Solved

Server is "down"

Posted on 2016-08-15
10
64 Views
Last Modified: 2016-08-17
Client moved server to a new building with a new ISP, AT&T.
I entered the new static, public IP address, subnet mask and default gateway into the SonicWALL.
The MX record was pointed to the new IP address.

Hyper-V host is Server 2008 R2.
The only VM is SBS 2011.

The host has Internet access with both IE and Chrome able to browse.

The SBS VM has Internet access. I know because I'm able to remote into it with Teamviewer.

BUT...neither IE nor Chrome are able to browse.

Exchange isn't working and the server can't download MS updates.

From the SBS VM, I can ping out to external IP addresses and domains successfully.

I've run the Connect to the Internet wizard and restarted the VM more than once to no avail.

What am I missing?

HELP!

Thanks

Mark
0
Comment
Question by:markperl1
  • 3
  • 3
  • 2
  • +2
10 Comments
 

Assisted Solution

by:Triforce2000
Triforce2000 earned 350 total points
ID: 41757387
Dear Mark, Did you telnet port 25 from a remote location to see if the traffic is passing the firewall and goes to the Exchange server?
After you changed the default gateway and other ip settings on the SBS server and host, did you also changed the DNS forwarders with the ip adresses from your new your new ISP?

http://sbs.seandaniel.com/2011/06/basics-of-local-dns-for-small-business.html

Also verify the A records in your DNS zone.
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 41757431
what about local e-mails are working ?

are you able to telnet port 25 from server ?

is your smtp resolving the latest IP address ..check in www.mxtoolbox.com 

type your domain name and mxlookup

then smtp test...

all the best
0
 

Author Comment

by:markperl1
ID: 41757441
Triforce2000 & Shaik

Unable to telnet from external source, but can telnet to port 25 from host to vm

MXTOOLBOX does see the correct MX record but SMTP test is unable to connect

The A record is correct.

Re: DNS forwarders, where would I look for these?

Thank you!
0
 
LVL 16

Accepted Solution

by:
Shaik M. Sajid earned 150 total points
ID: 41757453
that's in your firewall ...

sonicwall

first of all if you are using the same firewall with same configuration settings?
 then just you have to change the interface IP address, Sub net mask, gateway, DNS properly, then check the connectivity of the port by pinging from out side....

then check the address object of the exchange server, weather the IP is same as mentioned earlier,
then check and service Objects as well,.then check the firewall rule see the attached image...
s.jpg
0
 

Expert Comment

by:Triforce2000
ID: 41757461
Hi Mark, if you cannot telnet remote to port 25 then you need to configure  a  port forwarding rule tcp port 25 pointing to the internal lan address from the SBS server.
Can you perform a tracert from the SBS to 8.8.8.8?
If DNS forwarding is configured, you can verify it here below:

It could be that you use DNS root servers to rersolve internet traffic and then you don't need to change anything in DNS Forwarders:

To configure a DNS server to use forwarders using the Windows interface  
1.Open DNS Manager.


2.In the console tree, click the applicable DNS server.

Where?
◦ DNS/Applicable DNS server




3.On the Action menu, click Properties.


4.On the Forwarders tab, under DNS domain, click a domain name.


5.Under Selected domain's forwarder IP address list, type the IP address of a forwarder, and then click Add.


DNS Root servers:

http://kwsupport.com/2012/10/updating-dns-root-hints-on-sbs-2011/
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 

Expert Comment

by:Triforce2000
ID: 41757465
Also as Shaid mentionend, verify the config from the firewall.
The lan interface should be in the same network as the SBS server and the clients.
IP settings including default Gateway and DNS should be adjusted for the new environment.
0
 

Author Comment

by:markperl1
ID: 41758856
Sorry...thought I'd put this to bed last night with the solution.

Shaik was correct. The solution was an address object for the public IP address that I'd forgotten about...and was way at the bottom of the address objects list in the SonicWALL.

I also added a THANK YOU to Shaik and Triforce2000!

Once I updated it's public IP address, e-mail started flowing into Exchange and all was well again.

At least that's what I thought last night at o'dark thirty before I went to bed.

Client informed me tonight that all outgoing e-mail was getting bounced back with "This message hasn't been delivered yet. Delivery will continue to be attempted. The server will keep trying to deliver this message for the next 1 days, 19 hours and 51 minutes. You'll be notified if the message can't be delivered by that time."

Internal e-mail works OK as does incoming e-mail.

MXToolbox,com's SMTP test results:
      SMTP Banner Check       Reverse DNS does not match SMTP Banner       
      SMTP Transaction Time       7.766 seconds - Warning on Transaction Time       
      SMTP Reverse DNS Mismatch       OK - 99.40.28.1 resolves to 99-40-28-1.uvs.irvnca.sbcglobal.net       
      SMTP Valid Hostname       OK - Reverse DNS is a valid Hostname       
      SMTP TLS       OK - Supports TLS.       
      SMTP Connection Time       0.734 seconds - Good on Connection time       
      SMTP Open Relay       OK - Not an open relay.

I asked their DNS host tech support if "Reverse DNS does not match SMTP Banner" was the problem, and they said the new ISP had to fix that.

So I'm stumped and need help again!

Mark
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 41760301
You may need to change your smarthost if you were using your old ISPs mail servers - Some ISPs only let you use them if you're on their network.  If you do think its this then, you could disable the smarthost for now (via the SBS Console) and let the server send directly until you can get the correct details.

If you have an SPF record setup in external DNS you may also need to update that if it specified your old external IP address.

You'll need to ask your new ISP to change the rDNS on your connection so that it matches your Servers External name (in your case mail.M*******w.com).
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 41760490
Because it's an SBS when you change any of the networking you MUST run the Connectivity Wizards.

Open the Windows Small Business Server Console > Network > Connectivity

First run the Connect to the Internet Wizard, followed by the Set up your Internet Address, and then finally run the Fix My Network Wizard which will take all that new information provided by the first two and put it in the right place on the server.

Of course you also need to make sure your firewall is properly configured, and you should update your SPF record and reverse DNS Setting as mentioned above.
0
 

Author Closing Comment

by:markperl1
ID: 41760510
Many factors in play after the address object was updates.
First and foremost was that somehow Exchange was "broken" and no longer seemed connected to AD. I know this because I finally called in a Live EE expert, MAS, who had to reinstall Exchange then do lots of tweaking.

The new ISP, AT&T, was also blocking port 25 outbound. This was resolved very quickly with a call to them. I also submitted a form to them to create a PTR record.

Thank you to all who pitched in with ideas! This community rocks!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now