Trying to move an Exchange 2007  server from public to private IP addressing

Posted on 2012-08-21
Last Modified: 2012-08-23
We currently have 7 Exchange 2007 servers, all using public IP addressing, and using an F5 device to hand out our SSL cert. The system has been up and running fine for 4 years. We have been tasked with switching our entire infrastructure to private IP addressing, moving everything behind a firewall.

I have created an eighth server with a private IP address that is nat'ed through an ASA to a public IP address. Best Practices tells me everything is up and running just fine. When I check remote connectivity, it is fine as well.

I moved a test account to the private IP server and mail goes nowhere - not to the public servers, not to the "outside" world, nowhere. I am trying to wrap my head around the missing piece but could use some direction. Thanks.
Question by:frischb
    LVL 23

    Expert Comment

    by:Stelian Stan
    Do you have setup the SendConnector on new Exchange box? If not you have to create one to be able to send emails out.

    How about DNS? Do you have an MX record configured for the new server?

    Author Comment

    We use one send connector for all Exchange boxes - after leaving our site(s) they route through a smart host, Microsoft's online Forefront Protection, so that DNS is listed in the Send Connector as our Network smart host.

    I have an MX record that looks the other Exchange servers, with the exception of the private IP instead of public IP.
    LVL 23

    Expert Comment

    by:Stelian Stan
    I think the RGC could be the problem. To find out run the following commands and post here:
    Get-AcceptedDomain | fl > ad.txt
    Get-SendConnector | fl > sc.txt
    Get-RoutingGroupConnector  |fl > RGC.txt

    Author Comment

    You may be right - the rgc.txt is empty, making me think there's no routing group connector. But included is my sc.txt below - one thing I noticed is the Source IP address is and that can't be right, either. SC.TXT:

    AddressSpaces                : {SMTP:*;1}
    AuthenticationCredential     :
    Comment                      :
    ConnectedDomains             : {}
    ConnectionInactivityTimeOut  : 00:10:00
    DNSRoutingEnabled            : False
    DomainSecureEnabled          : False
    Enabled                      : True
    ForceHELO                    : False
    Fqdn                         : MCCKC.EDU
    HomeMTA                      : Microsoft MTA
    HomeMtaServerId              : xxx-xxx-xx
    Identity                     : Internet Access
    IgnoreSTARTTLS               : False
    IsScopedConnector            : False
    IsSmtpConnector              : True
    LinkedReceiveConnector       :
    MaxMessageSize               : 50MB
    Name                         : Internet Access
    Port                         : 25
    ProtocolLoggingLevel         : None
    RequireTLS                   : False
    SmartHostAuthMechanism       : None
    SmartHosts                   : {}
    SmartHostsString             :
    SourceIPAddress              :
    SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
    SourceTransportServers       : {XXX-XXX-XX}
    UseExternalDNSServersEnabled : True
    LVL 23

    Accepted Solution

    The source Ip Address is correct. That means if you have more than one ip address on your Exchange box it will use all ip address on your box. You can delete the connector from sc.txt because is trying to send to SmartHosts: {}. Is that the smart host you are using for external exchange?

    Here is how to configure your Exchange to receive email from intenet:

    More info about ExchangeConnector:
    it is about Exchange 2010 but you can apply it to Exchange 2007


    How to Configure an Exchange 2007 SMTP Connector:

    You don't need to create a RGC between Exchange 2007 servers, communication happens automatically. Bidirectional instances of these connectors are installed by default when you install a new Exchange 2007 Hub Server into the Exchange Organization.
    Don't forget to configure your firewall to let port 25 for SMTP and 50636 for LDAPS between internal and external Exchange servers.

    Author Closing Comment

    Thanks for all the info - I will dig into those links, and check everything on the firewall side as well - I'm sure 25 is there, but not sure about the LDAPS. Thanks for the help.
    LVL 23

    Expert Comment

    by:Stelian Stan
    No problem. Glad I could help you !!!

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
    To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now