Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to troubleshoot exchange server connectivity issue?

Posted on 2010-11-07
8
Medium Priority
?
860 Views
Last Modified: 2012-05-10
user has exchange server 2003 in domain environment. Setup a user and email. The user can send out email but cannot receive any email. the NDR is
A message that you have sent could not be delivered to one or more recipients.  This is a permanent error.  The following address failed:
 <test@abc.com>: 550 "

I read this article http://support.microsoft.com/kb/153119. My questions:
1. How does each command can help me find out the problems?
2. and to telnet, I need to find out the exchange server fqdn or ip address, but it seems I cannot just telnet abc.com as sometime the exchange server not in the same location as exchange server. How can i find out the location of exchange server?
 
0
Comment
Question by:okamon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 6

Assisted Solution

by:evanmcnally
evanmcnally earned 1600 total points
ID: 34081340
To find the actual server address, you want to use nslookup and set type=mx.  Here's an example:
windu:~ evan$ nslookup
> set type=mx
> microsoft.com
Server:            192.168.2.3
Address:      192.168.2.3#53

Non-authoritative answer:
microsoft.com      mail exchanger = 10 mail.messaging.microsoft.com.

Authoritative answers can be found from:
mail.messaging.microsoft.com      internet address = 213.199.180.150


So the email server for the domain is mail.messaging.microsoft.com

So next to telnet:
telnet mail.abc.com 25

you should get a welcome banner from the server.

type:  
ehlo domainyouwanttosimulatesendingfrom.com
mail from:  youraddress@whatever.com
rcpt to: test@abc.com
data
<enter some text>
hit enter twice, then .  then enter again
you should see a message about your mail queued for delivery, or else an error.

As you go through steps, failures at a certain step indicate various problems.

Maybe give it a try and post your results?

ALSO, very important--most home internet accounts have port 25 blocked by the ISP.  So if you cannot telnet to abc.com, you should try a couple other domains and very your are not being blocked at the protocol level.  If possible, you could test the telnet from a remote email server, since it directly simulates communication between the two servers.
 
0
 

Author Comment

by:okamon
ID: 34081432
thank you very much! But some of my clients they also use mxlogic, it's kind of email filter service. So email has to be delivered to mxlogic first and then passed to their exchange server. So in this case, I will never be able to find out the real exchanger server fqdn/ip. i always get the fqdn of mxlogic, something like abc.com.inbound15.mxlogic.net. is there a way to find out?


So for the telnet, do you think some firewall able to just block telent but still leave port 25 open?
0
 
LVL 6

Assisted Solution

by:evanmcnally
evanmcnally earned 1600 total points
ID: 34081475
From the server console, or possibly from the LAN it is on, you could go to http://whatismyip.com and it will give you the public IP address of your router.

You could check the mxlogic account, since it must know the address of the email server to forward the emails.

Are you sure the NDR is not being generated by mxlogic rather than the server itself?  Some email filtering services require a user to be configured on their side before they will forward to the real server.

An ISP would be blocking port 25 not standard telnet (which is port 23).  This is to stop viruses on home PCs from sending spam via smtp/email.  Around my part of the world, business accounts do not normally have port 25 blocked because the ISP assumes you will block it yourself on your own router.  For example, the only host on my LAN that can send outbound on port 25 is the LAN IP address of the email server.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 16

Expert Comment

by:Postmaster
ID: 34081481
This is a handy page.
http://network-tools.com/

Select the email verification option and enter a valid SMTP address.
This will show MX record lookups and SMTP conversation - easier than typing all those SMTP commands.
0
 

Author Comment

by:okamon
ID: 34081696
>Are you sure the NDR is not being generated by mxlogic rather than the server itself?  Some email filtering services require a user to be configured on their side before they will forward to the real server.

It did sent out NDR report. but in order to use the smtp command, I still need to find out the real exchange server fqdn/ip right?

>An ISP would be blocking port 25 not standard telnet (which is port 23).  This is to stop viruses on home PCs from sending spam via smtp/email.

if they block port 25, how can home user to send out email? if it's a pop account, user use pop3 to download email and use smtp to send out email... not correct?

>business accounts do not normally have port 25 blocked because the ISP assumes you will block it yourself on your own router.

will any company block smtp port if they have mail server? mail server always need incoming and outgoing port 25 open right?

0
 
LVL 6

Accepted Solution

by:
evanmcnally earned 1600 total points
ID: 34081964
>It did sent out NDR report. but in order to use the smtp command, I still need to find out the real exchange server fqdn/ip right?

The NDR will identify which server sent it.  That server is where your problem is.  So if the NDR says it is from an mxlogic server, then you should look there first.  If it says your abc.com server, then you can generally forget about mxlogic.

>if they block port 25, how can home user to send out email? if it's a pop account, user use pop3 to download email and use smtp to send out email... not correct?

You are correct--you have to be able to have outbound smtp on port 25 to send out email.  The ISPs block 25 to anything except their own mail servers.  So you can telnet port 25 to your own ISP's server, but not outside servers.  Not all ISPs block port 25, but it is very common.

>will any company block smtp port if they have mail server? mail server always need incoming and outgoing port 25 open right?

Correct, an email server needs port 25 in both directions to/from all other hosts (assuming a single server situation where one server both sends and receives, which is the norm in smaller companies).

Most spam email apparently comes from viruses/bot nets and such, so almost everyone will block port 25 as much as possible.  The idea is to only allow authorized email hosts to do their job, which mainly means limiting hosts that are not actual email servers (meaning corporate PCs, ISP home customers, etc).  Client machines generally only need permission to send to a single host which is their own email server.  So a typical ACL on an internet facing router says "allow SMTP to/from the email server, block all others"
0
 

Author Comment

by:okamon
ID: 34086897
I see... I think it sounds more like a restriction on port 25 rule not blocking the port.
So basically I think you mean is port 25 at client's network not blocked, it's just it can only connect to their ISP mail server not anything else. Is that correct? so in this case, they will not be able to run telnet test to other smtp server from their network??

And in previous reply, you told me that I can find out ip or fqdn from the server itself. I did that, but when I run the telnet in other location, I receive could not open connection to the host, on port 25: connection failed.
I got NDR from mxlogic - 550 5.1.1 User unknown So obviously I need to check mxlogic first. But I also want to try to telnet to the real exchange server, so what is wrong with the connection as I already found out the real exchnage ip??
0
 

Author Comment

by:okamon
ID: 34099142
hi evanmcnally, any idea?
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question