Link to home
Start Free TrialLog in
Avatar of awilderbeast
awilderbeastFlag for United Kingdom of Great Britain and Northern Ireland

asked on

exchange 2010 - edge transport server, emails are stuck in a local loop

hi all, my edge transport server is getting all my emails but not sending them on to my main exchange server
i get an error saying stuck in local loop on the queue viewer

can anyone help me out i dont know what ive done :S

Cheers


dentity: CH-FW\Submission\573
Status: Retry
Size (KB): 4
Message Source Name: SMTP:External Receive Connector
Source IP: 212.50.160.34
SCL: 0
Date Received: 26/08/2010 16:46:50
Expiration Time: 28/08/2010 16:46:50
Last Error: A local loop was detected.
Queue ID: CH-FW\Submission

Open in new window

Avatar of Tony J
Tony J
Flag of United Kingdom of Great Britain and Northern Ireland image

Can you tell us a bit more about your installation?

Just Exchange 2010 or any earlier versions?

Your users are receiving but cannot send?
Avatar of awilderbeast

ASKER

exchange 2010 main server 1 > exchange 2010 transport role installed on firewall Server 2

users can send and receive internally send externally but not recieve externally
Anyone have any clues where to start looking?

Once email is recieved by the external recieve connector how is it then processed is it passed to internal send connector?
Is this a new installation? Or was it working before?

Can you resolve / ping the hub server FQDN from the Edge server? Did the subscription of your Edge server work ok?
It might also be worthwhile testing your Edge Synchronisation:

http://technet.microsoft.com/en-us/library/aa996925.aspx
it was working before yes

i can ping both machines from eachother and i can ping the FQDN fine too

i do not have an edge subscription i dont think
dont know how to set that up, and i needed the edge subscription i dont know how it ever worked!

how do i set up edge?

also was my previous statment correct?
Once email is recieved by the external recieve connector how is it then processed is it passed to internal send connector?

Thanks
[PS] C:\Windows\system32>Test-EdgeSynchronization


RunspaceId                  : 88285b7a-2c25-48b6-a70c-4bab50962fa6
SyncStatus                  : NoSyncConfigured
UtcNow                      : 26/08/2010 16:12:45
Name                        :
LeaseHolder                 :
LeaseType                   : None
FailureDetail               : There are no Edge subscriptions for current site "Carmelite".
LeaseExpiryUtc              : 01/01/0001 00:00:00
LastSynchronizedUtc         : 01/01/0001 00:00:00
TransportServerStatus       : Skipped
TransportConfigStatus       : Skipped
AcceptedDomainStatus        : Skipped
RemoteDomainStatus          : Skipped
SendConnectorStatus         : Skipped
MessageClassificationStatus : Skipped
RecipientStatus             : Skipped
CredentialRecords           : Number of credentials 0
CookieRecords               : Number of cookies 0

Open in new window

ok i found how to do it and tried to start the subscrptiion
[PS] C:\Windows\system32>Start-EdgeSynchronization


RunspaceId     : 88285b7a-2c25-48b6-a70c-4bab50962fa6
Result         : CouldNotConnect
Type           : Recipients
Name           : CH-FW
FailureDetails : The LDAP server is unavailable.
StartUTC       : 27/08/2010 08:09:47
EndUTC         : 27/08/2010 08:10:08
Added          : 0
Deleted        : 0
Updated        : 0
Scanned        : 0
TargetScanned  : 0

RunspaceId     : 88285b7a-2c25-48b6-a70c-4bab50962fa6
Result         : CouldNotConnect
Type           : Configuration
Name           : CH-FW
FailureDetails : The LDAP server is unavailable.
StartUTC       : 27/08/2010 08:09:47
EndUTC         : 27/08/2010 08:10:08
Added          : 0
Deleted        : 0
Updated        : 0
Scanned        : 0
TargetScanned  : 0

Open in new window

Have you set up LDS?

There is an error regarding LDAP failure.
Out of interest, have you always had an Edge Transport or did you add one at a later date?
And on another note, you haven't changed / updated certificates lately have you?
ive always had one from the off, it didnt work til i installed edge, but it looks like i never set it up correctly in the first place, i really have no idea how it even works

im just abotu to start learning exchange (i got my MCITP EA) now im moving to exchange and im making a mess it seems!

The TMG server (where edge is located) is blocking LDAP(EdgeSync) traffic

im tryign to telnet to CH-FW 50389 and it fails, looking at logging its getting denied, i created an access rule to allow LDAP(EdgeSync) traffic to internal/local host and from internal/localhost but the default deny is still getting it

do i need to publish?

Thanks
ok i can telnet to 50389 now

it just comes up with a blank screen though, that right?

it still says teh ldap server is unavailable though, any ideas?
ASKER CERTIFIED SOLUTION
Avatar of Tony J
Tony J
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
all those ports are now open, i cant telnet to them all (execpt rdp obviously) i alreayd had that open though

i have also checked that website link, i have done everything that that has said

wait i just tried it again...

says we have a go

this is the queue on the edge server now

[PS] C:\Windows\system32>get-queue

Identity                                    DeliveryType Status MessageCount NextHopDomain
--------                                    ------------ ------ ------------ -------------
CH-FW\15                                    SmartHost... Retry  74           ch-ex
CH-FW\Submission                            Undefined    Ready  0            Submission

should the queue be getting bigger on the hub now?


[PS] C:\Windows\system32>Start-EdgeSynchronization


RunspaceId     : 88285b7a-2c25-48b6-a70c-4bab50962fa6
Result         : Success
Type           : Recipients
Name           : CH-FW
FailureDetails :
StartUTC       : 27/08/2010 08:31:41
EndUTC         : 27/08/2010 08:31:41
Added          : 0
Deleted        : 0
Updated        : 0
Scanned        : 0
TargetScanned  : 0

RunspaceId     : 88285b7a-2c25-48b6-a70c-4bab50962fa6
Result         : Success
Type           : Configuration
Name           : CH-FW
FailureDetails :
StartUTC       : 27/08/2010 08:31:41
EndUTC         : 27/08/2010 08:31:41
Added          : 0
Deleted        : 0
Updated        : 0
Scanned        : 0
TargetScanned  : 0

Open in new window

Fabulous news.

Hopefully now your mail will begin to be delivered.

Might be worth running through the Best Practices Analyzer to give your environment the once over.
so that should be it?

its still stuck :S
in a different queue but stuck by the looks of it

EDGE SERVER

[PS] C:\Windows\system32>get-queue

Identity                                    DeliveryType Status MessageCount NextHopDomain
--------                                    ------------ ------ ------------ -------------
CH-FW\15                                    SmartHost... Retry  79           ch-ex
CH-FW\Submission                            Undefined    Ready  0            Submission

HUB SERVER

[PS] C:\Windows\system32>get-queue

Identity                                    DeliveryType Status MessageCount NextHopDomain
--------                                    ------------ ------ ------------ -------------
CH-EX\3997                                  MapiDelivery Ready  0            mailbox database 0435330091
CH-EX\Submission                            Undefined    Ready  0            Submission
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
EDGE SERVER


[PS] C:\Windows\system32>get-queue |fl


Identity         : CH-FW\15
DeliveryType     : SmartHostConnectorDelivery
NextHopDomain    : ch-ex
NextHopConnector : f5b6fe59-f27a-4859-a7b0-e3642c95a247
Status           : Retry
MessageCount     : 83
LastError        : 451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authen
                   tication." Attempted failover to alternate host, but that did not succeed. Either there are no alter
                   nate hosts, or delivery failed to all alternate hosts.
LastRetryTime    : 27/08/2010 09:33:28
NextRetryTime    : 27/08/2010 09:43:28
IsValid          : True
ObjectState      : Unchanged

Identity         : CH-FW\Submission
DeliveryType     : Undefined
NextHopDomain    : Submission
NextHopConnector : 00000000-0000-0000-0000-000000000000
Status           : Ready
MessageCount     : 0
LastError        :
LastRetryTime    :
NextRetryTime    :
IsValid          : True
ObjectState      : Unchanged

HUB SERVER
[PS] C:\Windows\system32>get-queue |fl


RunspaceId       : 88285b7a-2c25-48b6-a70c-4bab50962fa6
Identity         : CH-EX\3999
DeliveryType     : SmartHostConnectorDelivery
NextHopDomain    : smtp.karoo.co.uk
NextHopConnector : 3aa13a99-a4fe-4d02-b252-6c736f3adaaa
Status           : Ready
MessageCount     : 0
LastError        :
LastRetryTime    : 27/08/2010 09:41:39
NextRetryTime    :
IsValid          : True
ObjectState      : Unchanged

RunspaceId       : 88285b7a-2c25-48b6-a70c-4bab50962fa6
Identity         : CH-EX\4000
DeliveryType     : MapiDelivery
NextHopDomain    : mailbox database 0435330091
NextHopConnector : 00000000-0000-0000-0000-000000000000
Status           : Ready
MessageCount     : 0
LastError        :
LastRetryTime    : 27/08/2010 09:41:42
NextRetryTime    :
IsValid          : True
ObjectState      : Unchanged

RunspaceId       : 88285b7a-2c25-48b6-a70c-4bab50962fa6
Identity         : CH-EX\Submission
DeliveryType     : Undefined
NextHopDomain    : Submission
NextHopConnector : 00000000-0000-0000-0000-000000000000
Status           : Ready
MessageCount     : 0
LastError        :
LastRetryTime    :
NextRetryTime    :
IsValid          : True
ObjectState      : Unchanged


SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
EDGE SERVER



Identity         : CH-FW\15
DeliveryType     : SmartHostConnectorDelivery
NextHopDomain    : ch-ex
NextHopConnector : f5b6fe59-f27a-4859-a7b0-e3642c95a247
Status           : Retry
MessageCount     : 83
LastError        : 451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authen
                   tication." Attempted failover to alternate host, but that did not succeed. Either there are no alter
                   nate hosts, or delivery failed to all alternate hosts.
LastRetryTime    : 27/08/2010 09:43:28
NextRetryTime    : 27/08/2010 09:53:28
IsValid          : True
ObjectState      : Unchanged

HUB SERVER

[PS] C:\Windows\system32>get-queue -SortOrder:-MessageCount -Results:1 | fl


RunspaceId       : 2999ee19-c3f6-4cd7-81c7-784918b8f4bc
Identity         : CH-EX\Submission
DeliveryType     : Undefined
NextHopDomain    : Submission
NextHopConnector : 00000000-0000-0000-0000-000000000000
Status           : Ready
MessageCount     : 0
LastError        :
LastRetryTime    :
NextRetryTime    :
IsValid          : True
ObjectState      : Unchanged

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
receive connector on the hub or edge?
Oh yes - that article has reminded me that it is actually possible to configure Edge now without a subscription.
that article says

"Don't perform this procedure on an Edge Transport server that has been subscribed to the Exchange organization by using EdgeSync. Instead, make the changes on the Hub Transport server. The changes are then replicated to the Edge Transport server next time EdgeSync synchronization occurs."

i have two recieve connectors on the edge, should i remove them?
also if its on the HUB, do i remove the client or the default and recreate?
In the case I saw personally it was the one on the hub that was failing.

You also need to bear in mind now that you've subscribed the Edge server you have to configure everything from the hub server and it will get synch'd out to the Edge server.

This was done primarily to protect against someone compromising, and taking control of, your Edge servers.
Default usually.
so i should delete all send/receive connectors on the EDGE then create them on the hub?

what about the client/default on the hub, shall i delete them and re create those?
Just to confirm - I know you tried to telnet on the LDAP ports but is your SMTP (25) also open?
yes 25 is open

i was reading something about tls when i was googling

the client / defautl recieve connectors on the HUB server can you tell me which one does what?
Actually in the case that I saw, there was nothing wrong with the Edge server connectors, it was a badly configured (out of the box, no less) receive connector on the Hub server.
is this new recieve connector on the hun internal or external and do i allow anonymous permissions on it, or do i create one for internal and one for external?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
here is some screens of the interal connector i just made

its all starting to come through now! pohewww!

i dont know if turning off TLS worked or not


[PS] C:\Windows\system32>get-queue -SortOrder:-MessageCount -Results:1 | fl


Identity         : CH-FW\Shadow\16
DeliveryType     : ShadowRedundancy
NextHopDomain    : ch-ex.domain.local
NextHopConnector : f5b6fe59-f27a-4859-a7b0-e3642c95a247
Status           : Ready
MessageCount     : 8
LastError        :
LastRetryTime    :
NextRetryTime    :
IsValid          : True
ObjectState      : Unchanged

Open in new window

Internal-recieve-Connector.jpg
Yeah TLS is a funky beast and needs a bit of planning to get it to work.

I'm really happy that your mail is flowing!

By the way - out of interest, given one of your postings earlier, are you UK based? Or are you up at ridiculous times? :)

UK here, that's all :)
me too, my ass would of been grass soon enough if i didnt get that up!

yeah UK based, in Hull

absoulte beginner at exchange as you can no doubt tell, but i got some train signal videos im going to start learning :)

also i looked at the IP blocked list on the edge server, how does that list get populated?
it just gets bigger all the time and performing a lookup on the ips alot of them should be allowed to send email to us
how does exchagne decide that they should be blocked?

Thanks
In your AntiSpam settings have you configured a blocklist provider?

I use these on my own personal server and I'd say it gets it right 99.8% of the time. Mostly if you've got it set to one and set to autoupdate, that list will only ever really tend to go one way - upwards.

You can manually add or remove addresses but I've never tried to do this on an automatically updated list so not sure if it'd just get repopulated - worth a try though?

There is some good info here: http://technet.microsoft.com/en-us/library/bb125199%28EXCHG.80%29.aspx and although it's referring to 2007, I think it is relevant to 2010 still.

By the way - if you think I helped, would you assign the points? :)
Thanks alot

you saved the day!
i dont have a blocklist provider configured no, what should i use, or who?
I use spamhaus + some others in mine but I have no remote access to my server from here so I can't tell you its exact URL - if you don't mind waiting til this evening, I am happy to reply once I get home and can check?

The ones I got are free to use and automatically update, too.

Thank you for the points by the way - although not new to IT, I'm new to EE
By the way - we're not a million miles away at all. I'm based in North Notts :)
ive added Spamhaus to the providers now

zen.spamhouse.org, yeah if you could send me a list of the other free sources that would be great and ill appy them on tuesday, bank holiday :)

I will get the full list off mine (not many by the way) and send them across.

Out of interest, did you inherit this implementation?

At some point, I would fire up the EMC and from Toolbox, run the best practices analyzer tool - it's non destructive/non invasive and can give you a world of information about your setup.

It's also got a baselining feature which you can run every so often and keep any eye out for major changes in trends.

Also there is a Microsoft Press book - Microsoft Exchange Server 2010 Best Practices by Siegfried Jagott and Joel Stidley. I own this book (and I used to be a messaging consultant for Microsoft once upon a time) and it's an incredibly useful resource with some superb background to Exchange.

Amazon have it for just shy of £35.

I am always happy to help in future too should you have any questions/problems (although hopefully none of the latter!).