Exchange 2010 - no incoming email
Late this afternoon, we stopped getting incoming email to our on-premise Exchange 2010 server. DNSStuff reports that port 25 is down when I run a test on the MX records. When I run a test using mxtoolbox, it reports for dmarc "dns record not found" and https "the certificate has a name mismatch" and for smtp "failed to connect". When I run the Microsoft Remote Connectivity Analyzer, I drill down to find an error "Host name <my correct host name> doesn't match any name found on the server certificate CN=*.mapcoparking.com, OU=Domain Control Validated. "
I don't know where this CN=*.mapcoparking.com is coming from. And possibly that is the problem? I don't see this on the certificate that is installed on my Exchange server and is not my company name. Any suggestions? I have been going around and around with this for hours.
I don't know where this CN=*.mapcoparking.com is coming from. And possibly that is the problem? I don't see this on the certificate that is installed on my Exchange server and is not my company name. Any suggestions? I have been going around and around with this for hours.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ahhh....I just went to https://<our external IP address> and I'm getting that same wrong web site and mismatched certificate....so I am thinking you are correct in that they assigned my external IP address to another company in error. I will be chatting with them again in the morning when the ISP tech gets to my office.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So I talked to my ISP again and they are claiming that only we own our static IP address and that they are not blocking anything incoming to us. I still cannot telnet to our external IP through port 25 from an outside PC. Even if our certificate was messed up, I should be able to telnet to that port, correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Right. Assuming you didn't change anything with your network, you should be able to telnet to your mail server. However, it is possible that the other domain got your IP address from their end (the most recent registration will get the IP in DNS). If that's the case, your ISP would not be aware. Do they at least acknowledge the problem or are they not seeing the wrong site and cert error?
What happens when you try to browse the the other domain now?
ASKER
I have talked to 3 different tech support reps at the ISP and none of them believe it is a problem on their side.
Just now from an outside PC, I went to https://<our ip address> and it did route to our Outlook web app and not to the other company's web site like it did last night.
When I run the Microsoft remote connectivity analyzer, it is still giving me some errors saying that our host name doesn't match any name found on the server certificate CN=*.<the other company's domain name.com>. So I might still have some certificate issues, but now the remote connectivity analyzer is the only thing now reporting that problem as far as I can tell. Everything else is reporting that our certificate is OK....so maybe there is some remnants out there that the Microsoft tests are picking up.
Just now from an outside PC, I went to https://<our ip address> and it did route to our Outlook web app and not to the other company's web site like it did last night.
When I run the Microsoft remote connectivity analyzer, it is still giving me some errors saying that our host name doesn't match any name found on the server certificate CN=*.<the other company's domain name.com>. So I might still have some certificate issues, but now the remote connectivity analyzer is the only thing now reporting that problem as far as I can tell. Everything else is reporting that our certificate is OK....so maybe there is some remnants out there that the Microsoft tests are picking up.
If there was a mix up on the other company's side, it will take a while before the DNS changes propagate to every name server on the Internet. Check the analyzer again tomorrow. If it's still not right, stay on it. Something's not right and it could be a symptom of something nefarious...as in cyber crime.
ASKER
I had great help from gilnov, but it ended up being my SMTP scanner as the culprit.
ASKER
So I just went to https://<my domain name>.org and it said hat the site is not secure....I went to the site anyway and it shows https://<my domain name>.org but it is going to Mapco Auto Parks....which is not my company. When I looked at the certificate it says "mismatched address" and says it was issued by Godaddy, which mine was as well, and in the details of the certificate it has a dns name of mapcoparking.com. So does that sound more like a godaddy issue or an ISP issue?