Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2013 - unable to recieve external emails

Posted on 2016-11-11
14
Medium Priority
?
66 Views
Last Modified: 2016-11-17
Hi Experts, have an issue where we are unable to recieve any external email. We had an existing email server and we added a new Exchange server. All URLs match for both servers and so do the certs. Today we made a change to firewall and externals DNS since IP address of new Exchange server has changed and now we are not receiving any external emails

Internal emails and sending emails to external domains is working fine

TIA
0
Comment
Question by:abhijitm00
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
14 Comments
 
LVL 16

Expert Comment

by:Jason Crawford
ID: 41883903
Where is the current MX record pointing?
0
 

Author Comment

by:abhijitm00
ID: 41883913
MX record points to Comodo Antispam gateway so there is no change there
0
 
LVL 16

Expert Comment

by:Jason Crawford
ID: 41883919
Have you tried running a message trace on the Comodo?  It would be helpful to know if it's ever received by an Exchange server or if it dies at the gateway.

What server is the Comodo handing off to?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:abhijitm00
ID: 41883970
I am getting: Relay : exchange.domain.org:25
 Error code : 500
 Error message : SMTP host unreachable
 No entries on your request
0
 
LVL 16

Expert Comment

by:Jason Crawford
ID: 41884163
Ok did you add a firewall ACL and NAT for the Comodo IP on port 25?
0
 

Author Comment

by:abhijitm00
ID: 41884173
No there is no ACL for Comodo on the firewall. It is open to all IPs
0
 

Author Comment

by:abhijitm00
ID: 41884185
Just want to recap - Existing server name - mail.domain.org. All URLs point to mail.domain.org on both Exchange servers. New server name is exchange.domain.org. But cert has mail.domain.org as primary and exchange.domain.org and autodiscover as SANs.

All external DNS for autodiscover, mail.domain.org (via CNAME) point to exchange.domain.org which has a new external IP. NAT to old server mail.domain.org is stopped. At this time Activesync, Autodiscover and Outlook Anywhere stop working. Sending emails externally and internally work so does recieving emails internally, what does not work is emails sent from outside.

Would this have anything to do with FQDN name on recieve connectors or SSL certs?
0
 

Author Comment

by:abhijitm00
ID: 41884186
Also wanted to add to comment above that Comodo Antispam can't seem to connect to exchange.domain.org on port 25 although all firewall rules seem fine
0
 
LVL 16

Assisted Solution

by:Jason Crawford
Jason Crawford earned 2000 total points
ID: 41884189
In that case you should be able to test access through the firewall by going to canyouseeme.org while logged on to the server receiving email from the Comodo and specify port 25.  Either that or you can try sending an email with PowerShell while off the network:

Send-MailMessage -From sender@domain.com -To recipient@domain.com -SmtpServer exchange.domain.com -Subject 'Testing' -Body 'This is a test'

Open in new window


If your firewall truly accepts all connections on port 25 that should at least make it to a Receive Connector.  While you're at it you should enable verbose logging on all Receive Connectors:

https://msdn.microsoft.com/en-us/library/bb124531(v=exchg.160).aspx
0
 

Author Comment

by:abhijitm00
ID: 41884310
Ok made some firewall changes and email is indeed flowing to new Exchange server.

Autodiscover and Outlook Anywhere is connecting but only after creating a new profile by manually adding server name. I have changed all URLs to point to exchange.domain.org and removed mail.domain.org from external DNS.
0
 
LVL 2

Expert Comment

by:MB Shaikh
ID: 41885176
Hi,

Once if you receive you external email at your Comodo Antispam gateway, then check your newly installed exchange server is accepting connections on port 25 from  Comodo Antispam gateway  vice versa  probably fire wall may be enabled on newly installed exchange server and in Comodo Antispam gateway you allow proper routing etc.

regards,
MB Shaikh.
0
 

Author Comment

by:abhijitm00
ID: 41885452
Android and iPhones are not able to configure using autodiscover. If I manually setup profile using server name I am able to connect. Outlook anywhere is working correctly. How can I fix autodiscover for phones? Currently i have autodiscover A record pointing to external IP of exchange.domain.org. There is also a _srv autodiscover record pointing to website, should i change this to exchange.domain.org?
0
 
LVL 16

Accepted Solution

by:
Jason Crawford earned 2000 total points
ID: 41886632
Yes you only need public DNS record for Autodiscover.  The A record you currently have in place should be fine so remove the SRV.
0
 
LVL 16

Expert Comment

by:Jason Crawford
ID: 41892398
Glad I could help.  Take care :)
1

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
New style of hardware planning for Microsoft Exchange server.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question