itc_sysadmin
asked on
Internal Email Routing [Exchange 2003 & Cisco ASA 5540] - Routing Group Connectors
Hi,
I have 3 exchange 2003 servers. One of the exchange server (EXSRV1) routes emails to the other two exchange servers (EXSRV2 and EXSRV3). EXSRV1 is behind a cisco asa 5540 firewall.
EXSRV1 are clustered (Active/Passive)
The 3 server communicate via Routing Group connectors.
The mails to EXSRV2 and EXSRV3 are queued up on EXSRV1 and are delivered to the other two servers hours after the time of submission. Sometimes the number of mails in the queue goes up to 250.
I have been working on this problem for 5 days now and I can't figure out why the emails are queuing up and being delivered hours after initial submission to EXSRV1.
User from the other two servers (EXSRV2 & EXSRV3) can send to EXSRV1 with no delay.
Telnet results from EXSRV1 to EXSRV2 and EXSRV3 are below:
telnet EXSRV2 25
220 EXSRV2.domain.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Thu, 12 May
2011 15:37:37 +1200
ehlo
250-EXSRV2.domain.local Hello [10.2.0.10]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
Telnet to EXSRV3.
telnet EXSRV3 25
220 EXSRV3 Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Thu, 12 May
2011 15:41:00 +1200
ehlo
250-EXSRV3 Hello [10.2.0.10]
250-TURN
250-SIZE 4194304
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
I have 3 exchange 2003 servers. One of the exchange server (EXSRV1) routes emails to the other two exchange servers (EXSRV2 and EXSRV3). EXSRV1 is behind a cisco asa 5540 firewall.
EXSRV1 are clustered (Active/Passive)
The 3 server communicate via Routing Group connectors.
The mails to EXSRV2 and EXSRV3 are queued up on EXSRV1 and are delivered to the other two servers hours after the time of submission. Sometimes the number of mails in the queue goes up to 250.
I have been working on this problem for 5 days now and I can't figure out why the emails are queuing up and being delivered hours after initial submission to EXSRV1.
User from the other two servers (EXSRV2 & EXSRV3) can send to EXSRV1 with no delay.
Telnet results from EXSRV1 to EXSRV2 and EXSRV3 are below:
telnet EXSRV2 25
220 EXSRV2.domain.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Thu, 12 May
2011 15:37:37 +1200
ehlo
250-EXSRV2.domain.local Hello [10.2.0.10]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
Telnet to EXSRV3.
telnet EXSRV3 25
220 EXSRV3 Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Thu, 12 May
2011 15:41:00 +1200
ehlo
250-EXSRV3 Hello [10.2.0.10]
250-TURN
250-SIZE 4194304
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
Les Moore
Have you disabled esmtp inspect on the ASA?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Irmoore,
The only inspect I have on the ASA firewall are:
dynamic-access-policy-reco
policy-map type inspect dns preset_dns_map
policy-map my-ips-policy
service-policy my-ips-policy interface Outside
The only inspect I have on the ASA firewall are:
dynamic-access-policy-reco
policy-map type inspect dns preset_dns_map
policy-map my-ips-policy
service-policy my-ips-policy interface Outside
ASKER
I ran the Exchange Troubleshooting Tool and it gave some warnings
Warning 1:
Ping (Don't fragment = 'True' and buffer size = 4096) from server EXSRV1 to remote server EXSRV2 was not successful as the packet needs to be fragmented.
Warning 2:
The Pointer (PTR) record EXSRV1 does not match any fully-qualified domain name of the SMTP instances on server EXSRVXCH01. This may cause routing problems when remote servers have a filter to map an IP address to a server name.
EXSRVXCH01 is the exchange virtual instance on the cluster.
Warning 1:
Ping (Don't fragment = 'True' and buffer size = 4096) from server EXSRV1 to remote server EXSRV2 was not successful as the packet needs to be fragmented.
Warning 2:
The Pointer (PTR) record EXSRV1 does not match any fully-qualified domain name of the SMTP instances on server EXSRVXCH01. This may cause routing problems when remote servers have a filter to map an IP address to a server name.
EXSRVXCH01 is the exchange virtual instance on the cluster.
ASKER
I manage to resolve the errors from the exchange best practice analyzer. This did not help much.
Even though the queue on the routing group connectors are now less than 100, the mails are still delayed until I restart the SMTP service on the remote exchange server but this only works for a 15 minutes.
I might try and re-create the routing group connectors and see if that fixes this mail delivery issue.
Even though the queue on the routing group connectors are now less than 100, the mails are still delayed until I restart the SMTP service on the remote exchange server but this only works for a 15 minutes.
I might try and re-create the routing group connectors and see if that fixes this mail delivery issue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Solutions given by the experts were close to accurate but they were really helpfull.