Solved

Exchange 2016 Mail flow issues (new install)

Posted on 2016-09-28
10
23 Views
Last Modified: 2016-11-09
Hello Experts,

I've run into some issues with a fresh Exchange 2016 install. Setup is:
Server 2012 R2 Std - DC
Server 2012 R2 Srd - Exchange (Hyper-V)
Send connector is configured to send mail through MX.
Older Netgear Prosafe Firewall - Port 25, 80, 110, 443, 587, and 2525 are open

At first I wasn't getting any mailflow in or out, but now I'm at least getting mail incoming after adding the IP of the server to the network bindings on the receive connectors. Outgoing used to just sit in the drafts (OWA) and do nothing prior to that change, but now it will get to Exchange and in the Queue viewer it shows "441 4.4.1 Error communicating with Host. Failed to connect."

I've researched this last night until I was blue in the face, I've recreated the send connector, I tried some port testing applications to verify port 25 was open, I have a single DNS server configured on the server's NIC, double checked the A record on the DC to make sure it had the correct IP for the exchange server, rebooted multiple times (transport services as well), and there's no antivirus on it.

I cannot telnet to any server (on port 25) from the exchange server, but port 25 is open. I'm assuming this is a DNS issue, but i'm not sure where else to look.

The other issue is Outlook won't connect to exchange either, but I'm assuming if there's a DNS issue somewhere it will fix both.

Thanks in advance!
0
Comment
Question by:Taylor
  • 5
  • 4
10 Comments
 
LVL 14

Assisted Solution

by:Todd Nelson
Todd Nelson earned 500 total points
Comment Utility
Where does the Exchange server sit in your network ... DMZ or inside with the other servers?

What DNS servers is the Exchange server NIC set to use?

You say you tried telnet to other servers, does that mean you attempted "telnet outlook.com 25" too?

Is the Windows Firewall enabled or disabled?  If it's disabled, why?  If it's enabled, do you have a group policy applied to the Exchange server?
0
 

Author Comment

by:Taylor
Comment Utility
Todd,

It's inside with the DC.
The only DNS server configured on the NIC is the IP of the DC.
I'm unable to telnet to outlook.com
Windows firewall is currently disabled for troubleshooting, otherwise it will be on.  

Thanks
0
 
LVL 14

Expert Comment

by:Todd Nelson
Comment Utility
On the NIC settings, are both IPv4 and IPv6 enabled?

Are you able to ping other servers by IP address, name and FQDN?

If you run "nslookup servername" does it resolve both the DNS server IP address and the IP address of the "servername"?

Is your Exchange server in the same AD site as the other servers and users?
0
 

Author Comment

by:Taylor
Comment Utility
IPv6 is disabled on the NICs. It was originally on, but it didn't work then either.

DC and Exchange server can ping each other with no issues using IP, name, and FQDN.

If I do a NSlookup:

On DC:                                 |       On Exch:
Server:  Server1                  |     Server:  Server1
Address:  192.168.1.4        |     Address:  192.168.1.4
                                              |
                                              |  
Name:    Server1                 |     Name:    Server2
Address:  192.168.1.4        |      Address:  192.168.1.5


Exchange Server is in a different OU than the DC, but same domain
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 14

Expert Comment

by:Todd Nelson
Comment Utility
0
 

Author Comment

by:Taylor
Comment Utility
There's no GPO applied to the OU it's in. There'es the default domain policy that's at the domain level. Nothing out of the ordinary in that default GPO.  

I re-enabled IPv6 and it didn't make a difference after restarting transport services.
0
 
LVL 14

Expert Comment

by:Todd Nelson
Comment Utility
And you don't have a public DNS address set on your NIC for DNS servers?

On the NIC, is the setting "Register this connection's address in DNS" enabled under the advanced IP settings for DNS?

Do you have multiple NICs on the Exchange server?  If so, does only one of them have a gateway assigned?
0
 

Author Comment

by:Taylor
Comment Utility
Correct, I don't have any public addresses in the NIC settings.

That box is checked

Single NIC

I would like to note that when I was looking through all this stuff yesterday, I did find that on the DNS server, it had the A record for the exchange server as the IP that was assigned to it by DHCP when the server OS first installed. I removed and created a new A record for it with the correct IP. Strange thing was I had no issues pinging back and forth even though the record was wrong.
0
 

Accepted Solution

by:
Taylor earned 0 total points
Comment Utility
After starting a MS case we found that there were two issues. One was a result of the install not applying default settings on the send connector correctly. The second was the firewall blocking port 25 even though it was allowed through. The default setting was to allow NTLM on the send connector, but in ECP and in the Exchange Shell it said it was enabled. It worked fine after enabling it in the shell even though it was already enabled...
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

Suggested Solutions

Resolve DNS query failed errors for Exchange
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now