Solved

exchange 2007 , 2008 sbs

Posted on 2013-12-26
17
253 Views
Last Modified: 2014-01-12
have a 2008 sbs running exchange 2007 service pack 2 and wanted to hook up to new internet provider, and take out the sonic wall and just run direct to the internet...if i change the ip address on the exchange server is there something else i need to do to make it work ???? so far i can just get email to work local but not all the way to the wan (outside world) please any help , or step by step would be great...
0
Comment
Question by:gstevederby
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
17 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39741257
SBS cannot (should not) be connected directly to the internet.  It does not support dual NIC configurations that SBS 2003 and earlier did.  You NEED a router.  If you want to get rid of the sonic wall, I'd suggest adding an Untangle system as a router.
0
 

Author Comment

by:gstevederby
ID: 39741265
ok, i can add a router but what else do i need to do?
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39741290
1. The first thing will be to make sure your new IP is somewhere in your MX record in the public DNS.
2. While you are here, you may also need to setup a Reverse DNS entry to your IP and make sure your new IP is not already on a blacklist or get a smarthost to skip this part.
3. second thing is to forward the traffic needed for SBS, 25, 80, 443 (for OWA and activesync) to get flowing again.  This would be port forwarding from your Sonicwall (that has been configured for your new IP) to your internal IP of your SBS server (whose IP has stayed the same during all of this)
4. Test by going to Mxtoolbox.com to get the basics.

There are other sites that can test for OWA and activesynce connections, but it sounds like you need to get mail flowing again in the mean time.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:gstevederby
ID: 39741306
can you tell me , step by step how to change the reverse dns entry.?? also what if i were to just use the sonicwall as before, but with diff. ip provider--hence new wan address coming into the sonicwall...??
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39741314
Ick, step by step will be hard, since it varies with ISPs and may not be 100% needed.  It is more important to make sure you are not on a blacklist first.  

You also do not mention if your new IP is in the mix for MX records.  Without this, external traffic will not be able to reach you and they will start getting NDRs.  If you at least get the MX record, and the port 25 then your inbound mail will be delivered, even if you cannot respond.

The reverse DNS entry is generally mapped to your host name for the server, and will have to match the banner that is being broadcast by your exchange server.  Generally it requires calling them to make the entry to it.

So for example, in your DNS, you want your host name to be mail.domain.com.  You will make an A record for mail.domain.com and point it to your new IP.  Then in the MX section, you will make the 10 spot mail.domain.com.

Then call your new ISP and tell them you need a RPTR record for your IP and its value needs to be mail.domain.com.  ATT and Verizon required me to fill out a form or send an email, Telepacific and Cbyond (t1 providers here in the states) accepted over the phone request, so it depends, but they will need to be involved.

Again, this part is pointless if the outside world doesn't know where your email server is (by your MX record), and if that traffic doesn't get to your server through your firewall via a port forward.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39741316
Oh as for using the sonicwall as before, it still won't work until you update your new IP.  You may have to re-do your port forwards since they will reflect the old IP not your new one.

in this example, think of your IP (old or new) as your mailing address.  Then think of your firewall as the receptionist who accepts everyone's mail and then delivers it to who it is addressed to.  The outside world needs your address to even get anything to you, and your receptionist needs to be working otherwise it just piles up at your door.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39741332
As long as your DNS entries \ NetBIOS name are not changed, you can change IP addresses without any issues and if you do so, you need to change it to all respective DNS hostnames registered in DNS (Ex: owa, autodiscover records and its public to private IP mappings and so on)

Outlook client may need to be restarted to make changes effective

if you setup exchange IPs any where in any apps like backup etc., that's need to be addressed

Mahesh
0
 

Author Comment

by:gstevederby
ID: 39741525
Thx, I will check into all of that tomorrow when I am at the server again....hopefully one way or the other it will work....they use a service called "soap spam" which captures their email's and filters out all the spam, does an excellent job to...about 97% is cleaned fyi, and then it is sent to the server..so they use the "mx' items you speak of...I am calling them too...I am hoping that their, only 2-3 people, email's can just be forwarded via the soap spam people and thus eliminate the email server all to together...company is shutting its doors permanently...
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39742040
Oh, in this case that takes quite a bit of pressure off.  You will need to update them on the your new IP.  All of the services I have used like this will only speak with the designated server, and from their perspective, a new IP address isn't what they are expecting.  So their service is working correctly by not delivering the mail or relaying your outbound.

Chances are your mx is already pointed to them which is good, since you don't want people to bypass the washing service and deliver direct to you. And they are spooling your mail while your connection is down.  You should be able to tell them your new IP, and you won't even have to bother with the other stuff.

There are two settings you generally will have to check with your "soap spam", (which as a service I refer to all those vendors as "email washing services") and update your inbound mail server address (should just be IP), and then also update your smarthost (outbound) settings with them.

Good luck!
0
 

Author Comment

by:gstevederby
ID: 39744414
ok, i am almost done, do you know how/where the port 25 out for smtp is in 2008 sbs and how can i change if needed..??
0
 

Author Comment

by:gstevederby
ID: 39744416
soap has changed the mx so now it's pointed in correct direction, however comcast residential does not allow port 25 to be opened up...so they are asking if i can re-route to port 465 and i don't know how to do that or if it is even possible. i read how 465 is used for smtp but usually for ssl type of items...???
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39744881
There are some problems with this, the most being the IP will change from time to time if you are on a residential DHCP, so you will have to constantly update Soap.  And I am not sure if Soap can handle a host name instead of IP.  If they can you will need to register your IP with a dynamic DNS provider, like no-ip.com.

As for changing the port to a smarthost,
https://support.prolateral.com/index.php?/Knowledgebase/Article/View/159/0/how-to-use-an-alternate-smarthost-smtp-port-in-exchange-2007-and-exchange-2010

But that is only if your smarthost is relaying on that port.

I would just buy the commercial version of comcast, even if it is in your home and I would also again pay the extra fee for the static IP.  Doing these two will ease up your life in re: to setting up resources and servers that need access to and from the outside world.
0
 

Author Comment

by:gstevederby
ID: 39769730
We Are on Biz line now..so it is static.  so i have not changed Anything on the server and STILL we can't get out. the tests show port 25 blocked,even though comcast says they don't block ANY ports on their biz line. so that's the quandry. i can: telnet servername 25 and connect fine from a work station. I can send an email to myself and rec. local just fine from a workstation...so i would think that port 25 on the server is just fine, Right? doesn't logic dictate that if server has not changed and provider has that the prob. is with the provider? i had several years ago,on same server, changed provider and didn't have to change anything on server.....only tell spam soap people so they could re-route the mx records.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39769828
When you are testing, how are you testing.  If you are going internal workstation to the server, it is not a good test since that would only apply the internal firewall rules.  You should do a telnet test from your workstation (or server) to known working server like Google's email server.  If you get any response, then you know you are not being blocked.

I have never come across any ISP that has filtered static biz lines.  This is true for both home based businesses and regular commercial.
0
 

Author Comment

by:gstevederby
ID: 39770926
so i tried what i belive you are saying by going to both the work station and the server and typing in the following at cmd prompt:

telnet comcast.net 25
telnet comcast.net
telnet hp.com 25

etc.

none of those let me through, and it is on a business line...so what more can i do to prove that they, comcast, are blocking the ports?
0
 
LVL 9

Accepted Solution

by:
tsaico earned 500 total points
ID: 39771317
none of those are the smtp servers of those companies...  Those are their web domains.

try this at command prompt

nslookup
set type=mx
comcast.net

which should show you the comcast MX addresses of:

5 mx1.comcast.net
5 mx2.comcast.net

then

telnet mx1.comcast.net 25

which should then show you

220 imta20.westchester.pa.mail.comcast.net comcast ESMTP server ready

meaning you have confirmed made a connection with them.  If you can get to this, then port 25 is not your problem and you should go back to looking at your send connectors on your exchange server.  There are a lot of other tests to perform after this, but for right now, we are trying to figure out if 25 is being blocked or not.  By even responding to your request (even if it is to reject you), it confirms communication is happening.

I would disable the smart host for now, and have the send connector resolve though dns directly.  If after doing that, you can send out (even if it ends up as spam, or you get a rejection from the recipient mail server), we know the problem lies with your smarthost, not the ISP and email server.

If you cannot get to the above connection text and the connection times out, I would look at firewall rules on server (software), then the appliance, or perhaps they are blocking 25.

Also, you may want to consider bringing in someone who has some more experience with troubleshooting email servers, then watch over their shoulder to learn some of the troubleshooting practices, or better yet, head to a boot camp to get a little formal training.
0
 

Author Closing Comment

by:gstevederby
ID: 39775554
BRINGING in a more experienced tech--thx for all your help
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question