Mysteriously cannot send or receive SMTP mail - DNS error?? Help!

[Cat1]

Hi,
I left last night with everything working fine, came in this morning to a whole heap of trouble! My exchange 2000 server has mysteriously stopped sending or receiving emails (is sending & receiving internal okay).

It is the main Win2K DC which is also the internal DNS server. It sits behind an ISA firewall which has a separate external mail address & IP. ISA has a server rule set to route through from the external mail IP to the internal mail IP (192.168.x.x).

There is no MX record on the internal DNS for the mail server.
The default SMTP server has the external ISP's DNS servers in the Advanced Delivery>Configure external DNS Servers section.
There is an SMTP outgoing connector set up.

This has all been working absolutely fine for the last year! Suddenly this morning mail is queued up in Exchange, and no mail is coming in from the outside.....

the ONLY error message that i'm getting in the Event viewer (all diagnostic logging has been enabled) is:

EVENT ID: 4000
MESSAGE DELIVERY TO THE REMOTE DOMAIN ".DOMAIN" FAILED FOR THE FOLLOWING REASON: UNABLE TO BIND TO THE DESTINATION SERVER IN DNS.

ANY ideas to what this might be?? is it something to do with something our ISP may have changed?

any help greatly appreciated!

 

[Cat1]

yes.
should i put them back in?

 

[brontosaurus]

since the server seems hell bent on using DNS even though you configured a smart host, put them back in. Make sure you can ping those addresses first! And, you're allowing UDP port 53 through the ISA firewall, yes?

 

[Cat1]

DNS Lookup port 53 is open on the firewall.

I've put the DNS Servers back in the advanced/external servers bit.

I've left the smarthost in - should i remove this, or tick the box that says 'attempt direct delivery before etc'?

Still can't ping from the mail server to outside though - should it matter if the ISA server can though?

 

[Cat1]

If i sit on the ISA server, i can telnet 25 to the external 'mail.domain.com' address (which the ISA server has rules set to redirect mail sent to this address on to the internal mail server ip) successfully & am presented with the banner.

I can also telnet 25 to the ISP's test mail server successfully - it's a bit slow but i'm presented with the banner there to.

From the internal mail server i cannot telnet 25 to the ISP's test mail server. Should i be able to?

When the ISP try to telnet 25 to my 'mail.domain.com' external mail address, the get chucked off with a 'does not allow foreign hosts' error. Should they be able to telnet through if relay is blocked?

Still cannot ping from the internal mail server even though i have opened ICMP both ways on the firewall (though is this important?)

Have deleted the smart host entry so now only have the entries in the advanced bit for external dns servers. STILL nothing works!!!!

Is there ANYTHING you can think of??! getting very desperate!!

 

[brontosaurus]

Your ISP should not be getting kicked out for just attempting telnet. That's a big problem.
Did you try telnetting from the ISA server to the INTERNAL address of your exchange server? Maybe I'm not understanding your network...
Do me a favor, explain to me the whole path outbound from the exchange server. E.G. Exchange Server, ISA server, router, firewall, etc...

And I think now it may be helpful if you gave me your domain name...

 

[Cat1]

Path outbound from the exchange server:

Exchangeserver -->ISAServer-->CiscoRouter (controlled by ISP)-->www

ISP are telnetting from router, seems to connect, then hangs then message "connection closed by foreign host".

From ISA server i can telnet 25 to mail server by external address (Domain name for external mail server is mail.solidsoft.com), by internal ip and by internal name.

 

[brontosaurus]

Something may have gone south with the ISA server then. Your exchange server is accepting telnet, as per your tests. Your 3rd and 4th alternate mail hosts, mx0 and mx1.iway.net.uk are also accepting telnet connections (by the way, I just sent you a message to "postmaster&quot. Your 2nd alternate, solidsoft.solidsoft.com, appears to be down, just an FYI. I'm assuming these alternates are controlled by your ISP using the same routing configs, so they're likely in the clear.
Let's talk DNS, on the exchange box, what are the primary and secondary DNS IP's you're using in the NIC properties?

 

[Cat1]

I actually started a case with MS this morning.
Hot potato or what!
It's gone from Exchange boys to ISA Boys and back again. ISA guy eliminated the ISA server being the problem - made me change all the settings, ports, run diagnostics then open everything. No change.
Solidsoft.solidsoft.com - dunno what that is - nothing to do with us, something to do with ISP.
On the Exchange box, the primary DNS IP is IP of the Exchange box itself (which is also the DNS server) - 192.168.x.x.
The secondary DNS IP is the other DC 192.168.x.x. (This one is on it's way to be decommissioned so isn't really used).
The ISA guy advised me to set up forwarders for the 3 external DNS Servers in my internal DNS. Which i've done.
Since doing that the Exchange server can now nslookup say,

http://www.microsoft.com,

and gets a response from itself (as a DNS server):
Server: server.domain
Address: 192.168.x.x
DNS Request timed out.
timout was 2 seconds.
***Request to server.domain timed-out

 

[brontosaurus]

what happens if you try to ping

http://www.microsoft.com

from the exchange box? Do you get an "unknown host" or a "request timed out"?

 

[Cat1]

The exchange server is the domain controller is the dns server is the everything server pretty much.. and ICMP port not open on the firewall.
--------------------------------------------------
nslookup

http://www.microsoft.com

Server: server.domain
Address: 192.168.x.x
DNS Request timed out.
timout was 2 seconds.
***Request to server.domain timed-out
--------------------------------------------------
ping

http://www.microsoft.com

unknown host

http://www.microsoft.com

--------------------------------------------------

 

[brontosaurus]

yeah, I'm not worried about ICMP being allowed, that's fine. But the "unknown host" reply means that your DNS\exchange server is NOT resolving internet addresses. To test, open IE from the exchange box and try to get to any websites....this is why I had you try the "smart host" thing before, because that should have bypassed the inability to resolve internet names. What's the gateway setting on the NIC?

 

[Cat1]

After getting bounced back to the Exchange team who verified that everything was working fine on Exchange & that it WAS ISA server that had the problem - while i was on hold waiting for the ISA team to come on the phone, i read your last reply......

checked the default gateway on the DC (DNS/mail server) which was pointing to itself. Changed this to the ISA server's IP and restarted the SMTP virtual server - hey presto!! everything works again!! mail sending/receiving, external dns resolving!

Doh! An obvious blunder methinks, however - it's been set as itself for the default gateway since february (when the server was built) WHY has it been working all this time & suddenly stopped????! Would it have cached something somewhere weird?!

Anyway - Yaaaaaaaaaaaaay!!
THANK YOU SO MUCH for your help. You're tip top!

 

[brontosaurus]

Thank goodness, I was close to passing out...

Why it worked would be tough for me to determine without knowing more of your network, and I don't think I'm ready for that...hehe

Anyway, have a great weekend

 

[Cat1]

YOU were close to passing out??!!!!

My boss was just about to do his infamous cowboy 'this ALWAYS works' trick of rebooting everything from the mains - resulting in me having to deal with blown bits of computer for the next week!!

Marvellous.

Have a good weekend too and thanks again!