
Open Exch Shell > toolbox
Message Tracking Center

Enter sender/ recipient and try to track down this message there.

4.4.7 - I will get you something on that. Give me sometime.
I saw a case in EE 2/3 days ago where 4.4.7 was traced down to a faulty ISP router (definitely outside your scope of troubleshooting).

thanks

Author

Commented:
suny :::  Here's the one I just sent from OWA per your request; it is sitting in the queue.  It has not timed out yet.

Identity: WPBCDC01\250\528
Subject: Test From OWA at WPBC
Internet Message ID: <76DB426DA0A9EC4E8F47FF93F5F9F5E8A94049@WPBCDC01.WPBC.local>
From Address: jfuller@wpbc.local
Status: Ready
Size (KB): 2
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/28/2010 10:11:32 AM
Expiration Time: 7/30/2010 10:11:32 AM
Last Error:
Queue ID: WPBCDC01\250
Recipients:  jfuller@chukchansi.net
Top Expert 2010

Commented:
Can you remove any Sender Filtering on Hub Transport.

Author

Commented:
Oh!  You don't suppose the ISP is blocking port 25 do you?  I have seen that with SBC.  I'd better check.  I had forgotten that one!

Author

Commented:
DSL Reports says SBC has been blocking 25 to reduce spam.  That may be the culprit.

Author

Commented:
No filtering that I am aware of.  I'll check but I didn't set any.
Top Expert 2010

Commented:
DAMN @ SBC
Can you telnet from outside to the server and see if there's any issue.
(should have caught that earlier..)

Author

Commented:
Yes.  Telnet from where I sit says the port is not open.  I am guessing that it reached the server and the server replied.  I don't think it was blocked internally.  I am outside the server's network but I can remote to it.

I am inside a pretty well controlled environment.  The server I am having issues with (Server 2008R2) doesn't recognize 'telnet' as a command.  What is up with that!
Top Expert 2010

Commented:
Telnet is not installed by default you have to enable it from server roles -- check this >> http://windowsarchitecture.spaces.live.com/blog/cns!C8EE0FE9E055C129!273.entry

Author

Commented:
Sunny ::: I was able to telnet once I was home from work.  Port 25 is listening.
Top Expert 2010

Commented:
ok

Did you try sending emails out after that ?

Author

Commented:
Yes.  They are in the queue waiting to be timed out.  I'm checking the Sonicwall log to see what it has to say.
Top Expert 2010

Commented:
What ports are open in sonicwall ?
25 80 443
Top Expert 2010

Commented:
a) start > run > services.msc

check all exchange services are running.
Nothing is disabled / stopped etc.
All services are set to automatic and started.

b) Open Exchange
Go to toolbox > message tracking center.

enter the email addresses there and see what is the status code for these emails ? Is it NDR'ing it out.
Top Expert 2010

Commented:
Also on exchange
try this

Resume-Queue -Server YOURSERVER.DOMAIN.LOCAL

And see if the queue clears up ?
Top Expert 2010

Commented:
Also
EMS
toolbox > queue viewer

What is the status of the queue - is it ready ?

I am trying to isolate it from queue perspective.
DNS issues resolved
ExRCA done
Send Connector Done.
Firewall > ongoing.

And we are working on
Services
Queue itself

That leaves us with Bad queue
> Change queue directory (next step maybe ?)

let me know.

Author

Commented:
25, 80, 443 all open. SMTP, HTTP, HTTPS respectively.

Exchange Services are all running except POP (we are not using this), Monitoring for cmdlets, and Extensions for Backup.

I went to the TollBox and double clicked the MEssage Tracking and ended up with the Outlook Web Access login (?)  Anyway, the message I sent to myself from my webmail showed up.  So it is recieveing mail on the new domain.

I will reply and check the queue for transport errors.  Stand by..  :o)
Top Expert 2010

Commented:
really ? message tracking goes to OWA login.
***ghost in your machine

let me know about queue and transport errors.
I am guessing queue is suspended or something.

Top Expert 2010

Commented:
BTW - how many send connectors are there ?

Org config > hub transport > Send connectors.

How many are enabled ?
Right click properties

On General
See if FQDN mail.woodwardpark.org is there
Check Address Space tab

SMTP *
Cost =1

Network
first box is checked - use DNSMX to route emails
TLS is checked.

Source Server
Yourserver name is the associated server.

Let me know.

Author

Commented:
sunny ::: From last post..everything is as you said except TLS DOmain Authentication was unchecked.  FQDN was as stated and network space is good.  Source server is good.  TLS only thing unchecked.
Top Expert 2010

Commented:
ok.

Did you check if the queues were suspended from toolbox > queue viewer ?
Top Expert 2010

Commented:
Please check TLS

thanks
Top Expert 2010

Commented:
Are you using a smarthost to deliver emails ? (I guess not - since you didnt mention it till now...)

Can you call the ISP and check if they are blocking port 25.
(Your telnet test was for connecting TO > port 25)
We are testing Exchange > Outside - FROM

Author

Commented:
TLS is now checked and I sent a test message to myself.  I'll post back asap.
Top Expert 2010

Commented:
ok.

Author

Commented:
Msg stuck in queue.  Exchange will try to send this message for blah blah hours is the error ( not really an error yet).  I see no activity on the router saying that the server is trying to do anything.  No event logs saying that Exchange is having a problem.
Top Expert 2010

Commented:
Is the queue suspended

Run this on exch shell
Resume-Queue -Server YOURSERVER.DOMAIN.LOCAL

See if that clears the queue.

Author

Commented:
It wants a filter value.
Top Expert 2010

Commented:
Yes, that is because we didnt specify which queue
try this

Resume-Queue -Server YOURSERVER -Filter {status eq "suspended"}

OR

Open Exchange Management console
toolbox > Queue Viewer
Right click on queue and Retry

Author

Commented:
This is the message I received from my POP end then just replied.  Colpied from the Queue - Status "Retry"
=====================================================================

Identity: WPBCDC01\259\548
Subject: Reply to TEST From NCTV Webmail
Internet Message ID: <76DB426DA0A9EC4E8F47FF93F5F9F5E8A94197@WPBCDC01.WPBC.local>
From Address: jfuller@wpbc.local
Status: Ready
Size (KB): 3
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/29/2010 11:29:43 AM
Expiration Time: 7/31/2010 11:29:43 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: WPBCDC01\259
Recipients:  jdfuller@nctv.com
Top Expert 2010

Commented:
Is mail flow working after you resume the queue ??
Top Expert 2010

Commented:
ok. ignore the last one.

I am going to recommend some MTU troubleshooting...let me get the case for my. brb
Top Expert 2010

Commented:
ok. you still have the reverse DNS doesnt match SMTP banner error
go to Org Config > hub transport > send Connector
Right click

Change it from WPBCDC01.WPBC.local
To
mail.woodwardpark.org

Also check with your ISP if they setup an RDNS for you for mail.woodpark.org


--
Please give this a read
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26355695.html

They resolved the 4.4.7 error to a faulty router somewhere ahead of them.

Please call your ISP and check.

thanks
Top Expert 2010

Commented:
Can you upload the log files for last 2 days from here
c:\windows\system32\logfiles\smtpsvc1

Author

Commented:
The FQDN in the General tab of the Properties for the Hub Transport Send COnnector is already mail.woodwardpark.org.

An RDNS record does not appear to be working as the nslookup does not work for our Exchg IP.  It returns Unknown from the server itself.

No such directory exists for the logfiles.  I find that odd.

Top Expert 2010

Commented:
i thought we just fixed dns above ?
Top Expert 2010

Commented:
Can you do a full virus scan on the server

Author

Commented:
Running tonight... 7/30/10.   Stay tuned...   Thanks.   We are supposedly protected.  We'll see.

Author

Commented:
sunny :::  Are you out there?  I'm back.

Here's what MXTOOLBOX returned.  THere is a proper MX and A record for the domain at GoDaddy.
I called AT&T today (45 min wait for a US tech guy!) and got the form filled out for the RDNS request.
========================================================================

SuperTool Beta
Command:
  a:mail.woodwardpark.org     a    

Type Domain Name IP Address TTL
A mail.woodwardpark.org 99.3.111.196 60 min
reverse lookup smtp diag port scan blacklist

Reported by ns33.domaincontrol.com on Tuesday, August 10, 2010 at 5:19:06 PM (GMT-5)




Error        
ptr requires an IP Address and www.woodwardpark.org is not a valid IP.
Invalid Inputreverse lookup smtp diag port scan blacklist

Reported by mxtoolbox.com on Tuesday, August 10, 2010 at 4:24:11 PM (GMT-5)




a:www.woodwardpark.org     a    

Type Domain Name Canonical Name TTL
CNAME www.woodwardpark.org woodwardpark.org 60 min
Type Domain Name IP Address TTL
A woodwardpark.org 65.254.248.129 60 min
reverse lookup smtp diag port scan blacklist

Reported by ns33.domaincontrol.com on Tuesday, August 10, 2010 at 4:24:03 PM (GMT-5)




Error        
ptr requires an IP Address and mail.woodwardpark.org is not a valid IP.
Invalid Inputreverse lookup smtp diag port scan blacklist

Reported by mxtoolbox.com on Tuesday, August 10, 2010 at 4:23:20 PM (GMT-5)




mx:mail.woodwardpark.org     mx    

No records foundreverse lookup smtp diag port scan blacklist

Reported by ns33.domaincontrol.com on Tuesday, August 10, 2010 at 4:23:07 PM (GMT-5)



Author

Commented:
NOTE ::: The www is the web host and it is at a different IP than the Exchange Server.
Top Expert 2010

Commented:
I am still here... I keep checking this case for updates.
will check mxtoolbox and post back.

Top Expert 2010

Commented:
Server Configuration > Hub Transport > Receive Connector
Right click your default receive connector > properties
Under General Tab - enter
mail.woodwardpark.org

Check settings here
http://www.shudnow.net/2008/11/08/exchange-2007-mail-flow-dns-records-connectors-and-tls/

thanks

Author

Commented:
Thanks for hangin'

Done.  I actually did this today because I noticed there were two - one default the other Client but neither had the FQDN on it so I created a new one with the wizard becasue the other two I could not edit.  Was that a bad idea?

jdfuller

P.S.  Can we get this info sanitized after we're done wreaking havoc on the site?
Top Expert 2010

Commented:
yes we will. you can click on Request attention on top and say please remove all IP and domain details. some mod will do it.

Let me know if your send receive works.

Author

Commented:
Wow!  Feeling pretty proud of myself right now.  I read that article and that was exactly what I did this afternoon; made a connector to the Internet.  OK.  So far it seems like progress is being made.  I am still baffled as to why Exchange wizardry would not walk someone throught these steps IN CASE they wanted to receive mail from the outside - ya think?

JDF

Author

Commented:
I cannot test telnet from inside this domain.  I have to get home to do it so it won't be until later.  I also have an exchange account set up on my iTouch that works for testing this domain.  It receives alright, just can't send.

BTW ::: AT&T cost me 45 minutes of my life and I had to fill out a form to get a RDNS record put on their servers.

JDF
Top Expert 2010

Commented:
AT&T - Rethink Possible.......NOT !

Author

Commented:
sunny ::: I have tested the telenet from home and the "banner" has the WPBCDC01.wpbc.local in it instead of mail.woodwardpark.org.  I see messages waiting in the queue that are delayed and not leaving the server.

I have an smtp Host (A) and a mail Host (A) in the Forward Lookup zones.  PTRs are not being created it says because we have no Reverse Lookup defined.

I have a hunch I need at least the mail.woowardpark.org reverse on the local server, don't you?  I wish I understood this a little better.  I guess I am getting there!

JDF
Top Expert 2010

Commented:
I am going to read the whole case one more time later tonight. At this point I am really not sure what steps we took earlier and what is the present configuration.
will post back later.

Author

Commented:
Standing by.  Will have a look during day tomorrow.
Top Expert 2010

Commented:
need some more time. @ been hectic.
Will post back tomorrow @ its 3:40 AM here... :)

Author

Commented:
No prob.

Author

Commented:
sunny ::: This is the latest error.  I ran the Mail Flow utility i nthe Toolbox in EMC and was told that IPv6 was not supported by Exchange 2010.  I do not have that configured on the NIC, only IPv4.  I disabled IPv6 by unchecking in the NIC properties and instantly froze the machine.  I had to drive 35 miles to restart it and it did not go past Applying computer settings... until I re-enabled IPv6 in Safe Mode.  Everything is back to where it was now before the IPv6 was disabled.  More fun.  I thought this might be helpful.

I do NOT have a certificate with the smtp.woodwardpark.org domain named.  Is this a real error or a result of a configuration problem.  Can I create the cert myself through the Exchange Shell?


Microsoft Exchange could not find a certificate that contains the domain name smtp.woodwardpark.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Connector with a FQDN parameter of smtp.woodwardpark.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Top Expert 2010

Commented:
a) Somethings you learn @ never disable IPV6 in Windows 2008 / ex 2007 / 2010 or anything higher.
sorry you had to learn it that way :(

b) One option is self signed cert for mail.woordwardpark.org - but that will fail if you are connecting windows Phones and Droids.
iPhones / Blackberry will pass with self signed Cert.

It's a good idea to get a UCC/SAN Cert. Costs about $329
https://www.digicert.com/easy-csr/exchange2010.htm 
http://www.digicert.com/exchange-2010-ssl.htm

You need to add these names

mail.woordwardpark.org (your first MX)
autodiscover.woordwardpark.org (you need to create it in your DNS)
WPBCDC01.WPBC.local
WPBCDC01

I was scrolling through the case today. I saw that you created some cert's with digitap earlier. Were they self signed or UCC/SAN from godaddy / digicert.

thanks

Andrew OakeleyConsultant

Commented:
Hi,

Sunny flicked me an email asking me to review this question. I have some ideas but I am a little unclear of what the current status of the server is. To mix some metaphores... So much has gone on I cannot see the wood for the trees, and I don't want to muddy the waters any further. If you could clearly state your current status I'll see what I can do to help

Can you recieve mail?
Can you send mail?
What other problems do you have?

Ta

Andy

Author

Commented:
sunny ::: The current certs are all created at install however, I made one - I think - using the Exchange Shell back a while ago from a post.  It said it did successfully and I verified that it was indeed where it needed to be.  Screen shot enclosed.

andy ::: welcome to my world...and thanks for taking a brave step.   sometimes when too much happens...its too much! (Corrallary to Ocham's Razor).  Here's the deal

::: Recently - two days ago - I had AT&T put an RDNS record in their servers.  At one point we thought the reverse DNS was non-existent and using MXToolbox and nslookup kind of proved that correct.  It does not seem to be effective yet or its not the problem.  On my Exchange Server I see NO Reverse DNS records at all.  This seems strange as well.

::: The DNS Event Log shows no errors except continuous INFORMATION errors -  encountered a bad packet from 64.192.0.8 - which I beleive is AT&T.

::: I can received mail sent to the domain mail.woodwardpark.org.  This is hosted by GoDaddy.
 
::: GoDaddy help me setup the A and MX records.
 
::: I can connect to OutlookWebAccess with my iTouch and check mail from outside the domain (at home).  In other words, Exchange is happy to see my iTouch.  NO SSL.

::: I can connect to OWA through a broswer - no problem.

::: I can send mail through any of the user accounts from anywhere with no error EXCEPT they sit in the queue until they time out; issuing the proper - "Your mail ain't going anywhere fast but I'll keep-a-tryin'..." message.  Then after the alloted time, another message saying it didn't go at all.

::: The Mail Flow Tool in the Exchange Management Console says everything is fine except threw up a CAUTION = IPv6 is NOT ALLOWED WITH 2010 - at which point - yesterday - I disabled it on the NIC and proceeded to incapacitate the server.  It's back to normal now - it is where it was before I did that.  I just ran it again and exported the CSV.  Two entries - IPv6 not supported..that's it.

::: The event logs have this continual error about not being able to find a certificate for mail,woodwardpark.org to be able to start the verb ...  (from a couple of posts ago ... Microsoft Exchange could not find a certificate that contains the domain name smtp.woodwardpark.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Connector with a FQDN parameter of smtp.woodwardpark.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

::: The server is behind a Sonicwall with the proper services created for Exchange using the wizard.  I see no hinderence of the transport.

::: The SMTP Banner does not say mail.woodwardpark.org when telnet is used.  It says WPBCDC01.WPBC.local.  That seems strange.  It may have somehting to do with the SMTP verb thingy.

Attached is a screen shot of the Cert Library.  Appreciate any help I can get.
CertsPersonalStore081310.jpg

Author

Commented:
Another Screen shot of the DNS Foward Lookups.  Nothing contained in the Reverese Lookups.
FwdLookupZones081310.jpg
Andrew OakeleyConsultant

Commented:
Can you please do 2 things for me:

1. Screenshot all the properties pages of your receive and send connectors. Probably best to put in a word doc and then post the doc

2. From your server install telnet then
#> telnet mail.messaging.microsoft.com 25
And post the result
Andrew OakeleyConsultant

Commented:
Also. Please post output from
#> ipconfig /all
Top Expert 2010

Commented:
JDF
You had posted the dns config earlier also - I dont know why I didnt see it.
http:#33438855

Your internal DNS has
- 2 MX records
- one A record called SMTP
- one A record called WWW

> i think all your issues will be resolved if you delete these 3 records in DNS and restart DNS server and Exchange hub Transport.

--
*****Before you do that:*****
a) Take a full system state backup of This Server.
b) Take a backup of C:\windpws\sytem32\DNS - directory.
c) wait for comments from andy / digitap.

this qn. has taken 170+ posts. I think we can wait for a few more before we edit DNS records.
you wont have to drive 35 miles for this ;)

Author

Commented:
Hey Gang! :::  Take a look.  I was getting ready top install the Server backup feature and noticed the SMTP server "feature" was not installed.  Is this bad?  Does Exchange have its own?  Is it a bad idea to install this service?  Could that explain the lack of Send Functionality?  Not being sarcastic, although I really could, why isn't this installed with Exchange?  (Image attached).
features.jpg

Author

Commented:
Andy ::: Telnet installed.  Result below.  Connector screen shots forthcoming...next post.

220 am1ehsmhs003.bigfish.com Microsoft ESMTP MAIL Service ready at Sun, 15 Aug 2010 04:46:56 +0000

Sunny ::: Cold Metal Backup in process.  DNS still intact as shown in previous post.  In an effort to "cure" my problem I created the smtp and www entries.  Probably safe to remove since I put them in.  No change was realized for the better but might have gummed up things going forward.  This was a recent addition - last month sometime.

Author

Commented:
Andy ::: PDF was smaller.  Let me know if this fits the bill.  JDF
Exchange-Connectors-081410.pdf

Author

Commented:
sunny ::: ALmost there.  Going to bed.  Will check in the morning for comments.  Thanks.  I hope I don't sound like a broken record - I know I do - but my integrity is at stake and the best chance I have is the Experts here.
ServerBackup.jpg

Author

Commented:
Gentlemen :::  It is finished!  The backup that is.  I can't resist removing those pesky DNS records I added just to see if that solves it so I am going to try.  I have to satisfy my brain before I go to sleep or I'll just lay thinking about it until tomorrow anyway.

Author

Commented:
::: IPCONFIG /ALL with NSLOOKUP on both www and mail
===============================================

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : WPBCDC01
   Primary Dns Suffix  . . . . . . . : WPBC.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : WPBC.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
 VBD Client)
   Physical Address. . . . . . . . . : A4-BA-DB-11-A1-A6
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::41af:6a6c:b98c:5397%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.210(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.253
   DHCPv6 IAID . . . . . . . . . . . : 245676763
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-6C-5E-34-A4-BA-DB-11-A1-A6

   DNS Servers . . . . . . . . . . . : 192.168.1.210
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
 VBD Client) #3
   Physical Address. . . . . . . . . : A4-BA-DB-11-A1-AA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
 VBD Client) #4
   Physical Address. . . . . . . . . : A4-BA-DB-11-A1-AC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{96953B46-B8D1-4159-B17A-F7C435B5EB5F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8D97248D-F70B-4B00-9AE8-73A436BBC1DF}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{ED08BBEA-4326-45AA-8CF8-3C7601AF8E3C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Administrator>nslookup mail.woodwardpark.org
Server:  UnKnown
Address:  192.168.1.210

Non-authoritative answer:
Name:    mail.woodwardpark.org
Address:  99.3.111.196


C:\Users\Administrator>nslookup www.woodwardpark.org
Server:  UnKnown
Address:  192.168.1.210

Non-authoritative answer:
Name:    woodwardpark.org
Address:  65.254.248.129
Aliases:  www.woodwardpark.org


C:\Users\Administrator>

Author

Commented:
sunny :::   DNS records as indicated in your post were removed and DNS restarted.  Ipconfig - flushed dns.  Connected remotely using OWA and sent more mail - stuck in queue.  Essentially, no chnage.

ATTACHED is MXToolbox on the domain for SMTP.  The banner is an issue.  Maybe you guys can see something in the screen shots of the connectors.

MXToolbox-Report.jpg
Andrew OakeleyConsultant

Commented:
Have a good sleep. I will review when I get home and post for you later

Author

Commented:
::: OK.  Just for kicks.   Had to do an Exchange Connectivity Analyzer Test from the server just to see what it thinks.  It thinks everything is fine except the SPF record.  ???   Goodnight!
ExRemConnAnalyzer---SEND-Test-08.jpg
Andrew OakeleyConsultant

Commented:
No worries. I am pretty sure I will find the final key in the info you have posted, unless sunny is nearer a computer and beats me to it!
Andrew OakeleyConsultant
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Andy ::: PROGRESS ::: Performed all the changes as requested.  SMTP banner is now correct.  I signed on to OWA and sent a new mail (after cleaning out the queue) and the message is stuck in the queue.  I saw it go in (from an RDP session to the server on another screen) but it is just sitting there.

I don't know the SMTP server of the domain's ISP but I could rig to use my ISP's just to test it.  I'll do that a little later.  Gotta go for an hour or two.  Attached is the screen shot of the Network tab of the Client Connector.  

::: The Authentication tab has on it TLS checked but Mutual Auth. is NOT checked.  
::: Basic Auth - Yes AND Offer basic only after starting TLS.
::: Integrated Windows Auth checked.
Client-Connector.jpg
Andrew OakeleyConsultant

Commented:
Flat out monday here. Did not even have a chance to check on EE Mobile.

Yes please use ISP SMTP serevr as smart host and I think that will finish this off. Though by all accounts it should actually be working now.If it is not working after you make this change we need to pay close attentin to the send connector properties. I will review again after you have tested with ISP SMTP Server, do not try to use the SMTP server of the domain host, this will almost certainly NOT work.

The CLIENT recieve connector can stay as is as it is listening on port 587, and will not interfere with anything we are doing.
Andrew OakeleyConsultant

Commented:
IF using the ISP as smart host does not work, then :
1. post image of what you are seeing in the queue

2. delete and recreate the send connector (You can either wait for me to post back, or just give it a crack if I am too long in responding)

Official MS: http://technet.microsoft.com/en-us/library/aa997285.aspx
Same thing, but with pictures so easier to follow: http://www.petri.co.il/configuring-exchange-2007-send-external-email.htm
Top Expert 2010

Commented:
Guys
I was out of action this weekend. Visiting friends etc.

Will check andy's recommendations and post back.
Andrew OakeleyConsultant

Commented:
no sweat sunny. I was out most of the weekend also, we did not do much.

Author

Commented:
Thanks for posting, guys.  Will advise after changes.
JDFuller
Top Expert 2010

Commented:
Jdfuller
Let us know how andy's thing works out.

Can you post another screenshot of the DNS please.

Server roles required for Exchange 2010
Part of pre-reqs
http://technet.microsoft.com/en-us/library/bb691354.aspx

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

Author

Commented:
I have prep'd the system with the only reccommendation that came with Exchange pre-req install and that was the patch.  I see the link (sunny's post) has Windows Power Shell installing several things.  Can I invoke the command to install these things wihtout "over" installing - or - can I install even if some of them are already installed.  I am pretty sure .NET is in there but not sure how to check everything on the list.  Can I just go ahead and run this command and not worry if some parts are already in there.

Current DNS - Attached screen shot(s)  First - Forward DNS, Second - Reverse DNS

jdfuller
DNS-Forward-081610.jpg

Author

Commented:
Reverse DNS

DNS-Reverse.jpg
Top Expert 2010

Commented:
delete the mail entry for now @ DNS
let it be wpbcdc01.wpbc.local with 192.168.1.210

-
Are you saying you missed some of the pre-req steps ? Let me know which one ?

Author

Commented:
I put in the "microsoft filter pack".  I have not used the elevated shell and installed all the things outlined in your post.  I started with a fully patched WIndows 2008 R2 then installed the FIlter Pack then installed Exchange 2010.  All  the pre-requisites were "Green Light" according to the Exchange installation Wizard after that.  Then I proceeded w the install of 2010.

Author

Commented:
Did you understand my question reagarding "Features" to be installed.  When I was installing "telnet" I noticed that the SMTP "feature" was NOT installed.  See the screen shot from ID:33439289.  Is that needed...cuz, it ain't in there.
Andrew OakeleyConsultant

Commented:
No exchange has its own SMTP, you do not need to install the windows SMTP.

How did you go with the smart host and/or recreating the connector?

Andy
Top Expert 2010

Commented:
Andy
Check the bPA report here
http:#3218151

Author

Commented:
sunny ::: Link didn't take me anywhere.

I tried the Smart Host.  I'm fairly certain I set it up correctly - same as I would in an Outlook Account except I'm not sure of the TLS mode, needed or not.  I was able to add it in the COnnector as indicated.  The messages stay in the queue, though, regardless of either setting.  I'm going to try the SMTP for the GoDaddy account and see what happens.  They seem a bit more helpful than AT&T.

Author

Commented:
sunny ::: Missing a '3' :-)  I found it.
Andrew OakeleyConsultant

Commented:
Can you screenshot the queues when mail stuck in them?
Also turn on verbose logging on send connector and email log.

I will review the link to bpa report report sunny posted.

Author

Commented:
Queue shot attached.  Looks like a peice of rougue mail in there, also.  The queue was empty except for mine this afternoon.

P.S.  It might be time for new bPA report.  We've done a lot since.

P.P.S.  Should the FQDN of the Send COnnector be smtp.woodwardpark.org or mail.woodwardpark.org?
Queue-081610-2300.jpg

Author

Commented:
LAST SEND ATTEMPT 2300 hrs ::: 451 4.4.0 Primary target address responded with:    "421 4.2.1. Unable to connect."  Attempted failover to alternate host, but that did not succeed.

I removed the smart host restated the Transport service and tried the DNSConnectorDelivery method and got the above response.
Andrew OakeleyConsultant

Commented:
Set to mail.xxxx so it matches your forward DNS. But should not matter

The rogue mail is probably an NDR response to some incoming spam.

Did you delete and re-create the Send Connector as per instructions sent earlier?

Unless we had proven otherwise by telnet to remote host on port 25 I would be completely convniced that this was a firewall issue with outbound SMTP. Now I just want to know why it is ending up in outbound queues but not actually sending.

Sunny - what are the rules in here about offering to connect to someones computer remote to just fix it?

Author

Commented:
Recreated Send Connector - Same response as above re: Primary target....

Author

Commented:
This is a benign environment.  All users (<10) are using POP until this is fixed.  I am the IT for the org....which...right now, ain't saying much.  I'm in a "no lose situation" and you guys have too much to risk screwing it up intentionally.  You have the IP.  I would bet no one would say this was for money in any court.  jfuller    at the domain in question.  It will receive.  :-)

Author

Commented:
As long as we can post this answer - mod allowing - I think it would be extremely enlightening.  
Andrew OakeleyConsultant

Commented:
Ok - at a client now - but will be in touch later..

Just scrolling back through the posts and noticed this one (see line in bold)
Please confirm you have the reply to address on the users set to the FQDN @woodwardpark.org

Identity: WPBCDC01\259\548
Subject: Reply to TEST From NCTV Webmail
Internet Message ID: <76DB426DA0A9EC4E8F47FF93F5F9F5E8A94197@WPBCDC01.WPBC.local>
From Address: jfuller@wpbc.local
Status: Ready
Size (KB): 3
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/29/2010 11:29:43 AM
Expiration Time: 7/31/2010 11:29:43 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: WPBCDC01\259
Recipients:  jdfuller@nctv.com

Author

Commented:
On their Outlook client config's...Yes.  In ExchMgmntConsole - see attached screen shot.
Mailbox-in-EMC.jpg

Author

Commented:
Since day one I have tried to set the woodwardpark.org as the Reply but it just stays greyed out and won't let me change it to the proper "Set as Reply" .  I hope that isn't aggregiously wrong I'd fel really stupid.  In their client config's they have the POP return now xxxx@wwpbc.org until this domain kicks in.