Reverse DNS does not match SMTP Banner after changing SSL cert to .com from .local

We successfully updated our SSL cert for exchange 2010 to a from the exchange.domain.local

Mail is flowing. and I believe we took all the internal DNS and Exchange updates.

but I am getting the reverse dns does not match error when looking us up on

Not sure why
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If your ssl certificate is, then the smtp banner for the ehlo/helo response *should* also be  At this point, you would contact your isp and have them update the reverse dns of your external ip so that it also matches

ParisBPAuthor Commented:
the external address has always been.

the internal was exchange.local

not sure what the isp should be updating
What ehlo/helo response do you get from a telnet session to your Exchange server?  For Windows Vista and above you *need* to ensure that you have the 'Telnet Client' feature installed.Capture.JPGOnce this installed then you would do the following:

1. Open an administrative command prompt.

2. Type in [b]telnet[/b] and press enter.


3. Type [b]open <exchange server address> 25[/b] and press enter.

I have an internal cname for mail that points to my exchange server.Capture.JPG

4. Type [b]ehlo[/b] or [b]helo[/b] and press enter.

Hello response should match what is reported by your external ip address (which in turn should also match the ssl certificate).Capture.JPG
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

ParisBPAuthor Commented:
ehlo produces the exchang.local address.
not the which is the ssl
Not a problem.  You can update your SMTP banner by doing the following:

Open a powershell console on the Exchange server:
Set-ReceiveConnector "Default Frontend server" -Banner "220"

Open in new window

Where is the A record that you have registered externally for your mail server; e.g.

ParisBPAuthor Commented:
ok that is giving me an error stating exchange.local could not be found on our DC??
What is the exact error message?  Could you possibly post a snippet or screen cap (make sure to remove any sensitive information)?

ParisBPAuthor Commented:
Sure thing and thanks
the operation couldn't be performed because the object "exchange.domain.local \default frontend server couldn't be found on dc.domain.loccal
I think I see the error, use the Get-ReceiveConnector command in order to display all of your receive connectors.  Then try using the Set-ReceiveConnector command with the Identity as presented by the Get-ReceiveConnector command.

You will recognize the connector you need to modify by looking at the Bindings column and identifying the connector(s) using port 25; e.g. -Capture.JPG-saige-
ParisBPAuthor Commented:
get-receiveconnector gives me

exchange\default (25)

I then run
set-recevieconnector "exchange" -banner "220"

and I still get the object exchange.domain.local\exchange cannot be found on dc.domain.local
categoryinfo   :Not specified (0:int32)
Try this instead:
Set-ReceiveConnector -Identity "Exchange\Default" -Banner "220"

Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ParisBPAuthor Commented:
Its not the commands. I am still getting cannot be found on DC... but dns and AD shows exchange.local

I can ping it from the dc
ParisBPAuthor Commented:
fullyqualifiederroid: a34f1af1
ParisBPAuthor Commented:
going over the telnet commands.. I can
telnet with

when I do an ehlo if gives me

ParisBPAuthor Commented:
Finally got this to work.
Glad you got it resolved.  What did the hang-up turn out to be?

ParisBPAuthor Commented:
added another receiver connector, as we couldn't update the default one.
Most likely that was the error that we were getting..
I appreciate the help. you definitely helped us corner it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.