Need small help seems to be issue is related to DNS, as I am unable to perform nslookup few of the domains due to that Mail are getting stuck on my Edge Server, when I tried to add the public DNS on my Edge server which are in DMZ like google public DNS then mail towards few domains are going but still few are in loop so any idea what can be done to fix this issue. Apart from this if you will look into the cashub01 and 02 which are internal transport server there also message are getting increasing , so pls help me to fix this issue.

hi, Confirm that your DNS server is configure properly. I think that your DNS have some problem. Can you ping your hub/cas successful from your edge? hope can help you thanks,CastinLu TechNet Community Support

yeah i am also suspecting the same as i am unable the ping from Domain Name as from IP address i am able to..the CASHUB server from Edge server and vice versa. As Everything is in production so what change i can do to fix this ..two weeks back there were some activity happened on firewall so i hope that not the cause. As more issue is that few of the domain i an unable to send the email.. pls help..

Update.. As earlier on Edge Transport server Public DNS was configured so i changed it to internal DNS due to this name resolution started happening and on one of the Edge server i am seeing the queue count towards cashub server is 0 but on edge two server (second one ) still there are 40 message are stuck so what should i do to clear those as well. pls help

On Thu, 28 Jun 2012 10:59:55 +0000, Jugalkumar wrote: > > >Need small help seems to be issue is related to DNS, as I am unable to perform nslookup few of the domains due to that Mail are getting stuck on my Edge Server, when I tried to add the public DNS on my Edge server which are in DMZ like google public DNS Why are you not using the DNS provided by your ISP? >then mail towards few domains are going but still few are in loop so any idea what can be done to fix this issue. If the messages are looping the proble probably isn't DNS (unless the domain is misconfigured, and if that's the case there's nothing you can do ablut t unless it's your domain and your DNS). >Apart from this if you will look into the cashub01 and 02 which are internal transport server there also message are getting increasing , so pls help me to fix this issue. cashub01 and cashub01 are configured to send e-mail to another smart host for delivery. The only reason they'd be using DNS is if you have the name of the smart host(s) instead of the IP addresses of the smart hosts configured. If that's the case then the DNS problem is likely affecting them, too. Replace the names with IP addresses and the messages should be delivered unless you're having some other problem with network connectivity. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Rich, as i mentioned that unable to send email to one of the domain name i tried sending the same while adding the ip address to the HOST file of the EDGE server but still i am seeing the email is stuck towards that domain. When i tried sending the same through external account like Yahoo then i am getting the reply , so what else can i check from my side which is causing the issue. pls help..

On Thu, 5 Jul 2012 17:39:17 +0000, Jugalkumar wrote: >Rich, as i mentioned that unable to send email to one of the domain name i tried sending the same while adding the ip address to the HOST file of the EDGE server but still i am seeing the email is stuck towards that domain. When i tried sending the same through external account like Yahoo then i am getting the reply , so what else can i check from my side which is causing the issue. pls help.. You have only a single AD site? And "cashub01" and "cashub02" are in the same AD site? I don't understand why your HT servers are listed as a "next hop" if that's true. Check your "Routing Log Viewer". If you have an Edge server you should see (in the "Address Space" tab) a SMTP address space and, beneath it, a "*". If you continue to expand each level you should see your "EdgeSync - <Site>toInternet" route. I don't think you should see any other outbound routes. Do you see other routes for delivering messages in the SMTP address type? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

What you are seeing the next hop for cashub01 /02 is on edge servers, that is for inbound emails. No we have other AD sites as well but all that are connected separately to internet , the cashub01" and "cashub02" are in the same AD site . While checking the routing group log viewer on edge server i went to Address Space Tab and yes there is only one Outbound route to internet as you mentioned but apart from this there are some inbound routes as well which is set to COST 100. As i am seeing there few domains which on which the mas are getting piled up ..is anything i need to check on DNS part ?

Rich can u pls guide me from where i have to start to fix the issue thanks Below are the things i performed from my edge server. Unable to send emails to few of the domains ex: ripley.com.pe From Edge server their i tried pinging the domain ripley.com.pe but unable to ping as getting request timed out.Tried nslookup and tracert pls find the below results

Rich u r there ??I tried sending SMTP through telnet , apart from this as the protocol logging is enabled but i did not to see the logs towards that domain " ripley.com.pe" Apart from this i added the mx records for "ripley.com.pe" on mine DNS host files as well does that help here ?? seems to be not still mail is stuck in mine Edge server ----------------------------------------------------- 220 smtp.bancoripley.com.pe, smtp.ripley.com.pe HELO abc.com 250 smtp.ripley.com.pe MAIL FROM:jugal@abc.com 250 2.1.0 Ok RCPT TO:user@ripley.com.pe 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> SUBJECT:Test Mail pls ignore it . 250 2.0.0 Ok: queued as 95813290043 ------------------------------------------------------------------

On Fri, 6 Jul 2012 11:59:33 +0000, Jugalkumar wrote: >Rich can u pls guide me from where i have to start to fix the issue thanks > >Below are the things i performed from my edge server. > >Unable to send emails to few of the domains ex: ripley.com.pe From Edge server their i tried pinging the domain ripley.com.pe but unable to ping as getting request timed out.Tried nslookup and tracert pls find the below results The IP address you should be using is 190.223.53.197, not 200.62.228.162. I can ping that IP address without error, and I can send them e-mail. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Mon, 9 Jul 2012 08:43:41 +0000, Jugalkumar wrote: >Rich u r there ??I tried sending SMTP through telnet , apart from this as the protocol logging is enabled but i did not to see the logs towards that domain " ripley.com.pe" Apart from this i added the mx records for "ripley.com.pe" on mine DNS host files as well does that help here ?? No, it won't help unless your DNS is authoritative for that domain. >seems to be not still mail is stuck in mine Edge server >----------------------------------------------------- >220 smtp.bancoripley.com.pe, smtp.ripley.com.pe >HELO abc.com >250 smtp.ripley.com.pe >MAIL FROM:jugal@abc.com >250 2.1.0 Ok >RCPT TO:user@ripley.com.pe >250 2.1.5 Ok >DATA >354 End data with <CR><LF>.<CR><LF> >SUBJECT:Test Mail pls ignore it > >. >250 2.0.0 Ok: queued as 95813290043 >------------------------------------------------------------------ Was that SMTP conversation from your Edge server? You see the message leaving the HT server and headed for the Edge server, correct? And you see the message arrive at the Edge server from the HT server? Can you add another send connector on the edge server that has ripley.com.pe as the only address space value? Set that send connector to deliver the email to IP addresss 190.223.53.197 instead of using DNS to locate the target server. Does the mail still remain on the edge server? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

thanks for your reply rich, just want to share that i spoke to ripley IT folks and informed the same so the they informed to us that they have an internet IP change, then could be necessary update the records into our servers. Ripleys technical area inform to us his publics IP addresses for his exchange servers. As they say, we must configure it into our DNS, so why we need to configure in my DNS ??? i did not get this ..why we need to do this and if we will be doing this for all then we need to create n number of entries i don;t think that will be a feasible solution.

Update .. when i added this entry - 190.223.53.69 smtp.ripley.com.pe into my edge server host file then mail flow started .. so still do not know why we need to add this ..?

On Tue, 10 Jul 2012 05:35:03 +0000, Jugalkumar wrote: >thanks for your reply rich, just want to share that i spoke to ripley IT folks and informed the same so the they informed to us that they have an internet IP change, then could be necessary update the records into our servers. What? Do you meant to say that YOU should be responsible for managing THEIR DNS? Or were they suggesting that your DNS server has cached a query result that hasn't expired? >Ripleys technical area inform to us his publics IP addresses for his exchange servers. As they say, we must configure it into our DNS, so why we need to configure in my DNS ??? I have no idea. If the address is "public" then it shouldn't be in your DNS. >i did not get this ..why we need to do this and if we will be doing this for all then we need to create n number of entries i don;t think that will be a feasible solution. I'm hoping that you've misinterpreted what was told to you. If, indeed, you DO have any information in your DNS for another domain (for which you aren't truely authoritative) then you shuld remove it. If you don't then I think you should purge the local resolver cache on your Exchange servers and your DNS caches. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Tue, 10 Jul 2012 06:47:40 +0000, Jugalkumar wrote: >Update .. when i added this entry - 190.223.53.69 smtp.ripley.com.pe into my edge server host file then mail flow started .. so still do not know why we need to add this ..? I'll bet that if you removed that item fro your hosts file it'd still work. Their MX record no reports a different IP address than it did yesterday. That, to me, says that they changed the "A" record but they didn't shorten the TTL value on it a couple of days before they changed it. DNS servers everywhere had the 190.223.53.197 address in their caches. Your DNS wouldn't ask another DNS for the "A" record until the TTL expired. Once that happened the NEW "A" record would be returned (and cached). But wait! Look at this! I get different results for the same domain name! One time it's 190.223.53.197, another time it's 190.223.53.69. Using the bank's own DNS servers (ns1.bancoripley.com.pe and ns2.bancoripley.com.pe) yields two different "A" records for the same name. Their DNS is the problem and THEY need to fix it, not you. > server 190.223.53.67 Default Server: [190.223.53.67] Address: 190.223.53.67 > smtp.ripley.com.pe. Server: [190.223.53.67] Address: 190.223.53.67 Name: smtp.ripley.com.pe Address: 190.223.53.197 > server 190.223.53.195 DNS request timed out. timeout was 2 seconds. Default Server: [190.223.53.195] Address: 190.223.53.195 > smtp.ripley.com.pe. Server: [190.223.53.195] Address: 190.223.53.195 Name: smtp.ripley.com.pe Address: 190.223.53.69 --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Thanks rich.. i tried to remove the entry for ripley.com.pe from my HOST file on edge server but still if i will remove then the message will stuck in the queue and one more thing as i am trying to run the EXBPA from Edge server so i am getting the below results is something issue with my edge server ? i am just trying to run the BPA to test if their is some thing on my side... As my Edge is in DMZ and i am able to perform telnet from edge towards cashub servers. but getting the below error is that due to that DMZ as my edge is in DMZ ? For DNS issue i am not able to ping the DC but able to perform nslookup from edge server .

On Wed, 11 Jul 2012 06:59:57 +0000, Jugalkumar wrote: > > >Thanks rich.. i tried to remove the entry for ripley.com.pe from my HOST file on edge server but still if i will remove then the message will stuck in the queue and one more thing as i am trying to run the EXBPA from Edge server so i am getting the below results is something issue with my edge server ? i am just trying to run the BPA to test if their is some thing on my side... As my Edge is in DMZ and i am able to perform telnet from edge towards cashub servers. but getting the below error is that due to that DMZ as my edge is in DMZ ? > >For DNS issue i am not able to ping the DC but able to perform nslookup from edge server . Is your edge server in a DMZ (I see that you say it is)? Is port 53/udp open from the DMZ to your LAN? What about port 53/tcp? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

It should be .. is there any way i can validate it's opened or not both the ports ? thanks

I tested with SMTP DIAG from edge server with /v and below are the results. ----------------------------------------------. D:\SmtpDiag>smtpdiag "jugal@abc.com" "user@ripley.com.pe" /v Searching for Exchange external DNS settings. Computer name is EDGE01. Failed to connect to the domain controller. Error: 8007054b Checking SOA for ripley.com.pe. Checking external DNS servers. Checking internal DNS servers. Checking TCP/UDP SOA serial number using DNS server [10.104.0.41]. TCP test failed. UDP test succeeded. Serial number: 2012070400 Checking TCP/UDP SOA serial number using DNS server [10.104.0.214]. TCP test failed. UDP test succeeded. Serial number: 2012070400 SOA serial number match: Passed. Checking local domain records. Starting TCP and UDP DNS queries for the local domain. This test will try to validate that DNS is set up correctly for inbound mail. This test can fail for 3 reasons. 1) Local domain is not set up in DNS. Inbound mail cannot be routed to local mailboxes. 2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail, but will affect outbound mail. 3) Internal DNS is unaware of external DNS settings. This is a valid configuration for certain topologies. Checking MX records using TCP: abc.com. Warning: The TCP DNS query returned no results. Checking MX records using UDP: abc.com. MX: cashub01.abc.corp.local (10) MX: cashub02.abc.corp.local (10) A: cashub01.abc.corp.local [10.0.2.32] A: cashub02.abc.corp.local [10.0.2.33] Checking remote domain records. Starting TCP and UDP DNS queries for the remote domain. This test will try to validate that DNS is set up correctly for outbound mail. This test can fail for 3 reasons. 1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows 2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP queries first, then fall back to TCP queries. 2) Internal DNS does not know how to query external domains. You must either use an external DNS server or configure DNS server to query external domains. 3) Remote domain does not exist. Failure is expected. Checking MX records using TCP: ripley.com.pe. Warning: The TCP DNS query returned no results. Checking MX records using UDP: ripley.com.pe. MX: smtp.ripley.com.pe (10) A: smtp.ripley.com.pe [190.223.53.197] Checking MX servers listed for user@ripley.com.pe. Connecting to smtp.ripley.com.pe [190.223.53.197] on port 25. Received: 220 smtp.bancoripley.com.pe, smtp.ripley.com.pe Sent: ehlo abc.com Received: 250-smtp.ripley.com.pe 250-PIPELINING 250-SIZE 12582912 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Sent: mail from: <jugal@abc.com> Received: 250 2.1.0 Ok Sent: rcpt to: <user@ripley.com.pe> Received: 250 2.1.5 Ok Sent: quit Received: 221 2.0.0 Bye Successfully connected to smtp.ripley.com.pe.

On Thu, 12 Jul 2012 11:26:28 +0000, Jugalkumar wrote: >I tested with SMTP DIAG from edge server with /v and below are the results. Okay. So port 53/tcp isn't allowed from your DNZ into you LAN. That's not usually a problem as long as 53/udp is allowed. But you might consider opening 53/tcpp from your edge to your LAN as that might make the ExBPA warning disappear. I've gotta say, though, that I've never seen a 220 response that that teo FQDNs in it! --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

what to do next to fix the issue ... :-( pls suggest..

On Fri, 13 Jul 2012 07:00:07 +0000, Jugalkumar wrote: >what to do next to fix the issue ... :-( pls suggest.. You can just leave the entry in your hosts file. As for port 53/tcp, talk to the person responsible for you firewall. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP