Exchange 2007 - External Mail record changed, need to put it back


Ran into a problem here.  I have an SBS2008 Server.  Installing new Outlook 2010 clients and was getting some certificate errors.  Went to MS and found a KB Article on how to fix it (940726).  anyway it was asking to make some changes in the Exchange Management Shell which i did.  

Now the problem has occurred where we cannot receive external email anymore.  It's bouncing back to the sender.  What I have notice is this organization has 2 MX records (mail. and mail1.)  They use the (not sure why there is 2 but the doesn't even point to the correct external IP).  But now all the incoming emails are not going to rather then  I did not make any changes to the external MX Record with the DNS host so it has to be something I think that I made a change on with the SBS2008/Exchange 2007 server.  How can I change it back or what commands in the Management shell do I need to change my external mail record from back to mail1 rather than mail?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Viral RathodConsultantCommented:
See MX record is not required for Outgoing E-mails
MX record is required only for Incoming E-mails
There are 2 MX record for Redundancy

Please check the following links and make sure you are not missing any thing

Ref :

If you don't have an Edge server then you do not have a connector with anonymous authentication enabled. You need to adjust the properties of the Default Receive Connector to allow anonymous access. You do not need to create a new Receive Connector.

Ref : 

Have you configured a Send Connector?
Under Organisation Configuration > Hub Transport > Send Connector
you need to setup a connector with an address space of * to use either DNS or smarthost.

If you use DNS then you need to configure a rDNS(PTR) record for say an A record in your external DNS for that points to the external IP of your network (Find out what your external IP is by going to )

Then on the FQDN section of your send connector enter

ypu will also need to setup an SPF record see:

Hope this helps.
mkavinskyAuthor Commented:
Sorry if I didn't explain it clear.  Sending is just fine.  It's the problem recieving.  I know the MX record is for recieving and that's the problem I am having all the sudden.  

I did not make any changes to the Send Connectors.  Again, sending is fine.  
I verified and my A record (MX Record) is still pointing correclty ( to my public IP address  - that hasn't changed.

Something changed on my Exchange 2007 server (that I must have done) and I need to get the Exchange server to look and accept the as the default and not the that it accidently switched too.

Viral RathodConsultantCommented:
Have you checked the above all the links ,also Accepted Domain ?

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

mkavinskyAuthor Commented:
I'm looking at my Recieve Connector and it does have anonymous access checked as you mentioned.  I went through your articles and am not seeing what I am looking for.  The last article was talking about send connectors, adding domains, spam filters - that doesn't help me.  It must be something wtih the recieve connector but I am not seeing anything different with it.  Where in Exchange 2007 does it know what MX record it's looking for (if this is possible)?  I need to get this email flowing nothing is coming in.  

All I know is that from the outside world sending an email to this organization it's bouncing back and in the bounceback it is showing the wrong public IP and MX record.  Nothing was changed with our A records and I verified that they are pointing correctly.  Something on a recieve connector then (I think) is looking for the wrong IP/MX record?

Again, I went through the articles and I will go through again but I don't see anything there that is pointing me to where I need to go .

mkavinskyAuthor Commented:
again,  this was working just fine a few hours ago until I go tin the Management shell and starting doing what MS suggested because of my certificate issues with Outlook 2010.  Now this has caused a whole other mess.  

There is nothing wrong with my DNS hosts and records.  They have been implemented and fine for years.  This Exchange server has been running fine since I upgraded it months ago.

If that helps at all
Viral RathodConsultantCommented:
1) Go to to check the MX record Details
2) Please go to and run Inbound SMTP E-Mail

Letus know the Results .

Viral RathodConsultantCommented:
After testing the MXtoolbox Results we will get some more information about your MX record
Also run the  Inbound SMTP E-Mail from testexchnage connectivity so that we can find the root cause of issues.
mkavinskyAuthor Commented:
OK, ran the testexchange SMTP inbound - "ExRCA failed to test inbound mail flow"

on the MXToolbox test it shows to 2 MX records (mail and mail1). is not the one that I need anyway and will eventually just remove it.   The mail1 though is showing IP address:

Sounds like the problem??

Not sure how though?? I went to at&t (that's where the DNS recors are hosted) a few hours back and the public IP was there and correct?  It was never changed.  

So what to do now?

mkavinskyAuthor Commented:
further information. and are now both pointing to the same Public IP address (according to at&t/sbc). Mail1 has a priority of 10 and mail has a priority of 20

Does that help at all?  Should I just simply delete  I would think the lower priority would do something too?
Viral RathodConsultantCommented:
Since MX record is listed as ,Please get this checked by your MX vendor ( where the DNS recors are hosted)

One more way to find Mx Record is

>set q=mx
Non-authoritative answer:       MX preference = 1, mail exchanger =       MX preference = 1, mail exchanger =     internet address =

Check the MX record and letus know the results.
mkavinskyAuthor Commented:
OK.  I've run the MXTools test again and now the IP address shows up (I didn't change or modify anything).

So now from the outside seems to look OK.

Still not recieving email and I still think something may be up with my original issue.

Viral RathodConsultantCommented:
Can you once again run the testexchnageconnectivity In Bound test and post the results ?
mkavinskyAuthor Commented:
same result at last time - "ExRCA Failed to test inbound SMTP mail flow".

I've sent several test emails into that server and nothing.  Also trying message tracking on the Exchang 2007 server and there are no records and any incoming emails.
mkavinskyAuthor Commented:
to resolve any further confusion with multiple MX records I have gone and eliminated the MX record with the DNS host site.  so now we just have the record to deal with and the one we've been using for years.   I guess if I really had to I can put it to and remove the mail1  (can maybe try that later) but really was hoping this was an easy fix here.
Viral RathodConsultantCommented:
Can you please send me the full details of Exchange Connectivity Results ?
Viral RathodConsultantCommented:
1) Are the emails stuck in the queue?
2) Can you send and receive email internally?
3) Did you do a telnet to port 25 on your public IP ?
How you can test if port 25 is open
4) Please check if port 25 is open
Go here
enter your port #
If port 25 is blocked > check your firewall.
mkavinskyAuthor Commented:
here you go:

Testing inbound SMTP mail flow for domain
  ExRCA failed to test inbound SMTP mail flow.
   Test Steps
   Attempting to retrieve DNS MX records for domain
  One or more MX records were successfully retrieved from DNS.
   Additional Details
  MX Records Host, Preference 10
, Host, Preference 30
 Testing Mail Exchanger
  One or more SMTP tests failed for this Mail Exchanger.
   Test Steps
   Attempting to resolve the host name in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: (the IP is correct)
 Testing TCP port 25 on host to ensure it's listening and open.
  The port was opened successfully.
   Additional Details
  Banner received: 421 4.3.2 Service not available, closing transmission channel
 Attempting to send a test e-mail message to using MX
  Delivery of the test message failed.
   Additional Details
  The server returned status code 421 - Service not available, closing transmission channel. The server response was: 4.3.2 Service not available, closing transmission channel
Exception details:
Message: Service not available, closing transmission channel. The server response was: 4.3.2 Service not available, closing transmission channel
Type: System.Net.Mail.SmtpException
Stack trace:
at System.Net.Mail.SmtpConnection.GetConnection(String host, Int32 port)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
mkavinskyAuthor Commented:
users can email internally just fine and have been all day.

There are no messsages in the queue
Telnet shows: 421 4.3.2 Service not available, closing transmission channel
connection to host lost

Nothing on my firewall has changed either.  It really seems to be something with the Exchange server.
Viral RathodConsultantCommented:
from your HUB server, go to and check that your real ip is exactly like your IP in MX record ?
Viral RathodConsultantCommented:
On your receive connector, what are your permissions set to?
mkavinskyAuthor Commented:
already did that but did it again and it's correct
mkavinskyAuthor Commented:
all are checked except for "partners".  Thinking I should uncheck the "anonymous"
Viral RathodConsultantCommented:
Viral RathodConsultantCommented:
Please DO NOT uncheck the "anonymous"
mkavinskyAuthor Commented:
Ok, on my receive connector there is the box to specify the FQDN - I have the local server name in there.  I have 3 other clients with the same settings.  If I try to change that to the external: I get an error: "When the AuthMechanism parameter on a Receive connector is set to the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server "sbs2008.domain.local", the netbios name of the transport server "sbs2008" or $null."

The other settings that you provided me in that link look good.
Viral RathodConsultantCommented:
Please disble all the Antivirus Service Temporary ?
Restrat the Microsoft Exchange Transport Service on HUB server
Telnet to your server Locally Using Port 25 ?
Telnet to your server Locally Using Port 25 ?

please make sure the internet remote connector has under recieve mail from remote servers that have these ip addresses?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mkavinskyAuthor Commented:
I've restarted the Transport service a few times, just did again.
Ran a telnet on the local server and get the 220 response ESMTP mail service ready

I do not have the under receive mail.   Put it in??
mkavinskyAuthor Commented:
again, not sure if it will help. but I what I think started this was when I was working on this issue and on KB article 940726.

The first thing I did was(under the first task)
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri 

that was about as far as I got. then about 10 minutes later a few people told me that they were getting phone calls about their emails bouncing back.  I then tested externally myself and had the same result.

Not sure if this will help you or not but just wanted to put that out there.

Thanks again
Viral RathodConsultantCommented:
Yes ,
Network --> local IP address All availableIPv4
                        Remote Ip address:

      Permission Groups --> Anonymous users, Exchange Server & Exchange server

      Authentication --> Transport Layer security (TLS), Basic Authentication, Offer Basic Auth & Integrated windows authentication

After adding please telnet to port 25 on your public IP ?
Viral RathodConsultantCommented:
Also have you checked with ISP if they have blocked the Port 25 ?

Go  to 

Letus know the results.
mkavinskyAuthor Commented:
Mail just started flowing!!

Thank you so much for all of your time and effort on this.  I was getting frustrated and thinking what was missing.  It seems that after I added the in the receive connector it started to flow.  Not sure if that did it or a result of something earlier finally updating and going.

Thanks again!
mkavinskyAuthor Commented:
sorry, I hit the wrong solution.  
Viral RathodConsultantCommented:
What was the problem ?
Viral RathodConsultantCommented:
Got it Good to hear!!!!!!!!! ,Again Thanks a ton for your help and for points ,Have a good day a head .
May be the Resolution was
"please make sure the internet remote connector has under recieve mail from remote servers that have these ip addresses? "
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.