Solved

SBS 2011 Std - New install - Cannot send or recive mail to external domains

Posted on 2011-03-01
39
2,948 Views
Last Modified: 2012-05-11
Hello!
I have a new install of SBS 2011. New box with quad proc, 8GB ram, 6 - 500 GB HD’s. Ran the install cd and have been through the wizards and connected to the internet as well as set up the internet webpage. The OWA works great and all ports have been opened on the router to forward 25, 80, 443, 987 to the SBS 2011 server nic. Let's say the OWA is remote.sbsdoamin.com. When I go to OWA and log on, then send a new email to myself@sbsdomian.com and copy myself@gmail.com the email shows up in the owa inbox almost immediately, but the myself@gamil.com never gets there. If I go to Gmail web access and send and email to myself@sbsdomain.com I do not get it as well.
I have been through the clean install about 5 times now due to AT&T's service blocking port 25 communication. I have changed over to a business account with a rack of static's. The DSL modem/router is set to expose my usable IP's. My Cisco WRVS4400n is set with one of the 5 usable IP's. This is the machine the ports are forwarded on. No problems with internet access now, or port 25 being blocked by my ISP.
Also, I have not run any updates on the server yet. Wanted to make sure everything was working first. I do have Malware Bytes installed for security. The windows firewall is the firewall.
Ok, questions...
Is there something else that needs configuring before the mail will start to work?
Do I have to install MS Outlook on the server?
Do I have to manually make changes to the firewall? (I have not, thought windows SBS setup should have taken care of that?)
Do I need to setup POP email to be pulled to the server?
Do I need to setup a smart host through my ISP?

Lots of questions, but just wnat tot know how to get mail to send and recive externally!
Any help on this would be greatly appreciated!!

Thank You!
0
Comment
Question by:HHTech1
  • 16
  • 14
  • 8
39 Comments
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 167 total points
ID: 35008612
first thing is your external DNS configuration, MX, A & PTR records, have they been configured?  Check out my guide here on what is needed: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2370-Exchange-DNS-Configuration.html

Make sure you have completed all the wizards in the SBS console for sending etc.
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35008800
Also wanted to add that the SBS 2011 new install has not been activated yet. Again, wanted to wait until the email issue has been resolved so I don't screw up the activation with another reinstall if needed.

But does SBS 2011have to be activated to be able to externally send/recieve emails?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35008819
no, you can safely run it without Activation.
0
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 333 total points
ID: 35008920
again, the primary question that needs to be answered from demazter is concerning your external DNS

You can go to mxtoolbox.com and test it for yourself by entering your domain name
Or you can tell us your domain name. and we can check

Have you set up an A record that points remote.domainname.com to the public IP?wer
Have you setup an MX record with "0" (zero) priority to remote.domainname.com?
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35009134
The wizards set up the MX and SRV and TXT and 'A' record correctly. I will check the mxtoolbox.com and the DNS suggestion from above.

Thanks for the help here guys!!!
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35009418
my domain is hosted with GaDaddy. there are alot of cnames that are pointing to the godaddy servers/services. email.secureserver.net, smtp.secureserver.net, imap.secureserver.net, pop.secureserver.net, and webmail.secureserver.net. The ftp and www cname both point to @. Do I need a cname to point to remote.sbsdomain.com or are the cnames not impacting anything I am doing?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35009491
you need to create a new Host (A) record called "remote" without the quotes
Then create new MX record with Priority 0 pointed to the new Host record

delete all those cname records
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35009502
The CNAMeS are not impacting anything.

Are there any A records with your public IP in them? To find your public IP goto http://whatsmyip.org
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35009507
Please don't use priority 0 use 5 or 10, 0 is often ignored.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35009572
I have used zero without issue frequently but any number is ok as long as the record going to your sbs server has the highest priority (lowest number )
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35009780
A record pointing to my external ip. berified via www.whatismyip.com...
set the mx to priority 20 (rule out other priororities not being folloed, but this is the only mx record for the domain. When the wizard ran it removed the other 2, which where mailstore1.secureserver.net and smtp.secureserver.net.

Should I have installed all updates directly after install, without running any wizards, then run the wizards once everything has been updated, or does that matter? I have always thought it best to install the os - then update the os fully before configuring anything else, but the SBS environment is a little different, just want to know the best sequence of setup.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35009914
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35010238
You should always use the wizards with SBS, regardless of the version, they are there for a reason.

The guides posted by Cris above are fine.
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35010735
Should all updates be installed before running wizards?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35010791
It's good practice to update before you do anything yes.

Make sure you run Microsoft Update though as per my guide: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/A_3236-Get-more-from-Windows-Updates.html
0
 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 333 total points
ID: 35010876
@demazter   good guide but applies to desktop OS's, not machines...including servers controlled by WSUS as are SBS networks

But I do agree that its best to get
latest windows server service pack, then latest Exchange SP, the SBS Update Rollup , before runnig wizards
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35010947
Cris, it does apply to SBS, in fact one of the reasons I wrote it was for SBs.

Specifically in SBs2008 until you performed an on-line update of the SBs server it didn't update WSUS which prevented the clients from Updating.

I stand by my recommendation to run that on the SBS server as well :-)

0
 
LVL 1

Author Comment

by:HHTech1
ID: 35012539
Thanks for digging into this with me!!!
Should I have to make changes to the Windows firewall? What should be open in order for the mail to get out and back?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35012565
no changes are required for the windows firewall.
That's taken care of via the wizards
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 1

Author Comment

by:HHTech1
ID: 35013612
OK, after much deliberation. I have run a clean install with the new equipment and new ip routing.

Ran install DVD. Installed all updates in the order suggested, backed up, installed Office 2010, moved WSUS & redirected folders off of the main partition. Backed up. Ran connect to internet, and Set up your internet address wizards. No errors at any point. I checked the domain properties at godaddy to make sure all A, MX, SRV, and TXT records are pointing where they should be. They are…  Then went to OWA and sent a test message. It went through!!! Sent it back to test the incoming mail and it came back!!!
Not exactly sure what was the block, but it was one of the following issues that would not let exchange send or receive:
Local network issues with port 25 on initial install, Sent email to my isp (bellsouth) and asked that they add the PTR / rDNS record to their DNS servers, port 25 blocked on the servers firewall, Outlook was not installed on the server… These are the only items that are different from before. I am really leaning towards the port 25 issue as I think the rDNS record has not been updated yet. (bellsouth told me it would be after midnight when the updated record would be added.) Outlook being on the server should have nothing to do with exchange running in as a background service! Please correct me if you see differently.

Now that everything is up and running, I have installed the SSL (again-w/ a rekey), but I do not think the intermediate certificate has been imported. Only the remote.sbsdomain.com was asked for by the ‘Add a trusted certificate’ wizard. DO I need to import the intermediate???

!!!Thanks again for all the help! I would have NO hair at all without you guys!!!
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35014229
yes you will need the intermediate certificate
http://blogs.technet.com/b/sbs/archive/2009/02/11/sean-daniel-how-to-install-a-godaddy-certificate-on-sbs-2008.aspx

You mention installing Office 2010.   You didn't install this on the server did you?
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35020568
ok, intermediate cert installed.

This problem was happening before I installed the intermediate cert.
I cannot acces remote.sbsdomain.com from external network. I can access OWA from external network, but not RWW. I checked the firewall - it's open for http and https, router has 80, 443, 987 forwarded to the server, sheildsup test says ports 25, 80, 443, 987 are open, domian 'A' record is good to go. just can not access externally. remote.sbsdomain.com/owa takes me to the outlook web access log on page, but remote.sbsdomain.com says Internet explorer cannot display the webpage. Not sure if this makes any difference or not, but i can connect to exchange with laptop outlook or mobile phone exchange. They are working great... just the RWW that is the problem child.
What area to go to for this issue?
Thanks!!

Oh, by the way, yes I did install MS Office on the server. No users will connect to the server via RDP (no permissions given), so we are not breaking any licensing laws, I don't think...

0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35020801
Office should never be installed on the server for any reason...there's no value.
if would help to have your domain name.  I understand the reluctance to give it out but in lieu of that

from outside the network, can you go to https://remote.domainname.com/remote?

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35020824
If you want to share your domain name so we can do further tests then I can obscure it once Cris has confirmed he has seen it.

Office 2007 or 2010 won't actually cause any problems on an SBS2008 or SBS2011 server, it will with SBS2003 because of Exchange 2003 but this issue is not a problem for the later versions of Office and Exchange.
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35021036
No. https://remote.sbsdomain.com/remote cannot be accessed. I can only access https://remote.sbsdomain.com/owa.

Thanks for the help!!

[EDIT]Sensitive information removed by demazter[/EDIT]
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35021095
demazter...you can block it...

HHTech1
I can confirm that I get the RWW login page at https://remote.yourdomainnmane.com/remote

Your not getting the login page?  Or is the problem after you logon?

You should close port 80 on your firewall
a scan from mxtoolbox.com reports 25,80, and 443 are the only ports it finds open
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35022836
Thanks!! Guess I could have run the mxtoolbox again...

I was trying to access from work. I think that remote stuff is blocked on that network. I'll try from a different place. Update you in a few...boy that would suck if the connection is blocked from the office??!!
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35022849
That's why I have a sprint mifi 3G router that I carry with me...I have a day IT job and it's blocked, but I don't have any issue getting out with the mifi router
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35023231
Yep, No problem getting in with a change in location! thanks!

One more question... The intermidiate cert. What is it for? The remote.sbsdomain.com is for the RWW and OWA, right... What does the intermediate sucure and which one secures remote desktop? Thanks guys!! You saved alot of time and frustration for me!!
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35023588
The intermediate certificate is simply the way GoDaddy implements their single domain standard SSL cert...they have other certs which don't use it

To the best of my knowledge, no one else implements their standard single domain certs that way
Godaddy doesn't really explain it either, except what you see here http://community.godaddy.com/help/4801

Remote Web Workplace (which is different from Remote Desktop) is secured via your cert on port 443 with https
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35023762
I have the UCC SAN's SSL that can secure up to 5 domains. When I generated the cert from the SBS2011 wizard and applied it to the CSR on GoDaddy.com it issued 2 SAN's 1) sbsdomain.com 2) servername.sbsdomain.com. Why both and what is securing remote desktop?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35023845
That one I'm not familiar with, but most likely #1 is actually *.sbsdomain.com so it works with pretty much anything

Just to reiterate   regular Remote Desktop which operates on port 3389 is not secure by nature
Remote Web Workplace uses https and port 443 which is secure.
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35023869
So when you connect to a computer (via remote desktop) through the RWW - is that a secure connection through port 443 or does it connect you to the remote computer on port 3389 which is unsecure??
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35023889
Actually the protocol being used to connect to a desktop via RWW is a form of  TSWeb
It uses 443 over the web and uses 3389 after you are connected to the SBS server by https

Port 3389 is not required to be open on the firewall
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35023944
Is the RDP session then still secured via the ssl or no?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35023972
The RDP session is secure through the TSWeb session   The RDP protocol is engaged after you connect to the server through a secure session and occurs completely within the LAN
0
 
LVL 1

Author Closing Comment

by:HHTech1
ID: 35024072
Thanks for the help!!

The final end result was a combination of fixes and configurations most around the open port 25 issue. Both you guys should get at least double points due to the fact that there were multiple fixes on this 1 question!!

Thanks for digging in with me and getting the Kinks worked out!!!!
0
 
LVL 1

Author Comment

by:HHTech1
ID: 35024134
I got an error when marking the answer and assigning the pioints. did you guys get the credit?
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now