Solved

Can send e-mails but can't receive Exchange 2010, DNS MX record issue?

Posted on 2013-06-05
32
416 Views
Last Modified: 2013-06-05
Running into an issue where I can send e-mail to other outside e-mails but won't receive any incoming mail.

Running Exchange 2010 on Windows Server 2008 R2 (Child).  Parent is Windows Server 2012 Data center.  

 I just put this exchange server up last week and am still learning the ropes.   I had it working at one point (In, out and OWA working, with not ActiveSync) But then my website (Hosted through godaddy) was running into issues and wouldn't load.  I had both A records hosst as @ with 1 IP being my website and one being my public IP from my house . (DNS-Before.PNG)

After my website stopped working I figured out you can't have two @ records so I changed a few things.  (DNS-Now.PNG)

I was pointed in the direction of https://www.testexchangeconnectivity.com/  (TestExchange.PNG) are the results. DNS is not finding my MX record.

I don't know if its a bad idea to be post those screenshots any information would be appreciated and I can elaborate if needed.  Thanks ahead of time.

Currently up are OWA from the web, sending to any mail domain.  Can't receive from any domain.
DNS-Before.PNG
DNS-Now.PNG
TestExchange.PNG
0
Comment
Question by:OHarrisNetworks
  • 12
  • 9
  • 7
  • +1
32 Comments
 
LVL 10

Expert Comment

by:bigbigpig
ID: 39223761
Looks OK... you have your only MX record going to 99.48.173.184.

When I telnet on 25 to 'mail.oharrisnetworks.com' I get this response, presumably from your Exchange server.

220 OHarris-Exch.OHARRIS.LOCAL Microsoft ESMTP MAIL Service ready at Wed, 5 Jun
2013 16:47:42 -0400

How long ago did you update the DNS records?
0
 

Author Comment

by:OHarrisNetworks
ID: 39223776
An hour now maybe?
0
 
LVL 10

Expert Comment

by:bigbigpig
ID: 39223782
Give it time.  Public DNS could take a day or more to propagate to all the DNS servers.  In my experience it's usually within 4 hours.  So just hang on a little longer.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39223786
Your MX record is set up wrong on the Now. Set your MX Host to be @ and the Points to as mail.oharrisnetworks.com.

The MX record has to be set up so that the host name on it is the TLD that you're receiving mail for, which is what the @ sign represents in DNS setup there. The Points To is the mail server you're using and must use the FQDN to work properly. So @ pointing to mail.oharrisnetworks.com should work for you. It also takes a good bit of time for changes to DNS to apply, so once you change it, wait a while and try again.

You can also check your MX records on Public DNS by opening the command prompt, then typing NSLookup and hitting enter, then run these commands:
server = 8.8.8.8
set type=mx
oharrisnetworks.com

(Funny side note, if you sent email to kah@mail.oharrisnetworks.com it would probably come closer to working)
0
 
LVL 16

Expert Comment

by:uescomp
ID: 39223787
Is your recieve connector setup properly?  Looks like the hello request got rejected.  Also your reverse dns is not matching, most likely you have to contact your ISP and have them create the reverse dns record for you.

Recieve Connector:

      1. Open Exchange Management Console
        
      2. Server Configuration
      
      3. Hub Transport
      
      4. Right click on Default connector and select Properties.
      
      5. Select Permissions Groups tab and check Anonymous users permissions group
0
 

Author Comment

by:OHarrisNetworks
ID: 39223789
Ok, thanks, will do.  Is it a good idea to post SS of my DNS records?
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 39223799
Here's your current setup DNS in the public space as reported from NS lookup:


mail.oharrisnetworks.com
Server:  b.resolvers.Level3.net
Address:  4.2.2.2

Non-authoritative answer:
mail.oharrisnetworks.com        MX preference = 10, mail exchanger = mail.oharri
snetworks.com
> oharrisnetworks.com
Server:  b.resolvers.Level3.net
Address:  4.2.2.2

oharrisnetworks.com
        primary name server = ns45.domaincontrol.com
        responsible mail addr = dns.jomax.net
        serial  = 2013060508
        refresh = 28800 (8 hours)
        retry   = 7200 (2 hours)
        expire  = 604800 (7 days)
        default TTL = 600 (10 mins)
>



Basically what this tells us is that you have no MX record set for oharrisnetworks.com, but you do have one set for mail.oharrisnetworks.com. This means you could receive email sent to user@mail.oharrisnetworks.com but not user@oharrisnetworks.com
0
 

Author Comment

by:OHarrisNetworks
ID: 39223804
Yes that has been checked.  Its is also checked in my client connector.
ReceiveConnector.PNG
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 39223809
As to whether you should post your exact DNS, probably not the best idea. It's recommended that you black out any identifying information in those (like your domain name). For future Info :D
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 39223814
Please also go through my earlier posts if you didn't see them. Your MX records are not set up properly.
0
 

Author Comment

by:OHarrisNetworks
ID: 39223817
So my MX should be changed from points to:Mail.oharrisnetworks.com to:oharrisnetworks.com acbrown2010?
0
 
LVL 10

Expert Comment

by:bigbigpig
ID: 39223820
Oh my... my mistake.  I got confused looking at your screenshots and didn't notice your "after" MX record was for host 'mail' and not '@'.  acbrown2010 is totally correct, you need to change that, or you'll only get emails at whoever@mail.oharrisnetworks.com.
0
 
LVL 16

Expert Comment

by:uescomp
ID: 39223823
You can test and check on MX Toolbox.  Here is the report.

The MX record is not actually wrong for @ & mail are pointing to the same IP.  I just think he does not have anonymous selected on his recieve connector which would deny everyone in the world (excluding internal users using OWA or Outlook Anywhere for they are authenticated).
MXToolbox.jpg
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 39223824
Keep the points to: as mail.oharrisnetworks.com, change the host to @
0
 

Author Comment

by:OHarrisNetworks
ID: 39223831
I will need to change my A record IP then as well correct?
0
 
LVL 16

Expert Comment

by:uescomp
ID: 39223837
And port 25 and 443 on the router are pointing to youer exchange server?
0
 

Author Comment

by:OHarrisNetworks
ID: 39223841
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 39223843
@uescomp: The host name in an MX record assigns what comes after the @ sign. If he sets that to be the TLD, he will receive mail at user@domain.com. If he sets it to mail he will receive mail at user@mail.domain.com.
0
 
LVL 16

Expert Comment

by:uescomp
ID: 39223847
haha, oops, that one slipped my mind
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 39223850
The MX record in your most recent screenshot is fine now. However, you did not need to change the IP address that the @ entry at the top points to.
0
 

Author Comment

by:OHarrisNetworks
ID: 39223852
This is a SS of my router port forwarding.  Also last week I called ISP and had outbound SMTP block turned off.
port-forwarding-in-router.PNG
0
 

Author Comment

by:OHarrisNetworks
ID: 39223865
OK acbrown2010 thanks.  I guess I don't have a grasp on what the @ record does?  I thought it was a variable and any time a host in a record below called to (had @ in that spot) it would point to the IP on the A record.  Me typing that out already sounds wrong.
0
 
LVL 16

Expert Comment

by:uescomp
ID: 39223879
DNS is fun.  Just make sure you contact your ISP and make sure they setup the reverse DNS record so the IP address is mail.yourdomain.com and not the ISP.smtp.com garbage.  Otherwise you will get listed on a couple blacklists eventually.  Blacklists are not severe just annoying.
0
 

Author Comment

by:OHarrisNetworks
ID: 39223883
Looks like Gmail is getting through!
Sucess-from-gmail.PNG
0
 

Author Comment

by:OHarrisNetworks
ID: 39223890
To get a reverse DNS record do you need a Static IP?
0
 

Author Comment

by:OHarrisNetworks
ID: 39223891
How to I check my reverse DNS record?
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 39223900
Yep. The changes are starting to replicate out to public DNS. Here's what NSLookup is showing now for Google's DNS:
> set type=mx
> oharrisnetworks.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
oharrisnetworks.com     MX preference = 10, mail exchanger = mail.oharrisnetwork
s.com
>


Note that some of the other public DNS servers I checked don't have this yet, so keep waiting a while.
0
 
LVL 10

Expert Comment

by:bigbigpig
ID: 39223901
nslookup 99.48.173.184
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 39223908
Oh, also, the @ in most DNS managers represents the Top Level Domain name. In your case, oharrisnetworks.com. So when you create Aliases or records that point to @, you're basically saying, "It's the same IP address as my TLD".
0
 
LVL 16

Expert Comment

by:uescomp
ID: 39223914
As a standard its stated up to 24hrs to complete the dns record updates.  I have seen them usually in less than an hour, sometimes a few minutes.
0
 
LVL 16

Expert Comment

by:uescomp
ID: 39223930
to check your reverse dns records you can go out to www.mxtoolbox.com

Select More on the upper tab > should see ptr (DNS reverse lookup) middle box 2nd row.  Type in your ip address and it will show you what it resolves to.
0
 

Author Closing Comment

by:OHarrisNetworks
ID: 39224056
Great examples!
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now