Exchange stops working after windows update - SBS 2003

Hi There

Last weekend the SBS-2003 server rebooted itself after a windows update and since then no mails to or from the outside world can be sent or received. All internal mails are not affected.

Help!
doeyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Are all your services started?

Is the Simple Mail Transfer Protocol Service started?

What is the result of (from a command prompt):

netstat -anb | findstr :25

Please visit www.canyouseeme.org and test port 25 - do you get SUCCESS?
0
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
Firstly,Check if there's services are not stopped.
Secondly, telnet from a client pc to your mail server.

telnet "Mail Server IP" 25
telnet "Mail Server IP" 110

Can you connect?
0
doeyAuthor Commented:
Hi Alan

I have checked the SMTP service and it is Started. I ran the command prompt and got the following result.

C:\Documents and Settings\Administrator.KCFE>netstat -anb | findstr :25
  TCP    0.0.0.0:25             0.0.0.0:0              LISTENING       1636
  UDP    0.0.0.0:25713          *:*                                    1548
  UDP    0.0.0.0:25198          *:*                                    1548
  UDP    0.0.0.0:2566           *:*                                    1548
  UDP    0.0.0.0:2565           *:*                                    1548
  UDP    0.0.0.0:2564           *:*                                    1548
  UDP    0.0.0.0:25976          *:*                                    1548
  UDP    0.0.0.0:2550           *:*                                    1548
  UDP    0.0.0.0:25933          *:*                                    1548
  UDP    0.0.0.0:25674          *:*                                    1548
  UDP    0.0.0.0:25145          *:*                                    1548
  UDP    0.0.0.0:2528           *:*                                    1548
  UDP    0.0.0.0:25910          *:*                                    1548
  UDP    0.0.0.0:25894          *:*                                    1548
  UDP    0.0.0.0:25636          *:*                                    1548
  UDP    0.0.0.0:25888          *:*                                    1548
  UDP    0.0.0.0:25110          *:*                                    1548
  UDP    0.0.0.0:25622          *:*                                    1548
  UDP    0.0.0.0:25615          *:*                                    1548
  UDP    0.0.0.0:25100          *:*                                    1548
  UDP    0.0.0.0:25871          *:*                                    1548
  UDP    0.0.0.0:25099          *:*                                    1548
  UDP    0.0.0.0:25096          *:*                                    1548
  UDP    0.0.0.0:25609          *:*                                    1548
  UDP    0.0.0.0:25348          *:*                                    1548
  UDP    0.0.0.0:25344          *:*                                    1548
  UDP    0.0.0.0:25591          *:*                                    1548
  UDP    0.0.0.0:25072          *:*                                    1548
  UDP    0.0.0.0:25584          *:*                                    1548
  UDP    0.0.0.0:25069          *:*                                    1548
  UDP    0.0.0.0:25578          *:*                                    1548
  UDP    0.0.0.0:25568          *:*                                    1548
  UDP    0.0.0.0:25052          *:*                                    1548
  UDP    0.0.0.0:25304          *:*                                    1548
  UDP    0.0.0.0:25816          *:*                                    1548
  UDP    0.0.0.0:25556          *:*                                    1548
  UDP    0.0.0.0:25546          *:*                                    1548
  UDP    0.0.0.0:25277          *:*                                    1548
  UDP    0.0.0.0:25528          *:*                                    1548
  UDP    0.0.0.0:25527          *:*                                    1548
  UDP    0.0.0.0:25463          *:*                                    1548
  UDP    0.0.0.0:25775          *:*                                    1548
  UDP    0.0.0.0:25758          *:*                                    1548
  UDP    0.0.0.0:25240          *:*                                    1548
  UDP    0.0.0.0:25994          *:*                                    1548
  UDP    0.0.0.0:25729          *:*                                    1548

Open in new window


And with a test on http://canyouseeme.org/ I test ports 25 & 110 and I got the following errors:

Error: I could not see your service on 193.1.201.18 on port (25)
Error: I could not see your service on 193.1.201.18 on port (110)


And they both said: Reason: Connection refused

Thanks for your quick responce.

regards
Damien
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

doeyAuthor Commented:
Hi rigan123

I dont see any mail related services that are Stopped.

Telnet Results for 25:
220 mail.killestercollege.ie Microsoft ESMTP MAIL Service, Version: 6.0.3790.467
5 ready at  Sun, 25 Mar 2012 12:21:56 +0100

Telnet results for 110:
H:\>telnet 172.16.1.2 110
Connecting To 172.16.1.2...Could not open connection to the host, on port 110: C
onnect failed


So it looks like there may be an error on 110. If this is the case, where do I go from here?

Damien
0
yo_beeDirector of Information TechnologyCommented:
Do you know what update/updates applied?
I would goto the C:\windows\  and run the Uninstall of the most recent update one by one.
After the first update is uninstall restart and see if exchange starts working.

Once isolated reapply any updates that did not seem to affect the exchange system.

Port 110 is your POP service and that is not used for sending or receiving e-mail on your exchange server.

On another note:

Did you contact your ISP to see if they are blocking port 25 and 110.  I saw this at a client of mine a while back when they were using a non-business class service from their ISP.
Their ISP blocked all ports that might be hosted (i.e. Exchange or Web service)
0
Alan HardistyCo-OwnerCommented:
What AV software are you running and have you got Anonymous Authentication enabled on your SMTP virtual server Authentication settings?
0
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
Your mail server is listening on 25 port but not listening on 110.If you are using 110 port for incoming email then check the POP3 service then try start or restart.

For email test follow the methond from command prompt:

telnet "Mail Server IP" 25

When it connects try:
mail from: your_email@yourdomain.com
rcpt to:your_email@yourdomain.com
data
subject:test
test
.    //Dot indicates end of the message body
quit

You can try to send another email address of another domain like yahoo and check what happens.You'll receive bounce email if your POP3 service works fine.Also send mail from another domain to your mail address and check that if message bounces or not.
0
doeyAuthor Commented:
A couple of other issues that I have discovered that might help point in the right direction.

When I try to go to http://my_domain.com, I get an IIS page saying "Under Construction".

When I try to go http://www.my_domain.com, I get the website no problem.

When I try to logon to the web server with http://12.34.56.78:2082/ I get a page asking to diagnose connection issues (in IE).

I don't have access to this small school outside of opening hours so I am logging on remotely. However when I perform the same tests here on my home machine and network, everything works just fine.
0
Alan HardistyCo-OwnerCommented:
Please can you answer my earlier questions.
0
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
You don't get webpage by my_domain.com because might be no relevant A record associated with that.

nslookup
set type=a
my_domain.com


What do you see? The same record of www.my_domain.com ?
0
yo_beeDirector of Information TechnologyCommented:
Sounds like an ISP issue.
Have you confirmed 100% that you are unable to send e-mail from your exchange server to an external address?

Since you are able to exchange information internally I do not think it is your exchange system.
Everything is pointing to the interface between the outside world.
0
doeyAuthor Commented:
Hi Alan

I  only have one issue that I am concerned about. I am only mentioning the url issues as everything happened at the same time. So it would lead anyone to believe that the issues must be related. And surely the more information that I can give would only help.

With regards to your previous questions. It is McAfee VirusScan Enterprise 8.5. And I have just checked the SMTP virtual server Authentication settings and it is on.

Thanks
0
yo_beeDirector of Information TechnologyCommented:
What is your public ip supposed to be?

Have you done an NSLOOKUP for your MX and see if it matches your Routers/Firewall public address?
0
doeyAuthor Commented:
Hi yo_bee

I have just remotely logged on. The public ip is 192.1.201.18

I hope this helps
0
yo_beeDirector of Information TechnologyCommented:
what it your domain name?
0
doeyAuthor Commented:
killestercollege.ie
0
yo_beeDirector of Information TechnologyCommented:
I resolved 193.1.201.18 as your IP not 192.1.201.18

Was that a typo by you in the previous post with the IP?
0
doeyAuthor Commented:
I'm so sorry. You're absolutely correct.
0
yo_beeDirector of Information TechnologyCommented:
Did you change your firewall or anything like that?
I cannot even telnet to that address?
0
doeyAuthor Commented:
I haven't made any changes to the firewall since before Christmas.

By the way, I don't know if it's relevant, but the web site is actually on a different server again. The websever that the mail is associated with forwards the web traffic on to a different server again. I was on to the hosting company and they said that no changes had been made on their server.
0
yo_beeDirector of Information TechnologyCommented:
Your infrastructure is getting more interesting by the minute.

So what is your mail-flow?  Does all your mail route in and out of this hosted service?
0
doeyAuthor Commented:
I have only been involved in the setup over the past few months and it was in a terrible state. I have already sat them down and explained that a lot of changes need to be made at the end of the school year.

Anyway. Yes they have a regular cheap hosting account that routes all the mail to and from exchange within their SBS-2003 server.

I'm in Ireland and it's 02:20 at the minute. So I'll be hitting the hay in a few minutes. I'll keep an eye on this for the next few minutes but after that then I'll have to continue tomorrow.

Thanks for all of your time.
0
yo_beeDirector of Information TechnologyCommented:
I think your mail flow failing point is your Hosting services.
I would contact them tomorrow and rectify if there are any issues with them.

Have a good night and get some fresh eyes tomorrow.

Mike
0
doeyAuthor Commented:
Thanks Mike
0
yo_beeDirector of Information TechnologyCommented:
I think it is  just coincidental that this started after updates.
0
Alan HardistyCo-OwnerCommented:
Any danger of having my questions answered?

http:#a37763076

My Admin comment was aimed at the expert who was venturing down the OWA path after you commented.  It is clear that you have issues and they may well be related, but it is not practical to resolve the OWA issues here.
0
doeyAuthor Commented:
Hi Alan

I'm sorry if I confused matters, but my answer is in my last response to you. If you skip the first paragraph you will see the reply.

With regards to your previous questions. It is McAfee VirusScan Enterprise 8.5. And I have just checked the SMTP virtual server Authentication settings and it is on.

Thanks
0
Alan HardistyCo-OwnerCommented:
Sorry - missed that in all the comments above.

Can you please completely uninstall the AV software and reboot the server and see what happens afterwards please.  It is either your firewall or AV that is interfering I think.
0
doeyAuthor Commented:
Hi Alan

Unfortunately it is a school that the server is in and they have started for today. So I will have to see if there is a free slot that will allow me to uninstall the AV. Which I have no problem in doing.

Although I have not touched the firewall in a number of months, I have a sneaky suspicion that it might be this or the hosting provider. But they have already told me that they changed nothing. This was in a conversation and they never actually made any checks. So while I'm waiting on some free time in the school, I'll get on to the phone to them.

The firewall is a Cisco Pix and it doesn't have any GUI. It all have to be done through a telnet connection. I have never been comfortable with telnet (I know, I sound like a child) so I will probably ask a friend to look at it for me.

Thanks
0
Alan HardistyCo-OwnerCommented:
It may be possible that they Cisco has lost it's running config and reverted to it's config in flash and that might mean that port 25 got closed.

Can you remote onto another computer in the school and test telnet locally?

If that works - it points squarely to the Cisco.  If not - then it might be the AV software.

http://support.microsoft.com/kb/153119
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alan HardistyCo-OwnerCommented:
Okay - so your mail should now be flowing again - but please disable SMTP FIXUP on the Cisco PIX as it will cause you more problems that having it enabled will solve.

Was it the PIX causing the problems?
0
doeyAuthor Commented:
Hi Alan (and to all)

This is now sorted. It was a strange one and you never would have gotten it in its entirety. That's because there is a second server in place and I'm sorry I didn't know about it. On this second server they had Mail Marshal and it hadn't started correctly.

I will be going through this server thoroughly during the week to see what other surprises it might yet hold for me.

I'm sorry about all this. I was trying to give everyone as much detail as I had and it ended up that I hadn't all the details myself. There are still other issues that need addressing but this will be dealt with separately.

Thanks to everyone for your assistance.
0
Alan HardistyCo-OwnerCommented:
Don't forget to disable SMTP Fixup on your PIX.

Glad the issue is resolved.
0
doeyAuthor Commented:
I received a lot of good advice however I did not have all the details of the problem at hand. I did not know this before my initial submission.
0
Alan HardistyCo-OwnerCommented:
FYI - before on the domain report I wasn't even seeing your PIX, so there was definitely a problem with the PIX.
0
doeyAuthor Commented:
Thanks Alan. It's another thing to add to the list. This is such a patchwork setup that it will be needed to be built from scratch during the summer break
0
Alan HardistyCo-OwnerCommented:
Sounds like a good plan.  Good to document the setup too so that any problems can be easily (more easily) identified if something goes wrong.

Have fun ;)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.