[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 463
  • Last Modified:

Trying to move an Exchange 2007 server from public to private IP addressing

We currently have 7 Exchange 2007 servers, all using public IP addressing, and using an F5 device to hand out our SSL cert. The system has been up and running fine for 4 years. We have been tasked with switching our entire infrastructure to private IP addressing, moving everything behind a firewall.

I have created an eighth server with a private IP address that is nat'ed through an ASA to a public IP address. Best Practices tells me everything is up and running just fine. When I check remote connectivity, it is fine as well.

I moved a test account to the private IP server and mail goes nowhere - not to the public servers, not to the "outside" world, nowhere. I am trying to wrap my head around the missing piece but could use some direction. Thanks.
  • 4
  • 3
1 Solution
Stelian StanCommented:
Do you have setup the SendConnector on new Exchange box? If not you have to create one to be able to send emails out.

How about DNS? Do you have an MX record configured for the new server?
frischbAuthor Commented:
We use one send connector for all Exchange boxes - after leaving our site(s) they route through a smart host, Microsoft's online Forefront Protection, so that DNS is listed in the Send Connector as our Network smart host.

I have an MX record that looks the other Exchange servers, with the exception of the private IP instead of public IP.
Stelian StanCommented:
I think the RGC could be the problem. To find out run the following commands and post here:
Get-AcceptedDomain | fl > ad.txt
Get-SendConnector | fl > sc.txt
Get-RoutingGroupConnector  |fl > RGC.txt
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

frischbAuthor Commented:
You may be right - the rgc.txt is empty, making me think there's no routing group connector. But included is my sc.txt below - one thing I noticed is the Source IP address is and that can't be right, either. SC.TXT:

AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : False
DomainSecureEnabled          : False
Enabled                      : True
ForceHELO                    : False
Fqdn                         : MCCKC.EDU
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : xxx-xxx-xx
Identity                     : Internet Access
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : 50MB
Name                         : Internet Access
Port                         : 25
ProtocolLoggingLevel         : None
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {mail.messaging.microsoft.com}
SmartHostsString             : mail.messaging.microsoft.com
SourceIPAddress              :
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {XXX-XXX-XX}
UseExternalDNSServersEnabled : True
Stelian StanCommented:
The source Ip Address is correct. That means if you have more than one ip address on your Exchange box it will use all ip address on your box. You can delete the connector from sc.txt because is trying to send to SmartHosts: {mail.messaging.microsoft.com}. Is that the smart host you are using for external exchange?

Here is how to configure your Exchange to receive email from intenet: http://blogs.technet.com/b/exchange/archive/2006/11/17/configuring-exchange-2007-hub-transport-role-to-receive-internet-mail.aspx

More info about ExchangeConnector: http://smtpport25.wordpress.com/2010/07/11/exchange-2010-connectors/
it is about Exchange 2010 but you can apply it to Exchange 2007


How to Configure an Exchange 2007 SMTP Connector: http://www.computerperformance.co.uk/exchange2007/exchange2007_smtp_connector.htm

You don't need to create a RGC between Exchange 2007 servers, communication happens automatically. Bidirectional instances of these connectors are installed by default when you install a new Exchange 2007 Hub Server into the Exchange Organization.
Don't forget to configure your firewall to let port 25 for SMTP and 50636 for LDAPS between internal and external Exchange servers.
frischbAuthor Commented:
Thanks for all the info - I will dig into those links, and check everything on the firewall side as well - I'm sure 25 is there, but not sure about the LDAPS. Thanks for the help.
Stelian StanCommented:
No problem. Glad I could help you !!!

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now