Solved

MS Exchange Cannot connect 10060

Posted on 2014-03-20
15
2,338 Views
Last Modified: 2014-04-20
Hi, I decided to setup a second email server in my company for POP3 purpose. My ServerA is a MS Exchange 2010 server with domainA.com. My ServerB is a POP3/IMAP server (smartermail) associated with domainB.com.

Both servers are on the same building but each has a different public IP. My router manages the two IP addresses and it is dispatching the TCP ports to the appropriate servers. The public address of domainB.com is 184.xxx.33.242.

Everything is working well except that my ServerA (MS Exchange, domainA.com) is incapable of sending emails to ServerB (smartermail, domainB.com).

ServerB receives all emails from everywhere I tested and is also able to send emails to ServerA/domainA. ServerA/domainA is capable of sending everywhere but to serverB/domainB.

All my policies in my router have been reviewed by the manufacturer and they say its A1. My MS Exchange is returning me this error when I try to send to ServerB/domainB:

2014-03-20T17:17:19.149Z,ServerA Exchange SMTP Connector,08D10BB7805F0579,1,,184.xxx.33.242:25,*,,"Failed to connect. Error Code: 10060, Error Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 184.xxx.33.242:25"

My ServerA public address has a MX record set at my ISP (domainA.com) so that it can send emails directly but I did not do the for ServerB public address (kind of hard to do because it is a 4G connection (with fixed public IP address and no ports blocked, I am paying more for that).

Finally, if I set my MS Exchange to send through a SmartHost instead (my ISP smtp server), the emails are going through from ServerA to ServerB.

Would anyone know why this is happening?

Thanks.
0
Comment
Question by:benjilafouine
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 5
15 Comments
 
LVL 41

Expert Comment

by:Adam Brown
ID: 39943779
This is likely because the Exchange server sees the domain on your internal DNS, but doesn't see an MX record in that DNS zone. You can either configure a Send connector for the domain that the POP3 server uses and set it to use the POP3 as a smart host or you can add MX records to the internal DNS zone for your domainb.com mail server.
0
 
LVL 1

Accepted Solution

by:
benjilafouine earned 0 total points
ID: 39943796
Why would my Exchange server see the domainB in my internal DNS? And how can I validate that?

Are you suggesting that I create a special send connector in MS Exchange just for sending to DomainB? How do I do that (never did that before)?

SmarterMail is definitely not linked with Ad (but is linked with IIS on the smartermail server).
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 39943806
Wow!!!! I created the connector as you said in Exchange (to the best of my knowledge) and it worked!!!! Please explain this to me, I am dying for an explanation!!!

Benji.
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 
LVL 41

Expert Comment

by:Adam Brown
ID: 39943818
If you have domainb.com listed as a DNS forward lookup zone in your AD domain, then the Exchange server will use that DNS information for lookups and no external info will be available. Usually that external info includes MX records. By default, Exchange uses MX records to route mail, so if it queries its own DNS servers for a record in Domainb.com and it returns that the DNS server has records for that domain on it, but no MX records, it can't route mail.

At any rate, you can create a new send connector by going to Organization Config > Hub Transport. Click the Send Connectors Tab, right click in the middle window and select New Send Connector. Give the connector a unique name and click Next. Click Add, then enter domainb.com under Address Space and click OK, then Next. Select Route Mail through the following smart hosts, then click Add. Enter the IP of the POP3 server. Click OK, then next. The authentication page will depend on what type of security you have on the POP3 server, most likely you can just select None. Then accept the rest of the defaults and click New. Once that's done, all mail sent from users on the Exchange server to Domainb.com will go directly to the POP3 server's SMTP interface.
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 39943829
To continue (I edited my last response in case you missed it), setting up the send connector instructs the Exchange server to route mail destined to the domain you configure the send connector with directly to an SMTP server rather than using DNS lookups to get routing info for email.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 39943843
I understand very well how this new connector works (basically making an exception for domainB) but I am still trying to find where my Exchange server would pickup a wrong DNS record in AD. Unless the mix up happens at the router level (after all it manages both public IP addresses). This domainB has never been part of my MS Exchange and current AD structure as far as I know.

Where would I find such a record if it exists within my environment?
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 39943868
You would need to log in to a Domain Controller and open up DNS. Expand Forward Lookup Zones and see if DomainB.com is listed there. If it is, then your Exchange server is pulling DNS from there.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 39944030
I had already done that in anticipation of your answer: negative. This domainB never existed in my AD domain before (or in my Exchange server). I had used it in a lab in a separate domain since last year (on and off) and that's it.

Nevertheless, my main Exchange server did send some emails to this domainB when I tested it last year and in my Outlook cache, I still had this domainB address embedded in my "on the fly" Outlook address book, which I deleted of course (today). But, hey, there could still be a trace of it somewhere as I know for a fact that a MS Exchange server takes very long to "forget". I deleted a domain from my Exchange server last month and for two weeks it kept looking for it internally.

I will wait for a response from my ISP and my router manufacturer but your certainly deserve the points to close this question.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 39972364
I made some more testing. This situation only happens when both email servers are behind the same router (that has two fixed IP addresses). I moved my email server to a third site to test and everything was working.

My router manufacturer is still looking up the issue but creating the new connector is definitely the short route.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 39987599
The connector to bypass the situation was a good idea but it was not the solution. The issue was a "loopback" issue with the router, meaning that one public IP address was not trusting the other public address because the emails were trying to take a shortcut inside the router between the two interfaces.

The manufacturer finally resolved by adding "any-trusted" in the two smtp rules that I had. I wish I could give more info about the manufacturer, the ports and the solution but my company is keeping a low-profile on its security features for security reasons (you will certainly understand why).

So once more, I came up with my own solution. But I will award you the points because you helped prove my point to the manufacturer who at first, dismissed my issue.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 40002674
I've requested that this question be closed as follows:

Accepted answer: 0 points for benjilafouine's comment #a39943806

for the following reason:

The problem was in the router but the solution offered did work as a bypass.
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 40000342
You may want to change your close so it awards some points. Right now it awards none.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 40002665
I will assign points.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 40002675
I will retry closing this question.
0
 
LVL 1

Author Closing Comment

by:benjilafouine
ID: 40011157
Here is the close. Thanks.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question