SBS 2011 Std - New install - Cannot send or recive mail to external domains
Hello!
I have a new install of SBS 2011. New box with quad proc, 8GB ram, 6 - 500 GB HD’s. Ran the install cd and have been through the wizards and connected to the internet as well as set up the internet webpage. The OWA works great and all ports have been opened on the router to forward 25, 80, 443, 987 to the SBS 2011 server nic. Let's say the OWA is remote.sbsdoamin.com. When I go to OWA and log on, then send a new email to myself@sbsdomian.com and copy myself@gmail.com the email shows up in the owa inbox almost immediately, but the myself@gamil.com never gets there. If I go to Gmail web access and send and email to myself@sbsdomain.com I do not get it as well.
I have been through the clean install about 5 times now due to AT&T's service blocking port 25 communication. I have changed over to a business account with a rack of static's. The DSL modem/router is set to expose my usable IP's. My Cisco WRVS4400n is set with one of the 5 usable IP's. This is the machine the ports are forwarded on. No problems with internet access now, or port 25 being blocked by my ISP.
Also, I have not run any updates on the server yet. Wanted to make sure everything was working first. I do have Malware Bytes installed for security. The windows firewall is the firewall.
Ok, questions...
Is there something else that needs configuring before the mail will start to work?
Do I have to install MS Outlook on the server?
Do I have to manually make changes to the firewall? (I have not, thought windows SBS setup should have taken care of that?)
Do I need to setup POP email to be pulled to the server?
Do I need to setup a smart host through my ISP?
Lots of questions, but just wnat tot know how to get mail to send and recive externally!
Any help on this would be greatly appreciated!!
Thank You!
I have a new install of SBS 2011. New box with quad proc, 8GB ram, 6 - 500 GB HD’s. Ran the install cd and have been through the wizards and connected to the internet as well as set up the internet webpage. The OWA works great and all ports have been opened on the router to forward 25, 80, 443, 987 to the SBS 2011 server nic. Let's say the OWA is remote.sbsdoamin.com. When I go to OWA and log on, then send a new email to myself@sbsdomian.com and copy myself@gmail.com the email shows up in the owa inbox almost immediately, but the myself@gamil.com never gets there. If I go to Gmail web access and send and email to myself@sbsdomain.com I do not get it as well.
I have been through the clean install about 5 times now due to AT&T's service blocking port 25 communication. I have changed over to a business account with a rack of static's. The DSL modem/router is set to expose my usable IP's. My Cisco WRVS4400n is set with one of the 5 usable IP's. This is the machine the ports are forwarded on. No problems with internet access now, or port 25 being blocked by my ISP.
Also, I have not run any updates on the server yet. Wanted to make sure everything was working first. I do have Malware Bytes installed for security. The windows firewall is the firewall.
Ok, questions...
Is there something else that needs configuring before the mail will start to work?
Do I have to install MS Outlook on the server?
Do I have to manually make changes to the firewall? (I have not, thought windows SBS setup should have taken care of that?)
Do I need to setup POP email to be pulled to the server?
Do I need to setup a smart host through my ISP?
Lots of questions, but just wnat tot know how to get mail to send and recive externally!
Any help on this would be greatly appreciated!!
Thank You!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
no, you can safely run it without Activation.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The wizards set up the MX and SRV and TXT and 'A' record correctly. I will check the mxtoolbox.com and the DNS suggestion from above.
Thanks for the help here guys!!!
Thanks for the help here guys!!!
ASKER
my domain is hosted with GaDaddy. there are alot of cnames that are pointing to the godaddy servers/services. email.secureserver.net, smtp.secureserver.net, imap.secureserver.net, pop.secureserver.net, and webmail.secureserver.net. The ftp and www cname both point to @. Do I need a cname to point to remote.sbsdomain.com or are the cnames not impacting anything I am doing?
you need to create a new Host (A) record called "remote" without the quotes
Then create new MX record with Priority 0 pointed to the new Host record
delete all those cname records
Then create new MX record with Priority 0 pointed to the new Host record
delete all those cname records
The CNAMeS are not impacting anything.
Are there any A records with your public IP in them? To find your public IP goto http://whatsmyip.org
Are there any A records with your public IP in them? To find your public IP goto http://whatsmyip.org
Please don't use priority 0 use 5 or 10, 0 is often ignored.
I have used zero without issue frequently but any number is ok as long as the record going to your sbs server has the highest priority (lowest number )
ASKER
A record pointing to my external ip. berified via www.whatismyip.com...
set the mx to priority 20 (rule out other priororities not being folloed, but this is the only mx record for the domain. When the wizard ran it removed the other 2, which where mailstore1.secureserver.ne
Should I have installed all updates directly after install, without running any wizards, then run the wizards once everything has been updated, or does that matter? I have always thought it best to install the os - then update the os fully before configuring anything else, but the SBS environment is a little different, just want to know the best sequence of setup.
set the mx to priority 20 (rule out other priororities not being folloed, but this is the only mx record for the domain. When the wizard ran it removed the other 2, which where mailstore1.secureserver.ne
Should I have installed all updates directly after install, without running any wizards, then run the wizards once everything has been updated, or does that matter? I have always thought it best to install the os - then update the os fully before configuring anything else, but the SBS environment is a little different, just want to know the best sequence of setup.
The SBS MVPs have begun a build doc/wiki for SBS 2011 found here http://social.technet.microsoft.com/wiki/contents/articles/small-business-server-2011-standard-build-document-i-overview-of-sbs-2011.aspx
its still in process
The SBS 2008 is very well flushed out and most will still apply
http://social.technet.microsoft.com/wiki/contents/articles/small-business-server-2008-build-document.aspx
its still in process
The SBS 2008 is very well flushed out and most will still apply
http://social.technet.microsoft.com/wiki/contents/articles/small-business-server-2008-build-document.aspx
You should always use the wizards with SBS, regardless of the version, they are there for a reason.
The guides posted by Cris above are fine.
The guides posted by Cris above are fine.
ASKER
Should all updates be installed before running wizards?
It's good practice to update before you do anything yes.
Make sure you run Microsoft Update though as per my guide: https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/A_3236-Get-more-from-Windows-Updates.html
Make sure you run Microsoft Update though as per my guide: https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/A_3236-Get-more-from-Windows-Updates.html
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Cris, it does apply to SBS, in fact one of the reasons I wrote it was for SBs.
Specifically in SBs2008 until you performed an on-line update of the SBs server it didn't update WSUS which prevented the clients from Updating.
I stand by my recommendation to run that on the SBS server as well :-)
Specifically in SBs2008 until you performed an on-line update of the SBs server it didn't update WSUS which prevented the clients from Updating.
I stand by my recommendation to run that on the SBS server as well :-)
ASKER
Thanks for digging into this with me!!!
Should I have to make changes to the Windows firewall? What should be open in order for the mail to get out and back?
Should I have to make changes to the Windows firewall? What should be open in order for the mail to get out and back?
no changes are required for the windows firewall.
That's taken care of via the wizards
That's taken care of via the wizards
ASKER
OK, after much deliberation. I have run a clean install with the new equipment and new ip routing.
Ran install DVD. Installed all updates in the order suggested, backed up, installed Office 2010, moved WSUS & redirected folders off of the main partition. Backed up. Ran connect to internet, and Set up your internet address wizards. No errors at any point. I checked the domain properties at godaddy to make sure all A, MX, SRV, and TXT records are pointing where they should be. They are… Then went to OWA and sent a test message. It went through!!! Sent it back to test the incoming mail and it came back!!!
Not exactly sure what was the block, but it was one of the following issues that would not let exchange send or receive:
Local network issues with port 25 on initial install, Sent email to my isp (bellsouth) and asked that they add the PTR / rDNS record to their DNS servers, port 25 blocked on the servers firewall, Outlook was not installed on the server… These are the only items that are different from before. I am really leaning towards the port 25 issue as I think the rDNS record has not been updated yet. (bellsouth told me it would be after midnight when the updated record would be added.) Outlook being on the server should have nothing to do with exchange running in as a background service! Please correct me if you see differently.
Now that everything is up and running, I have installed the SSL (again-w/ a rekey), but I do not think the intermediate certificate has been imported. Only the remote.sbsdomain.com was asked for by the ‘Add a trusted certificate’ wizard. DO I need to import the intermediate???
!!!Thanks again for all the help! I would have NO hair at all without you guys!!!
Ran install DVD. Installed all updates in the order suggested, backed up, installed Office 2010, moved WSUS & redirected folders off of the main partition. Backed up. Ran connect to internet, and Set up your internet address wizards. No errors at any point. I checked the domain properties at godaddy to make sure all A, MX, SRV, and TXT records are pointing where they should be. They are… Then went to OWA and sent a test message. It went through!!! Sent it back to test the incoming mail and it came back!!!
Not exactly sure what was the block, but it was one of the following issues that would not let exchange send or receive:
Local network issues with port 25 on initial install, Sent email to my isp (bellsouth) and asked that they add the PTR / rDNS record to their DNS servers, port 25 blocked on the servers firewall, Outlook was not installed on the server… These are the only items that are different from before. I am really leaning towards the port 25 issue as I think the rDNS record has not been updated yet. (bellsouth told me it would be after midnight when the updated record would be added.) Outlook being on the server should have nothing to do with exchange running in as a background service! Please correct me if you see differently.
Now that everything is up and running, I have installed the SSL (again-w/ a rekey), but I do not think the intermediate certificate has been imported. Only the remote.sbsdomain.com was asked for by the ‘Add a trusted certificate’ wizard. DO I need to import the intermediate???
!!!Thanks again for all the help! I would have NO hair at all without you guys!!!
yes you will need the intermediate certificate
http://blogs.technet.com/b/sbs/archive/2009/02/11/sean-daniel-how-to-install-a-godaddy-certificate-on-sbs-2008.aspx
You mention installing Office 2010. You didn't install this on the server did you?
http://blogs.technet.com/b/sbs/archive/2009/02/11/sean-daniel-how-to-install-a-godaddy-certificate-on-sbs-2008.aspx
You mention installing Office 2010. You didn't install this on the server did you?
ASKER
ok, intermediate cert installed.
This problem was happening before I installed the intermediate cert.
I cannot acces remote.sbsdomain.com from external network. I can access OWA from external network, but not RWW. I checked the firewall - it's open for http and https, router has 80, 443, 987 forwarded to the server, sheildsup test says ports 25, 80, 443, 987 are open, domian 'A' record is good to go. just can not access externally. remote.sbsdomain.com/owa takes me to the outlook web access log on page, but remote.sbsdomain.com says Internet explorer cannot display the webpage. Not sure if this makes any difference or not, but i can connect to exchange with laptop outlook or mobile phone exchange. They are working great... just the RWW that is the problem child.
What area to go to for this issue?
Thanks!!
Oh, by the way, yes I did install MS Office on the server. No users will connect to the server via RDP (no permissions given), so we are not breaking any licensing laws, I don't think...
This problem was happening before I installed the intermediate cert.
I cannot acces remote.sbsdomain.com from external network. I can access OWA from external network, but not RWW. I checked the firewall - it's open for http and https, router has 80, 443, 987 forwarded to the server, sheildsup test says ports 25, 80, 443, 987 are open, domian 'A' record is good to go. just can not access externally. remote.sbsdomain.com/owa takes me to the outlook web access log on page, but remote.sbsdomain.com says Internet explorer cannot display the webpage. Not sure if this makes any difference or not, but i can connect to exchange with laptop outlook or mobile phone exchange. They are working great... just the RWW that is the problem child.
What area to go to for this issue?
Thanks!!
Oh, by the way, yes I did install MS Office on the server. No users will connect to the server via RDP (no permissions given), so we are not breaking any licensing laws, I don't think...
Office should never be installed on the server for any reason...there's no value.
if would help to have your domain name. I understand the reluctance to give it out but in lieu of that
from outside the network, can you go to https://remote.domainname.com/remote?
if would help to have your domain name. I understand the reluctance to give it out but in lieu of that
from outside the network, can you go to https://remote.domainname.com/remote?
If you want to share your domain name so we can do further tests then I can obscure it once Cris has confirmed he has seen it.
Office 2007 or 2010 won't actually cause any problems on an SBS2008 or SBS2011 server, it will with SBS2003 because of Exchange 2003 but this issue is not a problem for the later versions of Office and Exchange.
Office 2007 or 2010 won't actually cause any problems on an SBS2008 or SBS2011 server, it will with SBS2003 because of Exchange 2003 but this issue is not a problem for the later versions of Office and Exchange.
ASKER
No. https://remote.sbsdomain.com/remote cannot be accessed. I can only access https://remote.sbsdomain.com/owa.
Thanks for the help!!
[EDIT]Sensitive information removed by demazter[/EDIT]
Thanks for the help!!
[EDIT]Sensitive information removed by demazter[/EDIT]
demazter...you can block it...
HHTech1
I can confirm that I get the RWW login page at https://remote.yourdomainnmane.com/remote
Your not getting the login page? Or is the problem after you logon?
You should close port 80 on your firewall
a scan from mxtoolbox.com reports 25,80, and 443 are the only ports it finds open
HHTech1
I can confirm that I get the RWW login page at https://remote.yourdomainnmane.com/remote
Your not getting the login page? Or is the problem after you logon?
You should close port 80 on your firewall
a scan from mxtoolbox.com reports 25,80, and 443 are the only ports it finds open
ASKER
Thanks!! Guess I could have run the mxtoolbox again...
I was trying to access from work. I think that remote stuff is blocked on that network. I'll try from a different place. Update you in a few...boy that would suck if the connection is blocked from the office??!!
I was trying to access from work. I think that remote stuff is blocked on that network. I'll try from a different place. Update you in a few...boy that would suck if the connection is blocked from the office??!!
That's why I have a sprint mifi 3G router that I carry with me...I have a day IT job and it's blocked, but I don't have any issue getting out with the mifi router
ASKER
Yep, No problem getting in with a change in location! thanks!
One more question... The intermidiate cert. What is it for? The remote.sbsdomain.com is for the RWW and OWA, right... What does the intermediate sucure and which one secures remote desktop? Thanks guys!! You saved alot of time and frustration for me!!
One more question... The intermidiate cert. What is it for? The remote.sbsdomain.com is for the RWW and OWA, right... What does the intermediate sucure and which one secures remote desktop? Thanks guys!! You saved alot of time and frustration for me!!
The intermediate certificate is simply the way GoDaddy implements their single domain standard SSL cert...they have other certs which don't use it
To the best of my knowledge, no one else implements their standard single domain certs that way
Godaddy doesn't really explain it either, except what you see here http://community.godaddy.com/help/4801
Remote Web Workplace (which is different from Remote Desktop) is secured via your cert on port 443 with https
To the best of my knowledge, no one else implements their standard single domain certs that way
Godaddy doesn't really explain it either, except what you see here http://community.godaddy.com/help/4801
Remote Web Workplace (which is different from Remote Desktop) is secured via your cert on port 443 with https
ASKER
I have the UCC SAN's SSL that can secure up to 5 domains. When I generated the cert from the SBS2011 wizard and applied it to the CSR on GoDaddy.com it issued 2 SAN's 1) sbsdomain.com 2) servername.sbsdomain.com. Why both and what is securing remote desktop?
That one I'm not familiar with, but most likely #1 is actually *.sbsdomain.com so it works with pretty much anything
Just to reiterate regular Remote Desktop which operates on port 3389 is not secure by nature
Remote Web Workplace uses https and port 443 which is secure.
Just to reiterate regular Remote Desktop which operates on port 3389 is not secure by nature
Remote Web Workplace uses https and port 443 which is secure.
ASKER
So when you connect to a computer (via remote desktop) through the RWW - is that a secure connection through port 443 or does it connect you to the remote computer on port 3389 which is unsecure??
Actually the protocol being used to connect to a desktop via RWW is a form of TSWeb
It uses 443 over the web and uses 3389 after you are connected to the SBS server by https
Port 3389 is not required to be open on the firewall
It uses 443 over the web and uses 3389 after you are connected to the SBS server by https
Port 3389 is not required to be open on the firewall
ASKER
Is the RDP session then still secured via the ssl or no?
The RDP session is secure through the TSWeb session The RDP protocol is engaged after you connect to the server through a secure session and occurs completely within the LAN
ASKER
Thanks for the help!!
The final end result was a combination of fixes and configurations most around the open port 25 issue. Both you guys should get at least double points due to the fact that there were multiple fixes on this 1 question!!
Thanks for digging in with me and getting the Kinks worked out!!!!
The final end result was a combination of fixes and configurations most around the open port 25 issue. Both you guys should get at least double points due to the fact that there were multiple fixes on this 1 question!!
Thanks for digging in with me and getting the Kinks worked out!!!!
ASKER
I got an error when marking the answer and assigning the pioints. did you guys get the credit?
ASKER
But does SBS 2011have to be activated to be able to externally send/recieve emails?