Calimour
asked on
SBS 08, Exchange 2007
I have a client with SBS 08. The server was installed in 08 a few months after the release of sbs 08. Everything has been working fine since then. As of this past weekend, something changed or got corrupted on the server.
At first I thought it was certificate problems. Both the IIS cert and exchange certs expired in november. They were both self signed and I have renewed them both. There were also some IIS permissions problems that I resolved.
Currently they can get into OWA from anywhere.
They can use outlook and owa to send mail to anyone, but are only receiving emails from internal recipients.
When I run the troubleshooting wizard, I get
Mail submission failed: Error message: Server does not support secure connections
All the sites I've looked at point to the certificate or receive connector setup. I've verified that all the settings are correct in both cases.
When I telnet to port 25 from the outside, I get the esmtp prompt for the correct domain name.
When I send email to the domain from the outside, I get a delayed send response.
When I test the smtp config from mxtoolbox.com I get timeouts after about 16 seconds.
Any thoughts? I can provide more info if needed. At this point I'm stumped after a full day of working on it. I'm debating on just calling microsoft and using one of our incidents.
At first I thought it was certificate problems. Both the IIS cert and exchange certs expired in november. They were both self signed and I have renewed them both. There were also some IIS permissions problems that I resolved.
Currently they can get into OWA from anywhere.
They can use outlook and owa to send mail to anyone, but are only receiving emails from internal recipients.
When I run the troubleshooting wizard, I get
Mail submission failed: Error message: Server does not support secure connections
All the sites I've looked at point to the certificate or receive connector setup. I've verified that all the settings are correct in both cases.
When I telnet to port 25 from the outside, I get the esmtp prompt for the correct domain name.
When I send email to the domain from the outside, I get a delayed send response.
When I test the smtp config from mxtoolbox.com I get timeouts after about 16 seconds.
Any thoughts? I can provide more info if needed. At this point I'm stumped after a full day of working on it. I'm debating on just calling microsoft and using one of our incidents.
ASKER
I removed all the receive connectors and added the default one so the wizard would run. It created the fax and internet connectors and now I'm having the same behaviour, the same error in the mailflow troubleshooting and the following error twice in the mailflow troubleshooting wizard as well.
Mail submission failed: Error message: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.1 Client was not authenticated.
Mail submission failed: Error message: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.1 Client was not authenticated.
Don't trust the mailflow connectivity tools. They work *if* you enable loopback testing and jump through some other hoops.
Use https://testexchangeconnectivity.com/ instead. It will give you more accurate results for incoming mailflow issues.
-Cliff
Use https://testexchangeconnectivity.com/ instead. It will give you more accurate results for incoming mailflow issues.
-Cliff
On a tangent to that, it wouldn't hurt to run the Configure Internet Address Wizard (CIAW) either. The CIAW is actually what initially creates the internet connector and stamps the settings in the config files that FMNW later uses to repair any botched settings. If the stored config is wrong then FMNW will just be restamping the wrong configuration back on the connector. Rerunning the CIAW will actually reset both the connector and those settings. In extreme cases, I've found this one-two punch to work where FMNW alone failed.
Run CIAW, test. Run FMNW (even if CIAW fixed the issue) retest, make sure all is working as expected.
-Cliff
Run CIAW, test. Run FMNW (even if CIAW fixed the issue) retest, make sure all is working as expected.
-Cliff
ASKER
Using that and getting the same results as telneting to port 25. It just times out now, no esmtp prompt. Now to figure out what the wizard changed...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm telnettng(via putty) from off site to get the results.
I already verified the edge device is configured correctly and was able to telnet into the sbs box before I ran the wizard.
I checked the firewall settings and the firewall is still disabled.
I removed the anti-virus during the troubleshooting process as well.
I already verified the edge device is configured correctly and was able to telnet into the sbs box before I ran the wizard.
I checked the firewall settings and the firewall is still disabled.
I removed the anti-virus during the troubleshooting process as well.
Can check the event veiwer on exchange server.Probably the backup pressure has kicked in.
http://technet.microsoft.com/en-us/library/bb201658.aspx
http://technet.microsoft.com/en-us/library/bb201658.aspx
ASKER
Negatory. Only pertinent thing I can find is this:
The Account Domain\Administrator provided valid credentials, but is not authorized to use the server; failing authentication.
That happens when I run the mailflow troubleshooting wizard and yes I'm logged in as the domain admin.
The Account Domain\Administrator provided valid credentials, but is not authorized to use the server; failing authentication.
That happens when I run the mailflow troubleshooting wizard and yes I'm logged in as the domain admin.
ASKER
SO I just telneted into the server and did a HELO and started sending a message. After about 30 seconds the session closed itself. I saw the session in the logs on the server.
Meanwhile I tried the testing from the site you mentioned and send test emails from two different servers to the troublesome box, and none of those showed up in the connectivity logs.
On top of that, I was just able to telnet into the server and submit a message fine. But messages from the account I told it it's from don't get there or even show up in the connectivity log. I'm really stumped now. It almost seems like something is blocking certain protocols or something.
Meanwhile I tried the testing from the site you mentioned and send test emails from two different servers to the troublesome box, and none of those showed up in the connectivity logs.
On top of that, I was just able to telnet into the server and submit a message fine. But messages from the account I told it it's from don't get there or even show up in the connectivity log. I'm really stumped now. It almost seems like something is blocking certain protocols or something.
ASKER
Reran the best practices tool for health and found the following:
The subject alternative name (SAN) of SSL certificate for HTTPS://mail.domainname.net/RPC does not appear to match the host address. Host address: mail.domainname.net. Current SAN: DNS Name=domainname.net, DNS Name=remote.domainname.net
I checked the spelling and they all match. Does this mean I just need to reissue the cert and add in something like -RPC in the string to create it??
The subject alternative name (SAN) of SSL certificate for HTTPS://mail.domainname.net/RPC does not appear to match the host address. Host address: mail.domainname.net. Current SAN: DNS Name=domainname.net, DNS Name=remote.domainname.net
I checked the spelling and they all match. Does this mean I just need to reissue the cert and add in something like -RPC in the string to create it??
ASKER
So in the end I figured the problem out. The certs had nothing to do with mailflow. It ended up being the edge device. Even though it was showing that it was configured correctly it was not acting the way it should have been. I restored it to a backup I made two years ago and mail started flowing. Thanks for the help!!
Since the accepted solution is one I brought to the OP's attention in comment 34957168, I think closing the question without the op using any points is a bit of a stretch.
ASKER
http:#34957168
My reasoning is that Cliff provided the correct solution. Meanwhile I had already checked just that, and through the process of elimination I was able to determine that the firewall was malfunctioning but was showing it was configured correctly.
I actually closed it and hit my solution at the end and tried to go back and select multiple but it I guess I needed moderater intervention at that point. I aplogize for the confusion. I'm new to using this and not entirely up to speed on how everything works.
My reasoning is that Cliff provided the correct solution. Meanwhile I had already checked just that, and through the process of elimination I was able to determine that the firewall was malfunctioning but was showing it was configured correctly.
I actually closed it and hit my solution at the end and tried to go back and select multiple but it I guess I needed moderater intervention at that point. I aplogize for the confusion. I'm new to using this and not entirely up to speed on how everything works.
-Cliff