Solved

Exchange stops working after windows update - SBS 2003

Posted on 2012-03-24
38
504 Views
Last Modified: 2012-03-26
Hi There

Last weekend the SBS-2003 server rebooted itself after a windows update and since then no mails to or from the outside world can be sent or received. All internal mails are not affected.

Help!
0
Comment
Question by:doey
  • 15
  • 10
  • 9
  • +1
38 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Are all your services started?

Is the Simple Mail Transfer Protocol Service started?

What is the result of (from a command prompt):

netstat -anb | findstr :25

Please visit www.canyouseeme.org and test port 25 - do you get SUCCESS?
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
Comment Utility
Firstly,Check if there's services are not stopped.
Secondly, telnet from a client pc to your mail server.

telnet "Mail Server IP" 25
telnet "Mail Server IP" 110

Can you connect?
0
 

Author Comment

by:doey
Comment Utility
Hi Alan

I have checked the SMTP service and it is Started. I ran the command prompt and got the following result.

C:\Documents and Settings\Administrator.KCFE>netstat -anb | findstr :25
  TCP    0.0.0.0:25             0.0.0.0:0              LISTENING       1636
  UDP    0.0.0.0:25713          *:*                                    1548
  UDP    0.0.0.0:25198          *:*                                    1548
  UDP    0.0.0.0:2566           *:*                                    1548
  UDP    0.0.0.0:2565           *:*                                    1548
  UDP    0.0.0.0:2564           *:*                                    1548
  UDP    0.0.0.0:25976          *:*                                    1548
  UDP    0.0.0.0:2550           *:*                                    1548
  UDP    0.0.0.0:25933          *:*                                    1548
  UDP    0.0.0.0:25674          *:*                                    1548
  UDP    0.0.0.0:25145          *:*                                    1548
  UDP    0.0.0.0:2528           *:*                                    1548
  UDP    0.0.0.0:25910          *:*                                    1548
  UDP    0.0.0.0:25894          *:*                                    1548
  UDP    0.0.0.0:25636          *:*                                    1548
  UDP    0.0.0.0:25888          *:*                                    1548
  UDP    0.0.0.0:25110          *:*                                    1548
  UDP    0.0.0.0:25622          *:*                                    1548
  UDP    0.0.0.0:25615          *:*                                    1548
  UDP    0.0.0.0:25100          *:*                                    1548
  UDP    0.0.0.0:25871          *:*                                    1548
  UDP    0.0.0.0:25099          *:*                                    1548
  UDP    0.0.0.0:25096          *:*                                    1548
  UDP    0.0.0.0:25609          *:*                                    1548
  UDP    0.0.0.0:25348          *:*                                    1548
  UDP    0.0.0.0:25344          *:*                                    1548
  UDP    0.0.0.0:25591          *:*                                    1548
  UDP    0.0.0.0:25072          *:*                                    1548
  UDP    0.0.0.0:25584          *:*                                    1548
  UDP    0.0.0.0:25069          *:*                                    1548
  UDP    0.0.0.0:25578          *:*                                    1548
  UDP    0.0.0.0:25568          *:*                                    1548
  UDP    0.0.0.0:25052          *:*                                    1548
  UDP    0.0.0.0:25304          *:*                                    1548
  UDP    0.0.0.0:25816          *:*                                    1548
  UDP    0.0.0.0:25556          *:*                                    1548
  UDP    0.0.0.0:25546          *:*                                    1548
  UDP    0.0.0.0:25277          *:*                                    1548
  UDP    0.0.0.0:25528          *:*                                    1548
  UDP    0.0.0.0:25527          *:*                                    1548
  UDP    0.0.0.0:25463          *:*                                    1548
  UDP    0.0.0.0:25775          *:*                                    1548
  UDP    0.0.0.0:25758          *:*                                    1548
  UDP    0.0.0.0:25240          *:*                                    1548
  UDP    0.0.0.0:25994          *:*                                    1548
  UDP    0.0.0.0:25729          *:*                                    1548

Open in new window


And with a test on http://canyouseeme.org/ I test ports 25 & 110 and I got the following errors:

Error: I could not see your service on 193.1.201.18 on port (25)
Error: I could not see your service on 193.1.201.18 on port (110)


And they both said: Reason: Connection refused

Thanks for your quick responce.

regards
Damien
0
 

Author Comment

by:doey
Comment Utility
Hi rigan123

I dont see any mail related services that are Stopped.

Telnet Results for 25:
220 mail.killestercollege.ie Microsoft ESMTP MAIL Service, Version: 6.0.3790.467
5 ready at  Sun, 25 Mar 2012 12:21:56 +0100

Telnet results for 110:
H:\>telnet 172.16.1.2 110
Connecting To 172.16.1.2...Could not open connection to the host, on port 110: C
onnect failed


So it looks like there may be an error on 110. If this is the case, where do I go from here?

Damien
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
Do you know what update/updates applied?
I would goto the C:\windows\  and run the Uninstall of the most recent update one by one.
After the first update is uninstall restart and see if exchange starts working.

Once isolated reapply any updates that did not seem to affect the exchange system.

Port 110 is your POP service and that is not used for sending or receiving e-mail on your exchange server.

On another note:

Did you contact your ISP to see if they are blocking port 25 and 110.  I saw this at a client of mine a while back when they were using a non-business class service from their ISP.
Their ISP blocked all ports that might be hosted (i.e. Exchange or Web service)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
What AV software are you running and have you got Anonymous Authentication enabled on your SMTP virtual server Authentication settings?
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
Comment Utility
Your mail server is listening on 25 port but not listening on 110.If you are using 110 port for incoming email then check the POP3 service then try start or restart.

For email test follow the methond from command prompt:

telnet "Mail Server IP" 25

When it connects try:
mail from: your_email@yourdomain.com
rcpt to:your_email@yourdomain.com
data
subject:test
test
.    //Dot indicates end of the message body
quit

You can try to send another email address of another domain like yahoo and check what happens.You'll receive bounce email if your POP3 service works fine.Also send mail from another domain to your mail address and check that if message bounces or not.
0
 

Author Comment

by:doey
Comment Utility
A couple of other issues that I have discovered that might help point in the right direction.

When I try to go to http://my_domain.com, I get an IIS page saying "Under Construction".

When I try to go http://www.my_domain.com, I get the website no problem.

When I try to logon to the web server with http://12.34.56.78:2082/ I get a page asking to diagnose connection issues (in IE).

I don't have access to this small school outside of opening hours so I am logging on remotely. However when I perform the same tests here on my home machine and network, everything works just fine.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Please can you answer my earlier questions.
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
Comment Utility
You don't get webpage by my_domain.com because might be no relevant A record associated with that.

nslookup
set type=a
my_domain.com


What do you see? The same record of www.my_domain.com ?
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
Sounds like an ISP issue.
Have you confirmed 100% that you are unable to send e-mail from your exchange server to an external address?

Since you are able to exchange information internally I do not think it is your exchange system.
Everything is pointing to the interface between the outside world.
0
 

Author Comment

by:doey
Comment Utility
Hi Alan

I  only have one issue that I am concerned about. I am only mentioning the url issues as everything happened at the same time. So it would lead anyone to believe that the issues must be related. And surely the more information that I can give would only help.

With regards to your previous questions. It is McAfee VirusScan Enterprise 8.5. And I have just checked the SMTP virtual server Authentication settings and it is on.

Thanks
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
What is your public ip supposed to be?

Have you done an NSLOOKUP for your MX and see if it matches your Routers/Firewall public address?
0
 

Author Comment

by:doey
Comment Utility
Hi yo_bee

I have just remotely logged on. The public ip is 192.1.201.18

I hope this helps
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
what it your domain name?
0
 

Author Comment

by:doey
Comment Utility
killestercollege.ie
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
I resolved 193.1.201.18 as your IP not 192.1.201.18

Was that a typo by you in the previous post with the IP?
0
 

Author Comment

by:doey
Comment Utility
I'm so sorry. You're absolutely correct.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
Did you change your firewall or anything like that?
I cannot even telnet to that address?
0
 

Author Comment

by:doey
Comment Utility
I haven't made any changes to the firewall since before Christmas.

By the way, I don't know if it's relevant, but the web site is actually on a different server again. The websever that the mail is associated with forwards the web traffic on to a different server again. I was on to the hosting company and they said that no changes had been made on their server.
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
Your infrastructure is getting more interesting by the minute.

So what is your mail-flow?  Does all your mail route in and out of this hosted service?
0
 

Author Comment

by:doey
Comment Utility
I have only been involved in the setup over the past few months and it was in a terrible state. I have already sat them down and explained that a lot of changes need to be made at the end of the school year.

Anyway. Yes they have a regular cheap hosting account that routes all the mail to and from exchange within their SBS-2003 server.

I'm in Ireland and it's 02:20 at the minute. So I'll be hitting the hay in a few minutes. I'll keep an eye on this for the next few minutes but after that then I'll have to continue tomorrow.

Thanks for all of your time.
0
 
LVL 21

Assisted Solution

by:yo_bee
yo_bee earned 250 total points
Comment Utility
I think your mail flow failing point is your Hosting services.
I would contact them tomorrow and rectify if there are any issues with them.

Have a good night and get some fresh eyes tomorrow.

Mike
0
 

Author Comment

by:doey
Comment Utility
Thanks Mike
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
I think it is  just coincidental that this started after updates.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Any danger of having my questions answered?

http:#a37763076

My Admin comment was aimed at the expert who was venturing down the OWA path after you commented.  It is clear that you have issues and they may well be related, but it is not practical to resolve the OWA issues here.
0
 

Author Comment

by:doey
Comment Utility
Hi Alan

I'm sorry if I confused matters, but my answer is in my last response to you. If you skip the first paragraph you will see the reply.

With regards to your previous questions. It is McAfee VirusScan Enterprise 8.5. And I have just checked the SMTP virtual server Authentication settings and it is on.

Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Sorry - missed that in all the comments above.

Can you please completely uninstall the AV software and reboot the server and see what happens afterwards please.  It is either your firewall or AV that is interfering I think.
0
 

Author Comment

by:doey
Comment Utility
Hi Alan

Unfortunately it is a school that the server is in and they have started for today. So I will have to see if there is a free slot that will allow me to uninstall the AV. Which I have no problem in doing.

Although I have not touched the firewall in a number of months, I have a sneaky suspicion that it might be this or the hosting provider. But they have already told me that they changed nothing. This was in a conversation and they never actually made any checks. So while I'm waiting on some free time in the school, I'll get on to the phone to them.

The firewall is a Cisco Pix and it doesn't have any GUI. It all have to be done through a telnet connection. I have never been comfortable with telnet (I know, I sound like a child) so I will probably ask a friend to look at it for me.

Thanks
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 250 total points
Comment Utility
It may be possible that they Cisco has lost it's running config and reverted to it's config in flash and that might mean that port 25 got closed.

Can you remote onto another computer in the school and test telnet locally?

If that works - it points squarely to the Cisco.  If not - then it might be the AV software.

http://support.microsoft.com/kb/153119
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Okay - so your mail should now be flowing again - but please disable SMTP FIXUP on the Cisco PIX as it will cause you more problems that having it enabled will solve.

Was it the PIX causing the problems?
0
 

Author Comment

by:doey
Comment Utility
Hi Alan (and to all)

This is now sorted. It was a strange one and you never would have gotten it in its entirety. That's because there is a second server in place and I'm sorry I didn't know about it. On this second server they had Mail Marshal and it hadn't started correctly.

I will be going through this server thoroughly during the week to see what other surprises it might yet hold for me.

I'm sorry about all this. I was trying to give everyone as much detail as I had and it ended up that I hadn't all the details myself. There are still other issues that need addressing but this will be dealt with separately.

Thanks to everyone for your assistance.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Don't forget to disable SMTP Fixup on your PIX.

Glad the issue is resolved.
0
 

Author Closing Comment

by:doey
Comment Utility
I received a lot of good advice however I did not have all the details of the problem at hand. I did not know this before my initial submission.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
FYI - before on the domain report I wasn't even seeing your PIX, so there was definitely a problem with the PIX.
0
 

Author Comment

by:doey
Comment Utility
Thanks Alan. It's another thing to add to the list. This is such a patchwork setup that it will be needed to be built from scratch during the summer break
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Sounds like a good plan.  Good to document the setup too so that any problems can be easily (more easily) identified if something goes wrong.

Have fun ;)
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now