Server clients can't browse internet . Exchange clients on outlook Can't send external . Certificate issue! Please help!!

Ryan Ward
Ryan Ward used Ask the Experts™
on
SBS 2011 Environment running exchange 2010   SP3.   CiscoRv82 i believe is model (8 port vpn router)    Background info.  Server was migrated from a SBS 2008 box that was just too slow.  Migration pretty much went as successful as I could hope from a wizard.   Folder redirection was broke but Exchange for the most part moved over without issue.  

About 2 months after the migration everything just halts.  

Computers can browse to Google and a few other random sites but mostly just get a certificate error pointing back to my own server along with the IIS7 splash page.   I realized no matter what domain I type, if I put /owa at the end of it, it will load my web app page.   DNS however does resolve in NSlookup regardless of what site I try.    I.E.   I can go to www.nba.com/owa and the server redirects to localhost/owa.     The certificate error pretty much says certificate from remote.mysever.com is untrusted.  

I should note to rule out DNS issues i can ping anywhere externally via ip and dns name.  

Also Outlook is able to receive emails but is not able to send.  It keeps telling me my remote server is rejecting the message from being delivered.   Error is remote.(domain).com #550 5.7.1 Unable to relay ##    I've tried reissuing self cert to no avail.   Outlook acts so broken now it crashes unless I open outlook with /safe parameter.  


I'm wondering if maybe some IIS bindings / certificates got messed up and that's why its redirecting me there every time but I have literally went and reset them a billion times to the point where I just keep fixing and rebreaking OWA etc.   Tried Fix My network WIzard a billion times.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Greetings,


check the following solution
Open the Exchange System Manager;

Go in Administrative Groups -> Administrative group name -> Server -> Server name -> Protocols -> SMTP;

Right click on Default SMTP Virtual Server -> properties;

Access tab -> Relay buttom;

Select "only the list bellow" and add your domain and\or IPs you do want to allow the relay

 and finally check  the "Allow all computers witch successfully authenticate to relay, regardless of the list above" checkbox.

Source:
https://social.technet.microsoft.com/Forums/en-US/1a84a06a-f1c8-40b4-ace8-1e264f218aa1/550-571-unable-to-relay-for?forum=exchangesvrsecuremessaginglegacy

go to command prompt, type iisreset /stop
then command prompt, type iisreset /start

go to services : click startup type on the top - check all Automatic services are start and running - if not running then start those services--

all the best
You can try SBS BPA:
https://support.microsoft.com/en-us/kb/2673284 

and also Microsoft IT Environment Health Scanner:
https://www.microsoft.com/en-us/download/details.aspx?id=10116


Jarda
Ryan WardNetwork Administrator

Author

Commented:
BPA didn't really isolate issue.  

Saik I believe thats for Server 2003,  I am on 2011 that option is not available
Network Administrator
Commented:
UPDATE:



I have reset the routers config and internet is working again.  No more splash page!!  
Email is flowing both ways again.  

Still need to figure out which is the best route to go for establishing folder redirection to work on the new server.   A few clients are still pulling their redirected folders from the now non DC old server.  :/  New redirected folders show up but I think its a permission issue somewhere according to logs.

Thankfully I figured the biggest part of this out.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial