Exchange 2003 NO External email incoming until I reboot
We are running Exchange Server 2003. Starting yesterday morning we were unable to receive external emails coming in, but we can send out to everybody, and the email works great inside the intranet as well.
Our Antespam provider forwards our email to us and they say that they are seeing hundreds of lost connections and dropped connections.
When we reboot the Exchange server everything works fine for abut an hour or two and then it stops receiving again.
Any help would be greatly appreciated.
Our Antespam provider forwards our email to us and they say that they are seeing hundreds of lost connections and dropped connections.
When we reboot the Exchange server everything works fine for abut an hour or two and then it stops receiving again.
Any help would be greatly appreciated.
npinfotech
What do you see in the event logs on that server?
ASKER
I don't see anything out of the ordinary in the event logs....what should I be looking for particularly.
as a way to isolate the problem, try to restart exchange services and not restarting the machine, if it works then it has to do with exchange services, and not computer connectivity
,
sometimes it can be related to DNS records,
,
sometimes it can be related to DNS records,
ASKER
I will give restarting the Exchange Services only a try when it stops working again in an hour or two. I never thought about that.
ASKER
OK...server stopped receiving email at 6:30, I went in and restarted the Exchange Services...that didn't do anything to fix the problem.
I rebooted and it's working again...for another hour or so...
I rebooted and it's working again...for another hour or so...
it can be a long way with me :)
when it stops again try
IPCONFIG /REGISTERDNS
if not working
try disable /enable NIC ( the problem can be caused by reaching server smtp sessions or connections limits) because the are not disconnected properly and ontime)
does your exchange has two cards, or it is behind firewall and u r using forward rules?
when it stops again try
IPCONFIG /REGISTERDNS
if not working
try disable /enable NIC ( the problem can be caused by reaching server smtp sessions or connections limits) because the are not disconnected properly and ontime)
does your exchange has two cards, or it is behind firewall and u r using forward rules?
ASKER
I did a "repair" on the NIC which I think does the same thing without any results.
It has two NICs (We only use one)
It is behind a firewall
There are forwarding rules
It has two NICs (We only use one)
It is behind a firewall
There are forwarding rules
ASKER
Where do you set smtp session limits or connection limits? And why has it worked for 8 years setup the same way...what would suddenly cause the limits problem?
ASKER
I did IPCONFIG /FLUSH
IPCONFIG /Register
Nothing...no difference...I had to reboot the server again
IPCONFIG /Register
Nothing...no difference...I had to reboot the server again
ASKER
I am running a scheduled task right now to reboot the server hourly just so I can sleep over the weekend...
this one has me baffled...guess the weekend is going to be lean on help...
this one has me baffled...guess the weekend is going to be lean on help...
This will be your antivirus software. Typical culprits are Symantec or Sophos but others will do it as well.
Uninstall your AV/SPAM software, reboot and see if the problem persists. If it doesnt then re-install the AV/SPAM software.
This is normally caused by an update corrupting the engine that interacts with the SMTP service.
Uninstall your AV/SPAM software, reboot and see if the problem persists. If it doesnt then re-install the AV/SPAM software.
This is normally caused by an update corrupting the engine that interacts with the SMTP service.
ASKER
I had Symantec which I unistalled a few months ago when we switched over to Trend Micro.
I have already uninstalled Trend Micro earlier today...there is no Antivirus software on there right now.
Any place else I should look for any remnants interfering with SMTP
I have already uninstalled Trend Micro earlier today...there is no Antivirus software on there right now.
Any place else I should look for any remnants interfering with SMTP
Is it still happening after the uninstall?
If so, I'd suggest re-installing Exchange 2003 SP2 just to repair anything that may have been damaged by these products.
If so, I'd suggest re-installing Exchange 2003 SP2 just to repair anything that may have been damaged by these products.
ASKER
Yes it is still happening after the install...but it worked without error for 8 years and the Trend Micro has been working nicely for over 3 months. I only uninstalled it to see if it was the problem...not because it was doing anything.
I'm not ready to just blindly assume that antivirus is the cause of my problem.
I'm not ready to just blindly assume that antivirus is the cause of my problem.
This problem is caused 99.9% of the time by something interacting with the Exchange SMTP service.
So if you have removed the AV what other 3rd party products do you have installed on the server?
Just because it worked for 3 months doesn't mean it isn't the cause.
So if you have removed the AV what other 3rd party products do you have installed on the server?
Just because it worked for 3 months doesn't mean it isn't the cause.
ASKER
That's about it...I do have Symantec Backup Exec System recovery which is a backup utility like Ghost.
Is reinstalling Exchange 2003 SP2 non destructive? I can do it in place and it won't overwrite my stuff because this is our only production server.
Is reinstalling Exchange 2003 SP2 non destructive? I can do it in place and it won't overwrite my stuff because this is our only production server.
It won't be system recovery.
Yes, SP2 is non destructive it can be done whilst live. It will stop the exchange services during install but will only take around 30 minutes to do.
Yes, SP2 is non destructive it can be done whilst live. It will stop the exchange services during install but will only take around 30 minutes to do.
ASKER
Just to clarify, this is only the Service Pack? Not the entire Exchange 2003?
Absolutely, just the service pack.
ASKER
If I install this Service Pack 2, is it going to break OWA or anything else I currently have setup?
There's no reason why it should. If its working now and you haven't strayed away from the default configuration there's no reason it shouldn't work after.
ASKER
I drove into work, did the Exchange Service pack 2, rebooted, checked for updates, it still did not fix the problem. I also switched over to theo NIC in the server.
ASKER
Any other answers?
I'd start by enabling SMTP logging in my application event viewer: http://technet.microsoft.com/en-us/library/bb124994%28v=exchg.65%29.aspx. (you may need to go deeper than this in your logging later). This will allow you to go to control panel > administrative tools > event viewer > application. Once you have some data in there, you can sort/filter for SMTP / exchange events and post specific error IDs to this thread.
It might be worth your time to contact the anti-spam provider. Their logs / error codes might help you in your effort to pinpoint where or how the stoppage is happening.
More drastic measures down the road might be to re-install your SMTP service from a Server disk, deleting and recreating SMTP Server entry in Exchange System Manager, etc.
Contacting Microsoft might be your last resort. It costs about $250, but they are a stellar resource.
It might be worth your time to contact the anti-spam provider. Their logs / error codes might help you in your effort to pinpoint where or how the stoppage is happening.
More drastic measures down the road might be to re-install your SMTP service from a Server disk, deleting and recreating SMTP Server entry in Exchange System Manager, etc.
Contacting Microsoft might be your last resort. It costs about $250, but they are a stellar resource.
ASKER
I have enabled maximum logging...there are no errors...there is nothing in the logs that show why a connection is lost or dropped and that is what is happening according to our AnteSpam provider that forwards the email to us. They tell us connections are being dropped.
Could it be something in the firewall even if rebooting the server fixes it?
Could it be something in the firewall even if rebooting the server fixes it?
The whole chain, starting at the antispam service down to ur server, is up for review. It could be that the firewall can't find the exchange server. It could be a timeout set somewhere, or a threshold may be surpassed shutting down service. I don't think its very likely outside the server, because the problem is solved by a reboot of the ser. Ifver itself.
Check out ur firewall and see if messages hit ur server. If they do, focus back on ur internal network.if not, check ur ISP modem, ur ISP lines, and antispam service.
Check out ur firewall and see if messages hit ur server. If they do, focus back on ur internal network.if not, check ur ISP modem, ur ISP lines, and antispam service.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
very glad that you finally solve it,
and thanks for sharing the solution, I hope it will help someone before hitting his/her head against the wall :)
and thanks for sharing the solution, I hope it will help someone before hitting his/her head against the wall :)
You should have seen a spike in your firewall activity also. This was a mini Denial of Service event, and your firewall didn't alert you...
ASKER
I accepted my own comment because I worked this myself and saw that the solution is accurate and works.