Solved

I can send email but unable to receive email - Exchange 2010

Posted on 2010-11-23
31
4,273 Views
Last Modified: 2012-06-21
Hi Im upgrading my exchange environment from 2003 to 2010. I currently have an exch 2003 on Win 2003 server that has all my users connected. I also have configured 4 exchange 2010 servers on win 2008 enterprise. 2 being MBX/HT with DAG configured (working ok) and 2 being CAS (working ok).

When in installed new exch 2010 servers it automatically created "Internet Mail Connector" i.e. send connector with following options:

On General tab, it says status to be enabled and "specify the FQDN this connector....HELO or EHLO" is blank. Under Address Space "type" is SMTP and "address space" is "*". Under "Network" "Use domain name system (DNS)....." is selected with "Enable Domain Security....." being UN-checked. Under "Source Server" there is nothing mentioned

My domain is showing under "Organization Config->Acceepted Domains" and is "Authoritative"


Server-Config->Hub Transport. For my MBX/HT server-1 i have "Default-ServerName" connector with following options
Status=enabled. "Specify the FQDN this connector...." = my MBX/HT server-1
Under Networ: All IPV4 & 6 on Port 25. Under "Receive mail from remote...."0.0.0.0-255.255.255.255"
Under Authentication: I have TLS/Basic Auth/Exch SVR Auth/Integ Win Auth all checked with exception of "Externally secure...."
Under "Permission Groups" i have all checked except "Partners"

I have so far made one change which is "Anonymour" checked under "Permission Groups" on MBX-HT Server-1 only.


Could someone advice why i can send email but not receive it? Also any additional advice to configure MBX/HT servers in DAG to send/receive mails?

We use Messagelabs to scan emails and i have added rules in firewall that point to my new MBX-HT Server-1.

Thanks
0
Comment
Question by:MANGO247
  • 16
  • 7
  • 4
  • +1
31 Comments
 
LVL 25

Accepted Solution

by:
Tony1044 earned 125 total points
ID: 34195870
Ok the fact that you receive email suggests that there is nothing wrong with the receive connectors.

You need to try and determine at what point the inbound mails are failing.

You say that you've repointed the firewall to send SMTP (port 25) to the new server. That's a step that is often forgotten.

First of all if you migrate a mailbox to the Exchange 2010 server can  you send/receive emails to/from mailboxes on the 2003 server?

If not, that suggests the interoperability connector has a misconfiguration.

If you can, can you then send an email from the internet to that moved mailbox?

If you pop over to www.mxtoolbox.com and https://www.testexchangeconnectivity.com/ and run some tests there, what results do you get?

You need anonymous ticked on the receive connectors if the servers will be receiving mail from the internet without using an Edge server.
0
 

Author Comment

by:MANGO247
ID: 34196008
You need to try and determine at what point the inbound mails are failing
If i go to my Exch 2003 server and check queues, I can see that all mails that im supposed to receive in my migrated (from 2003 exch to 2010) account under "messages that have unreachable destination"

You say that you've repointed the firewall to send SMTP (port 25) to the new server
I have not repointed firewall as such. I have added additional rule to direct Messagelabs email traffic to both (old 2003 and new 2010) servers.

Im doing further tests and will get back to you. BTW i also ticked "Anonymouse" on my other MBX-HT Server-2 and rebooted both.  No luck so far


0
 

Author Comment

by:MANGO247
ID: 34196017
Do i need to add "messagelabs" under accepted domains to receive mails from?
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 34196043
Ok that helps.

I would suggest that there are permission issues on the interop routing group connector between Exchange 2010 & Exchange 2003 which 2010 should've created automatically.

I've seen this before in Exchange 2007 to Exchange 2003. Bizarrely the automatically created connector just refuses to work and I ended up deleting it and creating new ones.

On 2003 check  the Default SMTP Virtual server properties and if smarthost is there remove it

Then add the SmartHost on the SMTP & Send Connector:

 => Default SMTP virtual server -->properties -->Access Tab --> Authentication --> check Anonymous Access , Basic Authentication & Integrated Windows Authentication

 
From Exchange System Manager delete the Routing Group connector under E2K3 & Exchange Administrative group and Recreate Routing Group connector under E2K3 Administrative group for both ways.

0
 

Author Comment

by:MANGO247
ID: 34196146
There was no smarthost under Default SMTP Virtual Server on Exch 2003

I didnt understand: Do you want me to add smart host? or should i use DNS with out TLS option (exch 2010)?

I have however checked that Default SMTP Virtual Server on 2003 has Anonymous Access , Basic Authentication & Integrated Windows Authentication checked

I have removed Routing connector under Routing Groups on Exch 2003 server. Infact they were 2 showing up on Exch 2003 one under my live 2003 server and one under my new exch 2010 servers.

I have created routing connector under my exch 2003 server but to create routing connector under my new exch 2010 ( on Exch 2003 server) its asking to upgrade system manager to 8.0 or above. Do i need to create this second one? Any way i can do this from my new exch 2010?

0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 250 total points
ID: 34196577
You say that you've repointed the firewall to send SMTP (port 25) to the new server
I have not repointed firewall as such. I have added additional rule to direct Messagelabs email traffic to both (old 2003 and new 2010) servers.

>> Are you still using the 2003 servers in a co-existence scenario ?
PS: You cant have message labs point traffic to both.
Exchange 2010 needs to be authoritative, and you can create a 2003-2010 connector to transfer mails to mailboxes which are still in 2003.

I hope I am understanding your setup correctly > 2003 + 2010 co-existence.

thanks
0
 

Author Comment

by:MANGO247
ID: 34196722
Yes its 2003-2010 co-existence until i have moved all mailboxes from 2003 to 2010. I wanted to make sure that all is working before i migrate my users across.

So you are saying its not possible that i can setup rule for messagelabs on my firewall to allow email traffic to 2 internal ip addresses of my exchange servers? Our public IP is obviously same and 2003 /2010 exch servers are in the same building.

This would suggest that interoperability routing connectors must be working correctly so my exch 2010 points to exch 2003 and that sends message out and same way Messagelab will point to Exch 2003 and that will send mail to my exch 2010?

BTW i removed and recreated interoperability connector successfully on my exch 2003. It was under my Exch 2003 Administrative Groups->Organisation->Routing Groups -> Exch 2003 Organization->Connectors

I also remove Interoperability Routing connector from Exch 2010 Administrative group -> Routing Groups-> Exch Routing Groups -> Connectors ->.... On my exh 2003 system manager. Im unable to recreate this one as its looking for management tools version 8.0 or above on exch system manager on 2003.

I dont have latest exch 2003 CD to reinstall management tools. Is there anyway i can do this from exch 2010?

I will be decommisioning 2003 exch as soon i have moved my mailboxes -

Many thanks


0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 34196772
What state are you in ?
>> did you move mailboxes completely ? or there are some left over in 2003.

You have to have a configuration like this to support co-existence
message labs traffic > Firewall > Exchange 2010 >--- connector -->exchange 2003

what mailboxes are you using for testing ?
Can you try from 2003 mailboxes and 2010 mailboxes - separately and note which mails go out and which one's dont - and what error code you receive.

Try the same thing for email receive - send an email from gmail.com to these 2 different email addresses.

--
also go here
www.testexchangeconnectivity.com
Test for inbound and outbound connectivity.
Post back results from there.

0
 

Author Comment

by:MANGO247
ID: 34197001
I have only moved 1 mailbox from 2003 to 2010. So all live users still connected to 2003 exch server

are you saying that i must have following:
message labs traffic > Firewall > Exchange 2010 >--- connector -->exchange 2003

I want to achieve following:
message labs traffic > Firewall > Exchange 2003 >--- connector -->exchange 2010 (Receive)
Exch2010->connector->exch 2003->cluster8a.eu.messagelabs.com

Im using my only migrated mailbox (from 2003-2010) When i installed exch2010 it created 2 interoperability routing connectors in exch 2003 organisation. I could send email before but now i cant send or receive since i removed interoperability connectors in exch 2003.

I can only create interoperability connector to receive email but cant create one to send it. coz it requires higher exch system manager version on exch 2003


0
 
LVL 11

Expert Comment

by:JuusoConnecta
ID: 34197183
When you introduce your first exchange 2010 server onto your exchange infrastructure (assuming all exchange servers 2003 and 2010 are within the same domain), the installation should ask if there are any existing legacy exchange servers, if you chose yes, the exchange server 2010 will be joined onto the same routingroupconnector as exchange 2003. (routingroupconnectors does not exist if a domains first exchange server was exchange 2007 / 2010).

Since you are seeing all the messages in your exchange 2003 that are meant for exchange 2010 are listed as "messages that have unreachable destination", means exactly what it says.

Refer to the following article regarding routinggroupconnector during coexistance of exchange 2003 and exchange 2010: http://technet.microsoft.com/en-us/library/aa997292.aspx

Also your MX records on your external, do you only use one mx record or do you have several "front-end" servers for mail communication ?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 34197198
0
 

Author Comment

by:MANGO247
ID: 34197834
JuusoConnecta: I have only 1 mx record

Could someone confirm that If i run following on my exch2010. This will create a bi-directional routing groupconnector that will let me send and receive emails from exch2010 MBX/HT Servers without affecting my live users on exch 2003?

New-RoutingGroupConnector -Name “exch2003-exch2010-connector” -SourceTransportServers “exch2003-SVR.mydomain.com” -TargetTransportServers “exch2010-SVR01.efgeuroergasias.co.uk”, “exch2010-SVR02.efgeuroergasias.co.uk” -Cost 100 -Bidirectional $true


0
 

Author Comment

by:MANGO247
ID: 34198215
I have now created a new routing group connector in exch 2003 system manager.

Im getting following

[PS] C:\Windows\system32>Get-Routinggroupconnector

Name                      SourceRoutingGroup                             TargetRoutingGroup
----                      ------------------                             ------------------
Exch2003-EXCH10           Exch 2003 Org                               Exchange Routing Group (DWBGZMFD01QNBJR)
Exh2003-EXCH10           Exchange Routing Group (DWBGZMFD01QNBJR)       Exch 2003 Org


I have restarted Microsoft Exchange Transport Service on both of my MBX/HT Servers. I can now send email to outside but cant receive it.

When email is sent from outside it get queued on Exch 2003 server under "Messages with unreachable destination"

Would you say its something to do with recipient policy. I have not made any changes to that since i installed my Exch2010 servers
0
 

Author Comment

by:MANGO247
ID: 34198501
I have check Organization Config->Hub Transport
Under "Email Policies" i can see 2 policies that exist on my exch 2003 server. I cant apply or edit them. When i try to edit them it popsup msg "The specified e-mail address policy couldnt be edited. Email address policies created with legacy versions of Exchange must be upgraded using the 'Set-EmailAddressPolicy task' with the exchange 2010 Recipient Filter specified"

When i try to apply it. It fails with message saying insufficient rights. It list all users and repeats insufficient rights message
0
 
LVL 11

Assisted Solution

by:JuusoConnecta
JuusoConnecta earned 125 total points
ID: 34203040
Does your exchange 2010 have your external domain set as an authorative accepted domain ?

run the following from EMS: get-accepteddomain and post the results,

your recipients within exchange2010 should have this domain as an email proxy address.

Are ordinary users who resides on exchange 2003 able to send mail to users in exchange 2010 ?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:MANGO247
ID: 34204865
[PS] C:\Windows\system32>get-accepteddomain

Name                           DomainName                     DomainType                   Default
----                           ----------                     ----------                   -------
mydomain.com          mydomain.com          Authoritative                True

Under Org Config->Hub Transport->Email addresses policies i could see 2 policies that . One of them was custom policy and other was default policy from legacy exchange 2003. Both had applied status as "false".

I couldnt edit or apply them.
Following this article
http://www.simple-talk.com/sysadmin/exchange/upgrade-exchange-2003-to-exchange-2010---part-ii/
I ran
Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq “Legacy”}
Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq “Legacy”} |
Set-EmailAddressPolicy –IncludedRecipients AllRecipients

I have now applied my legacy exch 2003 policy and status is "True"

This is where i stand now:

I can send email from Exch 2010 to 2003 and receive as well
I can send mail from Exch2010 to outside email address but unable to receive it.

I have removed Messagelabs rules that i created to point Email traffic to my new exch 2010 server.

Exch 2010 -> connector -> Exch 2003 -> send to outside world is working ok
When email is sent from outside it gets queued at my legacy exch server under "messages with unreachable destination "

Im suspecting my recipient policy is not working. I had warnings when i applied it

Any prompt responses would be much appreciated as im running out of time.

Kind Regards





0
 

Author Comment

by:MANGO247
ID: 34204879
Does your exchange 2010 have your external domain set as an authorative accepted domain ?

Are you suggesting that i should also have Messagelabs showing as authoritative as well?

Please advice steps to do it
0
 
LVL 11

Expert Comment

by:JuusoConnecta
ID: 34205087
I can send email from Exch 2010 to 2003 and receive as well
I can send mail from Exch2010 to outside email address but unable to receive it.


Is messagelab "before" bouth of your exchange servers ?

The next thing I would try would be to create a receive connector on the exchange 2010 server  (server configuration -> hub transport) for exchange 2003, by addings its internal ip address. Also if mail flow is being routed internally by messagelabs, include messagelabs ip also onto the receive connector ip list. Remember to set permission to anonymous and authentication to tls and basic.


In some cases, when it comes to your scenario. The issue has been resolved by doing the following (do this if the above does not work).
Go your exchange 2003 server locate the hosts file and edit it, write in the internal ip address of your exchange 2010 server and set it to correspond against the fully qualified domain name of the exchange 2010 server, save and close. And retry queue from exchange 2003 -> 2010

cheers
0
 

Author Comment

by:MANGO247
ID: 34205490
No luck im afraid.

I have created receive connector and added all Messaglebas IP and ranges under "receive mail from remote....." and added my internal exch 2003 ip with port 587 (default port 25 didnt work either) as local ip. Also configured  firewall rules to allow traffic between Messagelabs ip address ranges and my new exchange 2010. Checked Anonymous as permission and tls/basic as authentication.

Messagelab is before my exch 2003 server. We send mail to cluster8.au.messagelabs and have firewall rules that send emai from Messagelabs to my internal exch 2003 server.

I also edited my host file to add my new exch2010 server
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 34205525
I couldn't do so until later this evening due to lockdowns at the site I'm at but if you wanted, I'd be more than happy to connect in remotely and take a look-see.

It sounds like you've covered most bases being suggested.
0
 
LVL 11

Expert Comment

by:JuusoConnecta
ID: 34205772
Must've missed something, since basic mail flow works from users on exchange 2003 against users who resides on exchange 2010 and vice versa ?

Can you check some of the response I've provided here: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26560636.html

Although it is for mail routing against exchange 2007 same princips apply to exchange 2010

(remember to answer my question also =] )

cheers
0
 

Author Comment

by:MANGO247
ID: 34206410
One thing i have noticed that whenever i try to resolve FQDN of Exch or other servers on my domain im getting non authoritative response similar to below

C:\Program Files\Support Tools>nslookup ebexh01.mydomain.co.uk
Server:  ebdmc01.mydomain.co.uk
Address:  10.237.x.x

Non-authoritative answer:
Name:    ebexh01.mydomain.co.uk.co.uk
Address:  67.215.65.132

Even editing hosts file has not helped and my network is not resolving FQDN of internal servers and workstations.
0
 

Author Comment

by:MANGO247
ID: 34206548
BTW dns issue is resolve and im getting my internal dns working. i added my isp nameserver instead of opendns.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 34206657
I can send email from Exch 2010 to 2003 and receive as well
I can send mail from Exch2010 to outside email address but unable to receive it.

>> This means
Internal Exchange 2003 / 2010 mail routing is ok.

Can you tell me if you forwarded port 25 on firewall to point to Exchange 2010 > instead of exchange 2003
Is there some kinda authentication in message labs where it's trying to deliver mails to Exch 2003 / instead of 2010

Did you try message tracking from Exch 2010 > Toolbox - to see if you received *ANY* messages ?

--
Also, please send me a dcdiag

dcdiag /v /e /TEST:DNS > C:\dcdiag.txt

thanks
0
 

Author Comment

by:MANGO247
ID: 34206845
Please find attached dcdiag  dcdiag.txt

I have amended rules on my firewall that were forwarding Messagelab ip addresses to exch 2003 on port 25. Now they are forwarding both to my exch 2003 and exch 2010 servers. Also added Messagelab ip addressess in my new receive connector (as you advised)

I have spoken to messagelabs they confirm that they are only pointing traffic to our public ip address and no information is held about internal exchange ip address

I can get my exch 2003 down for an hour tonight. Would you say i test my exch 2010 by shutting down exch 2003 and disabling interoperability connector. Just for testing?

Im intending to move my users from 2003 exch to 2010 but i need to confirm that it will work.

Many thanks for looking into it
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 34207033
Now they are forwarding both to my exch 2003 and exch 2010 servers. Also added Messagelab ip addressess in my new receive connector (as you advised)

>> You have to forward it to your 2010 server - not both.

Your email routing will work this way:

Incoming:
Message Labs > Exchange 2010

Exchange 2010 will decide whether to route the message to E2010 mailbox
or Route it to Exchange 2003 mailbox

Outgoing
Exchange 2010 > SMTP Out
Exchange 2003 > Exchange 2003 > SMTP out

Will check dcdiag and let you know.
will reply to rest of your queries also.

thanks
0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 250 total points
ID: 34207142
your dcdiag is ok.
The only change required (if any) would be:
- Add your ISP's DNS servers in DNS forwarders instead of using root-servers.
Do that on DC1

and add DC1 as forwarders for the other 2 DC's.

Your DNS is working fine without it too.

--
I have spoken to messagelabs they confirm that they are only pointing traffic to our public ip address and no information is held about internal exchange ip address
>> That is true.

I can get my exch 2003 down for an hour tonight. Would you say i test my exch 2010 by shutting down exch 2003 and disabling interoperability connector. Just for testing?
>> Good question.

Test cases:

Testing for mail-flow to exchange 2010
> Use Mail flow troubleshooter from Exchange > Toolbox
Use Message Tracking from Exchange > Toolbox.
See if you are getting any messages to mailboxes in e2010

Testing for mail-flow to >>Exchange 2003<< by shutting down exchange 2010
> You can't do this.
Your exchange 2003 mail flow is dependent on Exchange 2010. So if you shutdown 2010 your mail flow will stop.

Testing Exchange 2010 mail flow to mailboxes in 2010 by shutting down Exchange 2003
> This you can and you should try. The eventual goal I believe is to shutdown exchange 2003 and have all users migrated to 2010.
Expected result > if you shutdown 2003, mail flow should not be affected to mailboxes in 2010

DNS on Exchange 2010
From Exchange 2010
a) start > run > cmd
nslookup
set type=all
set q=mx
yourexternaldomain.co.uk

See if it correctly resolves to your external FQDN
0
 

Author Comment

by:MANGO247
ID: 34237882
I have configured my interoperability connector to send and receive mails from exch 2010. Removed Interent connector from Exch 2003. Using DNS to resolve names. All working fine
0
 

Author Closing Comment

by:MANGO247
ID: 34237885
Very helpful
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 34237906
Glad you resolved your problems. Thank you for the points.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 34238329
Glad to be of help.
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now