Solved

Exchange 2010 outbound email hanging in Queue, all but HOMMAIL?

Posted on 2014-02-14
27
781 Views
Last Modified: 2014-02-16
Well, here we go....

The thing that sticks in my crawl about this is it started Wednesday at around 10:30am....Very near the time that there was an issue with all of Godaddy.com's servers.

But Godaddy insists this problem is on my end.  So I am begging the gents of the internet...YOU...to assist me with your great wisdom.  I've never been let down by EE, and I know this will be no exception.

Since wednesday the 12th, outbound email has begun to give the system warning that mail is delayed.

I will come clean and say I have a limited understanding of Exchange 2010, probably just enough to be dangerous.  I am always trying to learn and educate my-MS-self as my time allows.

I can see items in the Message Queue viewer and they give the error:
451 4.4.0 Primary terget IP address responded with: "421.4.2.1 Unable to connect."  Attempted failover to alternate host, but that did not succeed.  Either there are no alternate hosts, or delivery failed to all alternate hosts.

Now I did look at several instances of this error in EE,  The only step I tried was to flush the DNS with the cmd line ipconfig /flushdns.

Now here's something I can't explain...  I can send mail to my hotmail account from this box!  But not to gmail, or my godaddy hosted email, etc....it seems no other place can get the email.

LIke I said, exchange is still mysterious to me.  
things I have verified:
I have verified my DNS sync to godaddy is updating, and the MX record at godaddy is pointing to my exchange server...INBOUND mail is 100% full speed working.

I have verified my ip address has not changed from my ISP.

I have tested the outbound mail to hotmail 3 times successfully.
I have tested outbound email to any other server FAILS.

Server diagnostics all show healthy, even ran the exchange troubleshooter where it gathers info for about ten minutes and it shot back everything was just fine!  BPA tool I think?

I have verified there were no windows updates on 2/12 at all...when this all started.  I did go ahead and run the updates from 2/13 last night.

What i have not figured out how to verify is if ANY of the mails sent from 2/12 or 2/13 eventually went through as my client hasn't complained about this and the exchange message Queue viewer only shows me items with today's date.  (My ignorance of the message Queueu  viewer is apparent here as well...I just don't need to go into this very often)

I have bared my large sized soul before you all.... Number 5 need input!

Ike
0
Comment
Question by:Faxxer
  • 16
  • 6
  • 5
27 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 250 total points
Comment Utility
Very probably a port blocking issue...

However the first thing you need to do is go to http://testconnectivity.microsoft.com and run the Outbound SMTP test to see what it reveals.

Jeff
0
 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 250 total points
Comment Utility
My question would be, are you sending mail via a smart host, IE. All mail from your exchange server goes to another server first and then they forward it on to the intended recipient?
0
 

Author Comment

by:Faxxer
Comment Utility
What would you say if EVERY SINGLE test at the test connectivity site passed GREEN checks?

Is there any way to test if my isp is blocking something?  
Again, I can send to HOTMAIL from there just fine!!!

I am sending from the server directly.  no smarthost at all
0
 

Author Comment

by:Faxxer
Comment Utility
My certificate is valid through godaddy also, just fyi.
0
 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 250 total points
Comment Utility
My next recommendation would be go to mxtoolbox.com and run their blacklist test
0
 

Author Comment

by:Faxxer
Comment Utility
the mxtoolbox shows very little issues.

I do have a reverse dns mismatch, but i've had that since the beginning with no issues.

"Warning - Reverse DNS does not match SMTP Banner "

my isp would have to fix that wouldn't they?
0
 

Author Comment

by:Faxxer
Comment Utility
I'm not on any blacklists at all
0
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
You have this question in the Small Business Server zone, are you running SBS 2011?
0
 

Author Comment

by:Faxxer
Comment Utility
Yes, running SBS 2011 running Exchange 2010
0
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
Have you applied Exchange SP3?
Have you run the SBS BPA with update 5?
Have you tried running the Fix My Network Wizard?

You don't by chance have IPv6 disabled?
How much free space on the C drive?
0
 

Author Comment

by:Faxxer
Comment Utility
Great Questions!

SP3 for exchange is installed.
I ran the Fix my network wizard earlier tonight, no joy.
I do run the BPA wizards regularly to check for health issues...usually pretty good and lean running machine...never anything critical...but I will run that again just to check right now...

I did not disable IPv6.
C drive is 340GB free of 464GB

p.s. sp3 for exchange has been running fine since August
0
 

Author Comment

by:Faxxer
Comment Utility
BPA shows no real issues or warnings.  It's just as it's been for many months now.
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 250 total points
Comment Utility
Do you have an SPF record configured in your public DNS?

If not, that definitely could be the cause.

Overall -- there are just a few things which can cause this problem and Alan Hardisty has put together a pretty good troubleshooting overview:
http://alanhardisty.wordpress.com/2010/02/25/problems-sending-emails-to-external-domains/

Info on how to create a proper SPF record is included on that page.

Jeff
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:Faxxer
Comment Utility
Godaddy confirmed my SPF is good already today actually
0
 

Author Comment

by:Faxxer
Comment Utility
however... maybe not.  Mxtoolbox is saying it's not valid.  But the guy I talked to at Godaddy said it was good today....

This inconsistency is cause for further investigation
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
What make/model Firewall are you using?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
MX toolbox doesn't like the ~all on the end of SPF records and will show it being invalid because of that.  Post the record here if you want me to take a look at it.

Jeff
0
 

Author Comment

by:Faxxer
Comment Utility
ok... Microsoft says it did find a valid SPF.../shrug of confusion
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
so, the firewall make/model is...??
0
 

Author Comment

by:Faxxer
Comment Utility
I updated the TXT record to the one Microsoft suggested.  Will hold my breath.
0
 

Author Comment

by:Faxxer
Comment Utility
The firewall is SonicWall TZ-105.  I've checked it out pretty good, I honestly don't believe it's the SonicWall.

However!  My first call to my ISP yielded ZERO help, the lady didn't even know what an Exchange server was...

I called again just now and the guy says... "Ya...we closed port 25 for non business customers."

I'm all like, "But we ARE a business customer and on a static IP!"

He says.. "ok, let me check on that for you.."

sigh!!!!!!

If this is the case, obviously the fix is near...I'll update soon...
0
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
that could be the issue, however this points to another possibility.   Sounds like your ISP may simply handout IPs for business customers from it's pool of IPs for residential customers.   Some systems will detect this and still reject mail as well.  Some ISP's have distinctly different networks and support groups for consumer vs business.  Just food for thought.
0
 

Author Comment

by:Faxxer
Comment Utility
They are still a small ISP, Fidelity Communications only in a few states.

They told me they've unblocked the port but I still can't telnet through the port.
I'm going to give them up to an hour before i call back
0
 

Author Comment

by:Faxxer
Comment Utility
WEll they opened the port and boom...mail flowing again.  

What is so frustrating is they told me they don't close ports!!!  

It wasn't until I called and harrassed them that they admitted it.

what threw me was the exchange connector test succeeded!!!  How could it do that if the port was blocked????  That really confused me.

This case is closed.
0
 

Author Closing Comment

by:Faxxer
Comment Utility
All the questions and follow up questions helped me to eventually push in the correct direction.  Thank you both
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Y'know... the FIRST thing I suggested as the problem was a port issue!  I should have insisted that you follow up on that before we moved on.  Oh well...

:-)
0
 

Author Comment

by:Faxxer
Comment Utility
I see what you mean.  I did learn alot from all the other posts and questions so I felt like it was a total learning experience.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now