Avatar of Ryan Ward
Ryan Ward
Flag for United States of America asked on

Server clients can't browse internet . Exchange clients on outlook Can't send external . Certificate issue! Please help!!

SBS 2011 Environment running exchange 2010   SP3.   CiscoRv82 i believe is model (8 port vpn router)    Background info.  Server was migrated from a SBS 2008 box that was just too slow.  Migration pretty much went as successful as I could hope from a wizard.   Folder redirection was broke but Exchange for the most part moved over without issue.  

About 2 months after the migration everything just halts.  

Computers can browse to Google and a few other random sites but mostly just get a certificate error pointing back to my own server along with the IIS7 splash page.   I realized no matter what domain I type, if I put /owa at the end of it, it will load my web app page.   DNS however does resolve in NSlookup regardless of what site I try.    I.E.   I can go to www.nba.com/owa and the server redirects to localhost/owa.     The certificate error pretty much says certificate from remote.mysever.com is untrusted.  

I should note to rule out DNS issues i can ping anywhere externally via ip and dns name.  

Also Outlook is able to receive emails but is not able to send.  It keeps telling me my remote server is rejecting the message from being delivered.   Error is remote.(domain).com #550 5.7.1 Unable to relay ##    I've tried reissuing self cert to no avail.   Outlook acts so broken now it crashes unless I open outlook with /safe parameter.  


I'm wondering if maybe some IIS bindings / certificates got messed up and that's why its redirecting me there every time but I have literally went and reset them a billion times to the point where I just keep fixing and rebreaking OWA etc.   Tried Fix My network WIzard a billion times.
SBSExchangeOutlookEmail ServersActive Directory

Avatar of undefined
Last Comment
Ryan Ward

8/22/2022 - Mon
Sajid Shaik M

Greetings,


check the following solution
Open the Exchange System Manager;

Go in Administrative Groups -> Administrative group name -> Server -> Server name -> Protocols -> SMTP;

Right click on Default SMTP Virtual Server -> properties;

Access tab -> Relay buttom;

Select "only the list bellow" and add your domain and\or IPs you do want to allow the relay

 and finally check  the "Allow all computers witch successfully authenticate to relay, regardless of the list above" checkbox.

Source:
https://social.technet.microsoft.com/Forums/en-US/1a84a06a-f1c8-40b4-ace8-1e264f218aa1/550-571-unable-to-relay-for?forum=exchangesvrsecuremessaginglegacy

go to command prompt, type iisreset /stop
then command prompt, type iisreset /start

go to services : click startup type on the top - check all Automatic services are start and running - if not running then start those services--

all the best
Jaroslav Latal

You can try SBS BPA:
https://support.microsoft.com/en-us/kb/2673284 

and also Microsoft IT Environment Health Scanner:
https://www.microsoft.com/en-us/download/details.aspx?id=10116


Jarda
Ryan Ward

ASKER
BPA didn't really isolate issue.  

Saik I believe thats for Server 2003,  I am on 2011 that option is not available
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER CERTIFIED SOLUTION
Ryan Ward

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.