Exchange stops working after windows update - SBS 2003

Are all your services started?

Is the Simple Mail Transfer Protocol Service started?

What is the result of (from a command prompt):

netstat -anb | findstr :25

Please visit www.canyouseeme.org and test port 25 - do you get SUCCESS?

Firstly,Check if there's services are not stopped.
Secondly, telnet from a client pc to your mail server.

telnet "Mail Server IP" 25
telnet "Mail Server IP" 110

Can you connect?

Hi Alan

I have checked the SMTP service and it is Started. I ran the command prompt and got the following result.

C:\Documents and Settings\Administrator.KCFE>netstat -anb | findstr :25
  TCP    0.0.0.0:25             0.0.0.0:0              LISTENING       1636
  UDP    0.0.0.0:25713          *:*                                    1548
  UDP    0.0.0.0:25198          *:*                                    1548
  UDP    0.0.0.0:2566           *:*                                    1548
  UDP    0.0.0.0:2565           *:*                                    1548
  UDP    0.0.0.0:2564           *:*                                    1548
  UDP    0.0.0.0:25976          *:*                                    1548
  UDP    0.0.0.0:2550           *:*                                    1548
  UDP    0.0.0.0:25933          *:*                                    1548
  UDP    0.0.0.0:25674          *:*                                    1548
  UDP    0.0.0.0:25145          *:*                                    1548
  UDP    0.0.0.0:2528           *:*                                    1548
  UDP    0.0.0.0:25910          *:*                                    1548
  UDP    0.0.0.0:25894          *:*                                    1548
  UDP    0.0.0.0:25636          *:*                                    1548
  UDP    0.0.0.0:25888          *:*                                    1548
  UDP    0.0.0.0:25110          *:*                                    1548
  UDP    0.0.0.0:25622          *:*                                    1548
  UDP    0.0.0.0:25615          *:*                                    1548
  UDP    0.0.0.0:25100          *:*                                    1548
  UDP    0.0.0.0:25871          *:*                                    1548
  UDP    0.0.0.0:25099          *:*                                    1548
  UDP    0.0.0.0:25096          *:*                                    1548
  UDP    0.0.0.0:25609          *:*                                    1548
  UDP    0.0.0.0:25348          *:*                                    1548
  UDP    0.0.0.0:25344          *:*                                    1548
  UDP    0.0.0.0:25591          *:*                                    1548
  UDP    0.0.0.0:25072          *:*                                    1548
  UDP    0.0.0.0:25584          *:*                                    1548
  UDP    0.0.0.0:25069          *:*                                    1548
  UDP    0.0.0.0:25578          *:*                                    1548
  UDP    0.0.0.0:25568          *:*                                    1548
  UDP    0.0.0.0:25052          *:*                                    1548
  UDP    0.0.0.0:25304          *:*                                    1548
  UDP    0.0.0.0:25816          *:*                                    1548
  UDP    0.0.0.0:25556          *:*                                    1548
  UDP    0.0.0.0:25546          *:*                                    1548
  UDP    0.0.0.0:25277          *:*                                    1548
  UDP    0.0.0.0:25528          *:*                                    1548
  UDP    0.0.0.0:25527          *:*                                    1548
  UDP    0.0.0.0:25463          *:*                                    1548
  UDP    0.0.0.0:25775          *:*                                    1548
  UDP    0.0.0.0:25758          *:*                                    1548
  UDP    0.0.0.0:25240          *:*                                    1548
  UDP    0.0.0.0:25994          *:*                                    1548
  UDP    0.0.0.0:25729          *:*                                    1548

Select all Open in new window

And with a test on http://canyouseeme.org/ I test ports 25 & 110 and I got the following errors:

Error: I could not see your service on 193.1.201.18 on port (25)
Error: I could not see your service on 193.1.201.18 on port (110)

And they both said: Reason: Connection refused

Thanks for your quick responce.

regards
Damien

Hi rigan123

I dont see any mail related services that are Stopped.

Telnet Results for 25:
220 mail.killestercollege.ie Microsoft ESMTP MAIL Service, Version: 6.0.3790.467
5 ready at  Sun, 25 Mar 2012 12:21:56 +0100
Telnet results for 110:
H:\>telnet 172.16.1.2 110
Connecting To 172.16.1.2...Could not open connection to the host, on port 110: C
onnect failed

So it looks like there may be an error on 110. If this is the case, where do I go from here?

Damien

Do you know what update/updates applied?
I would goto the C:\windows\  and run the Uninstall of the most recent update one by one.
After the first update is uninstall restart and see if exchange starts working.

Once isolated reapply any updates that did not seem to affect the exchange system.

Port 110 is your POP service and that is not used for sending or receiving e-mail on your exchange server.

On another note:

Did you contact your ISP to see if they are blocking port 25 and 110.  I saw this at a client of mine a while back when they were using a non-business class service from their ISP.
Their ISP blocked all ports that might be hosted (i.e. Exchange or Web service)

What AV software are you running and have you got Anonymous Authentication enabled on your SMTP virtual server Authentication settings?

Your mail server is listening on 25 port but not listening on 110.If you are using 110 port for incoming email then check the POP3 service then try start or restart.

For email test follow the methond from command prompt:

telnet "Mail Server IP" 25

When it connects try:
mail from: your_email@yourdomain.com
rcpt to:your_email@yourdomain.com
data
subject:test
test
.    //Dot indicates end of the message body
quit

You can try to send another email address of another domain like yahoo and check what happens.You'll receive bounce email if your POP3 service works fine.Also send mail from another domain to your mail address and check that if message bounces or not.

A couple of other issues that I have discovered that might help point in the right direction.

When I try to go to http://my_domain.com, I get an IIS page saying "Under Construction".

When I try to go http://www.my_domain.com, I get the website no problem.

When I try to logon to the web server with http://12.34.56.78:2082/ I get a page asking to diagnose connection issues (in IE).

I don't have access to this small school outside of opening hours so I am logging on remotely. However when I perform the same tests here on my home machine and network, everything works just fine.

Please can you answer my earlier questions.

You don't get webpage by my_domain.com because might be no relevant A record associated with that.

nslookup
set type=a
my_domain.com


What do you see? The same record of www.my_domain.com ?

Sounds like an ISP issue.
Have you confirmed 100% that you are unable to send e-mail from your exchange server to an external address?

Since you are able to exchange information internally I do not think it is your exchange system.
Everything is pointing to the interface between the outside world.

Hi Alan

I  only have one issue that I am concerned about. I am only mentioning the url issues as everything happened at the same time. So it would lead anyone to believe that the issues must be related. And surely the more information that I can give would only help.

With regards to your previous questions. It is McAfee VirusScan Enterprise 8.5. And I have just checked the SMTP virtual server Authentication settings and it is on.

Thanks

What is your public ip supposed to be?

Have you done an NSLOOKUP for your MX and see if it matches your Routers/Firewall public address?

Hi yo_bee

I have just remotely logged on. The public ip is 192.1.201.18

I hope this helps

what it your domain name?

killestercollege.ie

I resolved 193.1.201.18 as your IP not 192.1.201.18

Was that a typo by you in the previous post with the IP?

I'm so sorry. You're absolutely correct.

Did you change your firewall or anything like that?
I cannot even telnet to that address?

I haven't made any changes to the firewall since before Christmas.

By the way, I don't know if it's relevant, but the web site is actually on a different server again. The websever that the mail is associated with forwards the web traffic on to a different server again. I was on to the hosting company and they said that no changes had been made on their server.

Your infrastructure is getting more interesting by the minute.

So what is your mail-flow?  Does all your mail route in and out of this hosted service?

I have only been involved in the setup over the past few months and it was in a terrible state. I have already sat them down and explained that a lot of changes need to be made at the end of the school year.

Anyway. Yes they have a regular cheap hosting account that routes all the mail to and from exchange within their SBS-2003 server.

I'm in Ireland and it's 02:20 at the minute. So I'll be hitting the hay in a few minutes. I'll keep an eye on this for the next few minutes but after that then I'll have to continue tomorrow.

Thanks for all of your time.

Thanks Mike

I think it is  just coincidental that this started after updates.

Any danger of having my questions answered?

http:#a37763076

My Admin comment was aimed at the expert who was venturing down the OWA path after you commented.  It is clear that you have issues and they may well be related, but it is not practical to resolve the OWA issues here.

Hi Alan

I'm sorry if I confused matters, but my answer is in my last response to you. If you skip the first paragraph you will see the reply.

With regards to your previous questions. It is McAfee VirusScan Enterprise 8.5. And I have just checked the SMTP virtual server Authentication settings and it is on.

Thanks

Sorry - missed that in all the comments above.

Can you please completely uninstall the AV software and reboot the server and see what happens afterwards please.  It is either your firewall or AV that is interfering I think.

Hi Alan

Unfortunately it is a school that the server is in and they have started for today. So I will have to see if there is a free slot that will allow me to uninstall the AV. Which I have no problem in doing.

Although I have not touched the firewall in a number of months, I have a sneaky suspicion that it might be this or the hosting provider. But they have already told me that they changed nothing. This was in a conversation and they never actually made any checks. So while I'm waiting on some free time in the school, I'll get on to the phone to them.

The firewall is a Cisco Pix and it doesn't have any GUI. It all have to be done through a telnet connection. I have never been comfortable with telnet (I know, I sound like a child) so I will probably ask a friend to look at it for me.

Thanks

Okay - so your mail should now be flowing again - but please disable SMTP FIXUP on the Cisco PIX as it will cause you more problems that having it enabled will solve.

Was it the PIX causing the problems?

Hi Alan (and to all)

This is now sorted. It was a strange one and you never would have gotten it in its entirety. That's because there is a second server in place and I'm sorry I didn't know about it. On this second server they had Mail Marshal and it hadn't started correctly.

I will be going through this server thoroughly during the week to see what other surprises it might yet hold for me.

I'm sorry about all this. I was trying to give everyone as much detail as I had and it ended up that I hadn't all the details myself. There are still other issues that need addressing but this will be dealt with separately.

Thanks to everyone for your assistance.

Don't forget to disable SMTP Fixup on your PIX.

Glad the issue is resolved.

I received a lot of good advice however I did not have all the details of the problem at hand. I did not know this before my initial submission.

FYI - before on the domain report I wasn't even seeing your PIX, so there was definitely a problem with the PIX.

Thanks Alan. It's another thing to add to the list. This is such a patchwork setup that it will be needed to be built from scratch during the summer break

Sounds like a good plan.  Good to document the setup too so that any problems can be easily (more easily) identified if something goes wrong.

Have fun ;)