Solved

MS Exchange Cannot connect 10060

Posted on 2014-03-20
15
2,011 Views
Last Modified: 2014-04-20
Hi, I decided to setup a second email server in my company for POP3 purpose. My ServerA is a MS Exchange 2010 server with domainA.com. My ServerB is a POP3/IMAP server (smartermail) associated with domainB.com.

Both servers are on the same building but each has a different public IP. My router manages the two IP addresses and it is dispatching the TCP ports to the appropriate servers. The public address of domainB.com is 184.xxx.33.242.

Everything is working well except that my ServerA (MS Exchange, domainA.com) is incapable of sending emails to ServerB (smartermail, domainB.com).

ServerB receives all emails from everywhere I tested and is also able to send emails to ServerA/domainA. ServerA/domainA is capable of sending everywhere but to serverB/domainB.

All my policies in my router have been reviewed by the manufacturer and they say its A1. My MS Exchange is returning me this error when I try to send to ServerB/domainB:

2014-03-20T17:17:19.149Z,ServerA Exchange SMTP Connector,08D10BB7805F0579,1,,184.xxx.33.242:25,*,,"Failed to connect. Error Code: 10060, Error Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 184.xxx.33.242:25"

My ServerA public address has a MX record set at my ISP (domainA.com) so that it can send emails directly but I did not do the for ServerB public address (kind of hard to do because it is a 4G connection (with fixed public IP address and no ports blocked, I am paying more for that).

Finally, if I set my MS Exchange to send through a SmartHost instead (my ISP smtp server), the emails are going through from ServerA to ServerB.

Would anyone know why this is happening?

Thanks.
0
Comment
Question by:benjilafouine
  • 10
  • 5
15 Comments
 
LVL 38

Expert Comment

by:Adam Brown
ID: 39943779
This is likely because the Exchange server sees the domain on your internal DNS, but doesn't see an MX record in that DNS zone. You can either configure a Send connector for the domain that the POP3 server uses and set it to use the POP3 as a smart host or you can add MX records to the internal DNS zone for your domainb.com mail server.
0
 
LVL 1

Accepted Solution

by:
benjilafouine earned 0 total points
ID: 39943796
Why would my Exchange server see the domainB in my internal DNS? And how can I validate that?

Are you suggesting that I create a special send connector in MS Exchange just for sending to DomainB? How do I do that (never did that before)?

SmarterMail is definitely not linked with Ad (but is linked with IIS on the smartermail server).
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 39943806
Wow!!!! I created the connector as you said in Exchange (to the best of my knowledge) and it worked!!!! Please explain this to me, I am dying for an explanation!!!

Benji.
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 39943818
If you have domainb.com listed as a DNS forward lookup zone in your AD domain, then the Exchange server will use that DNS information for lookups and no external info will be available. Usually that external info includes MX records. By default, Exchange uses MX records to route mail, so if it queries its own DNS servers for a record in Domainb.com and it returns that the DNS server has records for that domain on it, but no MX records, it can't route mail.

At any rate, you can create a new send connector by going to Organization Config > Hub Transport. Click the Send Connectors Tab, right click in the middle window and select New Send Connector. Give the connector a unique name and click Next. Click Add, then enter domainb.com under Address Space and click OK, then Next. Select Route Mail through the following smart hosts, then click Add. Enter the IP of the POP3 server. Click OK, then next. The authentication page will depend on what type of security you have on the POP3 server, most likely you can just select None. Then accept the rest of the defaults and click New. Once that's done, all mail sent from users on the Exchange server to Domainb.com will go directly to the POP3 server's SMTP interface.
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 39943829
To continue (I edited my last response in case you missed it), setting up the send connector instructs the Exchange server to route mail destined to the domain you configure the send connector with directly to an SMTP server rather than using DNS lookups to get routing info for email.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 39943843
I understand very well how this new connector works (basically making an exception for domainB) but I am still trying to find where my Exchange server would pickup a wrong DNS record in AD. Unless the mix up happens at the router level (after all it manages both public IP addresses). This domainB has never been part of my MS Exchange and current AD structure as far as I know.

Where would I find such a record if it exists within my environment?
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 39943868
You would need to log in to a Domain Controller and open up DNS. Expand Forward Lookup Zones and see if DomainB.com is listed there. If it is, then your Exchange server is pulling DNS from there.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:benjilafouine
ID: 39944030
I had already done that in anticipation of your answer: negative. This domainB never existed in my AD domain before (or in my Exchange server). I had used it in a lab in a separate domain since last year (on and off) and that's it.

Nevertheless, my main Exchange server did send some emails to this domainB when I tested it last year and in my Outlook cache, I still had this domainB address embedded in my "on the fly" Outlook address book, which I deleted of course (today). But, hey, there could still be a trace of it somewhere as I know for a fact that a MS Exchange server takes very long to "forget". I deleted a domain from my Exchange server last month and for two weeks it kept looking for it internally.

I will wait for a response from my ISP and my router manufacturer but your certainly deserve the points to close this question.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 39972364
I made some more testing. This situation only happens when both email servers are behind the same router (that has two fixed IP addresses). I moved my email server to a third site to test and everything was working.

My router manufacturer is still looking up the issue but creating the new connector is definitely the short route.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 39987599
The connector to bypass the situation was a good idea but it was not the solution. The issue was a "loopback" issue with the router, meaning that one public IP address was not trusting the other public address because the emails were trying to take a shortcut inside the router between the two interfaces.

The manufacturer finally resolved by adding "any-trusted" in the two smtp rules that I had. I wish I could give more info about the manufacturer, the ports and the solution but my company is keeping a low-profile on its security features for security reasons (you will certainly understand why).

So once more, I came up with my own solution. But I will award you the points because you helped prove my point to the manufacturer who at first, dismissed my issue.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 40002674
I've requested that this question be closed as follows:

Accepted answer: 0 points for benjilafouine's comment #a39943806

for the following reason:

The problem was in the router but the solution offered did work as a bypass.
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 40000342
You may want to change your close so it awards some points. Right now it awards none.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 40002665
I will assign points.
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 40002675
I will retry closing this question.
0
 
LVL 1

Author Closing Comment

by:benjilafouine
ID: 40011157
Here is the close. Thanks.
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now