exchange 2010 mail flow stopping
we have a windows 2012 server std rel 2 running exchange 2010 which since recent updates has developed a problem with (I do not know that the updates caused this of course), it would appear the transport service.
We can access the server locally and remotely running owa (even when hung), but for some reason mail does not flow in or out.
The transport service is running ok, but when we try to restart it, it hangs, saying it did not restart in a timely fashion. if we kill the transport service, we cannot restart the service.
The only way we find to resolve this is to restart the whole exchange server.
It then runs ok for an hour or so then just stops again. The transport service says it is running, but we do not have any mail flow.
I have just noted a warning in our Application event log :-
Scource - MSExchangeTransport - Event ID 1035
Inbound authentication failed with error LogonDenied for Receive connector default "server". The authentication mechanism is Ntml. The source IP address of the client who tried to authenticate to Microsoft Exchange is 79.61.39.42.
Can anyone advise how we can trouble shoot this problem?
Many thanks
We can access the server locally and remotely running owa (even when hung), but for some reason mail does not flow in or out.
The transport service is running ok, but when we try to restart it, it hangs, saying it did not restart in a timely fashion. if we kill the transport service, we cannot restart the service.
The only way we find to resolve this is to restart the whole exchange server.
It then runs ok for an hour or so then just stops again. The transport service says it is running, but we do not have any mail flow.
I have just noted a warning in our Application event log :-
Scource - MSExchangeTransport - Event ID 1035
Inbound authentication failed with error LogonDenied for Receive connector default "server". The authentication mechanism is Ntml. The source IP address of the client who tried to authenticate to Microsoft Exchange is 79.61.39.42.
Can anyone advise how we can trouble shoot this problem?
Many thanks
ASKER
when I run that command it shows me the thumbprint of the current certificate, and asks if I want to replace it with an alternative.
The one currently in use is correct and the one being offered looks like a self signed certificate.
I said no to the swap??
Please advise.
The one currently in use is correct and the one being offered looks like a self signed certificate.
I said no to the swap??
Please advise.
ASKER
fyi the exchange warning shown above keeps happening every 30 mins.
Is this something we should be concerned about?
The client IP relates to a company called italia telecom. Can / should we block this?
Our main concern of course is that mail flow keeps stopping, I thought that this might be related, but as the warning indicates that it has failed, this might not be linked to our main problem??
Is this something we should be concerned about?
The client IP relates to a company called italia telecom. Can / should we block this?
Our main concern of course is that mail flow keeps stopping, I thought that this might be related, but as the warning indicates that it has failed, this might not be linked to our main problem??
and asks if I want to replace it with an alternative.Click yes
The one currently in use is correct and the one being offered looks like a self signed certificate.
ASKER
can you please verify why you want me to replace our current certificate with a self signed one? we have a san with several domain names in it and our mail will not work with a single self signed SSL.
Please expand on why you are suggesting we should do this?
Many thanks.
Please expand on why you are suggesting we should do this?
Many thanks.
ASKER
Mail flow on the server has stopped again.
I notice the following warning in the application event log :-
Certificate for local system with Thumbprint aa 49 20 5c 70 c7 96 7b 34 73 f6 c3 70 7b 4b e7 04 fb cb da is about to expire or already expired.
I have checked the server certificate and the certificate with that thumbprint is our actual SAN SSL certificate, but the expiry date is not till September??
Would this stop mail flow on our server if it thought the SSL had expired?
The suggestion to run the new-exchangecertificate may be the thing to do, but I just need to understand how we get the correct SSL/SAN active on our server?
Please advise.
I notice the following warning in the application event log :-
Certificate for local system with Thumbprint aa 49 20 5c 70 c7 96 7b 34 73 f6 c3 70 7b 4b e7 04 fb cb da is about to expire or already expired.
I have checked the server certificate and the certificate with that thumbprint is our actual SAN SSL certificate, but the expiry date is not till September??
Would this stop mail flow on our server if it thought the SSL had expired?
The suggestion to run the new-exchangecertificate may be the thing to do, but I just need to understand how we get the correct SSL/SAN active on our server?
Please advise.
ASKER
I gather that this may just be warning us about the impending ssl expiry.
Hi Nigel,
That ssl warning simply means the default certificate exchange created on install is about to / or allready expired. No big deal since i assume you have bound all services to your SAN cert.
Get-ExchangeCertificate and look for 'Services', if any off the important ones like IIS, SMTP, POP, IMAP is bound to a self signed which is expired you have an issue.
Then the advise from MAS is almost right. Get-ExchangeCertificate –Thumbprint <thumbprint> | New-ExchangeCertificate to fix any selfsigned certificates.
Else, more in the direction i am thinking is that your front facing 'recieve connector' is somehow misconfigured. It is the one listening to port 25.
Maybe it does not allow anonymous users anymore to connect which is bad. Those guys in italy who are trying to send you mail have no password whatsoever.....
If you need more help post some images from this recieve connector but please do not post sensitive information.
Cheers
That ssl warning simply means the default certificate exchange created on install is about to / or allready expired. No big deal since i assume you have bound all services to your SAN cert.
Get-ExchangeCertificate and look for 'Services', if any off the important ones like IIS, SMTP, POP, IMAP is bound to a self signed which is expired you have an issue.
Then the advise from MAS is almost right. Get-ExchangeCertificate –Thumbprint <thumbprint> | New-ExchangeCertificate to fix any selfsigned certificates.
Else, more in the direction i am thinking is that your front facing 'recieve connector' is somehow misconfigured. It is the one listening to port 25.
Maybe it does not allow anonymous users anymore to connect which is bad. Those guys in italy who are trying to send you mail have no password whatsoever.....
If you need more help post some images from this recieve connector but please do not post sensitive information.
Cheers
ASKER
many thanks. will post the info requested shortly.
the strange thing is that on reboot the server runs ok for several hours.
when the mail flow has stopped there are no obvious errors or warnings in the event log, and we cannot stop the transport service in a timely fashion.
we can also still access each account using owa.
many thanks
the strange thing is that on reboot the server runs ok for several hours.
when the mail flow has stopped there are no obvious errors or warnings in the event log, and we cannot stop the transport service in a timely fashion.
we can also still access each account using owa.
many thanks
Hi Nigel,
Mail flow stops is what it is. Even OWA is just a webinterface on top off exchange. If the mailflow stalls it should also stall on OWA.
at least that is what i would expect.
I think in the 30 minutes there are things being queued where after 30 minutes the servers says "you do IT, i can't"
Mail flow stops is what it is. Even OWA is just a webinterface on top off exchange. If the mailflow stalls it should also stall on OWA.
at least that is what i would expect.
I think in the 30 minutes there are things being queued where after 30 minutes the servers says "you do IT, i can't"
ASKER
yes mailflow does stop on owa too, i was only hilghting this as i thought it might help pin down where the problem is.
as we can’t restart it stop the transport service i thought this may be the area of problem.
if it was a send / receive connector config issue, i would expect the mail flow would never happen.
as it is, it runs for a few hours before stopping??
many thanks
as we can’t restart it stop the transport service i thought this may be the area of problem.
if it was a send / receive connector config issue, i would expect the mail flow would never happen.
as it is, it runs for a few hours before stopping??
many thanks
If the SSL warning shows your actual SAN certificate thumbprint, then it's probably an early warning of the expiration of that certificate. IIRC, Exchange 2010 will give you at least 30 days' warning, so you can ignore that as long as you know when the expiration is due and will get it renewed before then.
Another suggestion: Create a new Internet Receive connector and disable the one that you're currently using. It does appear that something, or more likely someone using the incorrect email address to send, is trying to get into your server (unless you have clients, etc., in Italy), but an attempt every 1/2 hour is not going to bring your transport service down.
I would check a couple of other things as well: Make sure your server memory isn't getting pushed up over 90% used by either Exchange or something else running on the same server. Make sure that your server's C: drive space isn't running low. Make sure that the disk that is storing the Exchange database and log files isn't low on disk space as well.
I would check a couple of other things as well: Make sure your server memory isn't getting pushed up over 90% used by either Exchange or something else running on the same server. Make sure that your server's C: drive space isn't running low. Make sure that the disk that is storing the Exchange database and log files isn't low on disk space as well.
ASKER
thanks for your help.
disk space is fine
memory at 14%
processor 1%
i will of course check the memory and processor when it stops again.
will try a new connector as suggested. really strange how it stays ok for several hours then stops.
disk space is fine
memory at 14%
processor 1%
i will of course check the memory and processor when it stops again.
will try a new connector as suggested. really strange how it stays ok for several hours then stops.
Another idea: check the queues on the server to see if something is stuck in the queue. It almost sounds like there's an email stuck there that's causing this problem every time the server tries to send it. Unless you've changed it, I think the default retry time is 4 hours. You can look on the server in the Queue folder:
Program Files\Microsoft\Exchange Server\V14\TransportRoles\
If the mail.que file is more than 200-300MB in size, then this indicates the server is having a problem processing something that's in the queue. I once had someone try to send a 2GB attachment to several different people and it had their Exchange server bolluxed up for about 6 hours before I figured out what was going on. It's at least worth checking it out. You may not be able to see the email in the queue through the Management Console itself if it's a similar situation, because in fact the email was stuck in the Outbox of the user's email client. So, you may have to do some searching to figure out where it's coming from.
Program Files\Microsoft\Exchange Server\V14\TransportRoles\
If the mail.que file is more than 200-300MB in size, then this indicates the server is having a problem processing something that's in the queue. I once had someone try to send a 2GB attachment to several different people and it had their Exchange server bolluxed up for about 6 hours before I figured out what was going on. It's at least worth checking it out. You may not be able to see the email in the queue through the Management Console itself if it's a similar situation, because in fact the email was stuck in the Outbox of the user's email client. So, you may have to do some searching to figure out where it's coming from.
ASKER
many thanks for taking the time to reply.
unfortunately, there is nothing stuck in the queue. nothing in the queue viewer or on the mail.que
we are looking for something that stops mail flow in both directions at the same time.
i can try creating new send and receive connectors but it would have to be something that affected both at the same time??
really appreciate you trying to help.
many thanks
unfortunately, there is nothing stuck in the queue. nothing in the queue viewer or on the mail.que
we are looking for something that stops mail flow in both directions at the same time.
i can try creating new send and receive connectors but it would have to be something that affected both at the same time??
really appreciate you trying to help.
many thanks
Anything that hangs the transport service would of course affect mail flow in both directions. That was what I was aiming for with the mail queue, memory and disk space questions.
However, I did just find an article that referred to similar symptoms as yours and they found that it was a Windows update causing the problem. Check and see if you have KB4338818 installed and if so, remove it and see if it fixes the issue.
However, I did just find an article that referred to similar symptoms as yours and they found that it was a Windows update causing the problem. Check and see if you have KB4338818 installed and if so, remove it and see if it fixes the issue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it wasn't our exact issue, but it put me on to the correct resolution. Many thanks.
We had to remove the following updates from our exchange server and reboot :-
o KB4338418
o KB4338830
o KB4054542
Hope that helps someone else.
Thanks to all,
We had to remove the following updates from our exchange server and reboot :-
o KB4338418
o KB4338830
o KB4054542
Hope that helps someone else.
Thanks to all,
Hi,
Getting the same issue and those updates are also installed.
I'm uninstalling them.
Keep you posted.
Steve
Getting the same issue and those updates are also installed.
I'm uninstalling them.
Keep you posted.
Steve
Open in new window