Solved

SBS 08, Exchange 2007

Posted on 2011-02-22
17
772 Views
Last Modified: 2012-05-11
I have a client with SBS 08. The server was installed in 08 a few months after the release of sbs 08. Everything has been working fine since then. As of this past weekend, something changed or got corrupted on the server.

At first I thought it was certificate problems. Both the IIS cert and exchange certs expired in november. They were both self signed and I have renewed them both. There were also some IIS permissions problems that I resolved.

Currently they can get into OWA from anywhere.

They can use outlook and owa to send mail to anyone, but are only receiving emails from internal recipients.

When I run the troubleshooting wizard, I get

Mail submission failed: Error message: Server does not support secure connections

All the sites I've looked at point to the certificate or receive connector setup. I've verified that all the settings are correct in both cases.

When I telnet to port 25 from the outside, I get the esmtp prompt for the correct domain name.

When I send email to the domain from the outside, I get a delayed send response.

When I test the smtp config from mxtoolbox.com I get timeouts after about 16 seconds.

Any thoughts? I can provide more info if needed. At this point I'm stumped after a full day of working on it. I'm debating on just calling microsoft and using one of our incidents.
0
Comment
Question by:Calimour
  • 8
  • 5
17 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34956238
Sounds like the Exchange receive connector is configured to only accept authenticated mail. The Fix My Network Wizard can can actually fix this for you.

-Cliff
0
 

Author Comment

by:Calimour
ID: 34957121
I removed all the receive connectors and added the default one so the wizard would run. It created the fax and internet connectors and now I'm having the same behaviour, the same error in the mailflow troubleshooting and the following error twice in the mailflow troubleshooting wizard as well.

Mail submission failed: Error message: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.1 Client was not authenticated.

0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34957139
Don't trust the mailflow connectivity tools. They work *if* you enable loopback testing and jump through some other hoops.

Use https://testexchangeconnectivity.com/ instead. It will give you more accurate results for incoming mailflow issues.

-Cliff
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34957157
On a tangent to that, it wouldn't hurt to run the Configure Internet Address Wizard (CIAW) either. The CIAW is actually what initially creates the internet connector and stamps the settings in the config files that FMNW later uses to repair any botched settings. If the stored config is wrong then FMNW will just be restamping the wrong configuration back on the connector. Rerunning the CIAW will actually reset both the connector and those settings. In extreme cases, I've found this one-two punch to work where FMNW alone failed.

Run CIAW, test. Run FMNW (even if CIAW fixed the issue) retest, make sure all is working as expected.

-Cliff
0
 

Author Comment

by:Calimour
ID: 34957158
Using that and getting the same results as telneting to port 25. It just times out now, no esmtp prompt. Now to figure out what the wizard changed...
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 34957168
A timeout definitely tells me firewall issue. Either a software firewall on the SBS box, or your edge device. Not sure where or how you are telnetting, so difficult to tell. As an aside, I never trust telnetting from a server to itself as that is a loopback and generally does not take into account firewalls, some NIC drivers, etc.  Best to use a machine on the same subnet (preferrably same switch) and then work your way "out" from there.

Putty is a self-contained .exe most commonly used for SSH connections, but also makes a nice telnet client, low resource use, no install requires, no cruft left behind after use for exactly this type of testing.

HTH,

-Cliff
0
 

Author Comment

by:Calimour
ID: 34957186
I'm telnettng(via putty) from off site to get the results.

I already verified the edge device is configured correctly and was able to telnet into the sbs box before I ran the wizard.

I checked the firewall settings and the firewall is still disabled.

I removed the anti-virus during the troubleshooting process as well.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 23

Expert Comment

by:Malli Boppe
ID: 34957211
Can check the event veiwer on exchange server.Probably the backup pressure has kicked in.
http://technet.microsoft.com/en-us/library/bb201658.aspx
0
 

Author Comment

by:Calimour
ID: 34957380
Negatory. Only pertinent thing I can find is this:

The Account Domain\Administrator provided valid credentials, but is not authorized to use the server; failing authentication.

That happens when I run the mailflow troubleshooting wizard and yes I'm logged in as the domain admin.
0
 

Author Comment

by:Calimour
ID: 34957500
SO I just telneted into the server and did a HELO and started sending a message. After about 30 seconds the session closed itself. I saw the session in the logs on the server.

Meanwhile I tried the testing from the site you mentioned and send test emails from two different servers to the troublesome box, and none of those showed up in the connectivity logs.

On top of that, I was just able to telnet into the server and submit a message fine. But messages from the account I told it it's from don't get there or even show up in the connectivity log. I'm really stumped now. It almost seems like something is blocking certain protocols or something.

0
 

Author Comment

by:Calimour
ID: 34957593
Reran the best practices tool for health and found the following:


The subject alternative name (SAN) of SSL certificate for HTTPS://mail.domainname.net/RPC does not appear to match the host address. Host address: mail.domainname.net. Current SAN: DNS Name=domainname.net, DNS Name=remote.domainname.net, DNS Name=servername.domain.local.

I checked the spelling and they all match. Does this mean I just need to reissue the cert and add in something like -RPC in the string to create it??
0
 

Author Comment

by:Calimour
ID: 34966638
So in the end I figured the problem out. The certs had nothing to do with mailflow. It ended up being the edge device. Even though it was showing that it was configured correctly it was not acting the way it should have been. I restored it to a backup I made two years ago and mail started flowing. Thanks for the help!!

0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34976788
Since the accepted solution is one I brought to the OP's attention in comment 34957168, I think closing the question without the op using any points is a bit of a stretch.
0
 

Author Comment

by:Calimour
ID: 35019434
http:#34957168
My reasoning is that Cliff provided the correct solution. Meanwhile I had already checked just that, and through the process of elimination I was able to determine that the firewall was malfunctioning but was showing it was configured correctly.

I actually closed it and hit my solution at the end and tried to go back and select multiple but it I guess I needed moderater intervention at that point. I aplogize for the confusion. I'm new to using this and not entirely up to speed on how everything works.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
how to add IIS SMTP to handle application/Scanner relays into office 365.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now