• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 808
  • Last Modified:

Exchange 2010 outbound email hanging in Queue, all but HOMMAIL?

Well, here we go....

The thing that sticks in my crawl about this is it started Wednesday at around 10:30am....Very near the time that there was an issue with all of Godaddy.com's servers.

But Godaddy insists this problem is on my end.  So I am begging the gents of the internet...YOU...to assist me with your great wisdom.  I've never been let down by EE, and I know this will be no exception.

Since wednesday the 12th, outbound email has begun to give the system warning that mail is delayed.

I will come clean and say I have a limited understanding of Exchange 2010, probably just enough to be dangerous.  I am always trying to learn and educate my-MS-self as my time allows.

I can see items in the Message Queue viewer and they give the error:
451 4.4.0 Primary terget IP address responded with: "421.4.2.1 Unable to connect."  Attempted failover to alternate host, but that did not succeed.  Either there are no alternate hosts, or delivery failed to all alternate hosts.

Now I did look at several instances of this error in EE,  The only step I tried was to flush the DNS with the cmd line ipconfig /flushdns.

Now here's something I can't explain...  I can send mail to my hotmail account from this box!  But not to gmail, or my godaddy hosted email, etc....it seems no other place can get the email.

LIke I said, exchange is still mysterious to me.  
things I have verified:
I have verified my DNS sync to godaddy is updating, and the MX record at godaddy is pointing to my exchange server...INBOUND mail is 100% full speed working.

I have verified my ip address has not changed from my ISP.

I have tested the outbound mail to hotmail 3 times successfully.
I have tested outbound email to any other server FAILS.

Server diagnostics all show healthy, even ran the exchange troubleshooter where it gathers info for about ten minutes and it shot back everything was just fine!  BPA tool I think?

I have verified there were no windows updates on 2/12 at all...when this all started.  I did go ahead and run the updates from 2/13 last night.

What i have not figured out how to verify is if ANY of the mails sent from 2/12 or 2/13 eventually went through as my client hasn't complained about this and the exchange message Queue viewer only shows me items with today's date.  (My ignorance of the message Queueu  viewer is apparent here as well...I just don't need to go into this very often)

I have bared my large sized soul before you all.... Number 5 need input!

Ike
0
Faxxer
Asked:
Faxxer
  • 16
  • 6
  • 5
4 Solutions
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Very probably a port blocking issue...

However the first thing you need to do is go to http://testconnectivity.microsoft.com and run the Outbound SMTP test to see what it reveals.

Jeff
0
 
Cris HannaCommented:
My question would be, are you sending mail via a smart host, IE. All mail from your exchange server goes to another server first and then they forward it on to the intended recipient?
0
 
FaxxerAuthor Commented:
What would you say if EVERY SINGLE test at the test connectivity site passed GREEN checks?

Is there any way to test if my isp is blocking something?  
Again, I can send to HOTMAIL from there just fine!!!

I am sending from the server directly.  no smarthost at all
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
FaxxerAuthor Commented:
My certificate is valid through godaddy also, just fyi.
0
 
Cris HannaCommented:
My next recommendation would be go to mxtoolbox.com and run their blacklist test
0
 
FaxxerAuthor Commented:
the mxtoolbox shows very little issues.

I do have a reverse dns mismatch, but i've had that since the beginning with no issues.

"Warning - Reverse DNS does not match SMTP Banner "

my isp would have to fix that wouldn't they?
0
 
FaxxerAuthor Commented:
I'm not on any blacklists at all
0
 
Cris HannaCommented:
You have this question in the Small Business Server zone, are you running SBS 2011?
0
 
FaxxerAuthor Commented:
Yes, running SBS 2011 running Exchange 2010
0
 
Cris HannaCommented:
Have you applied Exchange SP3?
Have you run the SBS BPA with update 5?
Have you tried running the Fix My Network Wizard?

You don't by chance have IPv6 disabled?
How much free space on the C drive?
0
 
FaxxerAuthor Commented:
Great Questions!

SP3 for exchange is installed.
I ran the Fix my network wizard earlier tonight, no joy.
I do run the BPA wizards regularly to check for health issues...usually pretty good and lean running machine...never anything critical...but I will run that again just to check right now...

I did not disable IPv6.
C drive is 340GB free of 464GB

p.s. sp3 for exchange has been running fine since August
0
 
FaxxerAuthor Commented:
BPA shows no real issues or warnings.  It's just as it's been for many months now.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Do you have an SPF record configured in your public DNS?

If not, that definitely could be the cause.

Overall -- there are just a few things which can cause this problem and Alan Hardisty has put together a pretty good troubleshooting overview:
http://alanhardisty.wordpress.com/2010/02/25/problems-sending-emails-to-external-domains/

Info on how to create a proper SPF record is included on that page.

Jeff
0
 
FaxxerAuthor Commented:
Godaddy confirmed my SPF is good already today actually
0
 
FaxxerAuthor Commented:
however... maybe not.  Mxtoolbox is saying it's not valid.  But the guy I talked to at Godaddy said it was good today....

This inconsistency is cause for further investigation
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
What make/model Firewall are you using?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
MX toolbox doesn't like the ~all on the end of SPF records and will show it being invalid because of that.  Post the record here if you want me to take a look at it.

Jeff
0
 
FaxxerAuthor Commented:
ok... Microsoft says it did find a valid SPF.../shrug of confusion
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
so, the firewall make/model is...??
0
 
FaxxerAuthor Commented:
I updated the TXT record to the one Microsoft suggested.  Will hold my breath.
0
 
FaxxerAuthor Commented:
The firewall is SonicWall TZ-105.  I've checked it out pretty good, I honestly don't believe it's the SonicWall.

However!  My first call to my ISP yielded ZERO help, the lady didn't even know what an Exchange server was...

I called again just now and the guy says... "Ya...we closed port 25 for non business customers."

I'm all like, "But we ARE a business customer and on a static IP!"

He says.. "ok, let me check on that for you.."

sigh!!!!!!

If this is the case, obviously the fix is near...I'll update soon...
0
 
Cris HannaCommented:
that could be the issue, however this points to another possibility.   Sounds like your ISP may simply handout IPs for business customers from it's pool of IPs for residential customers.   Some systems will detect this and still reject mail as well.  Some ISP's have distinctly different networks and support groups for consumer vs business.  Just food for thought.
0
 
FaxxerAuthor Commented:
They are still a small ISP, Fidelity Communications only in a few states.

They told me they've unblocked the port but I still can't telnet through the port.
I'm going to give them up to an hour before i call back
0
 
FaxxerAuthor Commented:
WEll they opened the port and boom...mail flowing again.  

What is so frustrating is they told me they don't close ports!!!  

It wasn't until I called and harrassed them that they admitted it.

what threw me was the exchange connector test succeeded!!!  How could it do that if the port was blocked????  That really confused me.

This case is closed.
0
 
FaxxerAuthor Commented:
All the questions and follow up questions helped me to eventually push in the correct direction.  Thank you both
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Y'know... the FIRST thing I suggested as the problem was a port issue!  I should have insisted that you follow up on that before we moved on.  Oh well...

:-)
0
 
FaxxerAuthor Commented:
I see what you mean.  I did learn alot from all the other posts and questions so I felt like it was a total learning experience.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 16
  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now