Solved

SMTP Diag error

Posted on 2011-02-14
48
3,893 Views
Last Modified: 2012-05-11
Our domain currently hosts its external DNS only for forward lookups. We have an ISA firewall 2006, Within our domain we have an exchange server 2003 and of course our internal DNS. A few days ago mail stopped working no one can send or receive. When i looked into the server event viewer, i see  this error  "Message delivery to the host '98.137.54.237' failed while delivering to the remote domain  'rocketmail.com' for the following reason:
 The remote server did not respond to a connection attempt."

When i ran SMTP DIAG i get the following results


C:\Documents and Settings\Administrator.NXUBA\Desktop\SmtpDiag>smtpdiag administ
rator@nxuba.gov.za motseperl@telkom.co.za

Searching for Exchange external DNS settings.
Computer name is NXUBA-MX1.
VSI 1 has the following external DNS servers:
There are no external DNS servers configured.

Checking SOA for telkom.co.za.
Checking external DNS servers.
Checking internal DNS servers.
SOA serial number match: Passed.

Checking local domain records.
Checking MX records using TCP: nxuba.gov.za.
Checking MX records using UDP: nxuba.gov.za.
Both TCP and UDP queries succeeded. Local DNS test passed.

Checking remote domain records.
Checking MX records using TCP: telkom.co.za.
Checking MX records using UDP: telkom.co.za.
Both TCP and UDP queries succeeded. Remote DNS test passed.

Checking MX servers listed for motseperl@telkom.co.za.
Connecting to cntrra20-gtw04.telkom.co.za [198.54.206.131] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to cntrra20-gtw04.telkom.co.za.
Connecting to cntrra20-gtw03.telkom.co.za [198.54.206.132] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to cntrra20-gtw03.telkom.co.za.


Our ISA server has a public IP  ( 196.25.x.x )and private IP ( 192.168.x.x). This server is running our external DNS ( no reverse lookups).  and our MX record is added there and what i have noticed our MX point to the IP of the server ( 196.25.x.x)
0
Comment
Question by:nobs
  • 26
  • 13
  • 6
  • +2
48 Comments
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
That error (10060) is a connection timeout I believe, so your system is trying to connect to the remote server and never gets a response. Check your ISA rules and make sure you're allowing tcp/25 out.

Try telnetting to some remote server on that port to test:

telnet gmail-smtp-in.l.google.com 25
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
This is your MX:
telkom.co.za. 86400 IN MX 1 cntrra20-gtw04.telkom.co.za.
telkom.co.za. 86400 IN MX 1 cntrra20-gtw03.telkom.co.za.

cntrra20-gtw03.telkom.co.za. 86400 IN A 198.54.206.132
cntrra20-gtw04.telkom.co.za. 86400 IN A 198.54.206.131

Open in new window

From what you've said, those addresses are not correct?

All published name servers for your zone agree about those addresses.

Chris
0
 
LVL 6

Expert Comment

by:ashunnag
Comment Utility
I think you issue is something else, because I can telnet that SMTP server. You should check your ISA server, try to restart ISA and Exchnage servers and check. submit any other logs on the Exchange / ISA servers.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

There is one thing though:

>smtpdiag administrator@nxuba.gov.za motseperl@telkom.co.za

If you're running that inside your network there's no reason it should work if the advertised mail servers reside within your network.

You'd need NAT loopback, or some other mechanism to prevent them getting horribly confused.

Chris
0
 

Author Comment

by:nobs
Comment Utility
Ok i need to explain something, that administrator@nxuba.gov.za, is our local account, that telkom one is the email of our service provider i was using while running smtp diag
0
 

Author Comment

by:nobs
Comment Utility
our mail server is mail.nxuba.gov.za
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Are you running that command on your mail server? There are a number of reasons it might fail on connection to telkom's servers. Possibilities include:

1. Outbound firewall doesn't permit connections to TCP/25 outside the network
2. Antivirus software is preventing outbound connections on TCP/25
3. Unable to route to destination host

The top two are most likely. For instance, if you were to run that command from your workstation I'd be less than surprised if it failed. If you ran it from your mail server I'd be more surprised, but then I'd have to ask if you were using a Smart Host or sending directly.

Chris
0
 
LVL 6

Expert Comment

by:ashunnag
Comment Utility
do you have an AV / firewall installed on the Exchange server?
0
 

Author Comment

by:nobs
Comment Utility
using DNS to route mail
0
 

Author Comment

by:nobs
Comment Utility
Yes its nod32, from my workstation i can telnet to the exchange server on port 25, and i get a response,
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

And SMTPDiag was run on your mail server?

Are you able to reproduce the same fault to any other recipient?

Chris
0
 

Author Comment

by:nobs
Comment Utility
have a look at the domain config, am sending you proper details for this domain
http://www.intodns.com/nxuba.gov.za
0
 

Author Comment

by:nobs
Comment Utility
For all the domains it gives me the same response, i just copied the last one i tried
0
 

Author Comment

by:nobs
Comment Utility
Yes smtpdiag i ran it on the mail server
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

It could be dropping you because you have no PTR record for 196.25.190.98. That is mandatory these days.

Most of the time that means you have to ask your ISP to add the PTR record for you. That needs to match up to the name used by your SMTP server when it connects. For Exchange 2003 that'll be the same name it shows when you run "telnet YourMailServer 25".

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

> For all the domains it gives me the same response,

While you do need the PTR record not everyone will drop a connection because of it, I urge you to check AV software and outbound firewalls, make sure they actually allow the outbound connection.

Chris
0
 

Author Comment

by:nobs
Comment Utility
WE are running ISA Server 2006, and the Mail Publishing rule is there, could something have changed
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Publishing grants Inbound access, not outbound as far as I know. When did this stop working? To be honest, Antivirus software would be the first thing I checked, it's annoying.

Chris
0
 

Author Comment

by:nobs
Comment Utility
I ran a netstat -a on my ISA firewall.. here are the results

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>netstat -a

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    nxuba-pr1:domain       nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:epmap        nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:microsoft-ds  nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:1047         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:1048         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:1050         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:1052         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:pptp         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:2280         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:ms-wbt-server  nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:msfw-control  nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:8080         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:1063         nxuba-mx1.nxuba.local:microsoft-ds  ESTABLISHED
  TCP    nxuba-pr1:1101         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:1260         nxuba-mx1.nxuba.local:ldap  CLOSE_WAIT
  TCP    nxuba-pr1:remote-winsock  nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:ms-wbt-server  nxuba-mx1.nxuba.local:46974  ESTABLISHED
  TCP    nxuba-pr1:8080         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:8080         nxuba-7889dcfde:56154  ESTABLISHED
  TCP    nxuba-pr1:8080         nxuba-7889dcfde:56187  ESTABLISHED
  TCP    nxuba-pr1:8080         corpservices.nxuba.local:51360  ESTABLISHED
  TCP    nxuba-pr1:8080         led.nxuba.local:3288   TIME_WAIT
  TCP    nxuba-pr1:8080         led.nxuba.local:3394   TIME_WAIT
  TCP    nxuba-pr1:8080         led.nxuba.local:3413   TIME_WAIT
  TCP    nxuba-pr1:8080         led.nxuba.local:3488   TIME_WAIT
  TCP    nxuba-pr1:8080         led.nxuba.local:4020   ESTABLISHED
  TCP    nxuba-pr1:8080         sijila-ss.dns:1684     ESTABLISHED
  TCP    nxuba-pr1:8080         sijila-ss.dns:1686     ESTABLISHED
  TCP    nxuba-pr1:8080         sijila-ss.dns:1688     ESTABLISHED
  TCP    nxuba-pr1:8080         sijila-ss.dns:1692     ESTABLISHED
  TCP    nxuba-pr1:8080         sijila-ss.dns:1694     ESTABLISHED
  TCP    nxuba-pr1:8080         sijila-ss.dns:1696     ESTABLISHED
  TCP    nxuba-pr1:8080         bulumko-pc.nxuba.local:57669  ESTABLISHED
  TCP    nxuba-pr1:8080         bulumko-pc.nxuba.local:57671  ESTABLISHED
  TCP    nxuba-pr1:8080         bulumko-pc.nxuba.local:57694  ESTABLISHED
  TCP    nxuba-pr1:8080         bulumko-pc.nxuba.local:57695  ESTABLISHED
  TCP    nxuba-pr1:8080         bulumko-pc.nxuba.local:57696  ESTABLISHED
  TCP    nxuba-pr1:8080         bulumko-pc.nxuba.local:57699  ESTABLISHED
  TCP    nxuba-pr1:8080         bulumko-pc.nxuba.local:57700  ESTABLISHED
  TCP    nxuba-pr1:8080         bulumko-pc.nxuba.local:57701  ESTABLISHED
  TCP    nxuba-pr1:8080         papama-pc.nxuba.local:50588  ESTABLISHED
  TCP    nxuba-pr1:8080         papama-pc.nxuba.local:50611  ESTABLISHED
  TCP    nxuba-pr1:8080         papama-pc.nxuba.local:50612  ESTABLISHED
  TCP    nxuba-pr1:8080         papama-pc.nxuba.local:50620  ESTABLISHED
  TCP    nxuba-pr1:8080         papama-pc.nxuba.local:50622  ESTABLISHED
  TCP    nxuba-pr1:8080         papama-pc.nxuba.local:50623  ESTABLISHED
  TCP    nxuba-pr1:8080         papama-pc.nxuba.local:50634  ESTABLISHED
  TCP    nxuba-pr1:8080         papama-pc.nxuba.local:50635  ESTABLISHED
  TCP    nxuba-pr1:8080         papama-pc.nxuba.local:50636  ESTABLISHED
  TCP    nxuba-pr1:8080         papama-pc.nxuba.local:50637  ESTABLISHED
  TCP    nxuba-pr1:8080         papama-pc.nxuba.local:50638  ESTABLISHED
  TCP    nxuba-pr1:8080         nxuba-mx1.nxuba.local:49465  ESTABLISHED
  TCP    nxuba-pr1:8080         nxuba-mx1.nxuba.local:51306  ESTABLISHED
  TCP    nxuba-pr1:12367        nxuba-mx1.nxuba.local:smtp  SYN_SENT
  TCP    nxuba-pr1:12368        nxuba-mx1.nxuba.local:smtp  SYN_SENT
  TCP    nxuba-pr1:12371        nxuba-mx1.nxuba.local:smtp  SYN_SENT
  TCP    nxuba-pr1:12372        nxuba-mx1.nxuba.local:smtp  SYN_SENT
  TCP    nxuba-pr1:12373        nxuba-mx1.nxuba.local:smtp  SYN_SENT
  TCP    nxuba-pr1:12374        nxuba-mx1.nxuba.local:smtp  SYN_SENT
  TCP    nxuba-pr1:12376        nxuba-mx1.nxuba.local:smtp  SYN_SENT
  TCP    nxuba-pr1:12380        nxuba-mx1.nxuba.local:smtp  SYN_SENT
  TCP    nxuba-pr1:smtp         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:smtp         drone061.ral.icpbounce.com:47904  ESTABLISHED
  TCP    nxuba-pr1:smtp         snt0-omc4-s4.snt0.hotmail.com:msft-gc-ssl  TIME_
WAIT
  TCP    nxuba-pr1:smtp         link.lativeaw.com:56126  TIME_WAIT
  TCP    nxuba-pr1:smtp         bgp.lativeaw.com:41148  TIME_WAIT
  TCP    nxuba-pr1:smtp         router.lativeaw.com:43796  TIME_WAIT
  TCP    nxuba-pr1:smtp         submission.lativeaw.com:36755  TIME_WAIT
  TCP    nxuba-pr1:smtp         netwall.lativeaw.com:35283  TIME_WAIT
  TCP    nxuba-pr1:smtp         72.9.233.98:48462      TIME_WAIT
  TCP    nxuba-pr1:smtp         web2.releaseasource.info:42136  TIME_WAIT
  TCP    nxuba-pr1:smtp         web3.releaseasource.info:56824  TIME_WAIT
  TCP    nxuba-pr1:smtp         web4.releaseasource.info:41520  TIME_WAIT
  TCP    nxuba-pr1:smtp         web5.releaseasource.info:42910  TIME_WAIT
  TCP    nxuba-pr1:smtp         mailgate.wmint.net:42690  ESTABLISHED
  TCP    nxuba-pr1:smtp         mailgate.wmint.net:42705  ESTABLISHED
  TCP    nxuba-pr1:smtp         web2.miomirr.com:42681  TIME_WAIT
  TCP    nxuba-pr1:smtp         web3.miomirr.com:59219  ESTABLISHED
  TCP    nxuba-pr1:smtp         web10.miomirr.com:41611  TIME_WAIT
  TCP    nxuba-pr1:smtp         web11.miomirr.com:33212  TIME_WAIT
  TCP    nxuba-pr1:smtp         web12.miomirr.com:40719  TIME_WAIT
  TCP    nxuba-pr1:smtp         web13.miomirr.com:33029  TIME_WAIT
  TCP    nxuba-pr1:smtp         web14.miomirr.com:33691  TIME_WAIT
  TCP    nxuba-pr1:smtp         smtp-1.emailconnection.co.za:34875  ESTABLISHED
  TCP    nxuba-pr1:smtp         rbgcon05.fnb.co.za:41878  TIME_WAIT
  TCP    nxuba-pr1:smtp         mail.samwumed.org:21369  TIME_WAIT
  TCP    nxuba-pr1:smtp         196.25.145.211:1456    TIME_WAIT
  TCP    nxuba-pr1:smtp         xtinmta06-42.exacttarget.com:21467  ESTABLISHED
  TCP    nxuba-pr1:smtp         web6.releaseasource.info:38059  ESTABLISHED
  TCP    nxuba-pr1:smtp         mail5094c.mkt515.com:30779  ESTABLISHED
  TCP    nxuba-pr1:smtp         mail-fx0-f51.google.com:42751  TIME_WAIT
  TCP    nxuba-pr1:http         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:pop3         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:1775         nxuba-pr1.nxuba.local:0  LISTENING
  TCP    nxuba-pr1:7158         server783.teamviewer.com:https  ESTABLISHED
  TCP    nxuba-pr1:11227        93.184.220.90:http     ESTABLISHED
0
 

Author Comment

by:nobs
Comment Utility
I did check the anti-virus, it stopped working few days ago,,, and nothing has happened it just stopped working, no updates were applied nothing
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Netstat won't help I'm afraid. It'll show us connections and listening ports, but not why something might be blocked on the way out.

You're going to have to trace it, you have logging on the ISA server don't you? It's been a long time since I touched one of those, if you need specifics I'll try and get you some help with that.

Chris
0
 

Author Comment

by:nobs
Comment Utility
I tried to get a list of SMTP connections to and from a server, this is what i got

C:\Documents and Settings\Administrator>netstat |find "smtp"
  TCP    nxuba-pr1:12553        nxuba-mx1.nxuba.local:smtp  SYN_SENT
  TCP    nxuba-pr1:12554        nxuba-mx1.nxuba.local:smtp  SYN_SENT
  TCP    nxuba-pr1:12557        nxuba-mx1.nxuba.local:smtp  SYN_SENT
  TCP    nxuba-pr1:12559        nxuba-mx1.nxuba.local:smtp  SYN_SENT
  TCP    nxuba-pr1:smtp         vbmtbmm004.vodacombusiness.co.za:8926  TIME_WAIT

  TCP    nxuba-pr1:smtp         snt0-omc4-s4.snt0.hotmail.com:9476  TIME_WAIT
  TCP    nxuba-pr1:smtp         relay.ihostexchange.net:37226  ESTABLISHED
  TCP    nxuba-pr1:smtp         link.lativeaw.com:57620  TIME_WAIT
  TCP    nxuba-pr1:smtp         bgp.lativeaw.com:56842  TIME_WAIT
  TCP    nxuba-pr1:smtp         router.lativeaw.com:47819  ESTABLISHED
  TCP    nxuba-pr1:smtp         www181.123greetings.com:57219  FIN_WAIT_2
  TCP    nxuba-pr1:smtp         nm4.bullet.mail.sp2.yahoo.com:27203  ESTABLISHED

  TCP    nxuba-pr1:smtp         web1.avidicy.com:53212  TIME_WAIT
  TCP    nxuba-pr1:smtp         web2.avidicy.com:56717  TIME_WAIT
  TCP    nxuba-pr1:smtp         web3.avidicy.com:56322  ESTABLISHED
  TCP    nxuba-pr1:smtp         dub0-omc1-s16.dub0.hotmail.com:22607  TIME_WAIT
  TCP    nxuba-pr1:smtp         mail.saintmary.org:6782  TIME_WAIT
  TCP    nxuba-pr1:smtp         seminarsinmind.co.za:33797  TIME_WAIT
  TCP    nxuba-pr1:smtp         relay16.smp.mweb.co.za:60210  TIME_WAIT
  TCP    nxuba-pr1:smtp         mail5094c.mkt515.com:43227  FIN_WAIT_1
  TCP    nxuba-pr1:smtp         mail-fx0-f51.google.com:33660  TIME_WAIT
0
 

Author Comment

by:nobs
Comment Utility
yes i do Chris,,, i can even send you some if you need to look
0
 

Author Comment

by:nobs
Comment Utility
Help is really needed...
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

It doesn't show us any established outbound SMTP connections, so it's not really very useful. But then, we know it's failing because telnet is too.

We need to find out where in the path it's failing. ISA is an obvious target and has sufficient logging that we should be able to see attempts.

If we don't see an attempt we need the server (again), if we do, it'll either accept or reject. Reject has us checking rules on ISA, accept has us checking what happens after ISA.

Chris
0
 

Author Comment

by:nobs
Comment Utility
am on ISA server now trying to view the logging file
0
 

Author Comment

by:nobs
Comment Utility
Chris, i extracted some lines from ISA firewall log
Isa-Server-logs.txt
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Lovely, thanks for that, it helps a lot.

Looking through, I can't see any requests from your server to a destination of <something>:25. Quite a lot the other way, like this one:

192.168.1.252

I guess that's the internal IP of your mail server?

Given that we see no requests, we have to assume that it's being blocked on the server itself, that is, the request is not making it as far as ISA.

That puts us back at checking for local firewalls, security software, etc. You're certain nothing has been installed recently? And any AV software is definitely not blocking it?

Chris
0
 

Author Comment

by:nobs
Comment Utility
I have totally disabled NOD32 email protection,,,  there is nothing running on this server,, chris  can i send you something on the side, can you send me a test to my email, nobubele@gmail.com
0
 

Author Comment

by:nobs
Comment Utility
Yes that is the internal IP of the exchange server
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

I'd rather keep it here if possible, taking it off-site breaches the membership rules. Of course, I do appreciate the difficulty of debugging SMTP problems without being able to look, but I'm not sure taking it to mail would be beneficial at this time.

Your server is still happily accepting inbound mail, right?

Perhaps you can show me:

ipconfig /all

And:

route print

Chris
0
 

Author Comment

by:nobs
Comment Utility
Thank you,
The only mail that this server can accept is only local mail, nothing else,,,,  

This is on the exchange server, will send you ISA Server as well


C:\Documents and Settings\Administrator.NXUBA\Desktop\SmtpDiag>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : nxuba-mx1
   Primary Dns Suffix  . . . . . . . : nxuba.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : nxuba.local

Ethernet adapter 192.168.1.252:

   Connection-specific DNS Suffix  . : nxuba.local
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0E-0C-4A-70-61
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.252
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.1.252
                                       192.168.1.240
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Not Used:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
   Physical Address. . . . . . . . . : 00-40-F4-18-B7-CB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Autoconfiguration IP Address. . . : 169.254.60.111
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\Administrator.NXUBA\Desktop\SmtpDiag>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0e 0c 4a 70 61 ...... Intel(R) PRO/1000 MT Network Connection - Networ
k Load Balancing Filter Device
0x10004 ...00 40 f4 18 b7 cb ...... Realtek RTL8139 Family PCI Fast Ethernet NIC

===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.252     20
       10.10.10.0    255.255.255.0    192.168.1.254    192.168.1.252      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      169.254.0.0      255.255.0.0   169.254.60.111   169.254.60.111     30
   169.254.60.111  255.255.255.255        127.0.0.1        127.0.0.1     30
  169.254.255.255  255.255.255.255   169.254.60.111   169.254.60.111     30
      192.168.1.0    255.255.255.0    192.168.1.252    192.168.1.252     20
    192.168.1.252  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.1.255  255.255.255.255    192.168.1.252    192.168.1.252     20
      192.168.2.0    255.255.255.0    192.168.1.253    192.168.1.252      1
      192.168.3.0    255.255.255.0    192.168.1.254    192.168.1.252      1
      192.168.4.0    255.255.255.0    192.168.1.254    192.168.1.252      1
      196.25.32.0  255.255.255.224    192.168.1.248    192.168.1.252      1
        224.0.0.0        240.0.0.0   169.254.60.111   169.254.60.111     30
        224.0.0.0        240.0.0.0    192.168.1.252    192.168.1.252     20
  255.255.255.255  255.255.255.255   169.254.60.111   169.254.60.111      1
  255.255.255.255  255.255.255.255    192.168.1.252    192.168.1.252      1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      192.168.2.0    255.255.255.0    192.168.1.253       1
      192.168.3.0    255.255.255.0    192.168.1.254       1
      192.168.4.0    255.255.255.0    192.168.1.254       1
      196.25.32.0  255.255.255.224    192.168.1.248       1
      192.168.1.0    255.255.255.0    192.168.1.254       1
       10.10.10.0    255.255.255.0    192.168.1.254       1
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

But it's supposed to accept inbound mail isn't it? I only say that because we were seeing inbound mail in the ISA log.

Can you disable "Ethernet adapter Not Used"? It's go an auto-configuration address (169.254...) which suggests it's enabled, but not entirely happy. Doing away with it would be nice :)

Everything else looks pretty normal. Are you able to build other outbound connections? For instance, can you browse the web from that box?

Chris
0
 

Author Comment

by:nobs
Comment Utility
this is from isa server


C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : nxuba-pr1
   Primary Dns Suffix  . . . . . . . : nxuba.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : nxuba.local

Ethernet adapter 192.168.1.240:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC #2
   Physical Address. . . . . . . . . : 00-14-D1-3C-09-48
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.240
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.1.252
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter 196.25.190.98:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
   Physical Address. . . . . . . . . : 00-14-D1-3C-09-4B
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 196.25.190.98
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : 196.25.190.97
   DNS Servers . . . . . . . . . . . : 196.25.1.1
                                       196.43.50.190
                                       196.43.1.11
   NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\Administrator>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 14 d1 3c 09 48 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC
 #2
0x10004 ...00 14 d1 3c 09 4b ...... Realtek RTL8139 Family PCI Fast Ethernet NIC

===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    196.25.190.97    196.25.190.98     20
       10.10.10.0    255.255.255.0    192.168.1.254    192.168.1.240      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.240    192.168.1.240     20
    192.168.1.240  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.1.255  255.255.255.255    192.168.1.240    192.168.1.240     20
      192.168.2.0    255.255.255.0    192.168.1.254    192.168.1.240      1
      192.168.3.0    255.255.255.0    192.168.1.254    192.168.1.240      1
      192.168.4.0    255.255.255.0    192.168.1.254    192.168.1.240      1
      196.25.32.0    255.255.255.0    192.168.1.248    192.168.1.240      1
    196.25.190.96  255.255.255.248    196.25.190.98    196.25.190.98     20
    196.25.190.98  255.255.255.255        127.0.0.1        127.0.0.1     20
   196.25.190.255  255.255.255.255    196.25.190.98    196.25.190.98     20
        224.0.0.0        240.0.0.0    192.168.1.240    192.168.1.240     20
        224.0.0.0        240.0.0.0    196.25.190.98    196.25.190.98     20
  255.255.255.255  255.255.255.255    192.168.1.240    192.168.1.240      1
  255.255.255.255  255.255.255.255    196.25.190.98    196.25.190.98      1
Default Gateway:     196.25.190.97
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      192.168.2.0    255.255.255.0    192.168.1.254       1
      192.168.3.0    255.255.255.0    192.168.1.254       1
      192.168.4.0    255.255.255.0    192.168.1.254       1
      192.168.1.0    255.255.255.0    192.168.1.254       1
       10.10.10.0    255.255.255.0    192.168.1.254       1
      196.25.32.0    255.255.255.0    192.168.1.248       1

C:\Documents and Settings\Administrator>
0
 

Author Comment

by:nobs
Comment Utility
Yes i can browse the internet from that box, exchange yes
0
 

Author Comment

by:nobs
Comment Utility
I sent a test from my external account to the local account 3 hrs ago nothing has arrived
0
 

Author Comment

by:nobs
Comment Utility
disabled
0
 

Author Comment

by:nobs
Comment Utility
dns on isa box
dns-on-isa-box.docx
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

That all looks pretty sane really. From your ISA box, can you run:

telnet 192.168.1.252 25

See if that one connects?

Chris
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
For a start that config doesn't look kosher for an ISA Server. You appear to be using an external DNS ip address on the external ISA nic and this is not right. ISA should use the same DNS servers for both internal and external name resolution. If the request is for an external address then this should be forwarded by the internal dns servers to external ISP dns servers or to domain-specific dns external servers. Either way, you should have NOTHING set in the external ISA nic dns settings - it should be BLANK. Of course you require an access rules allowing dns outbound from internal to external and another allowing dns from internal & localhost TO internal & localhost.

Keith




0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Lastly, once you have sorted out your configuration, you can validate it through the ISA best practice analyser.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=d22ec2b9-4cd3-4bb6-91ec-0829e5f84063&displaylang=en
0
 

Author Comment

by:nobs
Comment Utility
yes it does,,, connect to Exchange server, that was the configuration on the ISA Server box that was configured by one of the service providers,,,,
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
This is not a supported configuration regardless of whether it 'appears' to work for you or not.

Ethernet adapter 192.168.1.240:

 Connection-specific DNS Suffix . :
 Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC #2
 Physical Address. . . . . . . . . : 00-14-D1-3C-09-48
 DHCP Enabled. . . . . . . . . . . : No
 IP Address. . . . . . . . . . . . : 192.168.1.240
 Subnet Mask . . . . . . . . . . . : 255.255.255.0
 Default Gateway . . . . . . . . . :
 DNS Servers . . . . . . . . . . . : 192.168.1.252
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter 196.25.190.98:

 Connection-specific DNS Suffix . :
 Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
 Physical Address. . . . . . . . . : 00-14-D1-3C-09-4B
 DHCP Enabled. . . . . . . . . . . : No
 IP Address. . . . . . . . . . . . : 196.25.190.98
 Subnet Mask . . . . . . . . . . . : 255.255.255.248
 Default Gateway . . . . . . . . . : 196.25.190.97
 DNS Servers . . . . . . . . . . . : 196.25.1.1
 196.43.50.190
 196.43.1.11

NetBIOS over Tcpip. . . . . . . . : Disabled

But it is your system, so your call obviously.
0
 

Author Comment

by:nobs
Comment Utility
@ keith, what do you suggest i do leave the DNS blank for  external  NIC
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
In a nutshell - yes. However, many people 'feel' uncomfortable doing so - sort of naked - and so they an put in the internal dns here also. This is a 'must' really if you think about it. The ISA box has no way of deciding which DNS servers to use when it performs a lookup - does it go outside to the 196.x.y.z dns addresses or does it look inside to the 192.168.x.y dns addresses? By default it 'SHOULD' use the nic that is bound first in the binding order - which is why ISA Server requires that you set the internal NIC to be bound first. However, it doesn't always happen and so ISA gets the wrong DNS server for a lookup.

My article explains it reasonable well - at least in my view :) - but is summarised in respect to DNS by:

Internal ISA nic - no default gateway and two or more (where possible) internal dns servers
External ISA nic - gateway and blank dns - or add internal dns servers here also.

DNS Access rules required:
DNS from internal & localhost TO internal & localhost
DNS from internal to external

On your internal dns servers make sure your forwarders are set to your ISP DNS ip addresses and that you have set any domain-specific forwarders.
Absolutely none of your internal clients or servers should have ANY mention of the external DNS ip addresses in their network adapter - TCPIP - advanced settings. ALL should look at the internal DNS only.
0
 

Author Closing Comment

by:nobs
Comment Utility
The ideas Chris gave me taught me more about other things than i know. The solution given might not have helped my situation but it sure assisted me in solving other problems
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Thats all that matters
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Technology opened people to different means of presenting information, but PowerPoint remains to be above competition. Know why PPT still works today.
Viewers will learn how to maximize accessibility options in an Excel workbook for users with accessibility issues.
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now