[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Server is "down"

Posted on 2016-08-15
Medium Priority
Last Modified: 2016-08-17
Client moved server to a new building with a new ISP, AT&T.
I entered the new static, public IP address, subnet mask and default gateway into the SonicWALL.
The MX record was pointed to the new IP address.

Hyper-V host is Server 2008 R2.
The only VM is SBS 2011.

The host has Internet access with both IE and Chrome able to browse.

The SBS VM has Internet access. I know because I'm able to remote into it with Teamviewer.

BUT...neither IE nor Chrome are able to browse.

Exchange isn't working and the server can't download MS updates.

From the SBS VM, I can ping out to external IP addresses and domains successfully.

I've run the Connect to the Internet wizard and restarted the VM more than once to no avail.

What am I missing?



Question by:markperl1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2

Assisted Solution

Triforce2000 earned 1400 total points
ID: 41757387
Dear Mark, Did you telnet port 25 from a remote location to see if the traffic is passing the firewall and goes to the Exchange server?
After you changed the default gateway and other ip settings on the SBS server and host, did you also changed the DNS forwarders with the ip adresses from your new your new ISP?


Also verify the A records in your DNS zone.
LVL 17

Expert Comment

by:Sajid Shaik M
ID: 41757431
what about local e-mails are working ?

are you able to telnet port 25 from server ?

is your smtp resolving the latest IP address ..check in www.mxtoolbox.com 

type your domain name and mxlookup

then smtp test...

all the best

Author Comment

ID: 41757441
Triforce2000 & Shaik

Unable to telnet from external source, but can telnet to port 25 from host to vm

MXTOOLBOX does see the correct MX record but SMTP test is unable to connect

The A record is correct.

Re: DNS forwarders, where would I look for these?

Thank you!
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

LVL 17

Accepted Solution

Sajid Shaik M earned 600 total points
ID: 41757453
that's in your firewall ...


first of all if you are using the same firewall with same configuration settings?
 then just you have to change the interface IP address, Sub net mask, gateway, DNS properly, then check the connectivity of the port by pinging from out side....

then check the address object of the exchange server, weather the IP is same as mentioned earlier,
then check and service Objects as well,.then check the firewall rule see the attached image...

Expert Comment

ID: 41757461
Hi Mark, if you cannot telnet remote to port 25 then you need to configure  a  port forwarding rule tcp port 25 pointing to the internal lan address from the SBS server.
Can you perform a tracert from the SBS to
If DNS forwarding is configured, you can verify it here below:

It could be that you use DNS root servers to rersolve internet traffic and then you don't need to change anything in DNS Forwarders:

To configure a DNS server to use forwarders using the Windows interface  
1.Open DNS Manager.

2.In the console tree, click the applicable DNS server.

◦ DNS/Applicable DNS server

3.On the Action menu, click Properties.

4.On the Forwarders tab, under DNS domain, click a domain name.

5.Under Selected domain's forwarder IP address list, type the IP address of a forwarder, and then click Add.

DNS Root servers:


Expert Comment

ID: 41757465
Also as Shaid mentionend, verify the config from the firewall.
The lan interface should be in the same network as the SBS server and the clients.
IP settings including default Gateway and DNS should be adjusted for the new environment.

Author Comment

ID: 41758856
Sorry...thought I'd put this to bed last night with the solution.

Shaik was correct. The solution was an address object for the public IP address that I'd forgotten about...and was way at the bottom of the address objects list in the SonicWALL.

I also added a THANK YOU to Shaik and Triforce2000!

Once I updated it's public IP address, e-mail started flowing into Exchange and all was well again.

At least that's what I thought last night at o'dark thirty before I went to bed.

Client informed me tonight that all outgoing e-mail was getting bounced back with "This message hasn't been delivered yet. Delivery will continue to be attempted. The server will keep trying to deliver this message for the next 1 days, 19 hours and 51 minutes. You'll be notified if the message can't be delivered by that time."

Internal e-mail works OK as does incoming e-mail.

MXToolbox,com's SMTP test results:
      SMTP Banner Check       Reverse DNS does not match SMTP Banner       
      SMTP Transaction Time       7.766 seconds - Warning on Transaction Time       
      SMTP Reverse DNS Mismatch       OK - resolves to 99-40-28-1.uvs.irvnca.sbcglobal.net       
      SMTP Valid Hostname       OK - Reverse DNS is a valid Hostname       
      SMTP TLS       OK - Supports TLS.       
      SMTP Connection Time       0.734 seconds - Good on Connection time       
      SMTP Open Relay       OK - Not an open relay.

I asked their DNS host tech support if "Reverse DNS does not match SMTP Banner" was the problem, and they said the new ISP had to fix that.

So I'm stumped and need help again!

LVL 22

Expert Comment

by:David Atkin
ID: 41760301
You may need to change your smarthost if you were using your old ISPs mail servers - Some ISPs only let you use them if you're on their network.  If you do think its this then, you could disable the smarthost for now (via the SBS Console) and let the server send directly until you can get the correct details.

If you have an SPF record setup in external DNS you may also need to update that if it specified your old external IP address.

You'll need to ask your new ISP to change the rDNS on your connection so that it matches your Servers External name (in your case mail.M*******w.com).
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 41760490
Because it's an SBS when you change any of the networking you MUST run the Connectivity Wizards.

Open the Windows Small Business Server Console > Network > Connectivity

First run the Connect to the Internet Wizard, followed by the Set up your Internet Address, and then finally run the Fix My Network Wizard which will take all that new information provided by the first two and put it in the right place on the server.

Of course you also need to make sure your firewall is properly configured, and you should update your SPF record and reverse DNS Setting as mentioned above.

Author Closing Comment

ID: 41760510
Many factors in play after the address object was updates.
First and foremost was that somehow Exchange was "broken" and no longer seemed connected to AD. I know this because I finally called in a Live EE expert, MAS, who had to reinstall Exchange then do lots of tweaking.

The new ISP, AT&T, was also blocking port 25 outbound. This was resolved very quickly with a call to them. I also submitted a form to them to create a PTR record.

Thank you to all who pitched in with ideas! This community rocks!

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question