Solved

exchange 2010 - edge transport server, emails are stuck in a local loop

Posted on 2010-08-26
45
8,269 Views
Last Modified: 2012-05-10
hi all, my edge transport server is getting all my emails but not sending them on to my main exchange server
i get an error saying stuck in local loop on the queue viewer

can anyone help me out i dont know what ive done :S

Cheers


dentity: CH-FW\Submission\573

Status: Retry

Size (KB): 4

Message Source Name: SMTP:External Receive Connector

Source IP: 212.50.160.34

SCL: 0

Date Received: 26/08/2010 16:46:50

Expiration Time: 28/08/2010 16:46:50

Last Error: A local loop was detected.

Queue ID: CH-FW\Submission

Open in new window

0
Comment
Question by:awilderbeast
  • 24
  • 21
45 Comments
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Can you tell us a bit more about your installation?

Just Exchange 2010 or any earlier versions?

Your users are receiving but cannot send?
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
exchange 2010 main server 1 > exchange 2010 transport role installed on firewall Server 2

users can send and receive internally send externally but not recieve externally
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
Anyone have any clues where to start looking?

Once email is recieved by the external recieve connector how is it then processed is it passed to internal send connector?
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Is this a new installation? Or was it working before?

Can you resolve / ping the hub server FQDN from the Edge server? Did the subscription of your Edge server work ok?
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
It might also be worthwhile testing your Edge Synchronisation:

http://technet.microsoft.com/en-us/library/aa996925.aspx
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
it was working before yes

i can ping both machines from eachother and i can ping the FQDN fine too

i do not have an edge subscription i dont think
dont know how to set that up, and i needed the edge subscription i dont know how it ever worked!

how do i set up edge?

also was my previous statment correct?
Once email is recieved by the external recieve connector how is it then processed is it passed to internal send connector?

Thanks
[PS] C:\Windows\system32>Test-EdgeSynchronization





RunspaceId                  : 88285b7a-2c25-48b6-a70c-4bab50962fa6

SyncStatus                  : NoSyncConfigured

UtcNow                      : 26/08/2010 16:12:45

Name                        :

LeaseHolder                 :

LeaseType                   : None

FailureDetail               : There are no Edge subscriptions for current site "Carmelite".

LeaseExpiryUtc              : 01/01/0001 00:00:00

LastSynchronizedUtc         : 01/01/0001 00:00:00

TransportServerStatus       : Skipped

TransportConfigStatus       : Skipped

AcceptedDomainStatus        : Skipped

RemoteDomainStatus          : Skipped

SendConnectorStatus         : Skipped

MessageClassificationStatus : Skipped

RecipientStatus             : Skipped

CredentialRecords           : Number of credentials 0

CookieRecords               : Number of cookies 0

Open in new window

0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
ok i found how to do it and tried to start the subscrptiion
[PS] C:\Windows\system32>Start-EdgeSynchronization





RunspaceId     : 88285b7a-2c25-48b6-a70c-4bab50962fa6

Result         : CouldNotConnect

Type           : Recipients

Name           : CH-FW

FailureDetails : The LDAP server is unavailable.

StartUTC       : 27/08/2010 08:09:47

EndUTC         : 27/08/2010 08:10:08

Added          : 0

Deleted        : 0

Updated        : 0

Scanned        : 0

TargetScanned  : 0



RunspaceId     : 88285b7a-2c25-48b6-a70c-4bab50962fa6

Result         : CouldNotConnect

Type           : Configuration

Name           : CH-FW

FailureDetails : The LDAP server is unavailable.

StartUTC       : 27/08/2010 08:09:47

EndUTC         : 27/08/2010 08:10:08

Added          : 0

Deleted        : 0

Updated        : 0

Scanned        : 0

TargetScanned  : 0

Open in new window

0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Ok step by step instructions on how to set up Edge:

http://araihan.wordpress.com/2009/11/16/exchange-server-2010-edge-transport-role/
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Have you set up LDS?

There is an error regarding LDAP failure.
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Out of interest, have you always had an Edge Transport or did you add one at a later date?
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
And on another note, you haven't changed / updated certificates lately have you?
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
ive always had one from the off, it didnt work til i installed edge, but it looks like i never set it up correctly in the first place, i really have no idea how it even works

im just abotu to start learning exchange (i got my MCITP EA) now im moving to exchange and im making a mess it seems!

The TMG server (where edge is located) is blocking LDAP(EdgeSync) traffic

im tryign to telnet to CH-FW 50389 and it fails, looking at logging its getting denied, i created an access rule to allow LDAP(EdgeSync) traffic to internal/local host and from internal/localhost but the default deny is still getting it

do i need to publish?

Thanks
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
ok i can telnet to 50389 now

it just comes up with a blank screen though, that right?

it still says teh ldap server is unavailable though, any ideas?
0
 
LVL 25

Accepted Solution

by:
Tony1044 earned 500 total points
Comment Utility
I'm genuinely not sure how your Edge has ever worked before but at least now I think we're making good progress.

Ports you require open are as follows:

External  25/TCP (SMTP)
 
Internal 25/TCP (SMTP)
 
Internal 50389/TCP (LDAP)
 
Internal 50636/TCP (LDAP)
 
Internal 3389/TCP (RDP)
 
3389 isn't really necessary but I personally like it open to be able to RDP into a server for remote support.

Internal, in this case relates to the firewall between your Edge servers and LAN (Assuming your Edge is in a DMZ).

Might I suggest that you look at that link I sent and just confirm that you've gone through the steps for everything?
0
 
LVL 25

Assisted Solution

by:Tony1044
Tony1044 earned 500 total points
Comment Utility
Yes most of the ports you telnet onto will result in a black screen and flashing cursor - that's quite usual and means you made a connection.

Some of course, like SMTP, will respond and you can interact with them.
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
all those ports are now open, i cant telnet to them all (execpt rdp obviously) i alreayd had that open though

i have also checked that website link, i have done everything that that has said

wait i just tried it again...

says we have a go

this is the queue on the edge server now

[PS] C:\Windows\system32>get-queue

Identity                                    DeliveryType Status MessageCount NextHopDomain
--------                                    ------------ ------ ------------ -------------
CH-FW\15                                    SmartHost... Retry  74           ch-ex
CH-FW\Submission                            Undefined    Ready  0            Submission

should the queue be getting bigger on the hub now?


[PS] C:\Windows\system32>Start-EdgeSynchronization





RunspaceId     : 88285b7a-2c25-48b6-a70c-4bab50962fa6

Result         : Success

Type           : Recipients

Name           : CH-FW

FailureDetails :

StartUTC       : 27/08/2010 08:31:41

EndUTC         : 27/08/2010 08:31:41

Added          : 0

Deleted        : 0

Updated        : 0

Scanned        : 0

TargetScanned  : 0



RunspaceId     : 88285b7a-2c25-48b6-a70c-4bab50962fa6

Result         : Success

Type           : Configuration

Name           : CH-FW

FailureDetails :

StartUTC       : 27/08/2010 08:31:41

EndUTC         : 27/08/2010 08:31:41

Added          : 0

Deleted        : 0

Updated        : 0

Scanned        : 0

TargetScanned  : 0

Open in new window

0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Fabulous news.

Hopefully now your mail will begin to be delivered.

Might be worth running through the Best Practices Analyzer to give your environment the once over.
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
so that should be it?

its still stuck :S
in a different queue but stuck by the looks of it

EDGE SERVER

[PS] C:\Windows\system32>get-queue

Identity                                    DeliveryType Status MessageCount NextHopDomain
--------                                    ------------ ------ ------------ -------------
CH-FW\15                                    SmartHost... Retry  79           ch-ex
CH-FW\Submission                            Undefined    Ready  0            Submission

HUB SERVER

[PS] C:\Windows\system32>get-queue

Identity                                    DeliveryType Status MessageCount NextHopDomain
--------                                    ------------ ------ ------------ -------------
CH-EX\3997                                  MapiDelivery Ready  0            mailbox database 0435330091
CH-EX\Submission                            Undefined    Ready  0            Submission
0
 
LVL 25

Assisted Solution

by:Tony1044
Tony1044 earned 500 total points
Comment Utility
Can you re-run those commands with |fl after them please and post here?

So, get-queue |fl  on each server - it'll just give us more details in there
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
EDGE SERVER


[PS] C:\Windows\system32>get-queue |fl


Identity         : CH-FW\15
DeliveryType     : SmartHostConnectorDelivery
NextHopDomain    : ch-ex
NextHopConnector : f5b6fe59-f27a-4859-a7b0-e3642c95a247
Status           : Retry
MessageCount     : 83
LastError        : 451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authen
                   tication." Attempted failover to alternate host, but that did not succeed. Either there are no alter
                   nate hosts, or delivery failed to all alternate hosts.
LastRetryTime    : 27/08/2010 09:33:28
NextRetryTime    : 27/08/2010 09:43:28
IsValid          : True
ObjectState      : Unchanged

Identity         : CH-FW\Submission
DeliveryType     : Undefined
NextHopDomain    : Submission
NextHopConnector : 00000000-0000-0000-0000-000000000000
Status           : Ready
MessageCount     : 0
LastError        :
LastRetryTime    :
NextRetryTime    :
IsValid          : True
ObjectState      : Unchanged

HUB SERVER
[PS] C:\Windows\system32>get-queue |fl


RunspaceId       : 88285b7a-2c25-48b6-a70c-4bab50962fa6
Identity         : CH-EX\3999
DeliveryType     : SmartHostConnectorDelivery
NextHopDomain    : smtp.karoo.co.uk
NextHopConnector : 3aa13a99-a4fe-4d02-b252-6c736f3adaaa
Status           : Ready
MessageCount     : 0
LastError        :
LastRetryTime    : 27/08/2010 09:41:39
NextRetryTime    :
IsValid          : True
ObjectState      : Unchanged

RunspaceId       : 88285b7a-2c25-48b6-a70c-4bab50962fa6
Identity         : CH-EX\4000
DeliveryType     : MapiDelivery
NextHopDomain    : mailbox database 0435330091
NextHopConnector : 00000000-0000-0000-0000-000000000000
Status           : Ready
MessageCount     : 0
LastError        :
LastRetryTime    : 27/08/2010 09:41:42
NextRetryTime    :
IsValid          : True
ObjectState      : Unchanged

RunspaceId       : 88285b7a-2c25-48b6-a70c-4bab50962fa6
Identity         : CH-EX\Submission
DeliveryType     : Undefined
NextHopDomain    : Submission
NextHopConnector : 00000000-0000-0000-0000-000000000000
Status           : Ready
MessageCount     : 0
LastError        :
LastRetryTime    :
NextRetryTime    :
IsValid          : True
ObjectState      : Unchanged


0
 
LVL 25

Assisted Solution

by:Tony1044
Tony1044 earned 500 total points
Comment Utility
Also can you try the following on each server please:

get-queue –SortOrder:-MessageCount –Results:1 | fl
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
EDGE SERVER



Identity         : CH-FW\15
DeliveryType     : SmartHostConnectorDelivery
NextHopDomain    : ch-ex
NextHopConnector : f5b6fe59-f27a-4859-a7b0-e3642c95a247
Status           : Retry
MessageCount     : 83
LastError        : 451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authen
                   tication." Attempted failover to alternate host, but that did not succeed. Either there are no alter
                   nate hosts, or delivery failed to all alternate hosts.
LastRetryTime    : 27/08/2010 09:43:28
NextRetryTime    : 27/08/2010 09:53:28
IsValid          : True
ObjectState      : Unchanged

HUB SERVER

[PS] C:\Windows\system32>get-queue -SortOrder:-MessageCount -Results:1 | fl


RunspaceId       : 2999ee19-c3f6-4cd7-81c7-784918b8f4bc
Identity         : CH-EX\Submission
DeliveryType     : Undefined
NextHopDomain    : Submission
NextHopConnector : 00000000-0000-0000-0000-000000000000
Status           : Ready
MessageCount     : 0
LastError        :
LastRetryTime    :
NextRetryTime    :
IsValid          : True
ObjectState      : Unchanged

0
Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 
LVL 25

Assisted Solution

by:Tony1044
Tony1044 earned 500 total points
Comment Utility
"451 5.7.3 Cannot achieve Exchange Server authentication"

The only time I've seen this before, personally, is with a misconfigured receive connector.

It might be worthwhile recreating your receive connector. Details are given here:

http://technet.microsoft.com/en-us/library/bb125159.aspx
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
receive connector on the hub or edge?
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Oh yes - that article has reminded me that it is actually possible to configure Edge now without a subscription.
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
that article says

"Don't perform this procedure on an Edge Transport server that has been subscribed to the Exchange organization by using EdgeSync. Instead, make the changes on the Hub Transport server. The changes are then replicated to the Edge Transport server next time EdgeSync synchronization occurs."

i have two recieve connectors on the edge, should i remove them?
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
also if its on the HUB, do i remove the client or the default and recreate?
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
In the case I saw personally it was the one on the hub that was failing.

You also need to bear in mind now that you've subscribed the Edge server you have to configure everything from the hub server and it will get synch'd out to the Edge server.

This was done primarily to protect against someone compromising, and taking control of, your Edge servers.
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Default usually.
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
so i should delete all send/receive connectors on the EDGE then create them on the hub?

what about the client/default on the hub, shall i delete them and re create those?
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Just to confirm - I know you tried to telnet on the LDAP ports but is your SMTP (25) also open?
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
yes 25 is open

i was reading something about tls when i was googling

the client / defautl recieve connectors on the HUB server can you tell me which one does what?
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Actually in the case that I saw, there was nothing wrong with the Edge server connectors, it was a badly configured (out of the box, no less) receive connector on the Hub server.
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
is this new recieve connector on the hun internal or external and do i allow anonymous permissions on it, or do i create one for internal and one for external?
0
 
LVL 25

Assisted Solution

by:Tony1044
Tony1044 earned 500 total points
Comment Utility
Also I'd turn off TLS for the connector too to make sure that's not causing any issues.
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
here is some screens of the interal connector i just made

its all starting to come through now! pohewww!

i dont know if turning off TLS worked or not


[PS] C:\Windows\system32>get-queue -SortOrder:-MessageCount -Results:1 | fl





Identity         : CH-FW\Shadow\16

DeliveryType     : ShadowRedundancy

NextHopDomain    : ch-ex.domain.local

NextHopConnector : f5b6fe59-f27a-4859-a7b0-e3642c95a247

Status           : Ready

MessageCount     : 8

LastError        :

LastRetryTime    :

NextRetryTime    :

IsValid          : True

ObjectState      : Unchanged

Open in new window

Internal-recieve-Connector.jpg
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Yeah TLS is a funky beast and needs a bit of planning to get it to work.

I'm really happy that your mail is flowing!

By the way - out of interest, given one of your postings earlier, are you UK based? Or are you up at ridiculous times? :)

UK here, that's all :)
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
me too, my ass would of been grass soon enough if i didnt get that up!

yeah UK based, in Hull

absoulte beginner at exchange as you can no doubt tell, but i got some train signal videos im going to start learning :)

also i looked at the IP blocked list on the edge server, how does that list get populated?
it just gets bigger all the time and performing a lookup on the ips alot of them should be allowed to send email to us
how does exchagne decide that they should be blocked?

Thanks
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
In your AntiSpam settings have you configured a blocklist provider?

I use these on my own personal server and I'd say it gets it right 99.8% of the time. Mostly if you've got it set to one and set to autoupdate, that list will only ever really tend to go one way - upwards.

You can manually add or remove addresses but I've never tried to do this on an automatically updated list so not sure if it'd just get repopulated - worth a try though?

There is some good info here: http://technet.microsoft.com/en-us/library/bb125199%28EXCHG.80%29.aspx and although it's referring to 2007, I think it is relevant to 2010 still.

By the way - if you think I helped, would you assign the points? :)
0
 
LVL 1

Author Closing Comment

by:awilderbeast
Comment Utility
Thanks alot

you saved the day!
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
i dont have a blocklist provider configured no, what should i use, or who?
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
I use spamhaus + some others in mine but I have no remote access to my server from here so I can't tell you its exact URL - if you don't mind waiting til this evening, I am happy to reply once I get home and can check?

The ones I got are free to use and automatically update, too.

Thank you for the points by the way - although not new to IT, I'm new to EE
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
By the way - we're not a million miles away at all. I'm based in North Notts :)
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
ive added Spamhaus to the providers now

zen.spamhouse.org, yeah if you could send me a list of the other free sources that would be great and ill appy them on tuesday, bank holiday :)

0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
I will get the full list off mine (not many by the way) and send them across.

Out of interest, did you inherit this implementation?

At some point, I would fire up the EMC and from Toolbox, run the best practices analyzer tool - it's non destructive/non invasive and can give you a world of information about your setup.

It's also got a baselining feature which you can run every so often and keep any eye out for major changes in trends.

Also there is a Microsoft Press book - Microsoft Exchange Server 2010 Best Practices by Siegfried Jagott and Joel Stidley. I own this book (and I used to be a messaging consultant for Microsoft once upon a time) and it's an incredibly useful resource with some superb background to Exchange.

Amazon have it for just shy of £35.

I am always happy to help in future too should you have any questions/problems (although hopefully none of the latter!).
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now