1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

[Exchange Server no longer receiving email?]

Discussion in 'Windows Server System' started by PROLIANT, 2009/02/08.

  1. 2009/02/08
    PROLIANT

    PROLIANT Inactive Thread Starter

    Joined:
    2008/08/16
    Messages:
    17
    Likes Received:
    0
    Hello guys, hopeing you could help me with this problem please;

    We stopped receiving inbound email on Friday around 16:00, ran several diagnostics on the Exchange Server everything appears to be in order.
    Basically what is happening, all inbound email is received from our ISP AV/Spam filter service so therefore our firewall is locked down to only accept SMTP connections from certain relays on the WAN, looking at the Exchange SMTP virtual server logs it appears that all inbound SMTP connections are timing out, I have seen the ISP relays connecting to our Exchange in the sessions screen so I know it is not a routing/NAT issue - the firewall has confirmed successful port 25 connections.

    I have tried several tactics to resolve this issue however I am running out of options on this one.

    I have tested the SMTP handshake using telnet, opened another port on our firewall and successfully sent a test email through our Exchange.

    Below is a copy of the SMTP logs during the time period of the problem:

    --------------------------------------------------------------------

    #Software: Microsoft Internet Information Services 6.0
    #Version: 1.0
    #Date: 2009-02-07 23:04:20
    #Fields: time c-ip cs-method cs-uri-stem sc-status
    23:04:20 82.113.* EHLO - 250
    23:04:20 82.113.* EHLO - 250
    23:04:20 82.113.* MAIL - 250
    23:04:20 82.113.* MAIL - 250
    23:04:20 82.113.* RCPT - 250
    23:04:20 82.113.* RCPT - 250
    23:04:30 82.113.* EHLO - 250
    23:04:30 82.113.* MAIL - 250
    23:04:30 82.113.* RCPT - 250
    23:14:41 82.113.* TIMEOUT - 121
    23:14:41 82.113.* QUIT - 240
    23:14:41 82.113.* TIMEOUT - 121
    23:14:41 82.113.* QUIT - 240
    23:15:11 82.113.* TIMEOUT - 121
    23:15:11 82.113.* QUIT - 240
    23:16:08 82.113.* EHLO - 250
    23:16:08 82.113.* MAIL - 250
    23:16:08 82.113.* RCPT - 250
    23:19:21 192.168.0.254 HELO - 250
    23:19:21 192.168.0.254 MAIL - 250
    23:19:21 192.168.0.254 RCPT - 250
    23:19:21 192.168.0.254 DATA - 250
    23:19:21 192.168.0.254 QUIT - 240
    23:25:55 82.113.* EHLO - 250
    23:25:55 82.113.* MAIL - 250
    23:25:55 82.113.* RCPT - 250
    23:26:08 82.113.* EHLO - 250
    23:26:08 82.113.* MAIL - 250
    23:26:08 82.113.* RCPT - 250
    23:26:11 82.113.* TIMEOUT - 121
    23:26:11 82.113.* QUIT - 240
    23:31:08 82.113.* EHLO - 250
    23:31:08 82.113.* MAIL - 250
    23:31:08 82.113.* RCPT - 250
    23:31:10 82.113.* EHLO - 250
    23:31:10 82.113.* MAIL - 250
    23:31:10 82.113.* RCPT - 250
    23:36:42 82.113.* TIMEOUT - 121
    23:36:42 82.113.* TIMEOUT - 121
    23:36:42 82.113.* QUIT - 240
    23:36:42 82.113.* QUIT - 240
    23:41:12 82.113.* TIMEOUT - 121
    23:41:12 82.113.* QUIT - 240
    23:41:42 82.113.* TIMEOUT - 121
    23:41:42 82.113.* QUIT - 240
    23:46:08 82.113.* EHLO - 250
    23:46:08 82.113.* MAIL - 250
    23:46:08 82.113.* RCPT - 250
    23:46:57 82.113.* EHLO - 250
    23:46:57 82.113.* MAIL - 250
    23:46:57 82.113.* RCPT - 250
    23:47:38 82.113.* EHLO - 250
    23:47:38 82.113.* MAIL - 250
    23:47:38 82.113.* RCPT - 250
    23:56:09 82.113.* EHLO - 250
    23:56:09 82.113.* MAIL - 250
    23:56:09 82.113.* RCPT - 250
    23:56:42 82.113.* TIMEOUT - 121
    23:56:42 82.113.* QUIT - 240
    23:57:12 82.113.* TIMEOUT - 121
    23:57:12 82.113.* QUIT - 240
    23:57:42 82.113.* TIMEOUT - 121
    23:57:42 82.113.* QUIT - 240
    23:59:11 82.113.* HELO - 250
    23:59:11 82.113.* MAIL - 250
    23:59:11 82.113.* RCPT - 250
    23:59:11 82.113.* QUIT - 240

    ---------------------------------------------------------

    I have masked part of the ISP server for security reasons.

    Thank you in advance.
     
  2. 2009/02/08
    bilbus

    bilbus Inactive

    Joined:
    2006/09/02
    Messages:
    97
    Likes Received:
    4
    unlock your server / firewall, test smtp connections by using telnet (telnet ipAddress 25)

    If you can connect then atempt to send an email.

    http://www.rdpslides.com/webresources/FAQ00035.htm

    Even in a locked down situation, i always allow another outside ip for testing.
     

  3. to hide this advert.

  4. 2009/02/08
    PROLIANT

    PROLIANT Inactive Thread Starter

    Joined:
    2008/08/16
    Messages:
    17
    Likes Received:
    0
    Hi Bilbus, I have done that, I have remote management of the firewall available from my home, opened port 25 and done the Telnet SMTP handshake, everything ok.
    I worked on this issue until 1:30am UK time this morning and the problem just corrected itself; however I can't leave it here because I do not know what the cause problem was in the first place, it has happened now 3 consecutive Fridays in a row around the same time - sounds like there is a rabbit off here.
    I will speak to our ISP tomorrow and explain to them that I have managed to successfully connect to Exchange port 25 and send email via telnet and that our server was responding to requests from their mail relays as per the SMTP server logs.

    Thank you for your help so far.
     
    Last edited: 2009/02/08
  5. 2009/02/08
    bilbus

    bilbus Inactive

    Joined:
    2006/09/02
    Messages:
    97
    Likes Received:
    4
    sounds like your isp / filtering service is the one with the issue
     
    PROLIANT likes this.
  6. 2009/02/10
    PROLIANT

    PROLIANT Inactive Thread Starter

    Joined:
    2008/08/16
    Messages:
    17
    Likes Received:
    0
    Wish that was the case however after several hours of investigation between me and our ISP, it turns out that we were the only client on the WAN with this issue.
    I have done further investigation in to this matter and the only possible lead I have is that it could have been caused by an internal DNS problem, around the same time we lost email connectivity we had issues with internet connectivity too, however we were still able to RDP in to our remote servers by means of IP address without problem, web pages were timing out and not loading which has led me to DNS.
    The DNS server logs do not indicate any anomalies, however I have set up verbose recoding of both exchange and DNS for the next 4 days to assist me with debug.
    I will update the thread with (hopefully) a solution and steps taken to resolve in case this problem is encountered by anyone else.

    Thank you for the help so far.
     
  7. 2009/02/10
    bilbus

    bilbus Inactive

    Joined:
    2006/09/02
    Messages:
    97
    Likes Received:
    4
    oh, well if you had a dns problem, that would do it.

    Who does your dns, hosted at your registrar? Usualy thats the way to go.
     
  8. 2009/02/16
    PROLIANT

    PROLIANT Inactive Thread Starter

    Joined:
    2008/08/16
    Messages:
    17
    Likes Received:
    0
    Update!

    Hello, I have found the root cause of the Exchange Server problem; IIS 6 (Internet Information Services) Metadata.
    There is a problem with the IIS that is causing the Microsoft Exchange Routing Engine to fall over causing SMTP timeout problems, I would never have guessed to look here as the problem is not directly related to IIS, the solution to the problem is quite complex as I will have to re-install IIS and Exchange to sort this problem out, looks like a night shift is on the cards this week or next maybe.
    I will post step by step details of how I resolved this problem once I have completed the server re-installation.
    Thank you for all support received.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.