SBS2011 - suddenly can't receive external emails, internal ok and can send ok.

Help currently on site

Suddenly can't  receive external emails. Can send ok and internal email is fine. Cell phones out in the filed cannot get email.

- 71 gb of space on drive c:

- Ran the remote connectivity analyzer and it had one error (see pic)
- Have one LSAsvr error in event logs - about no authentication protocol available. Seems to be ok at this point
- Ran exchange mail flow troubleshoot assistance:  Mail acceptance test failed: service not available, closing transmission channel Server response 4.3.2 service not available....2nd message Server does not support secure connections.
- EX Mail submission service is running.

Need some advice...not sure where to look from here?  Not sure what changed today.......Q: is the exchange stor included in the Drive C: total used space?   if the Ex DB stor is over 71 GB's is that the issue?

Question: I have 71 GB of space on drive C:.

mailreject.jpgremote-connectivity-error.jpg
JoemtAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
smtp       mail.beallawfirm.com       Warning - Reverse DNS does not match SMTP Banner       
smtp       mail.beallawfirm.com       Warning - Does not support TLS.

you have a certificate error
0
JoemtAuthor Commented:
How did you determine that?   (for learning purposes)

How do I go about fixing it.........what would suddenly cause that to take place on a server?
0
David Johnson, CD, MVPOwnerCommented:
mxtoolbox.com ..

reverse dns .. add a reverse zone in your dns settings that point to your mail server
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

JoemtAuthor Commented:
Could you please point me to a "how to" ?

I see two entries in the server DNS Reverse lookup zones.
0
JoemtAuthor Commented:
Is there anyone who can help me create this reverse dns entry?
0
JoemtAuthor Commented:
I'm seeing an expired certificate on the server (2014)Certificate that is expired
I'm not sure on which choices to choose to create just the IIS certificate.

Can some one help
0
JoemtAuthor Commented:
Ok Ran "Fix my network": It found a certificate error. told it to fix it.  
 It added 2 certificates and now I can't get to owa or remote any longer (could prior)
........just the "There is a problem with this website’s security certificate"
 

Please can someone help me get this straightened out.
Exchange-experts-certifcates-2newl.jpg
0
David Johnson, CD, MVPOwnerCommented:
did your purchased certificate expire and what is the certificate error you are getting
0
duzbinCommented:
Hi, you definitely have a certificate error, you can run the "fix my network" wizard which will create a certificate on the server, you do not need to purchase a 3rd party certificate, it saves the updated certificate here: C:\Users\Public\Downloads
Go and check that the certificate is there and that it is updated, install the certificate on the server and do a reboot, let me know if you still get the cert. error?
0
JoemtAuthor Commented:
I ran the "fix my network". It created 2 new certificates.  I'm not sure why. Is it common for certificates to break?

I can acccess the owa and remote with IE - had to delete old certicate from IE. I tried to import the certificate to IE, appeared to work but is not listed in the "Trusted root cert auth".

New issue:  

1. is the certifcate not be a root certificate? The certificate distribution package has the old certificate.  Is there an easy way to update this?
 
2. The clients cell phones are no longer getting email as of this morning. was working late last night. They use their exchange account.
0
JoemtAuthor Commented:
Here is a screen shot of the certificates
experts-new-cert-marked.jpg
0
JoemtAuthor Commented:
Questions:

1. Should I delete the old certificate?
2. the services are different on the new certificates - is this whats causing trouble with the iphones?
0
David AtkinTechnical DirectorCommented:
Hello,

It looks like your SonicWall is answering port 25?  Are you using this for filtering??

The certificate date and name on OWA is valid.  

If you haven't already, check the queues from EMC.  Restart the Exchange Transport Service and the mail submission service.

Can you confirm how much free disk space you have on all drives?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JoemtAuthor Commented:
- Drive. c: 63.7 GB of space - Data drive over 764 gb free

- Queues are empty

- restarted the two services  -  One phone started working.......other phone attempted to add email account failed - could not authenticate....I have asked for exact error message

Question for mobile device access:  
EMC > Organization Config > Hub Transport > Accepted Domains    <domain>.local is not the default - should it be?
the default is the .com

As for port 25 - not sure
0
JoemtAuthor Commented:
Phones once soft reset are working.........thank you.  I'm going to give it a couple hours and see if all is good.
0
David AtkinTechnical DirectorCommented:
Ok let us know.  

The accepted domains is fine.

Have you got the latest Exchange Service Pack and rollups installed?
0
JoemtAuthor Commented:
Revisions:

expert-version.jpg
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.