Communications failure?

[julianf]

Hi,

We run an Exchange 5.5 SP4 server. The Exchange server is also a DNS server and we have Raptor Firewall in place.

I have been picking up some problems now and then with messages bouncing back with Undeliverable reports....saying that the message could not been sent due to a communications failure. Clicking "Send Again" seems to fix the problem, but why is this happening? I assume that DNS may have something to do with this. The exchange server can ping external addresses, and therefore should be building a DNS name cache. The Firewall is also set as a DNS server for the Exchange server.

Below is an example of the error I get when the message bounces back: (I have edited the org name.)

Any advise would be appreciated.

Regards,

Julian

Your message did not reach some or all of the intended recipients.

Subject: RE: 2004 GTI
Sent: 7/29/2002 10:45 AM

The following recipient(s) could not be reached:

'User' on 7/29/2002 10:45 AM
Unable to deliver the message due to a communications failure
The MTS-ID of the original message is: c=US;a= ;p=Domain;l=Domain-020729084443Z-1254
MSEXCH:IMS:Spieromainomain 3554 (000B09AA) 554 5.5.2 Invalid data in message

 

[brontosaurus]

Don't use the firewall as a DNS server. If the exchange server can't resolve a name on it's own, let it forward out to the internet root servers or to your ISP's DNS servers.

 

[julianf]

Thanks,

I have set the Exchange server to point to 3 DNS servers in
this order: (In TCP/IP properties).

DNS Order:

1) Itself
2) ISP no. 1
3) ISP no. 2

Should I go into DNS manager and set forwarders to point to the ISP DNS servers as well, or is the obove change sufficient enough?

Thanks,

Julian

 

[brontosaurus]

First, the exchange server should only point to itself for DNS resolution in TCP/IP properties of the NIC, NO ISP. Set the forwarding to your ISP in DNS manager, or you can leave it alone and the server will automatically forward to the internet Root servers...assuming you've deleted the root zone....

 

[Jackcipk]

It seems (not sure) that your DNS in exchange server is fishy. Why don't you remove it from DNS list and see what happens ? It's not about whether you can do it or not, it's about HOW
OK, Let's Do It !!!
jliu@Cipk.com

 

[julianf]

Thanks for the advise,

OK, I have taken the ISP's DNS entried out of TCP/Ip properties. It now only has itself as a DNS server.

I then went into DNS manager and added the 2 ISP IP's to the forwarders tab. I'll monitor and see how this runs.
Bronto...what did you mean by "Deleting the Root Zone"? Is there a specific way DNS should be setup for Exchange?

Regards,

Julian

 

[brontosaurus]

It's not that it needs to be set up for exchange, it's a general thing....by default, if MS DNS server does not detect internet connectivity at setup time, it will deposit a root "." zone in DNS. You need to delete this zone if you have it....

 

[Alshrim]

I had the same problem with Raptor ... this is how i fixed it.

I do use the firwall as a dns server because it is our DNS authority -- so.
all of the dns server settings in tcp/ip are set to 127.0.0.1 on the FW.

my secondary DNS server points a forwarder to the raptor firewall.

However, I had set up 2 forwarders to our ISP's DNS servers... IN Raptor.

You have to removed them, which does exactly as Bronto suggests... it forces the firewall to go to the Root servers for resolution.

If you are forwarding from the one server to your TWO ISP DNS servers... every single request for DNS resolution is SLAMMING the isp's dns servers from a single ip address (external device) ... i think requests are getting dropped.

Once I did this -- problem was solved. Al Rozon
System Administrator
MCSE, MCP+Internet

 

[julianf]

OK...

I'm trying to avoid using the Firewall as a DNS server. I have been advised against that! So what I have done the following:

Exchange server is also the primary DNS server on the domain. (Actually the only DNS server specified in DHCP.)

the exchange server points to itself for DNS in TCP/IP. In DNS manager, I have added itself as the DNS server with a primary DNS zone. if I click on "Cache" I can see a whole bunch of root servers in the pane on the right. Is this OK?

The cache list also seems to increase and decrease in size every now and then.

I have set the DNS forwarders to point to 2 ISP DNS servers.

Is this setup fine, or do you guys recommend bringing the firewall into play as a dns server?

Regards,

Julian

 

[brontosaurus]

No, that's fine, and the cache should change regularly...

 

[julianf]

Thanks Bronto,

Cheers,

Julian

 

[julianf]

Hi Gents,

Sorry to be the pesky thorn in your sides concerning this issue, but I am still getting these darn "system undeliverable' messages. (Everytime I get the bounced e-mail...I click 'send again" and it always goes through 2nd time!) I only get these bounced messages now and then - for various e-mail addresses - not just certain ones!

Perhaps the way I have setup DNS is not ideal for my setup. Maybe I should look into utilizing the firewall as a DNS server...? I have run Exch SP4 just to make sure that there are no other silly complications...but that has not done the trick.

Bronto, is there perhaps another way to setup my DNS - Just to see whether it works, as opposed to my current config?

As I have mentioned, here is my setup:
Exchange server 5.5 is also DNS server (Can ping externally)...our Raport firewall allows outbound pings. The default gateway of the exchange server is the same as all other PC's...pointing to an internal router that connects us to a remote site. It used to be pointed to the firewall, but I used to get undeliverable messages like that as well. Workstations point to the Exchange server for DNS and the DNS server has 2 forwaders pointing to ISP. Pedhaps I should try putting in more forwarders...?

Thansk,

Julian

 

[brontosaurus]

IMHO, many ISP nameservers are unreliable. I don't use forwarders due to similar issues you're experiencing with your mail server...you never know when they'll be available, when they're being updated, who's doing the updating, etc...I'm not saying that this is your problem, nor am I saying that all ISP's are guilty of this, but why not just go with the internet root servers for resolution?
Aside from that, how often do you get the NDR's? Are the mails at least leaving your server? What are the reasons for the NDR's? E.G. Unknown Recipient, Timeout Resolving name....?

 

[julianf]

Hi,

The NDR's always have the same message. Here is an example:

***********************************************************
The following recipient(s) could not be reached:

'John Doe' on 8/8/2002 8:55 AM
Unable to deliver the message due to a communications failure
The MTS-ID of the original message is: c=US;a= ;p=Domain;l=Domain_EXCH-020808065452Z-3035
MSEXCH:IMSomainomain Estateomain_EXCH 3554 (000B09AA) 554 5.5.2 Invalid data in message
***********************************************************

As you can see, if gives the error 'Communications failure'. When I receive the NDR, it usually arrives about 3 sec after clicking send. After clicking send again, it usually goes through, no problems. I assume that this points at DNS...?

Should I remove the 2 forwarder from DNS manager and see if the Root server work better?

Thanks,

Julian

 

[brontosaurus]

actually, that's not pointing to DNS. You're getting an "Invalid Data in message" error, which is, unfortunately, not easy to interpret. Do you notice any similarities between bounced messages, or could there be anything unique in these messages, like a disclaimer, attachments, etc...
How is that firewall set up for outbound connections?

 

[julianf]

I don't really see any obvious similarities between the bounced messages...they are basically the same. Sometimes it happens when I am replying and sometimes when I'm sending a new e-mail.

I did, however, notice something about my disclaimer, which bothers me a bit. I configured a disclaimer using the imsext.dll file and editing the registry. When one replies to an e-mail (That orrigionally came from me), it appends another disclaimer on to the e-mail. So there are 2 disclaimers beneath each other...Perhaps I just need to edit the registry to prevent it from appending to e-mails that already have one...?

Either way, this is strange. The bounced messages always have the 'invalid data' error. So there must be a problem with some of the input in the e-mail that my Exch server is generating. (Perhaps i should remove the Disclaimer for a whiel and check the outcome - what do you think?)

regards,

Julian

 

[brontosaurus]

i think that's a good place to start. Couldn't hurt...just disable it for day and see what happens.

 

[AhkSaudi]

Hi julianf,

I am facing the exact problem right now on our server, we are using NT 4.0 server and exchange 5.5 with SP4, i too get the same message but the difference is i do not get invalid data in message, i still dont have a solution to the problem but i can get rid of the domains i have problem with, just forward the domains those are not resolving to your isp, i did this by adding the domain names under internet mail service property box-connections-and click E-mail domain, add only the domain name where u want to send mail and ip address of your isp under forward all messages for this domain, by this u can atleast get rid of commonly used mails everyday. please let me know if you find a total solution to this problem.

also find the error message i get.


Your message did not reach some or all of the intended recipients.
Subject: test
Sent: 8/13/2002 9:59 AM
The following recipient(s) could not be reached:
Makbar@mail.com on 8/13/2002 9:59 AM
Unable to deliver the message due to a communications failure
The MTS-ID of the original message is: c=US;a= ;p=GESALO;l=MAIL-020813065841Z-251.

Akbar@ahk-arabia.com

 

[Guest_imported]

I too get the same message as you julianf. The only difference seems to be that in my case it's a problem coming into my site AND only when they click on reply. Sending emails works fine.

network fella

 

[julianf]

Hi,

I have not received the error since I have removed my
disclaimer from the registry on the Exchange server. I had orriogionally setup a disclaimer using the imsext.dll method. The error that i was receiving when my mail was bouncing back mentioned something about "invalid data in the message".

Removing the disclaimer seems to have solved them problem. I assume that my disclaimer was a bit buggy and that it was causing the problem. I will have to set it up again soon to chec if it will work again.

Cheers,

Julian