Solved: Exchange 2010 Won't Send to WAN

ASKER

I get a bounce. OWA lets me log in remotely. I send an email to myself at a POP address and nothing. I send it to exchange from the POP and it goes right in. I can configure my iTouch to connect to exchange from outside the LAN and it see the sent items. I send mail to a POP from the iTouch and goes nowhere, also.

jdfuller

ASKER

Subject: Test from iPod Exch to nctv
This message hasn't been delivered yet. Delivery will continue to be attempted.
The server will keep trying to deliver this message for the next 1 days, 19 hours and 57 minutes. You'll be notified if the message can't be delivered by that time.

jdfuller

ASKER

These messages just time out. I get a further message saying it couldn't be delivered. Sounds like the firewall won't let it out. It'll go internal, no problem. Seems like Exchange isn't the problem.

jdfuller

ASKER

CORRECTION ::: Mail does NOT go in either. I just tried it.

user@mail.domain.org
SMTP error from remote mail server after RCPT TO:<user@mail.domain.org>:
host mail.domain.org [x.x.111.196]: 550 5.7.1 Unable to relay

cireduran

When the messages are not delivered are they stuck in the SMTP queue of exchange?

jdfuller

ASKER

I just tried telnet on 25, 110, 443, 80 and 587. No connect. These were connecting last week. I have email fron the outside. It was working. I did plug in a Barracuda Spam/Email filter appliance about that time but the router is NOT pointed to it yet. Could it be stopping the incoming and outgoing. I had it configured and unplugged from the network while I was getting exchange working. I had planned to repoint the Exchange Service on the SOnicwall to the Barracuda remotely so I plugged it in and left that chore for another time. I specifically set it up to ignore outgoing mail.

jdfuller

ASKER

Let me check. Where in the EMC is it? I see a Queue Length (Copy and Replay), both columns are 0.

digitap

I think you have a barracuda/sonicwall configuration issue. I've been involved in a couple of these conversations here on EE and they can get quite hairy. Here are the links to those...hope they help.

https://www.experts-exchange.com/viewQuestion.jsp?qid=26264949

https://www.experts-exchange.com/viewQuestion.jsp?qid=26282994

jdfuller

ASKER

Maybe my receive connector isn't set right. I had to correct it once already. I had an address range 0.0.0.0-255.255.255.255 and had to set it to * in some other properties box. I do want to receive on port 25, yes?

digitap

yes...port 25 is smtp.

jdfuller

ASKER

I do have an SMTP send connector. Telnet used to connect on 25. I am curious why it has stopped listening.

jdfuller

ASKER

This I found in the event log after sending the email from OWA. I have installed this certificate per the instructions and it exists in the proper folder.

Microsoft Exchange could not find a certificate that contains the domain name mail.domain.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector domain.org with a FQDN parameter of mail.domain.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

Where is the Enable-ExchangeCertificate -Services SMTP ?

digitap

they are talking about running it in the powershell for exchange. you'll find that under Exchange Program Group under the start menu.

http://technet.microsoft.com/en-us/library/aa997231.aspx

cireduran

Did you create a ceritificate through Powershell?
Example code below.
New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=SomeOrganization, cn=mail1.yourompany.com" -DomainName yourcompanydomainname.com, example.com -PrivateKeyExportable

Also if you could telnet before and can't now did you install recent AV software? Sometimes that is the culprit.

jdfuller

ASKER

Yeah. Checked that. Have Trend installed but way before problem started. Copied the cert from the personal folder to the trusted root cert. auth like the technet told me to. I notice, however, that the domain.org isn't there only the server.domain.local cert and the server name cert. Should i have a domain.org cert?

jdfuller

ASKER

Enable-ExchangeCertificate -Services SMTP wants a Thumbprint. I know where that is but which one do I use?

digitap

The error should indicate the thumbprint it's looking for. You'll want to compare with the existing certificates and match up the thumbprint.

jdfuller

ASKER

Digi ::: We have met in another rhealm. I am barracude guy. Its not in yet so this is just exchange problem (or me) right now. I'll check the error log. I don't see a thumbprint. I went through that procedure before to get the cert I needed but then I had the thumbprint as you say and I kept looking until I found it then copied it into the Root Trust Folder. I did it for the .local domain, though. I don't have one i nthere for the mail.domain.org name. Is that necessary, too? If so, I don't have one to copy.

Ochom's Razor ::: I feel like I am making this too difficult - or it just is.

digitap

Yes, I remember you...barracuda guy...>GRIN<. Here are steps for getting the thumbprint. Once you have the cert installed on the local server, then you should be able to run the command in the steps to reveal the thumbprint.

Hi,

Are you getting the error with event id 12014 if yes than follow these steps.

1. Open "Exchange Management Shell ".

2. Write "get-ExchangeCertificate " and press on "Enter " button.

3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.

4. Review the current certificate that use by the Exchange server and each certificate function.

5. EXAMPLE: Write "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP"

and press on 'Enter " button.

* The value of -Thumbprint obtained in stage 3.

6. Restart the Exchange server.

I hope this will work for you.

Regards.

Shafaquat Ali.

Ref: http://social.technet.microsoft.com/Forums/en/exchangesvrdeploy/thread/c3552359-dfa5-42b3-bdc4-085741760e23

jdfuller

ASKER

Digi ::: I get the following. No restart made because of error. What does this tell us?

[PS] C:\Windows\system32>get-ExchangeCertificate

Thumbprint Services Subject
---------- -------- -------
2FA7135918D40F2A787FE504E092B9B3C7233E83 IP.WS. CN=WPBCDC01

[PS] C:\Windows\system32>Enable-ExchangeCertificate -Thumbprint 2FA7135918d40f2a787fe504e092b9b3c7233e38 -Services "SMTP
"
The certificate with thumbprint 2FA7135918d40f2a787fe504e092b9b3c7233e38 was not found.
+ CategoryInfo : ObjectNotFound: (:) [Enable-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 78D09DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificat
e

[PS] C:\Windows\system32>Enable-ExchangeCertificate -Thumbprint 2FA7135918D40F2A787fE504E092B9B3C7233E38 -Services "SMTP
"
The certificate with thumbprint 2FA7135918D40F2A787fE504E092B9B3C7233E38 was not found.
+ CategoryInfo : ObjectNotFound: (:) [Enable-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 78D09DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificat
e

[PS] C:\Windows\system32>

digitap

Maybe the cert hasn't been imported properly. Review this and let me know what you think.

http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

http://technet.microsoft.com/en-us/library/bb124424.aspx

http://technet.microsoft.com/en-us/library/dd351183.aspx

jdfuller

ASKER

The article shows a cert I don't have. I don't have a digital cert to download or in a zip file, only what exchange installs. We don't require the clients to use one either. There is a setting in the OL client for that under options but we don't use it. I did refresh the cert I do have and it replaced the thumbprint I put in the past post with a new one and said it completed successfully. I cannot send out from exchange, still, however.

jdfuller

ASKER

I am able to telnet 25 now. I'll try the exchange analyzer again. I couldn't before because port 25 was not listening before. I don't know what fixed or when since last Friday.

digitap

thinking the refresh probably did it...looking foreward to the analyzer results.

jdfuller

ASKER

Digi ::: Check this out. Insufficient system storage? We have tons of space. I'll check again. This is a new server.

Attempting to send test email message to jfuller@woodwardpark.org using MX mail.woodwardpark.org.
Delivery of the test message failed.
Additional Details
Server returned status code 452 - Insufficient system storage. The server response was: 4.3.1 Insufficient system resources
Exception details:
Message: Insufficient system storage. The server response was: 4.3.1 Insufficient system resources
Type: System.Net.Mail.SmtpException
Stack trace:
at System.Net.Mail.MailCommand.CheckResponse(SmtpStatusCode statusCode, String response)
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()

jdfuller

ASKER

4 of 8 G B Ram in use. 50% of 500GB HDD Used.

jdfuller

ASKER

Port 25 not available again.

sunnyc7

hi jdfuller
on exchange system manager
go to toolbox > Best Practices Analyzer

please run a health scan and save the report (.html)

Please upload the report here.

thanks

jdfuller

ASKER

Roger that. Stand by...

sunnyc7

also

go here

www.testexchangeconnectivity.com/
Run an Outbound Test

Please post back results here

jdfuller

ASKER

File attached. Had trouble w export then cut & paste to local screen. Sent .doc. Standing by.

Exchange-Analyzer-Best-Practices.doc

sunnyc7

ok.
Let me know about verizon and ExRCA test connectivity.

thanks

sunnyc7

Also

Go to your DC

start > run > type
cmd

type this

dcdiag /v /e /TEST:DNS > C:\dcdiagdns.txt

Upload the dcdiagdns.txt file here.

thanks

sunnyc7

hi.

I think you uploaded the run-time log. I was talking about BPA reports.
After you view the report - it displays an option to Export the report as .HTM.

Please select that.

Also you can just copy paste it here.

thanks

sunnyc7

I am going to step out for 45 mins. Will check back here for updates.

thanks

sunnyc7

hi jdfuller
let me know if you tried those steps. Please post back updates.

thanks

jdfuller

ASKER

Experts. Appreciate the patience. This is a primary effort however I must do it after hours so time does pass before the next post.

Sunnyc7::: I ran the bpa scan as requested and saw the export tab to which you refer. I saw a lot of dns errors. Is that the file you saw? I will cut and paste this time. I exported from the scan but I suppose I could have attached the wrong file. I will post again shortly. It is 10:16pm PST.

jdfuller

ASKER

Btw ::: we are AT&T connected and have the famous Comcast 2wire modem. Speeds are excellent.

jdfuller

ASKER

MXToolbox gets same message in previous scan. SBCGLOBAL.NET is AT&T for us here in Fresno, CA

Not an open relay.
0 seconds - Good on Connection time
10.327 seconds - Not good! on Transaction time
OK - 99.3.111.196 resolves to 99-3-111-196.lightspeed.frsnca.sbcglobal.net
Warning - Reverse DNS does not match SMTP Banner

Session Transcript:
HELO please-read-policy.mxtoolbox.com
250 WPBCDC01.WPBC.local Hello [64.20.227.133] [78 ms]
MAIL FROM: <supertool@mxtoolbox.com>
452 4.3.1 Insufficient system resources [5086 ms]
RCPT TO: <test@example.com>
503 5.5.2 Need mail command [5086 ms]
QUIT
221 2.0.0 Service closing transmission channel [78 ms]

jdfuller

ASKER

Health Check returns this. The TechNet page on how to resolve it says to run the DOmain Prep. Doesn't that run on install for Exch 2010?

Domain: WPBC

Unrecognized Exchange signature Domain: WPBC
Active Directory domain 'WPBC' has an unrecognized Exchange signature. Current DomainPrep version: 12639.
Tell me more about this issue and how to resolve it.

jdfuller

ASKER

Does this help? See image...
DNS-Settings.jpg

sunnyc7

hi
a) Can you post the whole BPA file.

b) also from dos prompt run these 2 commands and upload the files here.

go to start > run

type

dcdiag /v /e > c:\dcdiag1.txt

dcdiag /v /e /TEST:DNS > c:\dcdiag2.txt

thanks

jdfuller

ASKER

sunnyc7 ::: Please excuse me for my ignorance but that is all the file returned. Looks like it ran into a snag and didn't proceed. Let me run the other commands and get them up here pronto.

sunnyc7

hey dude thats fine.
I think you posted the wrong BPA file
Can you run it again and copy paste the output here.

thanks

jdfuller

ASKER

I'm giving up! Now I export it again from the same scan I ran last night - left the session open even - and I get much more. Here you go.

::: REPORT :::

All Issues
Domain: WPBC

Unrecognized Exchange signature Domain: WPBC
Active Directory domain 'WPBC' has an unrecognized Exchange signature. Current DomainPrep version: 12639.
Tell me more about this issue and how to resolve it.

Organization: WPBC

Offline address book site public folder missing Organization: WPBC
The public folder store where the site offline address book is hosted was not detected. The hosting server may be unreachable or the public folder store does not exist. Public folder store: CN=Public Folder Database 1308425847,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=WPBC,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=WPBC,DC=local.
Tell me more about this issue and how to resolve it.

Admin Group: Exchange Administrative Group (FYDIBOHF23SPDLT)

Server: WPBCDC01

DNS 'Host' record appears to be missing Server: WPBCDC01
The 'Host' (A) record for server WPBCDC01.WPBC.local cannot be retrieved from DNS server '68.94.156.1'. This can cause message routing delays and other service failures. Verify that the DNS server is online and that the 'Host' record is present.
Tell me more about this issue and how to resolve it.

Application log size Server: WPBCDC01
As a best practice, the size of the 'Application' log on server WPBCDC01.WPBC.local should be increased. The current size is 20MB. For servers running Microsoft Exchange, a size of 40MB or more is recommended.
Tell me more about this setting.

Exchange resident on global catalog server Server: WPBCDC01
Exchange server WPBCDC01.WPBC.local is also a global catalog server. This is a supported configuration, but is not recommended.
Tell me more about this setting.

jdfuller

ASKER

DNS Record Missing ::: This is why I posted the snapshot last night of the DNS seeting from the CMC.

jdfuller

ASKER

::: dcdiag /v /e > c:\dcdiag1.txt :::

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01

* Connecting to directory service on server WPBCDC01.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 1 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\WPBCDC01

Starting test: Connectivity

* Active Directory LDAP Services Check
The host 9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local could

not be resolved to an IP address. Check the DNS server, DHCP, server

name, etc.

Got error while checking LDAP and RPC connectivity. Please check your

firewall settings.

......................... WPBCDC01 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\WPBCDC01

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...

sunnyc7

This is interesting:

a) How did you install Exchange 2010 on this server.
Did you follow these steps.
http://technet.microsoft.com/en-us/library/bb125224.aspx

b) Run dcdiag command i gave you above. there are more errors on your way.
I think your exchange is incorrectly setup.

Please provide details on what guides you used to setup exchange.

thanks

jdfuller

ASKER

::: dcdiag /v /e /TEST:DNS > c:\dcdiag2.txt :::

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01

* Connecting to directory service on server WPBCDC01.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 1 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\WPBCDC01

Starting test: Connectivity

* Active Directory LDAP Services Check
The host 9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local could

not be resolved to an IP address. Check the DNS server, DHCP, server

name, etc.

Got error while checking LDAP and RPC connectivity. Please check your

firewall settings.

......................... WPBCDC01 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\WPBCDC01

Skipping all tests, because server WPBCDC01 is not responding to

directory service requests.

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas

Test omitted by user request: DNS

Test omitted by user request: DNS

Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

For the partition (DC=ForestDnsZones,DC=WPBC,DC=local) we

encountered the following error retrieving the cross-ref's

(CN=1e20e2d8-fcbe-4d28-9072-494490613fa6,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

information:
LDAP Error 0x3a (58).
......................... ForestDnsZones failed test CheckSDRefDom

Starting test: CrossRefValidation

For the partition (DC=ForestDnsZones,DC=WPBC,DC=local) we

encountered the following error retrieving the cross-ref's

(CN=1e20e2d8-fcbe-4d28-9072-494490613fa6,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

information:
LDAP Error 0x3a (58).
......................... ForestDnsZones failed test

CrossRefValidation

Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

For the partition (DC=DomainDnsZones,DC=WPBC,DC=local) we

encountered the following error retrieving the cross-ref's

(CN=87d4280f-8a0e-46ab-884e-24f0721cfb11,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

information:
LDAP Error 0x3a (58).
......................... DomainDnsZones failed test CheckSDRefDom

Starting test: CrossRefValidation

For the partition (DC=DomainDnsZones,DC=WPBC,DC=local) we

encountered the following error retrieving the cross-ref's

(CN=87d4280f-8a0e-46ab-884e-24f0721cfb11,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

information:
LDAP Error 0x3a (58).
......................... DomainDnsZones failed test

CrossRefValidation

Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

For the partition (CN=Schema,CN=Configuration,DC=WPBC,DC=local) we

encountered the following error retrieving the cross-ref's

(CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

information:
LDAP Error 0x3a (58).
......................... Schema failed test CrossRefValidation

Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

For the partition (CN=Configuration,DC=WPBC,DC=local) we

encountered the following error retrieving the cross-ref's

(CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

information:
LDAP Error 0x3a (58).
......................... Configuration failed test CrossRefValidation

Running partition tests on : WPBC

Starting test: CheckSDRefDom

......................... WPBC passed test CheckSDRefDom

Starting test: CrossRefValidation

For the partition (DC=WPBC,DC=local) we encountered the following

error retrieving the cross-ref's

(CN=WPBC,CN=Partitions,CN=Configuration,DC=WPBC,DC=local)

information:
LDAP Error 0x3a (58).
......................... WPBC failed test CrossRefValidation

Running enterprise tests on : WPBC.local

Test omitted by user request: DNS

Test omitted by user request: DNS

Starting test: LocatorCheck

GC Name: \\WPBCDC01.WPBC.local

Locator Flags: 0xe00033fd
PDC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
Time Server Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
KDC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
......................... WPBC.local passed test LocatorCheck

Starting test: Intersite

Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
......................... WPBC.local passed test Intersite

sunnyc7

let me go through this.

i think there is some fundamental problem in which your Exchange was setup. Please reply to my prior post.

thanks

jdfuller

ASKER

NOTE ::: The tests above are reversed. The frist post is dcdiag2.txt and the second post is actually dcdiag1.txt.

Sorry for the confusion. Trying to do it too fast.

sunnyc7

Your DNS is not setup.
Your AD is not integrated with DNS

a) How did you install Windows Server 2008 and setup Active Directory.
Was this a fresh install, or is this a new setup, where you buy hardware and setup everything from scratch.

we've a long way to go my friend.

sunnyc7

Both tests failed. see my prior posts and let me know.

thanks

digitap @ I hope you are still here and following this.

jdfuller

ASKER

I looked throught the report and saw the DNS resolution error so tried the nslookup on the server. :::

C:\Users\Administrator>nslookup WPBCDC01
Server: UnKnown
Address: 192.168.1.210

Name: WPBCDC01.WPBC.local
Address: 192.168.1.210

C:\Users\Administrator>

jdfuller

ASKER

Setup was done by dell. All I did was define rolls. Set it up as primary AD and DHCP and DNS server using wizards. Added File Services after that then added Exchange. All using the setup.exe's.

This was a clean box. New install.

jdfuller

ASKER

DNS errors abound in the event log. News flash! Says I should reset it up. You think?

sunnyc7

ok.
do you mean dell came in remotely at $250/hr to set-up your AD / DNS and Exchange ?

If it came pre-installed with windows - that doesnt mean setup was done by dell.

Please see this post.

Did you follow these steps.
http://technet.microsoft.com/en-us/library/bb125224.aspx

Let me think about how to best proceede with this. Give me a day or so.

sunnyc7

JD
a) Put the Windows 2008 DVD in the drive and run adprep
This will run through the process of installing a domain etc.

check this step-by step guide
http://www.windowsreference.com/windows-server-2008/step-by-step-guide-for-windows-server-2008-domain-controller-and-dns-server-setup/

MS REF
http://technet.microsoft.com/en-us/library/cc725611(WS.10).aspx

b) Step by step guide to install Exchange by Amit Tank MVP
http://www.messagingtalk.org/exchange-2010-rc-quick-installation-guide

MS REF
http://technet.microsoft.com/en-us/library/dd351084.aspx

Hope this helps.

jdfuller

ASKER

No the system was installed without any services. I added the roles, AD, DNS, DHCP, Print Services, Files Services. Then installed Exchange 2010 when I was done with the role additions.

jdfuller

ASKER

What will reinstalling the domain, on top of what is there already, do?

jdfuller

ASKER

I did those steps exactly. I have installed three Server 2008's w ADS and associated services. Never on with Exchange 2010. I feel comfortable that ADS was installed with DNS properly but the report says otherwise, I realize.

sunnyc7

Let me ask you this.

a) if there is nothing on the server - no data / no mails, you aint risking anything.

b) If there is --> take a backup and start with adprep.

Your AD/DNS will not work without it anyway.

jdfuller

ASKER

I followed the Exchange install to the letter and got a perfect install, no errors.

sunnyc7

ok. And your DNS is showing blanks ?

sunnyc7

this is strange.

jdfuller

ASKER

There is all their data and their POP mail which has been migrated into (mostly) their Exchange mailboxes. I hear you loud and clear. Not what I want to hear but I get it.

Is there a chance that a DNS fix would do it since that is the error I am receiving in the ADS Server Manager Console

digitap

@JD :: sunny is doing a good job of flushing out some pre-existing DNS issues. The error that grabs my attention is here:

* Active Directory LDAP Services Check
The host 9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc.

Sounds like DNS needs to be repaired. Check out this link and run DCDiag again to see if the error above goes away. If DNS isn't getting updated properly, then key Exchange functions aren't going to work.

http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/

sunnyc7

I am going to be in a meeting till 3/4 EST. Will post back after that.

jdfuller

ASKER

Digi ::: Sunny

sorry this taking so long. I'm sure there are not enough points to make this worthwhile. I am almost certain you are dedicated to the cause by this point. I will have more time tomorrow, Saturday, to try and flush this out. Thanks for staying in the fight.

sunnyc7

Screenshots
How to install Windows 2008 DNS
http://www.zdnetasia.com/install-a-dns-server-in-windows-server-2008-62040433.htm

Configure Forwarders
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
(article is for 2003, but still applies to 2008)

MS REF
http://technet.microsoft.com/en-us/library/cc816891(WS.10).aspx

jdfuller

ASKER

Sunny ::: DNS is already installed. Obviously not working for exchange. Can I safely remove and reinstall it w AD integration without tearing anything else up in the process?

sunnyc7

You have to configure it as per the article above.
configure forward and reverse look-up zones and forwarders.

digitap

Check out my post here, http:#a33221687, to fix DNS.

sunnyc7

I would second digitap's DNS repair steps.
http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/

You have to do this on the DC.

dcdiag /fix
netdiag /fix
ipconfig /flushdns
ipconfig /registerdns
net stop server
net start server

--
If these dont work then you can go ahead and reinstall DNS and configure it with FW and RV lookup zones.

jdfuller

ASKER

Ok guys. I'll give it a whirl Monday PST.

jdfuller

ASKER

I have reinstalled DNS. I went with the existing certs and integration of AD was implied by the role advisor when I added it back in. This test was quite a bit more successful than before.
=========================

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01

* Connecting to directory service on server WPBCDC01.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 1 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\WPBCDC01

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WPBCDC01 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\WPBCDC01

Starting test: Advertising

The DC WPBCDC01 is advertising itself as a DC and having a DS.
The DC WPBCDC01 is advertising as an LDAP server
The DC WPBCDC01 is advertising as having a writeable directory
The DC WPBCDC01 is advertising as a Key Distribution Center
The DC WPBCDC01 is advertising as a time server
The DS WPBCDC01 is advertising as a GC.
......................... WPBCDC01 passed test Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Starting test: FrsEvent

* The File Replication Service Event log test
Skip the test because the server is running DFSR.

......................... WPBCDC01 passed test FrsEvent

Starting test: DFSREvent

The DFS Replication Event Log.
......................... WPBCDC01 passed test DFSREvent

Starting test: SysVolCheck

* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... WPBCDC01 passed test SysVolCheck

Starting test: KccEvent

* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... WPBCDC01 passed test KccEvent

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
Role Domain Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
Role PDC Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
Role Rid Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
......................... WPBCDC01 passed test KnowsOfRoleHolders

Starting test: MachineAccount

Checking machine account for DC WPBCDC01 on DC WPBCDC01.
* SPN found :LDAP/WPBCDC01.WPBC.local/WPBC.local
* SPN found :LDAP/WPBCDC01.WPBC.local
* SPN found :LDAP/WPBCDC01
* SPN found :LDAP/WPBCDC01.WPBC.local/WPBC
* SPN found :LDAP/9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/9184da82-a434-45f1-b221-f3d63e346628/WPBC.local
* SPN found :HOST/WPBCDC01.WPBC.local/WPBC.local
* SPN found :HOST/WPBCDC01.WPBC.local
* SPN found :HOST/WPBCDC01
* SPN found :HOST/WPBCDC01.WPBC.local/WPBC
* SPN found :GC/WPBCDC01.WPBC.local/WPBC.local
......................... WPBCDC01 passed test MachineAccount

Starting test: NCSecDesc

* Security Permissions check for all NC's on DC WPBCDC01.
* Security Permissions Check for

DC=ForestDnsZones,DC=WPBC,DC=local
(NDNC,Version 3)
* Security Permissions Check for

DC=DomainDnsZones,DC=WPBC,DC=local
(NDNC,Version 3)
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=WPBC,DC=local
(Schema,Version 3)
* Security Permissions Check for

CN=Configuration,DC=WPBC,DC=local
(Configuration,Version 3)
* Security Permissions Check for

DC=WPBC,DC=local
(Domain,Version 3)
......................... WPBCDC01 passed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check
Verified share \\WPBCDC01\netlogon
Verified share \\WPBCDC01\sysvol
......................... WPBCDC01 passed test NetLogons

Starting test: ObjectsReplicated

WPBCDC01 is in domain DC=WPBC,DC=local
Checking for CN=WPBCDC01,OU=Domain Controllers,DC=WPBC,DC=local in domain DC=WPBC,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local in domain CN=Configuration,DC=WPBC,DC=local on 1 servers
Object is up-to-date on all servers.
......................... WPBCDC01 passed test ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Starting test: Replications

* Replications Check
* Replication Latency Check
......................... WPBCDC01 passed test Replications

Starting test: RidManager

* Available RID Pool for the Domain is 1600 to 1073741823
* WPBCDC01.WPBC.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1159
......................... WPBCDC01 passed test RidManager

Starting test: Services

* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... WPBCDC01 passed test Services

Starting test: SystemLog

* The System Event log test
A warning event occurred. EventID: 0x00001695

Time Generated: 07/20/2010 12:25:44

Event String:

Dynamic registration or deletion of one or more DNS records associated with DNS domain 'WPBC.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

Possible causes of failure include:

- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers

- Specified preferred and alternate DNS servers are not running

- DNS server(s) primary for the records to be registered is not running

- Preferred or alternate DNS servers are configured with wrong root hints

- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration

USER ACTION

Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

A warning event occurred. EventID: 0x00001695

Time Generated: 07/20/2010 12:25:55

Event String:

Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.WPBC.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

Possible causes of failure include:

- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers

- Specified preferred and alternate DNS servers are not running

- DNS server(s) primary for the records to be registered is not running

- Preferred or alternate DNS servers are configured with wrong root hints

- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration

USER ACTION

Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

A warning event occurred. EventID: 0x00001695

Time Generated: 07/20/2010 12:25:57

Event String:

Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.WPBC.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

Possible causes of failure include:

- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers

- Specified preferred and alternate DNS servers are not running

- DNS server(s) primary for the records to be registered is not running

- Preferred or alternate DNS servers are configured with wrong root hints

- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration

USER ACTION

Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

A warning event occurred. EventID: 0x80050004

Time Generated: 07/20/2010 12:38:14

Event String:

Broadcom BCM5709C: The network link is down. Check to make sure the network cable is properly connected.

A warning event occurred. EventID: 0x80050004

Time Generated: 07/20/2010 12:38:14

Event String:

Broadcom BCM5709C: The network link is down. Check to make sure the network cable is properly connected.

A warning event occurred. EventID: 0x8000001D

Time Generated: 07/20/2010 12:38:37

Event String:

The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

A warning event occurred. EventID: 0x000003F6

Time Generated: 07/20/2010 12:38:44

Event String:

Name resolution for the name _ldap._tcp.dc._msdcs.WPBC.local timed out after none of the configured DNS servers responded.

A warning event occurred. EventID: 0x00000420

Time Generated: 07/20/2010 12:39:13

Event String:

The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.

A warning event occurred. EventID: 0x00001695

Time Generated: 07/20/2010 12:39:16

Event String:

Dynamic registration or deletion of one or more DNS records associated with DNS domain 'WPBC.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

Possible causes of failure include:

- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers

- Specified preferred and alternate DNS servers are not running

- DNS server(s) primary for the records to be registered is not running

- Preferred or alternate DNS servers are configured with wrong root hints

- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration

USER ACTION

Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

A warning event occurred. EventID: 0x00002724

Time Generated: 07/20/2010 12:39:17

Event String:

This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.

A warning event occurred. EventID: 0x00001695

Time Generated: 07/20/2010 12:39:27

Event String:

Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.WPBC.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

Possible causes of failure include:

- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers

- Specified preferred and alternate DNS servers are not running

- DNS server(s) primary for the records to be registered is not running

- Preferred or alternate DNS servers are configured with wrong root hints

- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration

USER ACTION

Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

A warning event occurred. EventID: 0x00001695

Time Generated: 07/20/2010 12:39:30

Event String:

Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.WPBC.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

Possible causes of failure include:

- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers

- Specified preferred and alternate DNS servers are not running

- DNS server(s) primary for the records to be registered is not running

- Preferred or alternate DNS servers are configured with wrong root hints

- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration

USER ACTION

Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

A warning event occurred. EventID: 0x0000000C

Time Generated: 07/20/2010 12:39:34

Event String:

Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

A warning event occurred. EventID: 0x000727AA

Time Generated: 07/20/2010 12:41:59

Event String:

The WinRM service failed to create the following SPNs: WSMAN/WPBCDC01.WPBC.local; WSMAN/WPBCDC01.

Additional Data

The error received was 8344: %%8344.

User Action

The SPNs can be created by an administrator using setspn.exe utility.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:10

Event String:

Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:11

Event String:

Driver LANIER LD160c PCL 6 required for printer !!TOSVR01!Copy Room (LANIER LD160c) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:16

Event String:

Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:17

Event String:

Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TDP (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:18

Event String:

Driver HP Color LaserJet 3600 required for printer !!TOSVR01!TDP (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:18

Event String:

Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TA Office (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:19

Event String:

Driver LANIER MP 4500/LD345 PCL 6 required for printer !!TOSVR01!Reception Area (LANIER MP 4500/LD345) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:20

Event String:

Driver Dell Color Laser 3010cn required for printer !!TOSVR01!PreSchool (Dell 3010cn) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:20

Event String:

Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!HR HP Color LaserJet 4700dn is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:21

Event String:

Driver HP Color LaserJet CP4520 Series PCL6 required for printer !!TOSVR01!Grant Dept (HP CP4525) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:22

Event String:

Driver HP Color LaserJet 3600 required for printer !!TOSVR01!Fiscal Dept (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:22

Event String:

Driver LANIER MP C4500/LD445c PCL 6 required for printer !!TOSVR01!Enrollment (LANIER MP C4500/LD445c) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:23

Event String:

Driver PCL6 Driver for Universal Print required for printer !!TOSVR01!Enrichment Center (LANIER LD540c) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:24

Event String:

Driver Canon MX850 series Printer required for printer !!TOSVR01!Canon MX850 series Printer is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:24

Event String:

Driver Canon MX850 series FAX required for printer !!TOSVR01!Canon MX850 series FAX is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 12:42:25

Event String:

Driver Brother MFC-9440CN Printer required for printer !!tosvr01!A2-Brother MFC-9440CN Printer is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:17

Event String:

Driver LANIER LD160c PCL 6 required for printer !!TOSVR01!Copy Room (LANIER LD160c) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:18

Event String:

Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:22

Event String:

Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:23

Event String:

Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TDP (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:24

Event String:

Driver HP Color LaserJet 3600 required for printer !!TOSVR01!TDP (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:24

Event String:

Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TA Office (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:25

Event String:

Driver LANIER MP 4500/LD345 PCL 6 required for printer !!TOSVR01!Reception Area (LANIER MP 4500/LD345) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:26

Event String:

Driver Dell Color Laser 3010cn required for printer !!TOSVR01!PreSchool (Dell 3010cn) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:26

Event String:

Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!HR HP Color LaserJet 4700dn is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:27

Event String:

Driver HP Color LaserJet CP4520 Series PCL6 required for printer !!TOSVR01!Grant Dept (HP CP4525) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:28

Event String:

Driver HP Color LaserJet 3600 required for printer !!TOSVR01!Fiscal Dept (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:28

Event String:

Driver LANIER MP C4500/LD445c PCL 6 required for printer !!TOSVR01!Enrollment (LANIER MP C4500/LD445c) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:29

Event String:

Driver PCL6 Driver for Universal Print required for printer !!TOSVR01!Enrichment Center (LANIER LD540c) is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:30

Event String:

Driver Canon MX850 series Printer required for printer !!TOSVR01!Canon MX850 series Printer is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:31

Event String:

Driver Canon MX850 series FAX required for printer !!TOSVR01!Canon MX850 series FAX is unknown. Contact the administrator to install the driver before you log in again.

An error event occurred. EventID: 0x00000457

Time Generated: 07/20/2010 13:06:31

Event String:

Driver Brother MFC-9440CN Printer required for printer !!tosvr01!A2-Brother MFC-9440CN Printer is unknown. Contact the administrator to install the driver before you log in again.

......................... WPBCDC01 failed test SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Starting test: VerifyReferences

The system object reference (serverReference)

CN=WPBCDC01,OU=Domain Controllers,DC=WPBC,DC=local and backlink on

CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=WPBCDC01,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=WPBC,DC=local

and backlink on

CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local

are correct.
The system object reference (msDFSR-ComputerReferenceBL)

CN=WPBCDC01,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=WPBC,DC=local

and backlink on CN=WPBCDC01,OU=Domain Controllers,DC=WPBC,DC=local are

correct.
......................... WPBCDC01 passed test VerifyReferences

Test omitted by user request: VerifyReplicas

Test omitted by user request: DNS

Test omitted by user request: DNS

Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation

Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation

Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Running partition tests on : WPBC

Starting test: CheckSDRefDom

......................... WPBC passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... WPBC passed test CrossRefValidation

Running enterprise tests on : WPBC.local

Test omitted by user request: DNS

Test omitted by user request: DNS

Starting test: LocatorCheck

GC Name: \\WPBCDC01.WPBC.local

Locator Flags: 0xe00033fd
PDC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
Time Server Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
KDC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
......................... WPBC.local passed test LocatorCheck

Starting test: Intersite

Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
......................... WPBC.local passed test Intersite

sunnyc7

lets run this

dcdiag /v /e /TEST:DNS > C:\dcdiagdns.txt

Please copy the entire file after the command executes @ with status's in the end PASS / FAIL

jdfuller

ASKER

I thought that was the one I posted but here it is. Not sure what PASS/FAIL means other than what is already contained in the file.

NOTE: I have no Reverse lookup entries and the implication that the DNS server is not running because it cannot find the server. I don't understand DNS enough to understand this since I know the DNS server is running.
=====================================================

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01

* Connecting to directory service on server WPBCDC01.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 1 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\WPBCDC01

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WPBCDC01 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\WPBCDC01

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...

See DNS test in enterprise tests section for results
......................... WPBCDC01 passed test DNS

Running partition tests on : ForestDnsZones

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : DomainDnsZones

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : Schema

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : Configuration

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : WPBC

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running enterprise tests on : WPBC.local

Starting test: DNS

Test results for domain controllers:

DC: WPBCDC01.WPBC.local

Domain: WPBC.local

TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
The OS

Microsoft Windows Server 2008 R2 Standard (Service Pack level: 0.0)

is supported.

NETLOGON service is running

kdc service is running

DNSCACHE service is running

DNS service is running

DC is a DNS server

Network adapters information:

Adapter

[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

MAC address is A4:BA:DB:11:A1:A6
IP Address is static
IP address: 192.168.1.210, fe80::41af:6a6c:b98c:5397
DNS servers:

192.168.1.210 (wpbcdc01.wpbc.local.) [Valid]
Warning:
68.94.156.1 (<name unavailable>) [Invalid]
Warning: adapter

[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)

has invalid DNS server: 68.94.156.1

(<name unavailable>)

The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]

TEST: Delegations (Del)
Delegation information for the zone: WPBC.local.
Delegated domain name: _msdcs.WPBC.local.
DNS server: wpbcdc01.wpbc.local. IP:192.168.1.210 [Valid]

TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone WPBC.local
Test record dcdiag-test-record deleted successfully in zone WPBC.local

TEST: Records registration (RReg)
Network Adapter

[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

Matching CNAME record found at DNS server 192.168.1.210:
9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local

Matching A record found at DNS server 192.168.1.210:
WPBCDC01.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.a91dd835-980f-432d-8726-b7ee89bb9fed.domains._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.dc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.dc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._udp.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kpasswd._tcp.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-Site-Name._sites.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-First-Site-Name._sites.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.gc._msdcs.WPBC.local

Matching A record found at DNS server 192.168.1.210:
gc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_gc._tcp.Default-First-Site-Name._sites.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.pdc._msdcs.WPBC.local

Warning:
Missing CNAME record at DNS server 68.94.156.1:
9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Warning:
Missing A record at DNS server 68.94.156.1:
WPBCDC01.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.a91dd835-980f-432d-8726-b7ee89bb9fed.domains._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.dc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.dc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._udp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_kpasswd._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-Site-Name._sites.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.Default-First-Site-Name._sites.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.gc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Warning:
Missing A record at DNS server 68.94.156.1:
gc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_gc._tcp.Default-First-Site-Name._sites.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.pdc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error: Record registrations cannot be found for all the network

adapters

Summary of test results for DNS servers used by the above domain

controllers:

DNS server: 2001:500:1::803f:235 (h.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:500:2f::f (f.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:500:3::42 (l.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:503:c27::2:30 (j.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:7fd::1 (k.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:7fe::53 (i.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:dc3::35 (m.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 68.94.156.1 (<name unavailable>)

1 test failure on this DNS server

Name resolution is not functional. _ldap._tcp.WPBC.local. failed on the DNS server 68.94.156.1
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

DNS server: 128.63.2.53 (h.root-servers.net.)

All tests passed on this DNS server

DNS server: 128.8.10.90 (d.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.112.36.4 (g.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)

All tests passed on this DNS server

Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.WPBC.local. is operational on IP 192.168.1.210

DNS server: 192.203.230.10 (e.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.228.79.201 (b.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.33.4.12 (c.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.36.148.17 (i.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.5.5.241 (f.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.58.128.30 (j.root-servers.net.)

All tests passed on this DNS server

DNS server: 193.0.14.129 (k.root-servers.net.)

All tests passed on this DNS server

DNS server: 198.41.0.4 (a.root-servers.net.)

All tests passed on this DNS server

DNS server: 199.7.83.42 (l.root-servers.net.)

All tests passed on this DNS server

DNS server: 202.12.27.33 (m.root-servers.net.)

All tests passed on this DNS server

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: WPBC.local

WPBCDC01 PASS WARN PASS PASS PASS FAIL n/a

......................... WPBC.local failed test DNS

Test omitted by user request: LocatorCheck

Test omitted by user request: Intersite

sunnyc7

You need to configure Forwarders in DNS. You have it configured using Root-hints.

Here's how to do it
Configure Forwarders
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
(article is for 2003, but still applies to 2008)

Restart DNS

Run the above test again after you do this.

dcdiag /v /e /TES:DNS > c:\dcdiagdns2.txt

jdfuller

ASKER

sunny ::: Thanks. I'll work it right now. Stay tuned - Oh loyal one!

sunnyc7

hey man. I am here :-)

jdfuller

ASKER

sunny ::: Mailbox store cannot be started.

sunnyc7

copy paste the error from event log

Are all services running ?

sunnyc7

Also

Open Exchange Management console
Tools > Best Practices Analyzer

Run a health scan and upload the report here.

lets see what comes up.

thanks

sunnyc7

Also run this one please

dcdiag /v /e /TES:DNS > c:\dcdiagdns2.txt

jdfuller

ASKER

Can I reinstall Exchange on top of an existing install - in a repair mode - so to speak?

I see two things happening;

1) their needs to be a certificate in the personal store and

2) the DNS is missing somehting. There are no Reverse lookup entries.

There are several Forward lookups. I added a 'www' and pointed it to the router.

sunnyc7

Can you upload the dcdiag file.

sunnyc7

About your queries:
1) You need to buy a UCC/SAN certificate to work with exchange, otherwise you will be getting a lot of errors

Here's how to do it.
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

You can also buy it from there
2) DNS - we need to figure out through Dcdiag

Forward lookup zone should forward to your ISP's DNS.
Check the ISP's DNS from your router / firewall.

You can always reinstall Exchange.
I need to check the repair mode part..

thanks

sunnyc7

Check this one too
SSL / Exchange 2010

http://technet.microsoft.com/en-us/library/bb266938.aspx

jdfuller

ASKER

Back on it. Stand by for posts.

jdfuller

ASKER

sunny ::: This mornings test ::: dcdiag /v /e /TEST:DNS > c:\dcdiaDNS.txt

It passes everywhere except Reg and Basic. It is looking for some missing entry. I'll bet that between the cert and the Forward we can get this done.
==============================================================

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: WPBC.local

WPBCDC01 PASS FAIL PASS PASS PASS FAIL n/a

......................... WPBC.local failed test DNS

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01

* Connecting to directory service on server WPBCDC01.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 1 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\WPBCDC01

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WPBCDC01 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\WPBCDC01

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...

NETLOGON Service is stopped on [WPBCDC01]

See DNS test in enterprise tests section for results
......................... WPBCDC01 passed test DNS

Running partition tests on : ForestDnsZones

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : DomainDnsZones

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : Schema

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : Configuration

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : WPBC

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running enterprise tests on : WPBC.local

Starting test: DNS

Test results for domain controllers:

DC: WPBCDC01.WPBC.local

Domain: WPBC.local

TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
The OS

Microsoft Windows Server 2008 R2 Standard (Service Pack level: 0.0)

is supported.

Error: NETLOGON service is not running
[Error details: 1062 (Type: Win32 - Description: The service has not been started.)]
kdc service is running

DNSCACHE service is running

DNS service is running

DC is a DNS server

Network adapters information:

Adapter

[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

MAC address is A4:BA:DB:11:A1:A6
IP Address is static
IP address: 192.168.1.210, fe80::41af:6a6c:b98c:5397
DNS servers:

192.168.1.210 (wpbcdc01.wpbc.local.) [Valid]
Warning:
68.94.156.1 (<name unavailable>) [Invalid]
Warning: adapter

[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)

has invalid DNS server: 68.94.156.1

(<name unavailable>)

The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]

TEST: Delegations (Del)
Delegation information for the zone: WPBC.local.
Delegated domain name: _msdcs.WPBC.local.
DNS server: wpbcdc01.wpbc.local. IP:192.168.1.210 [Valid]

TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone WPBC.local
Test record dcdiag-test-record deleted successfully in zone WPBC.local

TEST: Records registration (RReg)
Network Adapter

[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

Matching CNAME record found at DNS server 192.168.1.210:
9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local

Matching A record found at DNS server 192.168.1.210:
WPBCDC01.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.a91dd835-980f-432d-8726-b7ee89bb9fed.domains._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.dc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.dc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._udp.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kpasswd._tcp.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-Site-Name._sites.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-First-Site-Name._sites.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.gc._msdcs.WPBC.local

Matching A record found at DNS server 192.168.1.210:
gc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_gc._tcp.Default-First-Site-Name._sites.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.pdc._msdcs.WPBC.local

Warning:
Missing CNAME record at DNS server 68.94.156.1:
9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Warning:
Missing A record at DNS server 68.94.156.1:
WPBCDC01.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.a91dd835-980f-432d-8726-b7ee89bb9fed.domains._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.dc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.dc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._udp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_kpasswd._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-Site-Name._sites.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.Default-First-Site-Name._sites.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.gc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Warning:
Missing A record at DNS server 68.94.156.1:
gc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_gc._tcp.Default-First-Site-Name._sites.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.pdc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Error: Record registrations cannot be found for all the network

adapters

Summary of test results for DNS servers used by the above domain

controllers:

DNS server: 2001:500:1::803f:235 (h.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:500:2f::f (f.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:500:3::42 (l.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:503:c27::2:30 (j.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:7fd::1 (k.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:7fe::53 (i.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 2001:dc3::35 (m.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 68.94.156.1 (<name unavailable>)

1 test failure on this DNS server

Name resolution is not functional. _ldap._tcp.WPBC.local. failed on the DNS server 68.94.156.1
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

DNS server: 128.63.2.53 (h.root-servers.net.)

All tests passed on this DNS server

DNS server: 128.8.10.90 (d.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.112.36.4 (g.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)

All tests passed on this DNS server

Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.WPBC.local. is operational on IP 192.168.1.210

DNS server: 192.203.230.10 (e.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.228.79.201 (b.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.33.4.12 (c.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.36.148.17 (i.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.5.5.241 (f.root-servers.net.)

All tests passed on this DNS server

DNS server: 192.58.128.30 (j.root-servers.net.)

All tests passed on this DNS server

DNS server: 193.0.14.129 (k.root-servers.net.)

All tests passed on this DNS server

DNS server: 198.41.0.4 (a.root-servers.net.)

All tests passed on this DNS server

DNS server: 199.7.83.42 (l.root-servers.net.)

All tests passed on this DNS server

DNS server: 202.12.27.33 (m.root-servers.net.)

All tests passed on this DNS server

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: WPBC.local

WPBCDC01 PASS FAIL PASS PASS PASS FAIL n/a

......................... WPBC.local failed test DNS

Test omitted by user request: LocatorCheck

Test omitted by user request: Intersite

sunnyc7

a) Start > run > services.msc
Start this service NETLOGON

b) On your NIC Card
Just use the SBS as DNS - remove this 68.94.156.1

c) Configure DNS Forwarders.
Get your ISP's DNS servers. you can also get this from your router /firewall.

Add your ISP's DNS servers.
Configure Forwarders
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
(article is for 2003, but still applies to 2008)

d) Missing CNAME record at DNS server 68.94.156.1:
This error will go away if you remove this from your NIC card.

Errors;
--------------
Error: NETLOGON service is not running

68.94.156.1 (<name unavailable>) [Invalid]
Warning: adapter
No forwarders configured

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server

Missing CNAME record at DNS server 68.94.156.1:
9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

Lets try this - and run dcdiag again.

Please post back results.

jdfuller

ASKER

sunny ::: OK. I removed Certificate Services from AD. I have no idea how that got started, probably from the DNS reinstall. Clients went from bad to worse this morning but after removing AD Cert Services everything started working again. I mean, OWA works from the outside again. Port 25 telenet is not returning any listener.

I configured the forwarders. AT&T's DNS servers returned an error so I used another friendly ISP I knew and they came up fine. Then tried AT&T (sbcglobal.net) again and both worked. Go figure. I left all four in the forwarders - saw no harm in that.

Your comment - "just use SBS as DNS" we are using Server 2008R2 w Exchange 2010. You mena jsut use the server as DNS?

sunnyc7

yes @ use the server as DNS
You'd need to install Cert's - I will get you a simple way to do this (have it in some bookmark...)
If you dont install the cert's the iPhones will fail.

After mailflow starts working test your exchange

www.testexchangeconnectivity.com/

Do inbound / outbound
EAS / EAS Autdiscover tests

let me know

thanks

jdfuller

ASKER

OK. All PASS on dcdiag DNS test!! We have to making some headway now.

My iTouch from home is connecting to the Exchange Server now and I can send internal mail to all users (they all replied OK to my OWA mail sent from remote login) but not outbound. Exchange just delays the send until it times out. NOW we are back at the original question. :o)

Connectivity test next post.

JDF
=============== Summary - Detail -scroll down ========================
Summary of test results for DNS servers used by the above domain

controllers:

DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)

All tests passed on this DNS server

Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.WPBC.local. is operational on IP 192.168.1.210

DNS server: 64.192.0.7 (<name unavailable>)

All tests passed on this DNS server

DNS server: 64.192.0.8 (<name unavailable>)

All tests passed on this DNS server

DNS server: 68.94.156.1 (<name unavailable>)

All tests passed on this DNS server

DNS server: 68.94.157.1 (<name unavailable>)

All tests passed on this DNS server

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: WPBC.local

WPBCDC01 PASS PASS PASS PASS PASS PASS n/a

......................... WPBC.local passed test DNS

Test omitted by user request: LocatorCheck

Test omitted by user request: Intersite

===============================================================
Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01

* Connecting to directory service on server WPBCDC01.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=WPBC,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WPBC,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 1 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\WPBCDC01

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WPBCDC01 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\WPBCDC01

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...

See DNS test in enterprise tests section for results
......................... WPBCDC01 passed test DNS

Running partition tests on : ForestDnsZones

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : DomainDnsZones

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : Schema

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : Configuration

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : WPBC

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running enterprise tests on : WPBC.local

Starting test: DNS

Test results for domain controllers:

DC: WPBCDC01.WPBC.local

Domain: WPBC.local

TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
The OS

Microsoft Windows Server 2008 R2 Standard (Service Pack level: 0.0)

is supported.

NETLOGON service is running

kdc service is running

DNSCACHE service is running

DNS service is running

DC is a DNS server

Network adapters information:

Adapter

[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

MAC address is A4:BA:DB:11:A1:A6
IP Address is static
IP address: 192.168.1.210, fe80::41af:6a6c:b98c:5397
DNS servers:

192.168.1.210 (wpbcdc01.wpbc.local.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
64.192.0.7 (<name unavailable>) [Valid]
64.192.0.8 (<name unavailable>) [Valid]
68.94.156.1 (<name unavailable>) [Valid]
68.94.157.1 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: WPBC.local.
Delegated domain name: _msdcs.WPBC.local.
DNS server: wpbcdc01.wpbc.local. IP:192.168.1.210 [Valid]

TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone WPBC.local
Test record dcdiag-test-record deleted successfully in zone WPBC.local

TEST: Records registration (RReg)
Network Adapter

[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

Matching CNAME record found at DNS server 192.168.1.210:
9184da82-a434-45f1-b221-f3d63e346628._msdcs.WPBC.local

Matching A record found at DNS server 192.168.1.210:
WPBCDC01.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.a91dd835-980f-432d-8726-b7ee89bb9fed.domains._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.dc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.dc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._udp.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kpasswd._tcp.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-Site-Name._sites.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-First-Site-Name._sites.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.gc._msdcs.WPBC.local

Matching A record found at DNS server 192.168.1.210:
gc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_gc._tcp.Default-First-Site-Name._sites.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.WPBC.local

Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.pdc._msdcs.WPBC.local

Summary of test results for DNS servers used by the above domain

controllers:

DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)

All tests passed on this DNS server

Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.WPBC.local. is operational on IP 192.168.1.210

DNS server: 64.192.0.7 (<name unavailable>)

All tests passed on this DNS server

DNS server: 64.192.0.8 (<name unavailable>)

All tests passed on this DNS server

DNS server: 68.94.156.1 (<name unavailable>)

All tests passed on this DNS server

DNS server: 68.94.157.1 (<name unavailable>)

All tests passed on this DNS server

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: WPBC.local

WPBCDC01 PASS PASS PASS PASS PASS PASS n/a

......................... WPBC.local passed test DNS

Test omitted by user request: LocatorCheck

Test omitted by user request: Intersite

jdfuller

ASKER

I received an inbound mail from Exchange COnnect Test - on my iPod Touch no less!! This is getting good.

jdfuller

ASKER

Inbound/Outbound Exch Conn Tests were successful...
=====================================================

=========================================================================
INBOUND 9:45 PM 7/21/2010
=========================================================================

Testing Inbound SMTP Mail flow for domain jfuller@woodwardpark.org
Inbound SMTP mail flow was verified successfully.
Test Steps
Attempting to retrieve DNS MX records for domain woodwardpark.org
One or more MX records were successfully retrieved from DNS.
Additional Details
MX Records Host mail.woodwardpark.org, Preference 0

Testing Mail Exchanger mail.woodwardpark.org.
This Mail Exchanger was tested successfully.
Test Steps
Attempting to resolve the host name mail.woodwardpark.org in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.3.111.196

Testing TCP Port 25 on host mail.woodwardpark.org to ensure it is listening and open.
The port was opened successfully.
Additional Details
Banner Received: 220 WPBCDC01.WPBC.local Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 21:42:07 -0700

Attempting to send test email message to jfuller@woodwardpark.org using MX mail.woodwardpark.org.
The test message was delivered successfully.
Testing the MX mail.woodwardpark.org for open relay by trying to relay to user Admin@TestExchangeConnectivity.com
The Open Relay test passed. This mx isn't an open relay.
Additional Details
The open relay test message delivery failed (a good thing).
The exception detail is:
Exception details:
Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay
Type: System.Net.Mail.SmtpFailedRecipientException
Stack trace:
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpOpenRelayTest.PerformTestReally()

=========================================================================
OUTBOUND 9:51 PM 7/21/2010
=========================================================================

Performing Outbound SMTP Test
Outbound SMTP Test Successful
Test Steps
Attempting reverse DNS lookup for IP 99.3.111.196
Successfully resolved IP 99.3.111.196 via Reverse-DNS lookup
Additional Details
Resolved IP address 99.3.111.196 to host 99-3-111-196.lightspeed.frsnca.sbcglobal.net

Performing Real-Time Blackhole List (RBL) Test
Your IP address wasn't found on any of the block lists selected.
Test Steps
Checking Block List "SpamHaus Block List (SBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "SpamHaus Exploits Block List (XBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "SpamHaus Policy Block List (PBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "SpamCop Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "NJABL.ORG Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "SORBS Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "MSRBL Combined Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "UCEPROTECT Level 1 Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "AHBL Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Performing Sender ID validation
Sender ID validation performed successfully
Test Steps
ExRCA is attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
Additional Details
No records were found.

jdfuller

ASKER

Exchange Active Sync Tests - Not so good but I am pretty sure I didn't set that up anyway.

========================================================================
Exchange Active Sync Test 9:54 PM 7/21/2010
========================================================================

ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
ExRCA is attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Test Steps
ExRCA is attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential AutoDiscover URL https://woodwardpark.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name woodwardpark.org in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 65.254.248.129

Testing TCP Port 443 on host woodwardpark.org to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name woodwardpark.org does not match any name found on the server certificate CN=*.fatcow.com, OU=Domain Control Validated - Power Server ID(TM), OU=See www.geotrust.com/resources/cps (c)09, OU=GT80608078, O=*.fatcow.com, C=US

Attempting to test potential AutoDiscover URL https://autodiscover.woodwardpark.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.woodwardpark.org in DNS.
The Host could not be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.woodwardpark.org could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()

ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.woodwardpark.org in DNS.
The Host could not be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.woodwardpark.org could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()

ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
Failed to contact AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.woodwardpark.org in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it

========================================================================
Exchange Active Sync AUTODISCOVER Test 9:54 PM 7/21/2010
========================================================================

ExRCA is attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Test Steps
ExRCA is attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential AutoDiscover URL https://woodwardpark.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name woodwardpark.org in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 65.254.248.129

Testing TCP Port 443 on host woodwardpark.org to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name woodwardpark.org does not match any name found on the server certificate CN=*.fatcow.com, OU=Domain Control Validated - Power Server ID(TM), OU=See www.geotrust.com/resources/cps (c)09, OU=GT80608078, O=*.fatcow.com, C=US

Attempting to test potential AutoDiscover URL https://autodiscover.woodwardpark.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.woodwardpark.org in DNS.
The Host could not be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.woodwardpark.org could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()

ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.woodwardpark.org in DNS.
The Host could not be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.woodwardpark.org could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()

ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
Failed to contact AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.woodwardpark.org in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it

jdfuller

ASKER

sunny ::: Can you explain this? This error says I don't have a scope defined. I beg to differ. The leases are good, too.

JDF
SCOPE.jpg

jdfuller

ASKER

Cancel that last post ::: I reran the Scan This Role and all is well.

sunnyc7

hey - was sleeping. just woke up and went through all your posts.

so to summarize.
a) Inbound / outbound working ok. ExRCA pass.
b) Autodiscovery Errors on EAS from ExRCA
We need to fix that.

Did you get a UCC/SAN certificate for Exchange SSL.
http://www.digicert.com/ssl-support/exchange-2010-san-names.htm

I will go through all the ExRCA results and post back if I see something odd.

jdfuller

ASKER

No cert yet. I have ssl off on iPhones and they do connect. I can see sent, drafts etc. Can even make appointments. Do I need cert to send mail? Going tones now and will check back in morning.

jdfuller

ASKER

sunny ::: I have been sucked into the vortex of ful time employment. This is not a bad thing it just leaves little time for two growing boys a wife and some computer magic. (note the time of the post - as do I when I read yours!)

Even though the ExRCA passed, we cannot send out from this exchange server. It times out. It seems to send OK but the message never gets delivered - if that makes sense.

I am connecting well with my iTouch remotley and sending internally with exchange. I can receive on this domain to the exchange server as well. No send.

jdfuller

sunnyc7

jdf - props for load balancing your life :-)

a) Are you saying that when you test for Outbound here - it passes, and it still doesnt deliver emails ?
www.testexchangeconnectivity.com/

Please run that test one more time. @ outbound mail.

Please verify this before we go to step b)

b) I think we can create a send connector.

First Verify if there is something here
EMC
: Organization Configuration > Hub Transport > Send Connectors
Let me know if there's a send connector already there

If it's not there then you can create a new one

New-SendConnector –Name ‘External’ –Usage ‘Internet’ –AddressSpaces ‘SMTP:*;1’
–DNSRoutingEnabled $true –UseExternalDNSServersEnabled $false –Fqdn ‘mail.woodwardpark.

Will wait for your reply.

thanks

jdfuller

ASKER

Performing Outbound SMTP Test
Outbound SMTP Test Successful
Test Steps
Attempting reverse DNS lookup for IP 99.3.111.196
Successfully resolved IP 99.3.111.196 via Reverse-DNS lookup
Additional Details
Resolved IP address 99.3.111.196 to host 99-3-111-196.lightspeed.frsnca.sbcglobal.net

Performing Real-Time Blackhole List (RBL) Test
Your IP address wasn't found on any of the block lists selected.
Test Steps
Checking Block List "SpamHaus Block List (SBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "SpamHaus Exploits Block List (XBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "SpamHaus Policy Block List (PBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "SpamCop Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "NJABL.ORG Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "SORBS Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "MSRBL Combined Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "UCEPROTECT Level 1 Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Checking Block List "AHBL Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL

Performing Sender ID validation
Sender ID validation performed successfully
Test Steps
ExRCA is attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
Additional Details
No records were found.

sunnyc7

Did you try sending emails. Looks like your outbound test worked out ok ?

Let me know.

sunnyc7

Try sending from OWA instead of outlook first.

jdfuller

ASKER

sunny ::: This is a typical response i copied from the queue. Try, try, try then fail.

Identity: WPBCDC01\242\513
Subject: Delivered: RE: Good job/Encouragement needed
Internet Message ID: <63225b67-1d0d-4767-90c4-bd4a50fabe77@woodwardpark.org>
From Address: <>
Status: Ready
Size (KB): 3
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/27/2010 11:36:38 AM
Expiration Time: 7/29/2010 11:36:38 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: WPBCDC01\242
Recipients: wgross@waterboards.ca.gov

sunnyc7

Open Exch Shell > toolbox
Message Tracking Center

Enter sender/ recipient and try to track down this message there.

4.4.7 - I will get you something on that. Give me sometime.
I saw a case in EE 2/3 days ago where 4.4.7 was traced down to a faulty ISP router (definitely outside your scope of troubleshooting).

thanks

jdfuller

ASKER

suny ::: Here's the one I just sent from OWA per your request; it is sitting in the queue. It has not timed out yet.

Identity: WPBCDC01\250\528
Subject: Test From OWA at WPBC
Internet Message ID: <76DB426DA0A9EC4E8F47FF93F5F9F5E8A94049@WPBCDC01.WPBC.local>
From Address: jfuller@wpbc.local
Status: Ready
Size (KB): 2
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/28/2010 10:11:32 AM
Expiration Time: 7/30/2010 10:11:32 AM
Last Error:
Queue ID: WPBCDC01\250
Recipients: jfuller@chukchansi.net

sunnyc7

Can you remove any Sender Filtering on Hub Transport.

jdfuller

ASKER

Oh! You don't suppose the ISP is blocking port 25 do you? I have seen that with SBC. I'd better check. I had forgotten that one!

jdfuller

ASKER

DSL Reports says SBC has been blocking 25 to reduce spam. That may be the culprit.

jdfuller

ASKER

No filtering that I am aware of. I'll check but I didn't set any.

sunnyc7

DAMN @ SBC
Can you telnet from outside to the server and see if there's any issue.
(should have caught that earlier..)

jdfuller

ASKER

Yes. Telnet from where I sit says the port is not open. I am guessing that it reached the server and the server replied. I don't think it was blocked internally. I am outside the server's network but I can remote to it.

I am inside a pretty well controlled environment. The server I am having issues with (Server 2008R2) doesn't recognize 'telnet' as a command. What is up with that!

sunnyc7

Telnet is not installed by default you have to enable it from server roles -- check this >> http://windowsarchitecture.spaces.live.com/blog/cns!C8EE0FE9E055C129!273.entry

jdfuller

ASKER

Sunny ::: I was able to telnet once I was home from work. Port 25 is listening.

sunnyc7

ok

Did you try sending emails out after that ?

jdfuller

ASKER

Yes. They are in the queue waiting to be timed out. I'm checking the Sonicwall log to see what it has to say.

sunnyc7

What ports are open in sonicwall ?
25 80 443

sunnyc7

a) start > run > services.msc

check all exchange services are running.
Nothing is disabled / stopped etc.
All services are set to automatic and started.

b) Open Exchange
Go to toolbox > message tracking center.

enter the email addresses there and see what is the status code for these emails ? Is it NDR'ing it out.

sunnyc7

Also on exchange
try this

Resume-Queue -Server YOURSERVER.DOMAIN.LOCAL

And see if the queue clears up ?

sunnyc7

Also
EMS
toolbox > queue viewer

What is the status of the queue - is it ready ?

I am trying to isolate it from queue perspective.
DNS issues resolved
ExRCA done
Send Connector Done.
Firewall > ongoing.

And we are working on
Services
Queue itself

That leaves us with Bad queue
> Change queue directory (next step maybe ?)

let me know.

jdfuller

ASKER

25, 80, 443 all open. SMTP, HTTP, HTTPS respectively.

Exchange Services are all running except POP (we are not using this), Monitoring for cmdlets, and Extensions for Backup.

I went to the TollBox and double clicked the MEssage Tracking and ended up with the Outlook Web Access login (?) Anyway, the message I sent to myself from my webmail showed up. So it is recieveing mail on the new domain.

I will reply and check the queue for transport errors. Stand by.. :o)

sunnyc7

really ? message tracking goes to OWA login.
***ghost in your machine

let me know about queue and transport errors.
I am guessing queue is suspended or something.

sunnyc7

BTW - how many send connectors are there ?

Org config > hub transport > Send connectors.

How many are enabled ?
Right click properties

On General
See if FQDN mail.woodwardpark.org is there
Check Address Space tab

SMTP *
Cost =1

Network
first box is checked - use DNSMX to route emails
TLS is checked.

Source Server
Yourserver name is the associated server.

Let me know.

jdfuller

ASKER

sunny ::: From last post..everything is as you said except TLS DOmain Authentication was unchecked. FQDN was as stated and network space is good. Source server is good. TLS only thing unchecked.

sunnyc7

ok.

Did you check if the queues were suspended from toolbox > queue viewer ?

sunnyc7

Please check TLS

thanks

sunnyc7

Are you using a smarthost to deliver emails ? (I guess not - since you didnt mention it till now...)

Can you call the ISP and check if they are blocking port 25.
(Your telnet test was for connecting TO > port 25)
We are testing Exchange > Outside - FROM

jdfuller

ASKER

TLS is now checked and I sent a test message to myself. I'll post back asap.

sunnyc7

ok.

jdfuller

ASKER

Msg stuck in queue. Exchange will try to send this message for blah blah hours is the error ( not really an error yet). I see no activity on the router saying that the server is trying to do anything. No event logs saying that Exchange is having a problem.

sunnyc7

Is the queue suspended

Run this on exch shell
Resume-Queue -Server YOURSERVER.DOMAIN.LOCAL

See if that clears the queue.

jdfuller

ASKER

It wants a filter value.

sunnyc7

Yes, that is because we didnt specify which queue
try this

Resume-Queue -Server YOURSERVER -Filter {status eq "suspended"}

OR

Open Exchange Management console
toolbox > Queue Viewer
Right click on queue and Retry

jdfuller

ASKER

This is the message I received from my POP end then just replied. Colpied from the Queue - Status "Retry"
=====================================================================

Identity: WPBCDC01\259\548
Subject: Reply to TEST From NCTV Webmail
Internet Message ID: <76DB426DA0A9EC4E8F47FF93F5F9F5E8A94197@WPBCDC01.WPBC.local>
From Address: jfuller@wpbc.local
Status: Ready
Size (KB): 3
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/29/2010 11:29:43 AM
Expiration Time: 7/31/2010 11:29:43 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: WPBCDC01\259
Recipients: jdfuller@nctv.com

sunnyc7

Is mail flow working after you resume the queue ??

sunnyc7

ok. ignore the last one.

I am going to recommend some MTU troubleshooting...let me get the case for my. brb

sunnyc7

ok. you still have the reverse DNS doesnt match SMTP banner error
go to Org Config > hub transport > send Connector
Right click

Change it from WPBCDC01.WPBC.local
To
mail.woodwardpark.org

Also check with your ISP if they setup an RDNS for you for mail.woodpark.org

--
Please give this a read
https://www.experts-exchange.com/questions/26355695/exchange-cannot-send-receive-from-certain-address.html

They resolved the 4.4.7 error to a faulty router somewhere ahead of them.

Please call your ISP and check.

thanks

sunnyc7

Can you upload the log files for last 2 days from here
c:\windows\system32\logfiles\smtpsvc1

jdfuller

ASKER

The FQDN in the General tab of the Properties for the Hub Transport Send COnnector is already mail.woodwardpark.org.

An RDNS record does not appear to be working as the nslookup does not work for our Exchg IP. It returns Unknown from the server itself.

No such directory exists for the logfiles. I find that odd.

sunnyc7

i thought we just fixed dns above ?

sunnyc7

Can you do a full virus scan on the server

jdfuller

ASKER

Running tonight... 7/30/10. Stay tuned... Thanks. We are supposedly protected. We'll see.

jdfuller

ASKER

sunny ::: Are you out there? I'm back.

Here's what MXTOOLBOX returned. THere is a proper MX and A record for the domain at GoDaddy.
I called AT&T today (45 min wait for a US tech guy!) and got the form filled out for the RDNS request.
========================================================================

SuperTool Beta
Command:
a:mail.woodwardpark.org a

Type Domain Name IP Address TTL
A mail.woodwardpark.org 99.3.111.196 60 min
reverse lookup smtp diag port scan blacklist

Reported by ns33.domaincontrol.com on Tuesday, August 10, 2010 at 5:19:06 PM (GMT-5)

Error
ptr requires an IP Address and www.woodwardpark.org is not a valid IP.
Invalid Inputreverse lookup smtp diag port scan blacklist

Reported by mxtoolbox.com on Tuesday, August 10, 2010 at 4:24:11 PM (GMT-5)

a:www.woodwardpark.org a

Type Domain Name Canonical Name TTL
CNAME www.woodwardpark.org woodwardpark.org 60 min
Type Domain Name IP Address TTL
A woodwardpark.org 65.254.248.129 60 min
reverse lookup smtp diag port scan blacklist

Reported by ns33.domaincontrol.com on Tuesday, August 10, 2010 at 4:24:03 PM (GMT-5)

Error
ptr requires an IP Address and mail.woodwardpark.org is not a valid IP.
Invalid Inputreverse lookup smtp diag port scan blacklist

Reported by mxtoolbox.com on Tuesday, August 10, 2010 at 4:23:20 PM (GMT-5)

mx:mail.woodwardpark.org mx

No records foundreverse lookup smtp diag port scan blacklist

Reported by ns33.domaincontrol.com on Tuesday, August 10, 2010 at 4:23:07 PM (GMT-5)

jdfuller

ASKER

NOTE ::: The www is the web host and it is at a different IP than the Exchange Server.

sunnyc7

I am still here... I keep checking this case for updates.
will check mxtoolbox and post back.

sunnyc7

Server Configuration > Hub Transport > Receive Connector
Right click your default receive connector > properties
Under General Tab - enter
mail.woodwardpark.org

Check settings here
http://www.shudnow.net/2008/11/08/exchange-2007-mail-flow-dns-records-connectors-and-tls/

thanks

jdfuller

ASKER

Thanks for hangin'

Done. I actually did this today because I noticed there were two - one default the other Client but neither had the FQDN on it so I created a new one with the wizard becasue the other two I could not edit. Was that a bad idea?

jdfuller

P.S. Can we get this info sanitized after we're done wreaking havoc on the site?

sunnyc7

yes we will. you can click on Request attention on top and say please remove all IP and domain details. some mod will do it.

Let me know if your send receive works.

jdfuller

ASKER

Wow! Feeling pretty proud of myself right now. I read that article and that was exactly what I did this afternoon; made a connector to the Internet. OK. So far it seems like progress is being made. I am still baffled as to why Exchange wizardry would not walk someone throught these steps IN CASE they wanted to receive mail from the outside - ya think?

JDF

jdfuller

ASKER

I cannot test telnet from inside this domain. I have to get home to do it so it won't be until later. I also have an exchange account set up on my iTouch that works for testing this domain. It receives alright, just can't send.

BTW ::: AT&T cost me 45 minutes of my life and I had to fill out a form to get a RDNS record put on their servers.

JDF

sunnyc7

AT&T - Rethink Possible.......NOT !

jdfuller

ASKER

sunny ::: I have tested the telenet from home and the "banner" has the WPBCDC01.wpbc.local in it instead of mail.woodwardpark.org. I see messages waiting in the queue that are delayed and not leaving the server.

I have an smtp Host (A) and a mail Host (A) in the Forward Lookup zones. PTRs are not being created it says because we have no Reverse Lookup defined.

I have a hunch I need at least the mail.woowardpark.org reverse on the local server, don't you? I wish I understood this a little better. I guess I am getting there!

JDF

sunnyc7

I am going to read the whole case one more time later tonight. At this point I am really not sure what steps we took earlier and what is the present configuration.
will post back later.

jdfuller

ASKER

Standing by. Will have a look during day tomorrow.

sunnyc7

need some more time. @ been hectic.
Will post back tomorrow @ its 3:40 AM here... :)

jdfuller

ASKER

No prob.

jdfuller

ASKER

sunny ::: This is the latest error. I ran the Mail Flow utility i nthe Toolbox in EMC and was told that IPv6 was not supported by Exchange 2010. I do not have that configured on the NIC, only IPv4. I disabled IPv6 by unchecking in the NIC properties and instantly froze the machine. I had to drive 35 miles to restart it and it did not go past Applying computer settings... until I re-enabled IPv6 in Safe Mode. Everything is back to where it was now before the IPv6 was disabled. More fun. I thought this might be helpful.

I do NOT have a certificate with the smtp.woodwardpark.org domain named. Is this a real error or a result of a configuration problem. Can I create the cert myself through the Exchange Shell?

Microsoft Exchange could not find a certificate that contains the domain name smtp.woodwardpark.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Connector with a FQDN parameter of smtp.woodwardpark.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

sunnyc7

a) Somethings you learn @ never disable IPV6 in Windows 2008 / ex 2007 / 2010 or anything higher.
sorry you had to learn it that way :(

b) One option is self signed cert for mail.woordwardpark.org - but that will fail if you are connecting windows Phones and Droids.
iPhones / Blackberry will pass with self signed Cert.

It's a good idea to get a UCC/SAN Cert. Costs about $329
https://www.digicert.com/easy-csr/exchange2010.htm
http://www.digicert.com/exchange-2010-ssl.htm

You need to add these names

mail.woordwardpark.org (your first MX)
autodiscover.woordwardpark.org (you need to create it in your DNS)
WPBCDC01.WPBC.local
WPBCDC01

I was scrolling through the case today. I saw that you created some cert's with digitap earlier. Were they self signed or UCC/SAN from godaddy / digicert.

thanks

Andrew Oakeley

Hi,

Sunny flicked me an email asking me to review this question. I have some ideas but I am a little unclear of what the current status of the server is. To mix some metaphores... So much has gone on I cannot see the wood for the trees, and I don't want to muddy the waters any further. If you could clearly state your current status I'll see what I can do to help

Can you recieve mail?
Can you send mail?
What other problems do you have?

Ta

Andy

jdfuller

ASKER

sunny ::: The current certs are all created at install however, I made one - I think - using the Exchange Shell back a while ago from a post. It said it did successfully and I verified that it was indeed where it needed to be. Screen shot enclosed.

andy ::: welcome to my world...and thanks for taking a brave step. sometimes when too much happens...its too much! (Corrallary to Ocham's Razor). Here's the deal

::: Recently - two days ago - I had AT&T put an RDNS record in their servers. At one point we thought the reverse DNS was non-existent and using MXToolbox and nslookup kind of proved that correct. It does not seem to be effective yet or its not the problem. On my Exchange Server I see NO Reverse DNS records at all. This seems strange as well.

::: The DNS Event Log shows no errors except continuous INFORMATION errors - encountered a bad packet from 64.192.0.8 - which I beleive is AT&T.

::: I can received mail sent to the domain mail.woodwardpark.org. This is hosted by GoDaddy.

::: GoDaddy help me setup the A and MX records.

::: I can connect to OutlookWebAccess with my iTouch and check mail from outside the domain (at home). In other words, Exchange is happy to see my iTouch. NO SSL.

::: I can connect to OWA through a broswer - no problem.

::: I can send mail through any of the user accounts from anywhere with no error EXCEPT they sit in the queue until they time out; issuing the proper - "Your mail ain't going anywhere fast but I'll keep-a-tryin'..." message. Then after the alloted time, another message saying it didn't go at all.

::: The Mail Flow Tool in the Exchange Management Console says everything is fine except threw up a CAUTION = IPv6 is NOT ALLOWED WITH 2010 - at which point - yesterday - I disabled it on the NIC and proceeded to incapacitate the server. It's back to normal now - it is where it was before I did that. I just ran it again and exported the CSV. Two entries - IPv6 not supported..that's it.

::: The event logs have this continual error about not being able to find a certificate for mail,woodwardpark.org to be able to start the verb ... (from a couple of posts ago ... Microsoft Exchange could not find a certificate that contains the domain name smtp.woodwardpark.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Connector with a FQDN parameter of smtp.woodwardpark.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

::: The server is behind a Sonicwall with the proper services created for Exchange using the wizard. I see no hinderence of the transport.

::: The SMTP Banner does not say mail.woodwardpark.org when telnet is used. It says WPBCDC01.WPBC.local. That seems strange. It may have somehting to do with the SMTP verb thingy.

Attached is a screen shot of the Cert Library. Appreciate any help I can get.
CertsPersonalStore081310.jpg

jdfuller

ASKER

Another Screen shot of the DNS Foward Lookups. Nothing contained in the Reverese Lookups.
FwdLookupZones081310.jpg

Andrew Oakeley

Can you please do 2 things for me:

1. Screenshot all the properties pages of your receive and send connectors. Probably best to put in a word doc and then post the doc

2. From your server install telnet then
#> telnet mail.messaging.microsoft.com 25
And post the result

Andrew Oakeley

Also. Please post output from
#> ipconfig /all

sunnyc7

JDF
You had posted the dns config earlier also - I dont know why I didnt see it.
http:#33438855

Your internal DNS has
- 2 MX records
- one A record called SMTP
- one A record called WWW

> i think all your issues will be resolved if you delete these 3 records in DNS and restart DNS server and Exchange hub Transport.

--
*****Before you do that:*****
a) Take a full system state backup of This Server.
b) Take a backup of C:\windpws\sytem32\DNS - directory.
c) wait for comments from andy / digitap.

this qn. has taken 170+ posts. I think we can wait for a few more before we edit DNS records.
you wont have to drive 35 miles for this ;)

jdfuller

ASKER

Hey Gang! ::: Take a look. I was getting ready top install the Server backup feature and noticed the SMTP server "feature" was not installed. Is this bad? Does Exchange have its own? Is it a bad idea to install this service? Could that explain the lack of Send Functionality? Not being sarcastic, although I really could, why isn't this installed with Exchange? (Image attached).
features.jpg

jdfuller

ASKER

Andy ::: Telnet installed. Result below. Connector screen shots forthcoming...next post.

220 am1ehsmhs003.bigfish.com Microsoft ESMTP MAIL Service ready at Sun, 15 Aug 2010 04:46:56 +0000

Sunny ::: Cold Metal Backup in process. DNS still intact as shown in previous post. In an effort to "cure" my problem I created the smtp and www entries. Probably safe to remove since I put them in. No change was realized for the better but might have gummed up things going forward. This was a recent addition - last month sometime.

jdfuller

ASKER

Andy ::: PDF was smaller. Let me know if this fits the bill. JDF
Exchange-Connectors-081410.pdf

jdfuller

ASKER

sunny ::: ALmost there. Going to bed. Will check in the morning for comments. Thanks. I hope I don't sound like a broken record - I know I do - but my integrity is at stake and the best chance I have is the Experts here.
ServerBackup.jpg

jdfuller

ASKER

Gentlemen ::: It is finished! The backup that is. I can't resist removing those pesky DNS records I added just to see if that solves it so I am going to try. I have to satisfy my brain before I go to sleep or I'll just lay thinking about it until tomorrow anyway.

jdfuller

ASKER

::: IPCONFIG /ALL with NSLOOKUP on both www and mail
===============================================

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : WPBCDC01
Primary Dns Suffix . . . . . . . : WPBC.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : WPBC.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : A4-BA-DB-11-A1-A6
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::41af:6a6c:b98c:5397%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.210(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.253
DHCPv6 IAID . . . . . . . . . . . : 245676763
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-6C-5E-34-A4-BA-DB-11-A1-A6

DNS Servers . . . . . . . . . . . : 192.168.1.210
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client) #3
Physical Address. . . . . . . . . : A4-BA-DB-11-A1-AA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client) #4
Physical Address. . . . . . . . . : A4-BA-DB-11-A1-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{96953B46-B8D1-4159-B17A-F7C435B5EB5F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8D97248D-F70B-4B00-9AE8-73A436BBC1DF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{ED08BBEA-4326-45AA-8CF8-3C7601AF8E3C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\Users\Administrator>nslookup mail.woodwardpark.org
Server: UnKnown
Address: 192.168.1.210

Non-authoritative answer:
Name: mail.woodwardpark.org
Address: 99.3.111.196

C:\Users\Administrator>nslookup www.woodwardpark.org
Server: UnKnown
Address: 192.168.1.210

Non-authoritative answer:
Name: woodwardpark.org
Address: 65.254.248.129
Aliases: www.woodwardpark.org

C:\Users\Administrator>

jdfuller

ASKER

sunny ::: DNS records as indicated in your post were removed and DNS restarted. Ipconfig - flushed dns. Connected remotely using OWA and sent more mail - stuck in queue. Essentially, no chnage.

ATTACHED is MXToolbox on the domain for SMTP. The banner is an issue. Maybe you guys can see something in the screen shots of the connectors.

MXToolbox-Report.jpg

Andrew Oakeley

Have a good sleep. I will review when I get home and post for you later

jdfuller

ASKER

::: OK. Just for kicks. Had to do an Exchange Connectivity Analyzer Test from the server just to see what it thinks. It thinks everything is fine except the SPF record. ??? Goodnight!
ExRemConnAnalyzer---SEND-Test-08.jpg

Andrew Oakeley

No worries. I am pretty sure I will find the final key in the info you have posted, unless sunny is nearer a computer and beats me to it!

jdfuller

ASKER

Andy ::: PROGRESS ::: Performed all the changes as requested. SMTP banner is now correct. I signed on to OWA and sent a new mail (after cleaning out the queue) and the message is stuck in the queue. I saw it go in (from an RDP session to the server on another screen) but it is just sitting there.

I don't know the SMTP server of the domain's ISP but I could rig to use my ISP's just to test it. I'll do that a little later. Gotta go for an hour or two. Attached is the screen shot of the Network tab of the Client Connector.

::: The Authentication tab has on it TLS checked but Mutual Auth. is NOT checked.
::: Basic Auth - Yes AND Offer basic only after starting TLS.
::: Integrated Windows Auth checked.
Client-Connector.jpg

Andrew Oakeley

Flat out monday here. Did not even have a chance to check on EE Mobile.

Yes please use ISP SMTP serevr as smart host and I think that will finish this off. Though by all accounts it should actually be working now.If it is not working after you make this change we need to pay close attentin to the send connector properties. I will review again after you have tested with ISP SMTP Server, do not try to use the SMTP server of the domain host, this will almost certainly NOT work.

The CLIENT recieve connector can stay as is as it is listening on port 587, and will not interfere with anything we are doing.

Andrew Oakeley

IF using the ISP as smart host does not work, then :
1. post image of what you are seeing in the queue

2. delete and recreate the send connector (You can either wait for me to post back, or just give it a crack if I am too long in responding)

Official MS: http://technet.microsoft.com/en-us/library/aa997285.aspx
Same thing, but with pictures so easier to follow: http://www.petri.co.il/configuring-exchange-2007-send-external-email.htm

sunnyc7

Guys
I was out of action this weekend. Visiting friends etc.

Will check andy's recommendations and post back.

Andrew Oakeley

no sweat sunny. I was out most of the weekend also, we did not do much.

jdfuller

ASKER

Thanks for posting, guys. Will advise after changes.
JDFuller

sunnyc7

Jdfuller
Let us know how andy's thing works out.

Can you post another screenshot of the DNS please.

Server roles required for Exchange 2010
Part of pre-reqs
http://technet.microsoft.com/en-us/library/bb691354.aspx

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

jdfuller

ASKER

I have prep'd the system with the only reccommendation that came with Exchange pre-req install and that was the patch. I see the link (sunny's post) has Windows Power Shell installing several things. Can I invoke the command to install these things wihtout "over" installing - or - can I install even if some of them are already installed. I am pretty sure .NET is in there but not sure how to check everything on the list. Can I just go ahead and run this command and not worry if some parts are already in there.

Current DNS - Attached screen shot(s) First - Forward DNS, Second - Reverse DNS

jdfuller
DNS-Forward-081610.jpg

jdfuller

ASKER

Reverse DNS

DNS-Reverse.jpg

sunnyc7

delete the mail entry for now @ DNS
let it be wpbcdc01.wpbc.local with 192.168.1.210

-
Are you saying you missed some of the pre-req steps ? Let me know which one ?

jdfuller

ASKER

I put in the "microsoft filter pack". I have not used the elevated shell and installed all the things outlined in your post. I started with a fully patched WIndows 2008 R2 then installed the FIlter Pack then installed Exchange 2010. All the pre-requisites were "Green Light" according to the Exchange installation Wizard after that. Then I proceeded w the install of 2010.

jdfuller

ASKER

Did you understand my question reagarding "Features" to be installed. When I was installing "telnet" I noticed that the SMTP "feature" was NOT installed. See the screen shot from ID:33439289. Is that needed...cuz, it ain't in there.

Andrew Oakeley

No exchange has its own SMTP, you do not need to install the windows SMTP.

How did you go with the smart host and/or recreating the connector?

Andy

sunnyc7

Andy
Check the bPA report here
http:#3218151

jdfuller

ASKER

sunny ::: Link didn't take me anywhere.

I tried the Smart Host. I'm fairly certain I set it up correctly - same as I would in an Outlook Account except I'm not sure of the TLS mode, needed or not. I was able to add it in the COnnector as indicated. The messages stay in the queue, though, regardless of either setting. I'm going to try the SMTP for the GoDaddy account and see what happens. They seem a bit more helpful than AT&T.

jdfuller

ASKER

sunny ::: Missing a '3' :-) I found it.

Andrew Oakeley

Can you screenshot the queues when mail stuck in them?
Also turn on verbose logging on send connector and email log.

I will review the link to bpa report report sunny posted.

jdfuller

ASKER

Queue shot attached. Looks like a peice of rougue mail in there, also. The queue was empty except for mine this afternoon.

P.S. It might be time for new bPA report. We've done a lot since.

P.P.S. Should the FQDN of the Send COnnector be smtp.woodwardpark.org or mail.woodwardpark.org?
Queue-081610-2300.jpg

jdfuller

ASKER

LAST SEND ATTEMPT 2300 hrs ::: 451 4.4.0 Primary target address responded with: "421 4.2.1. Unable to connect." Attempted failover to alternate host, but that did not succeed.

I removed the smart host restated the Transport service and tried the DNSConnectorDelivery method and got the above response.

Andrew Oakeley

Set to mail.xxxx so it matches your forward DNS. But should not matter

The rogue mail is probably an NDR response to some incoming spam.

Did you delete and re-create the Send Connector as per instructions sent earlier?

Unless we had proven otherwise by telnet to remote host on port 25 I would be completely convniced that this was a firewall issue with outbound SMTP. Now I just want to know why it is ending up in outbound queues but not actually sending.

Sunny - what are the rules in here about offering to connect to someones computer remote to just fix it?

jdfuller

ASKER

Recreated Send Connector - Same response as above re: Primary target....

jdfuller

ASKER

This is a benign environment. All users (<10) are using POP until this is fixed. I am the IT for the org....which...right now, ain't saying much. I'm in a "no lose situation" and you guys have too much to risk screwing it up intentionally. You have the IP. I would bet no one would say this was for money in any court. jfuller at the domain in question. It will receive. :-)

jdfuller

ASKER

As long as we can post this answer - mod allowing - I think it would be extremely enlightening.

Andrew Oakeley

Ok - at a client now - but will be in touch later..

Just scrolling back through the posts and noticed this one (see line in bold)
Please confirm you have the reply to address on the users set to the FQDN @woodwardpark.org

Identity: WPBCDC01\259\548
Subject: Reply to TEST From NCTV Webmail
Internet Message ID: <76DB426DA0A9EC4E8F47FF93F5F9F5E8A94197@WPBCDC01.WPBC.local>
From Address: jfuller@wpbc.local
Status: Ready
Size (KB): 3
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/29/2010 11:29:43 AM
Expiration Time: 7/31/2010 11:29:43 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: WPBCDC01\259
Recipients: jdfuller@nctv.com

jdfuller

ASKER

On their Outlook client config's...Yes. In ExchMgmntConsole - see attached screen shot.
Mailbox-in-EMC.jpg

jdfuller

ASKER

Since day one I have tried to set the woodwardpark.org as the Reply but it just stays greyed out and won't let me change it to the proper "Set as Reply" . I hope that isn't aggregiously wrong I'd fel really stupid. In their client config's they have the POP return now xxxx@wwpbc.org until this domain kicks in.

Andrew Oakeley

It will *definately* not let you send as .local

On that same "Email address" tab there is a tick box for "automatically update based on policy" or something like that.

untick that - apply - and then you can change the reply address to a real domain.

jdfuller

ASKER

Feeling a bit sheepish right now! Should have gone with that hunch and posed that Q first. I'm changin right now. Will retry an OWA message. Stand by.

jdfuller

ASKER

Bummer. Stuck in queue with Primary target message like before but was able to reset outgoing reply as you noted. Will change on all mbx's ... cuz its the right thing to do regardless.

Andrew Oakeley

The correct way to change is with recipient policy, not individually on each mailbox. But if server does not have policy for that emails address that could also be issues.... firing off emails a bit half arsed ATM coz meant to be doing something else... give me an hour if you can hang around. we are very close.

jdfuller

ASKER

Closed dialog and restarted Transport Service. Trying again. .... Same-o'. 451 4.4.0

jdfuller

ASKER

Do you know CrossLoop? We could connect that way - no harm no foul - if rules allow. We both have to be at machines to do it. Its free.

jdfuller

ASKER

Gotta be somewhere in 4.5 hrs. Need sleep. You guys are the bomb for sticking it out. Thanks. Will monitor tomorrow.

jdfuller

ASKER

Sorry. Posts are not chrono. I missed the last one until I posted and updated. I do have to ZZZZ. I feel like a flake cuz ur helping and I'm out of gas. I'll hang till I fall asleep in this stupid chair waiting for the queue to empty. Kidding. I empty it before I send anything so I have a clean space to work in.

Andrew Oakeley

ok get some sleep - touch base tomorrow

jdfuller

ASKER

Got a bowl of cereal. I'll hang. If this will work, it'll be well worth calling sick tomorrow. :-) I know your busy. I'll stand by.. I'll watch a Netflix or something till I hear from you again.

jdfuller

ASKER

Are u still there? I got a second wind.

Andrew Oakeley

goto my profile, get my email address, flick me an email

jdfuller

ASKER

It has been determined through much effort and discipline that the cause of the failure to reach the WAN is caused by AT&T blocking port 25.

My hat is off to you who have read this far just to find this out. Many hours of anguish were spent to bring you this information. Thanks you sunnyc7, aoakeley and digitap who unselfishly contributed to this nightmare just to get a few points.

You guys are animals!! Thank you.

sunnyc7

after 170 posts - ATT blocking port 25. :(
I am pretty sure we checked with ATT earlier about port 25 ?

Andy thanks a lot man. You fixed it.

Andrew Oakeley

I reckon you fixed a lot of other stuff along the way before I got here. I just could not get my head around why email was not getting out the queue, but kept coming back to SMTP being blocked but JD had stated

> Andy ::: Telnet installed. Result below. Connector screen shots forthcoming...next post.
> 220 am1ehsmhs003.bigfish.com Microsoft ESMTP MAIL Service ready at Sun, 15 Aug 2010 04:46:56 +0000

Turns out this was done on local machine not on the server......

sunnyc7

I am pretty sure we checked with ISP earlier
http:#33251680

JDF checked here too.
http:#33309371

Anyway - Alls well that ends Well :)

I am really happy that JDF managed to stick with it for such a long time while doing his fulltime job and managed to bring this to a closure.

jdfuller

ASKER

There was just no fair way to parse out points. I know you guys were not in this Q for the points. Its a matter of Man Over Machine (pardon the lack of Political Correctness). I am humbled by your collective expertise. But, hey, I learned a few (a lot) of things. Kudos, all of you. Much appreciated. Again - Occam's razor (or Ockham's razor) is the principle that "entities must not be multiplied beyond necessity" G-day!!

sunnyc7

JDF.

Have a great day :)

digitap

i don't know if i quite contributed as much as the other two, but i do appreciate the points!

i'm sorry that the issue ended up being the ISP.

sunnyc7

I know you guys were not in this Q for the points.
>> We Were (I was)
Ha ha..