Solved

SBS 2008 Exchange not receiving inbound mail

Posted on 2010-09-05
12
1,152 Views
Last Modified: 2012-05-10
I have an SBS 2008 client installation where the Exchange Server has stopped receiving inbound mail. When I send email to the server from my office, I first get a message that the email was delayed. Then after several hours, I get a non-delivery report stating "#550 4.4.7 QUEUE.Expired; message expired ##"

I can telnet to the server and send a message.When I send it, it says "added to queue".

I can send mail outbound just fine. The issue is only with inbound mail.

I ran the mail flow troubleshooter and it failed with a message "Mail submission failed: Error message: Server does not support secure connections.."

This led me to believe that the problem was the certificate. I believe that the server was installed with a self-signed certificate but it is less than a year old so I do not think that is is because the certificate has expired.

Any ideas?

Thanks,

Dave
0
Comment
Question by:dcadler
12 Comments
 
LVL 34

Assisted Solution

by:Shreedhar Ette
Shreedhar Ette earned 100 total points
ID: 33608892
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33608929
Hi dave$on yiur sbs go here
Start run eventvwr
Windows logs/application

Check if there are any msexchangetransport errors with 15000 series event I'd
Please post back

Thanks
0
 

Author Comment

by:dcadler
ID: 33612954
Shreedhar: They have a self-signed cert that was created less than a year ago. They were receiving mail until last week, I realize that it is better to use a public CA but the client decided to do self-signed. Still, it should work at least until the 1 year expiration date, yes?

Sunnyc7: They were getting Event ID 15006, Source: ExchangeTransport errors until yesterday.They only had 1.5GB of space left on C:\. The event error insidated that it was stopping inbound email services due to the disk space issue.

I used the SBS Console to move Exchange to their D:\ drive that had 500GB free space and that stopped the event errors.

However, I received Mail Flow Analyzer err rmeeage that the "Mail submission failed: Error message: Server does not support secure connections.." after I moved Exchange.


0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 250 total points
ID: 33612983
You have back pressure. That's stopping your inbound message flow.
Will post back
0
 
LVL 19

Assisted Solution

by:R--R
R--R earned 150 total points
ID: 33613117
Read regarding back pressure.
http://technet.microsoft.com/en-us/library/bb201658(EXCHG.80).aspx
Change he location of the queue database to the other drive where you have enough space by following the article.
  http://www.petri.co.il/back-pressure-moving-queue-database-in-exchange-2007.htm
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33613870
However, I received Mail Flow Analyzer err rmeeage that the "Mail submission failed: Error message: Server does not support secure connections.." after I moved Exchange.

>> What sort of certificates have you applied in exchange. You can apply a self-signed cert.

run this
get-exchangecertificate | fl
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:dcadler
ID: 33614474
I ran get-exchangecertificate | fl. Here is the output 9(with thumbprints, serial numbers and actual domains changed)


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.mydomain.com, mydomain.com, server.mydomain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=mydomain-SERVER-CA
NotAfter           : 1/5/2012 10:35:33 PM
NotBefore          : 1/5/2010 10:35:33 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 111111111111111111111
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=remote.mydomain.com
Thumbprint         : xxxxxxxxxxxxxxxxxxxxxxxxxx


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.mydomain.com, mydomain.com, server.mydomain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=mydomain-SERVER-CA
NotAfter           : 1/5/2012 10:31:32 PM
NotBefore          : 1/5/2010 10:31:32 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 111111111111111111111
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=remote.mydomain.com
Thumbprint         : xxxxxxxxxxxxxxxxxxxxxxxxxx

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {server.mydomain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=mydomain-SERVER-CA
NotAfter           : 12/30/2010 11:43:07 AM
NotBefore          : 12/30/2009 11:43:07 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 111111111111111111111
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=SERVER.mydomain.local
Thumbprint         : xxxxxxxxxxxxxxxxxxxxxxxxxx

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, server.mydomain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=mydomain-SERVER-CA
NotAfter           : 12/30/2011 11:36:49 AM
NotBefore          : 12/30/2009 11:36:49 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 111111111111111111111
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=Sites
Thumbprint         : xxxxxxxxxxxxxxxxxxxxxxxxxx

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mydomain-SERVER-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mydomain-SERVER-CA
NotAfter           : 12/30/2014 11:45:06 AM
NotBefore          : 12/30/2009 11:35:06 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 111111111111111111111
Services           : None
Status             : Valid
Subject            : CN=mydomain-SERVER-CA
Thumbprint         : xxxxxxxxxxxxxxxxxxxxxxxxxx

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-DZZZZZZZZZZ
}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-WIN-DZZZZZZZZZZ
NotAfter           : 12/28/2019 11:21:01 AM
NotBefore          : 12/30/2009 11:21:01 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 111111111111111111111
Services           : None
Status             : Valid
Subject            : CN=WMSvc-WIN-DZZZZZZZZZZ
Thumbprint         : xxxxxxxxxxxxxxxxxxxxxxxxxx



0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33614731
These are all self-signed Cert's.
Did you install any UCC/SAN Certificate with local exchange server FQDN and exchange server name ?
0
 

Author Comment

by:dcadler
ID: 33618830
The cert was installed using the SBS initial checklist by the client. They used the self-signed certificate method with the host portion of the FQDN set to "remote". They did not purchase a 3rd party cert.

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33618874
is your mail server fqdn - remote.domain.com / or mail.domain.com ?

Create a dns entry for remote.domain.com > point it to local IP of exchange / SBS

Test again.

get-outlookprovider | fl

did you troubleshoot / fix the back pressure issue @ as stated above http:#33613117
you have edit the config file
0
 

Author Closing Comment

by:dcadler
ID: 33618887
The problem was the back-pressure issue. It just took some time after moving Exchange to resolve itself. Also, for some reason, the user had removed their MX record from the DNS. That has now been restored. I have not changes anything with the certificates and I ma not sure why the Mail Flow Troubleshooter reported the error it did exceplt perhaps for the fact that the user used self-signed certs. I will recoommend that the user purchase a 3rd party certificate that has SAN for the internal as well as the public host name and see if that resolves the error.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33618918
Also, for some reason, the user had removed their MX record from the DNS
>> how ?? Why ??
Very hard to figure out these things :(

Please add following to the UCC/SAN name.

mail.domain.com (external fqdn)
autodiscover.domain.com (external autodiscover)
mail.domain.local (internal fqdn)
mailservername (internal mail servername)

Digicert and GoDaddy has guides on how to install cert.s

you can also use the u-btech tool to install the cert.
www.u-btech.com/products/certificate-manager-for-exchange-2007.html

All the best :)
Thanks for the points.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now