Exchange 2003 NO External email incoming until I reboot

We are running Exchange Server 2003.  Starting yesterday morning we were unable to receive external emails coming in, but we can send out to everybody, and the email works great inside the intranet as well.

Our Antespam provider forwards our email to us and they say that they are seeing hundreds of lost connections and dropped connections.

When we reboot the Exchange server everything works fine for abut an hour or two and then it stops receiving again.

Any help would be greatly appreciated.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What do you see in the event logs on that server?
rand1964Author Commented:
I don't see anything out of the ordinary in the event logs....what should I be looking for particularly.
as a way to isolate the problem, try to restart exchange services and not restarting the machine, if it works then it has to do with exchange services, and not computer connectivity
sometimes it can be related to DNS records,
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

rand1964Author Commented:
I will give restarting the Exchange Services only a try when it stops working again in an hour or two.  I never thought about that.
rand1964Author Commented:
OK...server stopped receiving email at 6:30, I went in and restarted the Exchange Services...that didn't do anything to fix the problem.

I rebooted and it's working again...for another hour or so...
it can be a long way with me :)
when it stops again try


if not working

try disable /enable NIC ( the problem can be caused by reaching server smtp sessions or connections limits) because the are not disconnected properly and ontime)

does your exchange has two cards, or it is behind firewall and u r using forward rules?
rand1964Author Commented:
I did a "repair" on the NIC which I think does the same thing without any results.

It has two NICs  (We only use one)
It is behind a firewall
There are forwarding rules
rand1964Author Commented:
Where do you set smtp session limits or connection limits?  And why has it worked for 8 years setup the same way...what would suddenly cause the limits problem?
rand1964Author Commented:
IPCONFIG /Register difference...I had to reboot the server again
rand1964Author Commented:
I am running a scheduled task right now to reboot the server hourly just so I can sleep over the weekend...
this one has me baffled...guess the weekend is going to be lean on help...
Glen KnightCommented:
This will be your antivirus software.  Typical culprits are Symantec or Sophos but others will do it as well.

Uninstall your AV/SPAM software, reboot and see if the problem persists.  If it doesnt then re-install the AV/SPAM software.

This is normally caused by an update corrupting the engine that interacts with the SMTP service.
rand1964Author Commented:
I had Symantec which I unistalled a few months ago when we switched over to Trend Micro.
I have already uninstalled Trend Micro earlier today...there is no Antivirus software on there right now.
Any place else I should look for any remnants interfering with SMTP
Glen KnightCommented:
Is it still happening after the uninstall?

If so, I'd suggest re-installing Exchange 2003 SP2 just to repair anything that may have been damaged by these products.
rand1964Author Commented:
Yes it is still happening after the install...but it worked without error for 8 years and the Trend Micro has been working nicely for over 3 months.  I only uninstalled it to see if it was the problem...not because it was doing anything.
I'm not ready to just blindly assume that antivirus is the cause of my problem.
Glen KnightCommented:
This problem is caused 99.9% of the time by something interacting with the Exchange SMTP service.

So if you have removed the AV what other 3rd party products do you have installed on the server?

Just because it worked for 3 months doesn't mean it isn't the cause.
rand1964Author Commented:
That's about it...I do have Symantec Backup Exec System recovery which is a backup utility like Ghost.

Is reinstalling Exchange 2003 SP2 non destructive?  I can do it in place and it won't overwrite my stuff because this is our only production server.
Glen KnightCommented:
It won't be system recovery.

Yes, SP2 is non destructive it can be done whilst live.  It will stop the exchange services during install but will only take around 30 minutes to do.
rand1964Author Commented:
Just to clarify, this is only the Service Pack?  Not the entire Exchange 2003?
Glen KnightCommented:
Absolutely, just the service pack.
rand1964Author Commented:
If I install this Service Pack 2, is it going to break OWA or anything else I currently have setup?
Glen KnightCommented:
There's no reason why it should.  If its working now and you haven't strayed away from the default configuration there's no reason it shouldn't work after.
rand1964Author Commented:
I drove into work, did the Exchange Service pack 2, rebooted, checked for updates, it still did not fix the problem.  I also switched over to theo NIC in the server.
rand1964Author Commented:
Any other answers?
I'd start by enabling SMTP logging in my application event viewer:  (you may need to go deeper than this in your logging later).  This will allow you to go to control panel > administrative tools > event viewer > application.  Once you have some data in there, you can sort/filter for SMTP / exchange events and post specific error IDs to this thread.

It might be worth your time to contact the anti-spam provider.  Their logs / error codes might help you in your effort to pinpoint where or how the stoppage is happening.

More drastic measures down the road might be to re-install your SMTP service from a Server disk, deleting and recreating SMTP Server entry in Exchange System Manager, etc.

Contacting Microsoft might be your last resort.  It costs about $250, but they are a stellar resource.
rand1964Author Commented:
I have enabled maximum logging...there are no errors...there is nothing in the logs that show why a connection is lost or dropped and that is what is happening according to our AnteSpam provider that forwards the email to us.  They tell us connections are being dropped.

Could it be something in the firewall even if rebooting the server fixes it?
The whole chain, starting at the antispam service down to ur server, is up for review.  It could be that the firewall can't find the exchange server. It could be a timeout set somewhere, or a threshold may be surpassed shutting down service.  I don't think its very likely outside the server, because the problem is solved by a reboot of the ser. Ifver itself.

Check out ur firewall and see if messages hit ur server.  If they do, focus back on ur internal network.if not, check ur ISP modem, ur ISP lines, and antispam service.
rand1964Author Commented:
OK...finally solved the issue 6 days later....hope this helps somebody.

It was caused by an iPhone running OS 4.0, and what it was doing was trying to activesync multiple times a second which was causing the SMTP server to block for 60 seconds...then as soon as the 60 seconds were up it would open again for a second and immediately get blocked off again for another 60 seconds.
The thing that was causing the random email was these pauses after these 60 seconds and also when the user turned his iPhone off.

I had never heard of this before.  I found it by buying a new intel NIC and installing it in the PCI slot of the server.  Luckily in the configuration panel, this NIC alowed me to turn on Link State Logging and other things.  Suddenly I got a System Log full of errors in the Event Viewer that I couldn't see before.

I then went to the SMTPSVC1 logs and they were enormous and filled with one users transaction and I could see it was an iPhone.

I Googled and found these articles and then went in and disabled this users access to "Mobile devices" in Exchange Tasks, and then rebooted to clear everything and BAM!  Everythings working like normal.

Worst 6 days of my life, but I feel ok now.  Thanks to all who helped...I can't hardly believe it turned out to be this though.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
very glad that you finally solve it,
and thanks for sharing the solution, I hope it will help someone before hitting his/her head against the wall :)
You should have seen a spike in your firewall activity also.  This was a mini Denial of Service event, and your firewall didn't alert you...
rand1964Author Commented:
I accepted my own comment because I worked this myself and saw that the solution is accurate and works.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.