No Outgoing Mail. Telnet Could not open connection to the host, on port 25
Hello,
I would appreciate if someone could lend a helping hand. I run a small network with SBS 2008 which has Exchange 2007. Our SBS 2008 box is our mail server and has been working fine for just over a year.
I believe that I have not been able to send mail externally since this last Friday. Coincidently, this happens to be the date when I installed SQL Server Express 2008 R2 on our SBS 2008 Server and my feeling is that this installation may have changed some
of the Port/Firewall settings and I would like some help investigating Exchange Server. This is the only change that has happend on the Network. The Firewall has not been changed or logged into.
I installed the new separate SQL 2008R2 instance (i.e. I still have SBSMonitoring on the default SQL Server 2005 on my SBS 2008 Server) which is configured on TCPIP Port 1491, away from the standard 1433 for the existing SQL 2005 instance. Furthermore,
I created two new rules in the Firewall (Inbound and Outbound for Port 1491). I have not deleted any rules on the Firewall.
This is as far as I have got and I am stuck:
I have established Port 25 may now not be open. I have established this from the Server by trying to telnet to one of my providers.
open mail.complyport.co.uk 25
Connecting To mail.complyport.co.uk...Could not open connection to the host, on port 25: Connect failedStrangely, my Exchange Server is receiving Mail. I dont think I have any problems receiving mail.I have run a test on http://www.testexchangeconnectivity.com
The only issue that came back was a final warning Attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF recordI dont know if this is helpful, but when my Exchange Server was working fine, I was able to use Powershell to query the ExchangeServer. Now when I run the following command
PS C:\> Get-ExchangeServer | fl
I get the following error (I am not sure if the Exchange Module needs to be loaded?)
The term 'Get-ExchangeServer' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:19
+ Get-ExchangeServer <<<< | fl
+ CategoryInfo
: ObjectNotFound: (Get-ExchangeServer:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
This concerns me a little and I would appreciate if anyone has any ideas as to why this has stopped working?If I look at my Server Firewall Rules, I dont see anything either in the Inbound or Outbound rules thathas SMTP in the name or any rule that has a Local or Remote Port of 25. The question here is whether I need to open a Port? If so, how
can I audit who deleted the rule? How does it need to be set up?
Any steps would be really appreciated.
Many thanks and kind regards,
Bertie.
June 25th, 2012 4:25pm
hi,
Can you send internal message successful? I telnet the server as well and also get the same error. Can you telnet other domains?
If you use SBS 2008, i think you can get better help from this forum:http://social.technet.microsoft.com/Forums/en/smallbusinessserver/threads
hope can help you
thanks,
CastinLu
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
June 26th, 2012 4:04am
Dear CastinLu,
Thanks for the reply, I have a tread over there in Small Business Server. I have also posted some of the output from Exchange Query Analyzer and Exchange Management Shell. I would appreciate if you could review and let me know if anything looks suspicious
to you?
Many thanks and kind regards,
Bertie
Link to SBS Thread:
http://social.technet.microsoft.com/Forums/en/smallbusinessserver/thread/c60cf5e4-d872-43b1-a54d-3e1939bd887d
Copied below for your convenience:
Hi James,
Thanks for the help. Its such a long time since I have touched Exchange that I completely forgot to go though the Exchange Management Shell and not the Normal Windows Powershell ISE.
OK, I have copied in the results of the following commands:
Get-ExchangeServer | flGet-SendConnectorTest-Mailflow FQDN -TargetEmailAddress InternalMailAddress -VerboseTest-Mailflow FQDN -TargetEmailAddress ExternalMailAddress -Verbose (which fails)
As I have seen most security people change their addresses and firm names, I have done the same. however I am happy to send you the raw unedited information by mail if you need them.
Also, in the Queue Analyzer, I am seeing the following
error:
Next Hop Domain Delivery Type Status Message Count Next Retry Time Last Error
gmail.com DnsConnectorDelivery Active 9
External.com DnsConnectorDelivery Retry 2 26 June 2012 10:11:10 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or
delivery failed to all alternate hosts.
Submission Undefined Ready 0
Many thanks and kind regards,
Bertie
p.s. I am happy to send you the TCP/IP for the 2 SQL Server Instances if you feel that will be of any help as I made changes there on Friday. I do recall making changes, but though I only made changes to the TCP/IP of the new SQL Server 2008 instance and
not the SQL2005 SBSMonitoring instance. Just in case its of any help to you, from SQL Server Configuration Manager, if I look at SBSMonitoring, these are the settings for some of the IPAddresses
(Note that port 1 appears on my powershell Send Connector below):
################################################################################
SQL Server Configuration Manager (SBSMonitoring):
################################################################################IP5
Active = Yes
Enabled = No
IP Address = ::1
TCP Dynamic Ports = 0
TCP Port =
IP6
Active = Yes
Enabled = No
IP Address = 127.0.0.1
TCP Dynamic Ports = 0
TCP Port =
################################################################################
Exchange Management Shell:
################################################################################
Notes:
1. MyDomain replaced with contoso
2. MyServerName replaced with ServerName
3. My email address is of the form
bertie.surname1-surname2@contosobiz.co.uk
################################################################################
Normally the FQDN is the SMTP Address required. You can get that from the
following command:
[PS] C:\Windows\system32>Get-ExchangeServer | fl
Name : ServerName
DataPath : C:\Program Files\Microsoft\Exchange Server\
Mailbox
Domain : contoso.local
Edition : Standard
ExchangeLegacyDN : /o=First Organization/ou=Exchange Administr
ative Group (FYYYYYYYYYYYYLT)/cn=Configurat
ion/cn=Servers/cn=ServerName
Fqdn : ServerName.contoso.local
IsHubTransportServer : True
IsClientAccessServer : True
IsExchange2007OrLater : True
IsEdgeServer : False
IsMailboxServer : True
IsMemberOfCluster : No
IsProvisionedServer : False
IsUnifiedMessagingServer : False
NetworkAddress : {ncacn_vns_spp:ServerName, netbios:ServerName,
ncacn_np:ServerName, ncacn_spx:ServerName, ncac
n_ip_tcp:ServerName.contoso.local, ncalrpc
:ServerName}
OrganizationalUnit : contoso.local/ServerName
AdminDisplayVersion : Version 8.3 (Build 83.6)
Site : contoso.local/Configuration/Sites/Defaul
t-First-Site-Name
ServerRole : Mailbox, ClientAccess, HubTransport
ErrorReportingEnabled :
StaticDomainControllers : {}
StaticGlobalCatalogs : {}
StaticConfigDomainController :
StaticExcludedDomainControllers : {}
CurrentDomainControllers : {}
CurrentGlobalCatalogs : {}
CurrentConfigDomainController :
ProductID : xxxxx-xxx-xxxxxxx-xxxxx
IsExchange2007TrialEdition : False
IsExpiredExchange2007TrialEdition : False
RemainingTrialPeriod : 00:00:00
IsValid : True
OriginatingServer : ServerName.contoso.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=ServerName,CN=Servers,CN=Exchange Administ
rative Group (FYYYYYYYYYYYYLT),CN=Administr
ative Groups,CN=First Organization,CN=Micro
soft Exchange,CN=Services,CN=Configuration,
DC=contoso,DC=local
Identity : ServerName
Guid : 6aaaaad-7ded-9512-87f8-8bbbbbbbbbb1
ObjectCategory : contoso.local/Configuration/Schema/ms-Ex
ch-Exchange-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 12/03/2011 14:02:55
WhenCreated : 17/02/2011 13:03:28
################################################################################
[PS] C:\Windows\system32>Get-SendConnector
Identity AddressSpaces Enabled
-------- ------------- -------
Windows SBS Internet Send ServerName {smtp:*;1} True
################################################################################
Test-mail
Test-Mailflow ServerName.contoso.local -TargetEmailAddress
Nick@contosobiz.co.uk -Verbose
Test-Mailflow ServerName.contoso.local -TargetEmailAddress
MyGmail@gmail.com -Verbose
[PS] C:\Windows\system32>Test-Mailflow ServerName.contoso.local -TargetEmailAdd
ress Nick@contosobiz.co.uk -Verbose
VERBOSE: Test-Mailflow : Beginning processing.
VERBOSE: Test-Mailflow : Searching objects "ServerName.contoso.local" of type
"Server" under the root "$null".
VERBOSE: Test-Mailflow : Previous operation run on domain controller
'ServerName.contoso.local'.
VERBOSE: Test-Mailflow : Searching objects
"SystemMailbox{6aaaaaa3-f01e-6d14-b480-1dddddddddd0}" of type "ADSystemMailbox"
under the root "$null".
VERBOSE: Test-Mailflow : Previous operation run on global catalog server
'ServerName.contoso.local'.
VERBOSE: Testing mail flow.
TestMailflowResult MessageLatencyTime IsRemoteTest
------------------ ------------------ ------------
Success 00:00:00.6719193
True
VERBOSE: Test-Mailflow : Ending processing.
[PS] C:\Windows\system32>Test-Mailflow ServerName.contoso.local -TargetEmailAdd
ress MyGmail@gmail.com -Verbose
VERBOSE: Test-Mailflow : Beginning processing.
VERBOSE: Test-Mailflow : Searching objects "ServerName.contoso.local" of type
"Server" under the root "$null".
VERBOSE: Test-Mailflow : Previous operation run on domain controller
'ServerName.contoso.local'.
VERBOSE: Test-Mailflow : Searching objects
"SystemMailbox{6aaaaaa3-f01e-6d14-b480-1dddddddddd0}" of type "ADSystemMailbox"
under the root "$null".
VERBOSE: Test-Mailflow : Previous operation run on global catalog server
'ServerName.contoso.local'.
VERBOSE: Testing mail flow.
TestMailflowResult MessageLatencyTime IsRemoteTest
------------------ ------------------ ------------
*FAILURE* 00:00:00
True
VERBOSE: Test-Mailflow : Ending processing.
June 26th, 2012 6:40am
A SQLServerMVP has kindly suggested I need to verify my SMTP Connector on Exchange 2007 (embedded within SBS 2008), do you know how I can do that (or set up a new connector if you feel this will fix the problem?)
http://social.msdn.microsoft.com/Forums/en-US/sqlsetupandupgrade/thread/a6794784-8906-4256-add5-1c5a253f8bf9/
I have renamed the usual parts to Contoso (What I have renamed is in Bold)
[PS] C:\Windows\system32>Get-SendConnector | fl
AddressSpaces : {smtp:*;1}
AuthenticationCredential :
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
DNSRoutingEnabled : True
DomainSecureEnabled : False
Enabled : True
ForceHELO : False
Fqdn : remote.contosobiz.co.uk
HomeMTA : Microsoft MTA
HomeMtaServerId : MyServerName
Identity : Windows SBS Internet SendMyServerName
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
LinkedReceiveConnector :
MaxMessageSize : 10MB
Name : Windows SBS Internet SendMyServerName
Port : 25
ProtocolLoggingLevel : None
RequireTLS : False
SmartHostAuthMechanism : None
SmartHosts : {}
SmartHostsString :
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBBBBBBBBBBJR)
SourceTransportServers : {MyServerName}
UseExternalDNSServersEnabled : False
FYI, my ISP mentions I dont need a smart host.
Free Windows Admin Tool Kit Click here and download it now
June 26th, 2012 11:26am
Resolved on the Small Business Server forum. Details are here:
http://social.technet.microsoft.com/Forums/en/smallbusinessserver/thread/c60cf5e4-d872-43b1-a54d-3e1939bd887d
Many thanks
June 27th, 2012 12:18pm