Solved

Exchange 2010 fails to deliver to yahoo and a couple others

Posted on 2011-02-17
36
1,554 Views
Last Modified: 2012-06-27
OK, after reading just about every post on the internet, I can't find a solution to my problem. I have 2 AD DC's (1 master, 1 secondary), both running server 2008 R2. I have an Exchange server running same OS and Exchange 2010 (no SP1). I can receive mail from anyone and I can send mail to about 90% of the world. For some reason, when i try to send to yahoo, and a couple local servers, I get delivery delayed for about a day or 2, then delivery failed. I tested the server on testexchangeconnectivity.com and everything passed except SPF record (not sure what this is.
I have public DNS servers (Linux / Bind) because I run hosting, and the public records are good. I have DNS on my AD servers and I don't think they are resolving properly. If I do "nslookup yahoo.com" I get the correct response, but if I do "nslookup", then "set q=mx", then "yahoo.com" I get "cannot resolve server"
Any help would be greatly appreciated.
Thanks!!
0
Comment
Question by:dicecomputers
  • 21
  • 13
  • 2
36 Comments
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34922746
First, in Active Directory, there is no master/secondary...that's NT4.  In 2008, the DC either is a FSMO role holder or not.  I got the point that you can't send to Yahoo but what is "local servers"?

SPF is a DNS TXT record that 'tries' to reinforce that the MX records stated in the same DNS zone are the only ones allowed to send on behalf of your domain name.  It helps prevent spammers sending email with the ReplyTo value of your domain. (http://www.openspf.org/Introduction)

The Exchange connectivity test will only report on access to your own systems...not your systems reaching others.

You definitely have a DNS issue because my NSLOOKUP reports

yahoo.com       MX preference = 1, mail exchanger = l.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = m.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = a.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = b.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = c.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = d.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = e.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = f.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = g.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = h.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = i.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = j.mx.mail.yahoo.com
yahoo.com       MX preference = 1, mail exchanger = k.mx.mail.yahoo.com

l.mx.mail.yahoo.com     internet address = 74.6.136.244
m.mx.mail.yahoo.com     internet address = 66.94.238.147
a.mx.mail.yahoo.com     internet address = 67.195.168.31
b.mx.mail.yahoo.com     internet address = 74.6.136.65
c.mx.mail.yahoo.com     internet address = 206.190.54.127
d.mx.mail.yahoo.com     internet address = 209.191.88.254
e.mx.mail.yahoo.com     internet address = 67.195.168.230
f.mx.mail.yahoo.com     internet address = 98.137.54.237
g.mx.mail.yahoo.com     internet address = 98.137.54.238
k.mx.mail.yahoo.com     internet address = 98.139.54.60

Is your block of IPs possibly blocked from Yahoo (blacklisted)?
0
 

Author Comment

by:dicecomputers
ID: 34922797
No, it's not blocked. I had this exact same setup running for 6 months on a dell 1850 and now that I moved it to a new machine I have these issues. I didn't migrate, I set everything up from scratch wit the exact same info as the old one.
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34922799
0
 

Author Comment

by:dicecomputers
ID: 34922816
Oh, I forgot, local servers means ones hosted by cmpanies close to me (geographicly), not internaly. Also, I know there is no master / secondary, I was using that as a figure of speech.
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34922881
Understood.  I think we need to concentrate on the internal DNS servers that AD uses.  If Yahoo resolves externally but not internally, then you either have a bad DNS server that needs to be restarted or you have no forwarders setup.  Check there.  Point your forwarders to your providers DNS server...or worse case, set the forwarder to 4.2.2.2 (ugh, someone's gonna kill me for suggesting this lol)
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34922884
...Another question...do you have an edge appliance?  (Smart Host)
0
 

Author Comment

by:dicecomputers
ID: 34922896
My forwarders are set to my isp servers with google public as a backup. I have a watchgard firewall but nothing had changed on it since my old setup and it worked fine.
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34922904
Does yahoo resolve properly using your ISP's DNS servers?

NSLOOKUP
Server = ISPDNS
Set type=mx
Yahoo.com
0
 

Author Comment

by:dicecomputers
ID: 34922938
This is what i get when I try to enter my isp servers


Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>nslookup
Default Server:  localhost
Address:  ::1

> set type=mx
> server=65.24.0.168
Server:  localhost
Address:  ::1

DNS request timed out.
    timeout was 2 seconds.
*** Request to localhost timed-out
> server=65.24.0.169
Server:  localhost
Address:  ::1

DNS request timed out.
    timeout was 2 seconds.
*** Request to localhost timed-out
>
0
 

Author Comment

by:dicecomputers
ID: 34922951
Coincidentally, i get the same thing even if I use googles public dns
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34922966
UGH....IPV6 (::1)

Disable IPv6 may help.  This is a matter of disabling IPv6.  Uncheck it in the network properties of the Network adapter and then add a Registry entry.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters

Add a DWORD 32 bit called "DisabledComponents" and give it a value of 0xFFFFFFFF which is 4294967295 in decimal.

You may have to restart the box...UGH again.
0
 

Author Comment

by:dicecomputers
ID: 34922972
Before I do that, I just want to make sure this will not cause a problem with exchange. I just remember a long time ago with an exchange 2007 box i had, when i disabled IPV6 the mail got all jacked up
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34922975
A reboot of a production machine is never good but a small registry change like that one can be reversed quite quickly if necessary.  Note, I've made this change on about 10 Exchange 2010 server (CAS, HUB, UM and Mailbox Roles) and have not run into any issues.
0
 

Author Comment

by:dicecomputers
ID: 34922983
Are you saying to make this change on the exchange server? I have been doing this testing on the FISMO DC
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34922998
Where did you run your NSLOOKUP?  Perhaps we are going down the wrong path.
0
 

Author Comment

by:dicecomputers
ID: 34923011
on DC1
0
 

Author Comment

by:dicecomputers
ID: 34923021
severs are: DC1, DC2, and MAIL
BTW, I made that change to DC1 and now I get:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>nslookup
Default Server:  dc1.dicecomputer.local
Address:  192.168.25.200

> server = 65.24.0.168
Unrecognized command: server = 65.24.0.168
> server=65.24.0.168
Server:  dc1.dicecomputer.local
Address:  192.168.25.200

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to dc1.dicecomputer.local timed-out
> server=65.24.0.169
Server:  dc1.dicecomputer.local
Address:  192.168.25.200

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to dc1.dicecomputer.local timed-out
> server=8.8.8.8
Server:  dc1.dicecomputer.local
Address:  192.168.25.200

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to dc1.dicecomputer.local timed-out
>
0
 

Author Comment

by:dicecomputers
ID: 34923076
OK, i think I got the nslookup thing fixed. First, we were entering the server command wrong, it's:
server ispserver      not       server=ispserver
second, on my firewall, I have 2 ISP's and it was set to load balance so when it switched to AT&T the Time Warner DNS timed out. I set the WAN mode to failover with Time Warner as the main and now it resolves every time.
However, it did not fix the problem with the mail not sending to yahoo.
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 

Author Comment

by:dicecomputers
ID: 34923093
Here is a weird one, i just received.
I sent an email to my gmail account and it delivered just fine (myname@gmail.com)
I sent an email a couple hours ago to my buddy who has his business set up on gmail (hisname@hisdomain.com) served on gmail, and I just got a delivery delayed message.
WTF?????????????????????
0
 

Author Comment

by:dicecomputers
ID: 34923139
I do think my forwarders are not working.
If I do: nslookup google.com
I get: request timed out.
If I do: nslookup google.com 65.24.0.168
It resolves correctly
Shouldn't it be doing that without me adding the TW server to it, if my forwarders are correct?
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34923163
I want to go back to a previous question...do you have a Smart Host or edge appliance?  or does your Exchange go directly to the Internet?
0
 

Author Comment

by:dicecomputers
ID: 34923173
Exchange sends to the internet directly, but is behind a firewall (not sure if you consider the firewall an edge appliance).
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34923183
Go back into Exchange Management Console and click on Server Configuration - Hub Transport.  Get the properties of the Hub server (in the right pane).  Check your Internal DNS Lookups and External DNS Lookups settings.  Make sure they are set properly. Such as not using IPv6.
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34923200
I have seen people have their IP block blacklisted with Yahoo.  It doesn't have to be your particular IP address, but the whole block of IPs.  That's a problem with sharing IP blocks with other people.
0
 

Author Comment

by:dicecomputers
ID: 34923233
If it were only yahoo, I would agree, but it's several servers, and the fact that my nslookup is not resolving properly makes me very suspicious of my DC DNS.

As far as the DNS on my hub transport, I don't see anything about DNS, this is what I have:

 Server screen shot
0
 

Author Comment

by:dicecomputers
ID: 34923237
Of course, that only applies to receiving mail, not sending it
0
 
LVL 6

Expert Comment

by:craig_j_Lawrence
ID: 34923242
That looks like your recieve connector, not your send connector
0
 

Author Comment

by:dicecomputers
ID: 34923256
This is what he asked for

"Go back into Exchange Management Console and click on Server Configuration - Hub Transport.  Get the properties of the Hub server (in the right pane)"
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34923294
Yes, the upper pane...not the lower pane where the connectors are.  In the upper pane, you can get the properties of the server itself.

Ultimately, you may need to call Yahoo and work with them.
0
 

Author Comment

by:dicecomputers
ID: 34923307
Sorry, my fault

 New server shot
0
 

Author Comment

by:dicecomputers
ID: 34923315
External is set exactly the same
0
 
LVL 9

Accepted Solution

by:
Dan Arseneau earned 500 total points
ID: 34923354
At my angle, which feels like the other side of the world, I seem to be running out of ideas.  I definitely think it's a DNS issue though.
Test using different DNS server by using the server command in NSLOOKUP.  I have one I use...ns1.blink.ca.  See if you get consistent answers.  If not, speak to your DNS provider.
0
 

Author Comment

by:dicecomputers
ID: 34923371
I think maybe I am not being clear.
When I test using the server setting (and my ISP address) everything resolves fine.
When I don't specify the ISP server, I get "Timed out"
I think it has something to do with my forwarders. When I check the forwarders in the DNS control panel, it shows them all there and they resolve. but when I do nslookup (without specifying the external address) it times out.
Not sure if this is clear or not, sorry.
0
 

Author Comment

by:dicecomputers
ID: 34923392
OK, it was DNS.
I got the mail to send correctly, although, I don't think I fixed the problem, I think I just found a workaround.

I went into "Organization Configuration" then "Hub Transport" then "Send Connector" and set it to "use the external DNS settings on the transport server"
Then I went to "Server configuration" then "Hub Transport" then "Properties" and set the "External DNS" to "Use these servers" then entered my ISP servers in the box.

Now it sends to yahoo just fine.
THANKS FOR ALL OF YOUR HELP!! I never would have figured that out if you hadn't got me looking in there!!
0
 

Author Closing Comment

by:dicecomputers
ID: 34923395
He was very helpful
0
 
LVL 6

Expert Comment

by:craig_j_Lawrence
ID: 34923409
Well done, it is not a work around BTW, that is a valid way to configure your send connector / hub transport if you arent using a smarthost
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now