Solved

Exchange 2010 on SBS 2011 not sending mail after migration

Posted on 2013-02-04
15
1,051 Views
Last Modified: 2013-02-10
Hi guys,

I've recently completed a migration of SBS 2003 to SBS 2011 without two many hiccups.
Server has been running nicely for the past 2 weeks and just today has lost the ability to send external mail.

Mail coming in is no problem at all, ports 25 and 587 open and accepting.

When I'm trying to telnet out on either port 25 or port 587 I can't seem to get any communication - nothing will talk back.

I've created a new Send Connector, and have used a smarthost just for testing.
This send connector is sitting on port 26 and communication is working perfectly.
This is purely a workaround.

The error when I switch back is:
451 4.4.0 Primary target IP address responded with:"421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

Windows firewall is not on, and Wireshark demonstrates that DNS can see the external party...

192.168.4.10      203.147.156.194      TCP      62      15074 > 26 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 SACK_PERM=1


Firstly thought that the 2003 server may have had a hand in what was happening, but no routing groups exist from the old server, and nothing I can see in powershell points to it wanting to communicate with the old unit.

Any help would be amazing!!

Cheers,

Chenz
0
Comment
Question by:Cyb3tT3ch
  • 5
  • 3
  • 2
  • +3
15 Comments
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 38853861
Is there any mail in the queues on the old server?
Did this happen after you moved all the mailboxes?
Could Exchange 2010 might be doing some load balancing by sending mail via the least loaded server?
0
 

Author Comment

by:Cyb3tT3ch
ID: 38853876
No mail in the old queue, and Exchange has been disabled on the SBS 2003 unit.
All mailboxes were moved about 2 weeks ago, and no issues over the past two weeks.
No load balancing has been configured on either server unless that is part of the migration wizard?
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 38853954
Just an idea.
It seems very strange.
Do you have a NAT rule in your firewall for incoming port 25 that might send the traffic to another address?
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38853989
Hi,

i installed an exchange 2010 yesterday for the first time and had the same problem with the external sent mails.

i configured the connectors and receivers and used a smart host on an external relay for the connector in the hub transport.
didn't work.

Finally, i got it working after resolving an issue with the external mails not being recognize as valid by the receiving system (in this case it was a gmail mailbox that i wanted to send mail to)

Cheers.

T
0
 
LVL 18

Assisted Solution

by:Andrew Davis
Andrew Davis earned 250 total points
ID: 38854045
Recap of issue, correct me if i am wrong.
Receiving is no issue.
Sending mail fails.
Was sending fine for a couple of weeks but is now failing.
New send connector pointing to smarthost on port 26 is working as a temporary fix.

1st step with all SBS boxes should be to rerun the wizards.
       1. Open  "Windows Small Business Server 2011 Console"
       2. Expand "Getting started Tasks" on "Home" page.
       3. run through the wizards under "Connect to internet".

Now having said that, have you checked that your ISP is not blocking outgoing communications on port 25.
         1. For the purpose of the test we will see if our server can communicate with Gmail's server.
         2. open a command prompt and type telnet gmail-smtp-in.l.google.com 25
         3. you should get a reply like "220 mx.google.com ESMTP q4si21801500pav.212 - gsmtp"
 if you get a reply you know that your server can communicate with the outside world on port 25. If this is the case, how is your normal send connector setup? Do you use a smart host or not?

you can check the send connector configuration by opening Exchange management shell and typing "Get-SendConnector | ft Id*,Sm*s,po*". this will tell you if using a smarthost and on what port.

Let us know how you go with the above.

Cheers
Andrew
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 38854054
If telnetting is not working either this is either your network edge device (router, firewall, etc) or your ISP. ISPs are consistently adding port 25 blocks on their end to reduce spam , and I've seen far too often legitimate accounts get blocked by an over-eager ISP admin. Check your router. Look for port 25 outbound traffic. And call your ISP.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38854055
@corolchi
"Could Exchange 2010 might be doing some load balancing by sending mail via the least loaded server? "
No this is SBS so there should be no other Exchange server. If there was we would be seeing bigger issues.

"Do you have a NAT rule in your firewall for incoming port 25 that might send the traffic to another address? "
That would affect incoming not outgoing email.
0
 

Author Comment

by:Cyb3tT3ch
ID: 38861602
Thanks for all the suggestions guys - did help a lot in diagnosing the issue remotely.

Unfortunately it was a SnapGear firewall that was causing all the issues - she randomly decided to start blocking ports 25 and 587 for all outgoing traffic.

Cheers,

Chenz
0
 

Author Comment

by:Cyb3tT3ch
ID: 38862048
I've requested that this question be closed as follows:

Accepted answer: 0 points for Cyb3tT3ch's comment #a38861602

for the following reason:

hardware issue
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38862046
.
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38862049
Recommend points split between myself and cgaliher. We identified testing outgoing port 25 telnet test, and identified the posibility that failure could be caused by Edge router.

Why would you not want to award the points? What did we tell you that was incorrect?

Remember that in most cases you are not going to get  answers like "Its your SnapGear Firewall blocking the outgoing connection, Randomly"

What you do get is idea's and things to check that will hopefully lead you to discovering the answer.

Cheers
Andrew
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38862756
0
 
LVL 1

Expert Comment

by:modus_operandi
ID: 38873733
I've requested that this question be closed as follows:

Accepted answer: 250 points for AndrewJDavis's comment #a38854045
Assisted answer: 250 points for cgaliher's comment #a38854054

for the following reason:

Starting auto-close process to implement the recommendations of the participating Expert(s).
 
modus_operandi
EE Admin
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now