Exchange 2016 Mail flow issues (new install)

Hello Experts,

I've run into some issues with a fresh Exchange 2016 install. Setup is:
Server 2012 R2 Std - DC
Server 2012 R2 Srd - Exchange (Hyper-V)
Send connector is configured to send mail through MX.
Older Netgear Prosafe Firewall - Port 25, 80, 110, 443, 587, and 2525 are open

At first I wasn't getting any mailflow in or out, but now I'm at least getting mail incoming after adding the IP of the server to the network bindings on the receive connectors. Outgoing used to just sit in the drafts (OWA) and do nothing prior to that change, but now it will get to Exchange and in the Queue viewer it shows "441 4.4.1 Error communicating with Host. Failed to connect."

I've researched this last night until I was blue in the face, I've recreated the send connector, I tried some port testing applications to verify port 25 was open, I have a single DNS server configured on the server's NIC, double checked the A record on the DC to make sure it had the correct IP for the exchange server, rebooted multiple times (transport services as well), and there's no antivirus on it.

I cannot telnet to any server (on port 25) from the exchange server, but port 25 is open. I'm assuming this is a DNS issue, but i'm not sure where else to look.

The other issue is Outlook won't connect to exchange either, but I'm assuming if there's a DNS issue somewhere it will fix both.

Thanks in advance!
TaylorIT EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Todd NelsonSystems EngineerCommented:
Where does the Exchange server sit in your network ... DMZ or inside with the other servers?

What DNS servers is the Exchange server NIC set to use?

You say you tried telnet to other servers, does that mean you attempted "telnet outlook.com 25" too?

Is the Windows Firewall enabled or disabled?  If it's disabled, why?  If it's enabled, do you have a group policy applied to the Exchange server?
0
TaylorIT EngineerAuthor Commented:
Todd,

It's inside with the DC.
The only DNS server configured on the NIC is the IP of the DC.
I'm unable to telnet to outlook.com
Windows firewall is currently disabled for troubleshooting, otherwise it will be on.  

Thanks
0
Todd NelsonSystems EngineerCommented:
On the NIC settings, are both IPv4 and IPv6 enabled?

Are you able to ping other servers by IP address, name and FQDN?

If you run "nslookup servername" does it resolve both the DNS server IP address and the IP address of the "servername"?

Is your Exchange server in the same AD site as the other servers and users?
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

TaylorIT EngineerAuthor Commented:
IPv6 is disabled on the NICs. It was originally on, but it didn't work then either.

DC and Exchange server can ping each other with no issues using IP, name, and FQDN.

If I do a NSlookup:

On DC:                                 |       On Exch:
Server:  Server1                  |     Server:  Server1
Address:  192.168.1.4        |     Address:  192.168.1.4
                                              |
                                              |  
Name:    Server1                 |     Name:    Server2
Address:  192.168.1.4        |      Address:  192.168.1.5


Exchange Server is in a different OU than the DC, but same domain
0
TaylorIT EngineerAuthor Commented:
There's no GPO applied to the OU it's in. There'es the default domain policy that's at the domain level. Nothing out of the ordinary in that default GPO.  

I re-enabled IPv6 and it didn't make a difference after restarting transport services.
0
Todd NelsonSystems EngineerCommented:
And you don't have a public DNS address set on your NIC for DNS servers?

On the NIC, is the setting "Register this connection's address in DNS" enabled under the advanced IP settings for DNS?

Do you have multiple NICs on the Exchange server?  If so, does only one of them have a gateway assigned?
0
TaylorIT EngineerAuthor Commented:
Correct, I don't have any public addresses in the NIC settings.

That box is checked

Single NIC

I would like to note that when I was looking through all this stuff yesterday, I did find that on the DNS server, it had the A record for the exchange server as the IP that was assigned to it by DHCP when the server OS first installed. I removed and created a new A record for it with the correct IP. Strange thing was I had no issues pinging back and forth even though the record was wrong.
0
TaylorIT EngineerAuthor Commented:
After starting a MS case we found that there were two issues. One was a result of the install not applying default settings on the send connector correctly. The second was the firewall blocking port 25 even though it was allowed through. The default setting was to allow NTLM on the send connector, but in ECP and in the Exchange Shell it said it was enabled. It worked fine after enabling it in the shell even though it was already enabled...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.