Solved

Exchange 2007 - External Mail record changed, need to put it back

Posted on 2010-11-18
34
645 Views
Last Modified: 2012-05-10
Experts,

Ran into a problem here.  I have an SBS2008 Server.  Installing new Outlook 2010 clients and was getting some certificate errors.  Went to MS and found a KB Article on how to fix it (940726).  anyway it was asking to make some changes in the Exchange Management Shell which i did.  

Now the problem has occurred where we cannot receive external email anymore.  It's bouncing back to the sender.  What I have notice is this organization has 2 MX records (mail. and mail1.)  They use the mail1.domain.org (not sure why there is 2 but the mail.domain.org doesn't even point to the correct external IP).  But now all the incoming emails are not going to mail.domain.org rather then mail1.domain.org?  I did not make any changes to the external MX Record with the DNS host so it has to be something I think that I made a change on with the SBS2008/Exchange 2007 server.  How can I change it back or what commands in the Management shell do I need to change my external mail record from back to mail1 rather than mail?

Thanks
0
Comment
Question by:mkavinsky
  • 17
  • 17
34 Comments
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34166377
See MX record is not required for Outgoing E-mails
MX record is required only for Incoming E-mails
There are 2 MX record for Redundancy

Please check the following links and make sure you are not missing any thing

Ref : http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26619877.html

If you don't have an Edge server then you do not have a connector with anonymous authentication enabled. You need to adjust the properties of the Default Receive Connector to allow anonymous access. You do not need to create a new Receive Connector.

Ref :
http://msexchangeteam.com/archive/2006/11/17/431555.aspx
http://www.petri.co.il/forums/showthread.php?t=24460

Have you configured a Send Connector?
Under Organisation Configuration > Hub Transport > Send Connector
you need to setup a connector with an address space of * to use either DNS or smarthost.

If you use DNS then you need to configure a rDNS(PTR) record for say mail.yourdomain.com an A record in your external DNS for mail.yourdomain.com that points to the external IP of your network (Find out what your external IP is by going to http://whatsmyip.org )

Then on the FQDN section of your send connector enter mail.yourdomain.com

ypu will also need to setup an SPF record see: http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Hope this helps.
0
 

Author Comment

by:mkavinsky
ID: 34166505
Sorry if I didn't explain it clear.  Sending is just fine.  It's the problem recieving.  I know the MX record is for recieving and that's the problem I am having all the sudden.  

I did not make any changes to the Send Connectors.  Again, sending is fine.  
I verified and my A record (MX Record) is still pointing correclty (mail1.domain.org) to my public IP address  - that hasn't changed.

Something changed on my Exchange 2007 server (that I must have done) and I need to get the Exchange server to look and accept the mail1.domain.org as the default and not the mail.domain.org that it accidently switched too.

Thanks
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34166637
Have you checked the above all the links ,also Accepted Domain ?
http://msexchangeteam.com/archive/2006/11/17/431555.aspx

0
 

Author Comment

by:mkavinsky
ID: 34167126
I'm looking at my Recieve Connector and it does have anonymous access checked as you mentioned.  I went through your articles and am not seeing what I am looking for.  The last article was talking about send connectors, adding domains, spam filters - that doesn't help me.  It must be something wtih the recieve connector but I am not seeing anything different with it.  Where in Exchange 2007 does it know what MX record it's looking for (if this is possible)?  I need to get this email flowing nothing is coming in.  

All I know is that from the outside world sending an email to this organization it's bouncing back and in the bounceback it is showing the wrong public IP and MX record.  Nothing was changed with our A records and I verified that they are pointing correctly.  Something on a recieve connector then (I think) is looking for the wrong IP/MX record?

Again, I went through the articles and I will go through again but I don't see anything there that is pointing me to where I need to go .

Sorry
0
 

Author Comment

by:mkavinsky
ID: 34167150
again,  this was working just fine a few hours ago until I go tin the Management shell and starting doing what MS suggested because of my certificate issues with Outlook 2010.  Now this has caused a whole other mess.  

There is nothing wrong with my DNS hosts and records.  They have been implemented and fine for years.  This Exchange server has been running fine since I upgraded it months ago.

If that helps at all
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34167293
1) Go to http://www.mxtoolbox.com/ to check the MX record Details
2) Please go to https://www.testexchangeconnectivity.com/ and run Inbound SMTP E-Mail

Letus know the Results .

0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34167319
After testing the MXtoolbox Results we will get some more information about your MX record
Also run the  Inbound SMTP E-Mail from testexchnage connectivity so that we can find the root cause of issues.
0
 

Author Comment

by:mkavinsky
ID: 34167706
OK, ran the testexchange SMTP inbound - "ExRCA failed to test inbound mail flow"

on the MXToolbox test it shows to 2 MX records (mail and mail1).  Mail.domain.org is not the one that I need anyway and will eventually just remove it.   The mail1 though is showing IP address: 0.0.0.0??

Sounds like the problem??

Not sure how though?? I went to at&t (that's where the DNS recors are hosted) a few hours back and the mail1.domain.org public IP was there and correct?  It was never changed.  

So what to do now?

Thanks
0
 

Author Comment

by:mkavinsky
ID: 34167738
further information.  

Mail1.domain.org and mail.domain.org are now both pointing to the same Public IP address (according to at&t/sbc). Mail1 has a priority of 10 and mail has a priority of 20

Does that help at all?  Should I just simply delete mail.domain.org??  I would think the lower priority would do something too?
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34167771
Since MX record is listed as 0.0.0.0 ,Please get this checked by your MX vendor ( where the DNS recors are hosted)

One more way to find Mx Record is

C:\>nslookup
>set q=mx
>yahoo.com
Non-authoritative answer:
yahoo.com       MX preference = 1, mail exchanger = c.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = d.mx.mail.yahoo.com
c.mx.mail.yahoo.com     internet address = 206.190.54.127

Check the MX record and letus know the results.
0
 

Author Comment

by:mkavinsky
ID: 34169038
OK.  I've run the MXTools test again and now the IP address shows up (I didn't change or modify anything).

So now from the outside seems to look OK.

Still not recieving email and I still think something may be up with my original issue.

Thanks
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34169187
Can you once again run the testexchnageconnectivity In Bound test and post the results ?
0
 

Author Comment

by:mkavinsky
ID: 34169221
same result at last time - "ExRCA Failed to test inbound SMTP mail flow".

I've sent several test emails into that server and nothing.  Also trying message tracking on the Exchang 2007 server and there are no records and any incoming emails.
0
 

Author Comment

by:mkavinsky
ID: 34169237
to resolve any further confusion with multiple MX records I have gone and eliminated the mail.domain.org MX record with the DNS host site.  so now we just have the mail1.domain.org record to deal with and the one we've been using for years.   I guess if I really had to I can put it to mail.domain.org and remove the mail1  (can maybe try that later) but really was hoping this was an easy fix here.
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34169292
Can you please send me the full details of Exchange Connectivity Results ?
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34169318
1) Are the emails stuck in the queue?
2) Can you send and receive email internally?
3) Did you do a telnet to port 25 on your public IP ?
How you can test if port 25 is open
http://www.amset.info/exchange/telnet-test.asp
4) Please check if port 25 is open
Go here
http://www.canyouseeme.org/
enter your port #
If port 25 is blocked > check your firewall.
0
 

Author Comment

by:mkavinsky
ID: 34169337
here you go:

Testing inbound SMTP mail flow for domain user@xxxxxx.org.
  ExRCA failed to test inbound SMTP mail flow.
   Test Steps
   Attempting to retrieve DNS MX records for domain xxxxxxx.org.
  One or more MX records were successfully retrieved from DNS.
   Additional Details
  MX Records Host mail1.xxxxxxxxx.org, Preference 10
, Host mx5.biz.mail.yahoo.com, Preference 30
 
 
 Testing Mail Exchanger mail1.xxxxxxxx.org.
  One or more SMTP tests failed for this Mail Exchanger.
   Test Steps
   Attempting to resolve the host name mail1.xxxxxxxxxx.org in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: xx.xxx.xx.102 (the IP is correct)
 
 Testing TCP port 25 on host mail1.xxxxxx.org to ensure it's listening and open.
  The port was opened successfully.
   Additional Details
  Banner received: 421 4.3.2 Service not available, closing transmission channel
 
 Attempting to send a test e-mail message to user@xxxxxxx.org using MX mail1.xxxxxx.org.
  Delivery of the test message failed.
   Additional Details
  The server returned status code 421 - Service not available, closing transmission channel. The server response was: 4.3.2 Service not available, closing transmission channel
Exception details:
Message: Service not available, closing transmission channel. The server response was: 4.3.2 Service not available, closing transmission channel
Type: System.Net.Mail.SmtpException
Stack trace:
at System.Net.Mail.SmtpConnection.GetConnection(String host, Int32 port)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
 
 
 
 
 
 
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:mkavinsky
ID: 34169368
users can email internally just fine and have been all day.

There are no messsages in the queue
Telnet shows: 421 4.3.2 Service not available, closing transmission channel
connection to host lost

Nothing on my firewall has changed either.  It really seems to be something with the Exchange server.
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34169394
from your HUB server, go to http://www.whatismyip.com/ and check that your real ip is exactly like your IP in MX record ?
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34169396
On your receive connector, what are your permissions set to?
0
 

Author Comment

by:mkavinsky
ID: 34169402
already did that but did it again and it's correct
0
 

Author Comment

by:mkavinsky
ID: 34169406
all are checked except for "partners".  Thinking I should uncheck the "anonymous"
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34169419
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34169427
Please DO NOT uncheck the "anonymous"
0
 

Author Comment

by:mkavinsky
ID: 34169467
Ok, on my receive connector there is the box to specify the FQDN - I have the local server name in there.  I have 3 other clients with the same settings.  If I try to change that to the external: mail1.domain.org I get an error: "When the AuthMechanism parameter on a Receive connector is set to the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server "sbs2008.domain.local", the netbios name of the transport server "sbs2008" or $null."

The other settings that you provided me in that link look good.
0
 
LVL 16

Accepted Solution

by:
Viral Rathod earned 500 total points
ID: 34169479
Please disble all the Antivirus Service Temporary ?
Restrat the Microsoft Exchange Transport Service on HUB server
Telnet to your server Locally Using Port 25 ?
Telnet to your server Locally Using Port 25 ?

please make sure the internet remote connector has 0.0.0.0-255.255.255.255 under recieve mail from remote servers that have these ip addresses?
0
 

Author Comment

by:mkavinsky
ID: 34169493
I've restarted the Transport service a few times, just did again.
Ran a telnet on the local server and get the 220 response ESMTP mail service ready

I do not have the 0.0.0.0.-255.255.255.255 under receive mail.   Put it in??
0
 

Author Comment

by:mkavinsky
ID: 34169511
again, not sure if it will help. but I what I think started this was when I was working on this issue and on KB article 940726.

The first thing I did was(under the first task)
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

that was about as far as I got. then about 10 minutes later a few people told me that they were getting phone calls about their emails bouncing back.  I then tested externally myself and had the same result.

Not sure if this will help you or not but just wanted to put that out there.

Thanks again
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34169530
Yes ,
Network --> local IP address All availableIPv4
                        Remote Ip address: 0.0.0.0-255.255.255.255

      Permission Groups --> Anonymous users, Exchange Server & Exchange server

      Authentication --> Transport Layer security (TLS), Basic Authentication, Offer Basic Auth & Integrated windows authentication

After adding please telnet to port 25 on your public IP ?
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34169547
Also have you checked with ISP if they have blocked the Port 25 ?

Go  to http://www.mxtoolbox.com/PortScan.aspx  

Letus know the results.
0
 

Author Comment

by:mkavinsky
ID: 34169578
Mail just started flowing!!

Thank you so much for all of your time and effort on this.  I was getting frustrated and thinking what was missing.  It seems that after I added the 0.0.0.0-255.255.255.255 in the receive connector it started to flow.  Not sure if that did it or a result of something earlier finally updating and going.

Thanks again!
0
 

Author Comment

by:mkavinsky
ID: 34169591
sorry, I hit the wrong solution.  
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34169602
What was the problem ?
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34169624
Got it Good to hear!!!!!!!!! ,Again Thanks a ton for your help and for points ,Have a good day a head .
 
May be the Resolution was
"please make sure the internet remote connector has 0.0.0.0-255.255.255.255 under recieve mail from remote servers that have these ip addresses? "
http://social.technet.microsoft.com/Forums/en/exchangesvrtransport/thread/ce4d1a14-c8e0-4b1b-a451-27c9e15451ae
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now