Solved

Server is "down"

Posted on 2016-08-15
10
56 Views
Last Modified: 2016-08-17
Client moved server to a new building with a new ISP, AT&T.
I entered the new static, public IP address, subnet mask and default gateway into the SonicWALL.
The MX record was pointed to the new IP address.

Hyper-V host is Server 2008 R2.
The only VM is SBS 2011.

The host has Internet access with both IE and Chrome able to browse.

The SBS VM has Internet access. I know because I'm able to remote into it with Teamviewer.

BUT...neither IE nor Chrome are able to browse.

Exchange isn't working and the server can't download MS updates.

From the SBS VM, I can ping out to external IP addresses and domains successfully.

I've run the Connect to the Internet wizard and restarted the VM more than once to no avail.

What am I missing?

HELP!

Thanks

Mark
0
Comment
Question by:markperl1
  • 3
  • 3
  • 2
  • +2
10 Comments
 

Assisted Solution

by:Triforce2000
Triforce2000 earned 350 total points
ID: 41757387
Dear Mark, Did you telnet port 25 from a remote location to see if the traffic is passing the firewall and goes to the Exchange server?
After you changed the default gateway and other ip settings on the SBS server and host, did you also changed the DNS forwarders with the ip adresses from your new your new ISP?

http://sbs.seandaniel.com/2011/06/basics-of-local-dns-for-small-business.html

Also verify the A records in your DNS zone.
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 41757431
what about local e-mails are working ?

are you able to telnet port 25 from server ?

is your smtp resolving the latest IP address ..check in www.mxtoolbox.com  

type your domain name and mxlookup

then smtp test...

all the best
0
 

Author Comment

by:markperl1
ID: 41757441
Triforce2000 & Shaik

Unable to telnet from external source, but can telnet to port 25 from host to vm

MXTOOLBOX does see the correct MX record but SMTP test is unable to connect

The A record is correct.

Re: DNS forwarders, where would I look for these?

Thank you!
0
 
LVL 16

Accepted Solution

by:
Shaik M. Sajid earned 150 total points
ID: 41757453
that's in your firewall ...

sonicwall

first of all if you are using the same firewall with same configuration settings?
 then just you have to change the interface IP address, Sub net mask, gateway, DNS properly, then check the connectivity of the port by pinging from out side....

then check the address object of the exchange server, weather the IP is same as mentioned earlier,
then check and service Objects as well,.then check the firewall rule see the attached image...
s.jpg
0
 

Expert Comment

by:Triforce2000
ID: 41757461
Hi Mark, if you cannot telnet remote to port 25 then you need to configure  a  port forwarding rule tcp port 25 pointing to the internal lan address from the SBS server.
Can you perform a tracert from the SBS to 8.8.8.8?
If DNS forwarding is configured, you can verify it here below:

It could be that you use DNS root servers to rersolve internet traffic and then you don't need to change anything in DNS Forwarders:

To configure a DNS server to use forwarders using the Windows interface  
1.Open DNS Manager.


2.In the console tree, click the applicable DNS server.

Where?
◦ DNS/Applicable DNS server




3.On the Action menu, click Properties.


4.On the Forwarders tab, under DNS domain, click a domain name.


5.Under Selected domain's forwarder IP address list, type the IP address of a forwarder, and then click Add.


DNS Root servers:

http://kwsupport.com/2012/10/updating-dns-root-hints-on-sbs-2011/
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Expert Comment

by:Triforce2000
ID: 41757465
Also as Shaid mentionend, verify the config from the firewall.
The lan interface should be in the same network as the SBS server and the clients.
IP settings including default Gateway and DNS should be adjusted for the new environment.
0
 

Author Comment

by:markperl1
ID: 41758856
Sorry...thought I'd put this to bed last night with the solution.

Shaik was correct. The solution was an address object for the public IP address that I'd forgotten about...and was way at the bottom of the address objects list in the SonicWALL.

I also added a THANK YOU to Shaik and Triforce2000!

Once I updated it's public IP address, e-mail started flowing into Exchange and all was well again.

At least that's what I thought last night at o'dark thirty before I went to bed.

Client informed me tonight that all outgoing e-mail was getting bounced back with "This message hasn't been delivered yet. Delivery will continue to be attempted. The server will keep trying to deliver this message for the next 1 days, 19 hours and 51 minutes. You'll be notified if the message can't be delivered by that time."

Internal e-mail works OK as does incoming e-mail.

MXToolbox,com's SMTP test results:
      SMTP Banner Check       Reverse DNS does not match SMTP Banner       
      SMTP Transaction Time       7.766 seconds - Warning on Transaction Time       
      SMTP Reverse DNS Mismatch       OK - 99.40.28.1 resolves to 99-40-28-1.uvs.irvnca.sbcglobal.net       
      SMTP Valid Hostname       OK - Reverse DNS is a valid Hostname       
      SMTP TLS       OK - Supports TLS.       
      SMTP Connection Time       0.734 seconds - Good on Connection time       
      SMTP Open Relay       OK - Not an open relay.

I asked their DNS host tech support if "Reverse DNS does not match SMTP Banner" was the problem, and they said the new ISP had to fix that.

So I'm stumped and need help again!

Mark
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 41760301
You may need to change your smarthost if you were using your old ISPs mail servers - Some ISPs only let you use them if you're on their network.  If you do think its this then, you could disable the smarthost for now (via the SBS Console) and let the server send directly until you can get the correct details.

If you have an SPF record setup in external DNS you may also need to update that if it specified your old external IP address.

You'll need to ask your new ISP to change the rDNS on your connection so that it matches your Servers External name (in your case mail.M*******w.com).
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 41760490
Because it's an SBS when you change any of the networking you MUST run the Connectivity Wizards.

Open the Windows Small Business Server Console > Network > Connectivity

First run the Connect to the Internet Wizard, followed by the Set up your Internet Address, and then finally run the Fix My Network Wizard which will take all that new information provided by the first two and put it in the right place on the server.

Of course you also need to make sure your firewall is properly configured, and you should update your SPF record and reverse DNS Setting as mentioned above.
0
 

Author Closing Comment

by:markperl1
ID: 41760510
Many factors in play after the address object was updates.
First and foremost was that somehow Exchange was "broken" and no longer seemed connected to AD. I know this because I finally called in a Live EE expert, MAS, who had to reinstall Exchange then do lots of tweaking.

The new ISP, AT&T, was also blocking port 25 outbound. This was resolved very quickly with a call to them. I also submitted a form to them to create a PTR record.

Thank you to all who pitched in with ideas! This community rocks!
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now