Email not arriving at my on-premises Exchange server!
Ack! I have been using the O365 beta, which is nice but won't work for us. I am trying to migrate to a new install of Exchange 2010 (SBS 2011) on premises. I have my NS records pointing to my web host and I believe that my DNS Zone records
are correct, but mail ain't arriving! In fact, when I use MX Toolbox, it shows my MX record as pointing to my webhost, NOT my mail host. So clearly I've got something wrong!
Also, Outlook is asking all of my users for passwords, even though they are entering the correct passwords. (I don't know if these are related problems.) Can anyone help me troubleshoot this?
I can share my DNS settings, of course.
THANKS!
Micah
July 27th, 2011 10:32am
When did you make those DNS changes? It can take a bit for the records to propogate and caching to clear out 24-48hrs.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 10:38am
While I have fussed with the DNS changes within that time, the problem (and the changes) are outside of that time, so the changes should have already propagated. Plus, I thought that MX Toolbox looked at the first-level authority (the holder of the
NS record), no? But anyway, I don't think that this is a propagation problem.
July 27th, 2011 12:11pm
Also, when I use MX Toolbox to do an SMTP lookup of my on-premises IP address, I get a warning: Reverse DNS does not match SMTP Banner. I don't know whether that would interfere with the mail getting there. But I *think* that that is
secondary, since the MX record sending mail to the on-premises IP address doesn't seem to be working in the first place!
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 12:16pm
First thing is to make sure your MX records are pointing the correct host, coonfirm this, if they're not, then this needs to be resolved 1st.
Then, if you have a firewall and a NAT, make sure this is setup correctly. Makre sure you have an accpeted domain for you SMTP domain and configufre a EAP.
I would focus on the 1st 2 points 1st. Not sure who controls your records but fix that 1st. Check MXtoolbox again and use nslookup.
If you dont mind, post your SMTP domain. Sukh
July 27th, 2011 12:32pm
Have you always been using the same DNS server or you built a DNS server in house as well? Make sure whowever holds the domain registration has the DNS server pointed to your DNS server. You can also go to
https://testexchangeconnectivity.com/ and do an inbound mail test and post the results.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 12:48pm
Sukh:
Thank you for your help.
My domain is lsslawyers.com. It is pointing to 69.167.132.193, which is my webhost. It should be pointing to 71.178.167.88, which is my on-premises exchange server. (Since that is easily accessed information, I assume that it is ok to put
it here!)
My DNS records appears as follows:
lsslawyers.com. 300 in MX 0 mail.lsslawyers.com.
mail 1400 in CNAME
lsslawyers.com.
mail.lsslawyers.com 300 in A 71.178.167.88
I do have other DNS records (which I guess you can look up via who.is), which I hope are configured correctly and are not screwing anything up. I am trying to send remote. and mail. to my on-premises server and web to my webhost/DNS.
Micah
July 27th, 2011 1:03pm
James:
We have always used our webhost for our DNS server. We do have a DNS server inhouse as part of our SBS 2011 installation, but I assume that deals only with inhouse communications. The domain registrar IS pointing to my webhost/DNS server.
When I do an inbound SMTP test, it fails (because mail is still trying to go to my webhost and not my on-premises Exchange server -- see my bolded line below):
Testing inbound SMTP mail flow for domain
msalb@lsslawyers.com.
ExRCA failed to test inbound SMTP mail flow.
Test Steps
Attempting to retrieve DNS MX records for domain lsslawyers.com.
One or more MX records were successfully retrieved from DNS.
Additional Details
MX Records Host mail.lsslawyers.com, Preference 0
Testing Mail Exchanger mail.lsslawyers.com.
One or more SMTP tests failed for this Mail Exchanger.
Test Steps
Attempting to resolve the host name mail.lsslawyers.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 69.167.132.193
Testing TCP port 25 on host mail.lsslawyers.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Banner received: 220-host1.lsslawyers.com ESMTP Exim 4.69 #1 Wed, 27 Jul 2011 12:59:36 -0400
Attempting to send a test e-mail message to
msalb@lsslawyers.com using MX mail.lsslawyers.com.
Delivery of the test message failed.
Additional Details
The server returned status code 451 - Error in processing. The server response was: Temporary local problem - please try later
Exception details:
Message: Error in processing. The server response was: Temporary local problem - please try later
Type: System.Net.Mail.SmtpException
Stack trace:
at System.Net.Mail.RecipientCommand.CheckResponse(SmtpStatusCode statusCode, String response)
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
Micah
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 1:08pm
Whois shows your DNS as:
Domain servers in listed order:
NS1.LSSLAWYERS.COM
NS2.LSSLAWYERS.COM
I did a query for mail.lsslawyers.com against both these servers and they still come back as 69.167.132.193. Are you sure you're updating the records on these servers? Maybe you are doing split brain DNS and only updating the internal record.
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
July 27th, 2011 1:08pm
I'm not sure of anything! :-)
How can I determine if I am properly updating the records on the server?
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 1:37pm
I guess I should add that my DNS Zone entries in Web Host Manager at the 69... address shows up with the MX records that I listed in my response to Sukh, above, so I'm pretty sure that those records are properly saved. But I don't know the difference
between split brain and . . . whole <?> brain.
Note that these DNS records are on my external webhost, not my on-premises server.
July 27th, 2011 1:40pm
I see whats going on you have the record below, delete it. The cname mail is going back to the parent lsslawyers.com which is the webhost IP.
mail 1400 in CNAME
lsslawyers.com.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 1:47pm
I have just checked your lsslawyers.com and it's pointing to 71.178.167.88
It seems to be working. Test again. I see the TTL has been lowered. Sukh
July 27th, 2011 5:44pm
Hi.
Have you resolved the problem?
I accessed
https:///mail.lsslawyers.com/owa/, I can open your OWA page without problem. Also I check the MX record of your domain, it is
pointed to mail.lsslawyers.com (71.178.167.88).
Your external DNS configuration is correct now.
Free Windows Admin Tool Kit Click here and download it now
July 29th, 2011 6:59am
Folks:
Thank you for your help, all. It appears that our MX record problem has been resolved. Unfortunately, I cannot figure out where exactly the error was, so I can't offer any help to anyone else.
Thanks.
Micah
August 1st, 2011 3:40pm