SBS 08, Exchange 2007

I have a client with SBS 08. The server was installed in 08 a few months after the release of sbs 08. Everything has been working fine since then. As of this past weekend, something changed or got corrupted on the server.

At first I thought it was certificate problems. Both the IIS cert and exchange certs expired in november. They were both self signed and I have renewed them both. There were also some IIS permissions problems that I resolved.

Currently they can get into OWA from anywhere.

They can use outlook and owa to send mail to anyone, but are only receiving emails from internal recipients.

When I run the troubleshooting wizard, I get

Mail submission failed: Error message: Server does not support secure connections

All the sites I've looked at point to the certificate or receive connector setup. I've verified that all the settings are correct in both cases.

When I telnet to port 25 from the outside, I get the esmtp prompt for the correct domain name.

When I send email to the domain from the outside, I get a delayed send response.

When I test the smtp config from mxtoolbox.com I get timeouts after about 16 seconds.

Any thoughts? I can provide more info if needed. At this point I'm stumped after a full day of working on it. I'm debating on just calling microsoft and using one of our incidents.
CalimourAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Cliff GaliherConnect With a Mentor Commented:
A timeout definitely tells me firewall issue. Either a software firewall on the SBS box, or your edge device. Not sure where or how you are telnetting, so difficult to tell. As an aside, I never trust telnetting from a server to itself as that is a loopback and generally does not take into account firewalls, some NIC drivers, etc.  Best to use a machine on the same subnet (preferrably same switch) and then work your way "out" from there.

Putty is a self-contained .exe most commonly used for SSH connections, but also makes a nice telnet client, low resource use, no install requires, no cruft left behind after use for exactly this type of testing.

HTH,

-Cliff
0
 
Cliff GaliherCommented:
Sounds like the Exchange receive connector is configured to only accept authenticated mail. The Fix My Network Wizard can can actually fix this for you.

-Cliff
0
 
CalimourAuthor Commented:
I removed all the receive connectors and added the default one so the wizard would run. It created the fax and internet connectors and now I'm having the same behaviour, the same error in the mailflow troubleshooting and the following error twice in the mailflow troubleshooting wizard as well.

Mail submission failed: Error message: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.1 Client was not authenticated.

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Cliff GaliherCommented:
Don't trust the mailflow connectivity tools. They work *if* you enable loopback testing and jump through some other hoops.

Use https://testexchangeconnectivity.com/ instead. It will give you more accurate results for incoming mailflow issues.

-Cliff
0
 
Cliff GaliherCommented:
On a tangent to that, it wouldn't hurt to run the Configure Internet Address Wizard (CIAW) either. The CIAW is actually what initially creates the internet connector and stamps the settings in the config files that FMNW later uses to repair any botched settings. If the stored config is wrong then FMNW will just be restamping the wrong configuration back on the connector. Rerunning the CIAW will actually reset both the connector and those settings. In extreme cases, I've found this one-two punch to work where FMNW alone failed.

Run CIAW, test. Run FMNW (even if CIAW fixed the issue) retest, make sure all is working as expected.

-Cliff
0
 
CalimourAuthor Commented:
Using that and getting the same results as telneting to port 25. It just times out now, no esmtp prompt. Now to figure out what the wizard changed...
0
 
CalimourAuthor Commented:
I'm telnettng(via putty) from off site to get the results.

I already verified the edge device is configured correctly and was able to telnet into the sbs box before I ran the wizard.

I checked the firewall settings and the firewall is still disabled.

I removed the anti-virus during the troubleshooting process as well.
0
 
Malli BoppeCommented:
Can check the event veiwer on exchange server.Probably the backup pressure has kicked in.
http://technet.microsoft.com/en-us/library/bb201658.aspx
0
 
CalimourAuthor Commented:
Negatory. Only pertinent thing I can find is this:

The Account Domain\Administrator provided valid credentials, but is not authorized to use the server; failing authentication.

That happens when I run the mailflow troubleshooting wizard and yes I'm logged in as the domain admin.
0
 
CalimourAuthor Commented:
SO I just telneted into the server and did a HELO and started sending a message. After about 30 seconds the session closed itself. I saw the session in the logs on the server.

Meanwhile I tried the testing from the site you mentioned and send test emails from two different servers to the troublesome box, and none of those showed up in the connectivity logs.

On top of that, I was just able to telnet into the server and submit a message fine. But messages from the account I told it it's from don't get there or even show up in the connectivity log. I'm really stumped now. It almost seems like something is blocking certain protocols or something.

0
 
CalimourAuthor Commented:
Reran the best practices tool for health and found the following:


The subject alternative name (SAN) of SSL certificate for HTTPS://mail.domainname.net/RPC does not appear to match the host address. Host address: mail.domainname.net. Current SAN: DNS Name=domainname.net, DNS Name=remote.domainname.net, DNS Name=servername.domain.local.

I checked the spelling and they all match. Does this mean I just need to reissue the cert and add in something like -RPC in the string to create it??
0
 
CalimourAuthor Commented:
So in the end I figured the problem out. The certs had nothing to do with mailflow. It ended up being the edge device. Even though it was showing that it was configured correctly it was not acting the way it should have been. I restored it to a backup I made two years ago and mail started flowing. Thanks for the help!!

0
 
Cliff GaliherCommented:
Since the accepted solution is one I brought to the OP's attention in comment 34957168, I think closing the question without the op using any points is a bit of a stretch.
0
 
CalimourAuthor Commented:
http:#34957168
My reasoning is that Cliff provided the correct solution. Meanwhile I had already checked just that, and through the process of elimination I was able to determine that the firewall was malfunctioning but was showing it was configured correctly.

I actually closed it and hit my solution at the end and tried to go back and select multiple but it I guess I needed moderater intervention at that point. I aplogize for the confusion. I'm new to using this and not entirely up to speed on how everything works.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.