Exchange 2013 emails not sending.

Hi,

Following a successful (I thought) set up of Exchange 2013 and Domain controller, both as virtual machines on the same physical  Server (LeNovo), also running Server 2012, after much experimenting and checking of settings we cannot get emails to send from Exchange 2013.

Other things to note are: -
The incoming emails are routed through a program called POPcon as the emails are from a service provider who does not provide an SMTP feed.  i=Incoming emails seem to work.
We have configured two DNS servers, one being the Domain controller (virtual Machine) and one being the physical Server where the two VMs reside.  The second DNS server was configured after we were exhausting possibilities for resolving this issue and thought it might help...!
Certificates that were working, stopped working and have become untrusted, requiring a reset.
Outlook can connect to Exchange from the workstations
Emails are coming in
Mobile phones won’t connect/synchronise

I am thinking that the other issues will resolve once we sort out the SMTP send problem, and that is my first objective.

When attempting to send, emails appear in the 'drafts folder.  This is well documented and the reason given is related to DNS configuration, but having read a number of the fixes, all seem to suggest the DNS is poorly configured.  I am ready to accept I have configured this wrongly, but cannot find out what is wrong.  The Exchange Server can access web sites and it can ping web sites by name.  

Furthermore the emails that get queued up in the 'Drafts' folder do eventually get sent typically about 8 hours later.

If you think it is a DNS configuration issue. What should I be checking?

Your help will help close down the longest server install I have ever been involved with.

Thanks for reading this
CarmeldanITAsked:
Who is Participating?
 
CarmeldanITAuthor Commented:
Regrettably they have had to get another company involved, so this will remain unsolved here.
0
 
K BCommented:
Try https://testconnectivity.microsoft.com (Outbound SMTP Email)

Also grab the header from one of the successfully delivered emails and paste into here to see message hops: http://mxtoolbox.com/EmailHeaders.aspx

Let me know results
0
 
K BCommented:
Also run...
 Get-TransportService | FL cmdlet and reply with ExternalDNSServers and InternalDNSServers

IPCONFIG /all on the Exchange Server and Domain Controller.
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
K BCommented:
The second server is running active directory integrated DNS?

From the Exchange Server run from elevated command prompt:
nslookup smtp.gmail.com
what is the result?
0
 
Leroy LuffHead of IT & DIgitalCommented:
Before i would blame dns I would look at your SMTP configuration.

Please run Get-SendConnector "Send connector name" | Format-List
0
 
CarmeldanITAuthor Commented:
Hi,
Thanks for your input.

1) The test connectivity for outbound SMTP Mail goes through without error.  


2)
Hop      Delay      From      By      With      Time (UTC)      Blacklist
1      *      EXCH-Svr-2013.OFEC2.local      EXCH-Svr-2013.OFEC2.local      mapi      3/20/2015 11:23:17 PM      
2      1 Second      EXCH-Svr-2013.OFEC2.local 192.168.2.250      EXCH-Svr-2013.OFEC2.local 192.168.2.250      Microsoft SMTP Server (TLS)      3/20/2015 11:23:18 PM      Not blacklisted
3      5 minutes      EXCH-Svr-2013.OFEC2.local 81.174.250.49      sgmail.link-connect.net.uk      ESMTP (TLS)      3/20/2015 11:27:48 PM      Not blacklisted




Header Name      Header Value
Received-SPF      pass (Last token {ip4:81.174.250.49} (res=PASS)) client-ip=81.174.250.49; envelope-from=<Administrator@ofec.co.uk>; x-ip-name=anita398.plus.com;
Return-Path      <Administrator@ofec.co.uk>
From      Administrator <Administrator@ofec.co.uk>
To      "phil-smith@inet-synergy.co.uk" <phil-smith@inet-synergy.co.uk>
Subject      test thur 23:28
Thread-Topic      test thur 23:28
Thread-Index      AQHQYpxl3gmakPfoQ0SQyr7RLsV9UQ==
Date      Thu, 19 Mar 2015 23:28:26 +0000
Message-ID      <04390db0b8f34fce8d29705113dc94dc@EXCH-Svr-2013.OFEC2.local>
Accept-Language      en-GB, en-US
Content-Language      en-GB
X-MS-Has-Attach       
X-MS-TNEF-Correlator       
x-ms-exchange-transport-fromentityheader      Hosted
Content-Type      multipart/alternative; boundary="_000_04390db0b8f34fce8d29705113dc94dcEXCHSvr2013OFEC2local_"
MIME-Version      1.0
X-Originating-IP      81.174.250.49
X-Rcpt-To      <phil-smith@inet-synergy.co.uk>
X-SpamDetect      : 0.0 sd=0.0 Close nspam=1 nok=8 0.11 $0.70(X-myrbl:unknown) 0.69(unknown_lang) $0.35(X-Verify-MX present) 0.63(unknown_small)
X-LangGuess      Unknown
X-Probe      +OK skipped, known ip address
X-Phrase      Unknown score=0.50
X-Verify-MX      <Administrator@ofec.co.uk> senders ip (ch=81.174.250.49 msg=81.174.250.49, net=81.174.) not in mx data dom=ofec.co.uk ipname=anita398.plus.com (89.238.188.12)
X-Encryption      SSL encrypted
X-MyRbl      Color=Unknown (rbl) Age=0 Spam=0 Notspam=0 Stars=0 Good=1 Friend=0 Surbl=0 Catch=0 r=0 ip=81.174.250.49
X-IP-stats      Incoming Last 0, First 133, in=83, out=0, spam=0 ip=81.174.250.49
Status      U

Will respond to the other replies shortly  
Cheers
0
 
K BCommented:
Did you disable the firewall service?  You want to make sure it is enabled but set to off.
When you installed exchange did you make any changes from the out of the box configuration.
It appears to take five minutes for the email to travel from the exchange inside interface to the outside public interface.
Also, I agree with Leroy, what does the Send connector look like?
0
 
CarmeldanITAuthor Commented:
Get-TransportService | FL cmdlet and reply with ExternalDNSServers and InternalDNSServers

External Servers is reporting: -
89.238.133.66  
192.168.2.3
8.8.8.8
106.186.115.231
The 192.168.2.3 is the internal DNS server.  Not sure why it is appearing  as an external one

IPCONFIG /all on the Exchange Server and Domain Controller.

Exchange Server IPCONFIG: -
Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hyper-V
Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-02-04-03
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . :
192.168.2.250(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 192.168.2.3
                                       192.168.2.4
                                       8.8.8.8
   Primary WINS Server . . . . . . . : 192.168.2.250
   Secondary WINS Server . . . . . . : 192.168.2.3
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter
isatap.{0D6A34AA-C923-4879-873D-62F2211D6014}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP
Adapter #2
   Physical Address. . . . . . . . . :
00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling
Pseudo-Interface
   Physical Address. . . . . . . . . :
00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

DC IPCONFIG: -

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Server2012
   Primary Dns Suffix  . . . . . . . : OFEC2.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : OFEC2.local

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hyper-V
Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-02-04-04
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . :
192.168.2.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 192.168.2.3
   Primary WINS Server . . . . . . . : 192.168.2.3
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter
isatap.{126453B8-8B0D-4CB1-9E7C-80212626865E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP
Adapter #2
   Physical Address. . . . . . . . . :
00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
0
 
CarmeldanITAuthor Commented:
Hi Leroy,

Send Connector Format list below: -

[PS] C:\Windows>Get-SendConnector SMTPout | Format-List


AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
CloudServicesMailEnabled     : False
Comment                      : No Proxy
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         :
FrontendProxyEnabled         : False
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : EXCH-SVR-2013
Identity                     : SMTPout
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
MaxMessageSize               : 100 MB (104,857,600 bytes)
Name                         : SMTPout
Port                         : 25
ProtocolLoggingLevel         : None
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group
(DWBGZMFD01QNBJR)
SourceTransportServers       : {EXCH-SVR-2013}
TlsAuthLevel                 :
TlsCertificateName           :
TlsDomain                    :
UseExternalDNSServersEnabled : True


Thanks for your help
Phil
0
 
CarmeldanITAuthor Commented:
Hi K B,

The nslookup gives the response below: -

Server:  server2012.ofec2.local
Address:  192.168.2.3

Non-authoritative answer:
Name:    gmail-smtp-msa.l.google.com
Addresses:  2a00:1450:400c:c03::6d
          173.194.66.108
          173.194.66.109
Aliases:  SMTP.gmail.com
0
 
CarmeldanITAuthor Commented:
Did you disable the firewall service?  No
You want to make sure it is enabled but set to off. I have set it to off for Private, Public and domain as I wasn't sure which one you meant.  It stills drops outgoing mail into the Drafts folder.
When you installed exchange did you make any changes from the out of the box configuration. Not knowlngly.  I followed instructions for this as it is way different to previous versions especially working with VM
It appears to take five minutes for the email to travel from the exchange inside interface to the outside public interface.

Also, I agree with Leroy, what does the Send connector look like?
Send Connector format list shown above in anoth3r reply.  DO yo uneed any other information?
0
 
K BCommented:
Please confirm these:

Firewall service should be set to automatic and started on all machines.
from Elevated command prompt on all machines type firewall.cpl hit "enter"
Click "Turn Windows Firewall On or Off"
Click "Turn off Windows Firewall" for all locations.

Why do you have WINS, Is it required for something?
I would remove WINS entries and uninstall the WINS service.

Issue a IPCONFIG /flushdns on all boxes.

Fully patch all operating systems, reboot check for patches again , repeat till there are zero patches (stay away from KB3002657. KB3002657 and the .net 4.5)
0
 
K BCommented:
Any luck after removing wins? (rebooting might be necessary)

Is this a fresh domain and Exchange network?

Run:
Get-ExchangeServer | Select Name, AdminDisplayVersion

Is the Hyper-V server up to date?  Firewall completely off there?

What issue are you having with certificates did you say?

Look at the Queue Viewer and report why messages aren't being transmitted:

Click Start > All Programs > Microsoft Exchange 2013 > Exchange Toolbox.
In the Mail flow tools section, double-click Queue Viewer to open the tool in a new window.
In Queue Viewer, click the Queues tab. A list of all queues on the server to which you're connected is displayed.
You can use the Export List link in the action pane to export the list of queues. For more information, see Export lists from Queue Viewer.
Look at the messages with issues by double clicking them and let me know the delay or error please.

Remove all Antivirus programs completely until we have this worked out.

Are there any other programs other than the Operating System on hyper-v, DC's or DNS servers?
Are there any other programs other than the Operating System and Exchange on the Exchange Server?

I would focus on one DNS server for now (the DC) as that didn't seem to resolve your issue.  If it helped let me know.

The PTR record (reverse DNS) for the external IP 81.174.250.49 is anita398.plus.com with a TTL of 12 hrs

I would lower TTL of all these records as low as they can go till this is rectified.

Lastly, what type of firewall/gateway is 192.168.2.1 ?

Sorry to throw so much at once and I really hope we do get this resolved.
When must this be up and running?
0
 
K BCommented:
Last one till I hear back :-)

Open Port 587 to your server

What happens to the queue when you reboot exchange?

Try this (replace john@contoso.com with an email address that will get mail):
Test-Mailflow -TargetEmailAddress john@contoso.com

On the Hyper-V server select the individual IP addresses instead of "All Network Adapters"

DNS server forwarders empty?  or did you add your ISPs DNS servers?
0
 
CarmeldanITAuthor Commented:
Hi K.B.

Firewall service set to automatic, started on all machines and turned of on all three firewall groups.
WINS Disabled or uninstalled. It was used because of the problems , possibly with DNS. Now removed
Issue a IPCONFIG /flushdns on all boxes. - Done

Fully patch all operating systems, reboot check for patches again , repeat till there are zero patches (stay away from KB3002657. KB3002657 and the .net 4.5) - part Installed - very slow, but not .Net 4.5.x

Is this a fresh domain and Exchange network? Yes

Get-ExchangeServer | Select Name, AdminDisplayVersion Geting syntax errors, tried various changes without success.

Is the Hyper-V server up to date?  Firewall completely off there? Yes

What issue are you having with certificates did you say?

Look at the Queue Viewer and report why messages aren't being transmitted: Not found it yet.
Updates soon
0
 
CarmeldanITAuthor Commented:
Error log report. Not sure if it is relevant, but this error is showing up every 4 hours: -
MSExchange Cmdlet Logs
(PID 7060, Thread 61) Task Get-HealthReport throwing
unhandled exception: System.ArgumentException: sessionState
   at
Microsoft.Exchange.Configuration.Tasks.ExchangePropertyContainer.GetProvisioningBroker(ISessionState
sessionState)
   at
Microsoft.Exchange.Provisioning.ProvisioningLayer.GetProvisioningHandlersImpl(Task
task)
   at
Microsoft.Exchange.Provisioning.ProvisioningLayer.GetProvisioningHandlers(Task
task)
   at
Microsoft.Exchange.Configuration.Tasks.Task.<BeginProcessing>b__4()
   at
Microsoft.Exchange.Configuration.Tasks.Task.InvokeNonRetryableFunc(Action
func, Boolean terminatePipelineIfFailed
0
 
Leroy LuffHead of IT & DIgitalCommented:
HI,

On the send connector there is no smart host?  Are you delivering emails straight from a mx record?

Perhaps try turning of DNS routing on the send connector and create a smarthost from your isp?
0
 
K BCommented:
Let's look at queue viewer.
Click start and type: Exchange toolbox
You should be able to run that and then run the Queue Viewer.
Leroy, I am not sure why you would use a smarthost unless you were routing mail out to a spam filter device or some other service was handling the delivery.
0
 
CarmeldanITAuthor Commented:
Ref Queue Viewer
I can see incoming emails shown in the email database folder, but there are no outgoing emails that I can see in the Submission list.  Also the delivery type is shown as 'undefined'.

Lastly there is an error that comes up as shown on the attached file.  Does this indicate anything?EXCH-error.jpg
0
 
K BCommented:
So what drafts folder does it back up in?
Outlook?
0
 
Leroy LuffHead of IT & DIgitalCommented:
We use a smarthost to mimecast for security reasons - I am just suggesting this as a test.
0
 
K BCommented:
Yeah if he has access. Sure.
0
 
CarmeldanITAuthor Commented:
I am using Outlook Web App and it sits in the drafts folder there until it gets sent. This takes 12 hour, but the time is random.

As it is sent after that time, I would have expected it to appear in the Viewer, but cannot see it there.  Am I looking in the right place?
0
 
CarmeldanITAuthor Commented:
Additional Details
 
Elapsed Time: 166 ms.  
I've tried sending via smart host but the result is the same.

Also Ran another Remote Connectivity Analyser.  It is reporting there is no SPF record although when you run the SPF wizard it can be found.  We did have this resolved last week (unless my colleague wasn't looking properly) but now it is not being picked up.  What effect would this have?  
Connectiviy analyzer section with the SPF error
 Test Steps
 Attempting to find the SPF record using a DNS TEXT record
query.
  The Microsoft Connectivity Analyzer wasn't able to find
the SPF record.
  Additional Details
  No records were found.
Elapsed Time: 166 ms.
0
 
K BCommented:
Yes make sure PTR and SPF record are correct.
0
 
CarmeldanITAuthor Commented:
Hi, There seems to be some issue with the SPF.  Trying to resolve that.  May take some hours to propagate.
0
 
K BCommented:
I would change PTR record while you're at it. Also change TTL so if you have to revert back it's not an issue with time again
0
 
CarmeldanITAuthor Commented:
I appreciate the help given, but was unable to complete the project with it. The client has taken further advice elsewhere.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.