1

Quick disclaimer - this is still a test server, so there is no loss to production, just a delay. I'm way out of my depth, and I'm lucky to be in this position to learn, but I'm really not the sysadmin I need to be. I'd really appreciate your help. I hope this doesn't just get closed straightaway - it is long but I'm trying to provide as much detail about the problem and my attempts to diagnose as possible.

I'm having trouble moving my Exchange server. I had it functioning on server1 but that box was a big mess and doing too many things, so I've tried to move it, and I've got a problem.

I left Server1 as it was and installed Exchange on Server2. Then I created a new Mailbox Database on Server2, moved all the mailboxes and removed the database on Server1. Now neither server is accepting external mail (I can change where port 25 goes, I have console to the router). There are other things not working too, but I'm trying to ask a single question, so my question is:

WHY IS EXTERNAL MAIL FROM (e.g.) HOTMAIL TO ME@MYDOMAIN.COM FAILING TO ARRIVE IN MY INBOX?

Note no firewalls are involved, and only port 25 is forwarded to the server.

If I connect to server1 with a local (by local I mean a different machine on my LAN) SMTP test tool which is basically a telnet script, I can send email from myself to myself and every other time (or every second time, if you prefer) I get this output and the mail arrives in my inbox:

(I have changed my domain to fishkake.com and changed my full name to this.is.me - everything else is verbatim)

Connecting to mail server.
Connected.
220 server1.bear.fishkake.com Microsoft ESMTP MAIL Service ready at Tue, 14 Nov 2017 18:33:16 +0000
EHLO NARWHAL
250-server1.bear.fishkake.com Hello [192.168.27.226]
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST
RSET
250 2.0.0 Resetting
MAIL FROM: <this.is.me@fishkake.com>
250 2.1.0 Sender OK
RCPT TO: <this.is.me@fishkake.com>
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
.
250 2.6.0 <00de62536a0ba089478648879a357182@tvgsecurity.com> [InternalId=4419521347585, Hostname=server1.bear.fishkake.com] Queued mail for delivery
Forcing disconnection from SMTP server.
QUIT
221 2.0.0 Service closing transmission channel
Disconnected.

Message Sent Successfully

However EVERY OTHER TIME I get the below (and no mail is delivered). I don't know why it is flipping between which server it uses to send the message, nor why server2 fails:

Connecting to mail server.
Connected.
220 server1.bear.fishkake.com Microsoft ESMTP MAIL Service ready at Tue, 14 Nov 2017 18:38:59 +0000
EHLO NARWHAL
250-server1.bear.fishkake.com Hello [192.168.27.226]
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST
RSET
250 2.0.0 Resetting
MAIL FROM: <this.is.me@fishkake.com>
250 2.1.0 Sender OK
RCPT TO: <this.is.me@fishkake.com>
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
.
250 2.6.0 <15d7d80c09be871885a17c8b0a08b208@tvgsecurity.com> [InternalId=137438953495, Hostname=server2.bear.fishkake.com] 1940 bytes in 0.144, 13.137 KB/sec Queued mail for delivery
Forcing disconnection from SMTP server.
QUIT
221 2.0.0 Service closing transmission channel
Disconnected.

Message Sent Successfully

Finally, if I use the SMTP test tool on server2 to do the same thing, I get this:

Connecting to mail server.
Connected.
220 server2.bear.fishkake.com Microsoft ESMTP MAIL Service ready at Tue, 14 Nov 2017 18:55:53 +0000
EHLO NARWHAL
250-server2.bear.fishkake.com Hello [192.168.27.226]
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST
RSET
250 2.0.0 Resetting
MAIL FROM: <this.is.me@fishkake.com>
250 2.1.0 Sender OK
RCPT TO: <this.is.me@fishkake.com>
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
.
451 4.7.0 Temporary server error. Please try again later. PRX2 

Error: SMTP protocol error. 451 4.7.0 Temporary server error. Please try again later. PRX2 .
Failed to send messageForcing disconnection from SMTP server.
QUIT
221 2.0.0 Service closing transmission channel
Disconnected.

I will be happy to perform any more steps and provide outputs to help you to help me. Anything is appreciated. Thank you.

EDIT - at Robbie's request, I ran the following command:

[PS] C:\Windows\system32>Get-ReceiveConnector | fl name, transportrole, bindings, remoteipranges


Name           : Default server1
TransportRole  : HubTransport
Bindings       : {0.0.0.0:2525, [::]:2525}
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

Name           : Client Proxy server1
TransportRole  : HubTransport
Bindings       : {[::]:465, 0.0.0.0:465}
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

Name           : Default Frontend server1
TransportRole  : FrontendTransport
Bindings       : {[::]:25, 0.0.0.0:25}
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

Name           : Outbound Proxy Frontend server1
TransportRole  : FrontendTransport
Bindings       : {[::]:717, 0.0.0.0:717}
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

Name           : Client Frontend server1
TransportRole  : FrontendTransport
Bindings       : {[::]:587, 0.0.0.0:587}
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

Name           : Default server2
TransportRole  : HubTransport
Bindings       : {0.0.0.0:2525, [::]:2525}
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

Name           : Client Proxy server2
TransportRole  : HubTransport
Bindings       : {[::]:465, 0.0.0.0:465}
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

Name           : Default Frontend server2
TransportRole  : FrontendTransport
Bindings       : {[::]:25, 0.0.0.0:25}
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

Name           : Outbound Proxy Frontend server2
TransportRole  : FrontendTransport
Bindings       : {[::]:717, 0.0.0.0:717}
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

Name           : Client Frontend server2
TransportRole  : FrontendTransport
Bindings       : {[::]:587, 0.0.0.0:587}
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
fishkake
  • 35
  • 1
  • 6
  • Can you please confirm that the Exchange server's DNS is working properly? That is, make sure it's resolvable internally, and make sure it can properly resolve both internal and external hostnames? Can you please post your receive connector config(s)? You can sanitize the IP addresses if needed, just make sure they're correct. Open an Exchange management shell and run: get-receiveconnector | fl name,transportrole,bindings,remoteipranges – RobbieCrash Nov 14 '17 at 20:29
  • Robbie - I've added this command by editing the original post above, I don't know if that's the done thing. I can ping server2 internally, and EXTERNALLY my domain resolves to my one and only static IP - both A and MX resolve to the same thing. I'm not great at internal DNS - Exchange does a lot of the work for you on install, unfortunately in my case. – fishkake Nov 14 '17 at 22:58
  • If you look at the queues on Server2 do you see anything in undeliverable? – RobbieCrash Nov 14 '17 at 23:05
  • Bit of a change - all those "every second time" messages were delivered to my inbox all at once, some 2 hours after the test was done. So there is nothing in the queue now but I will try running the tests again. – fishkake Nov 14 '17 at 23:11
  • Yes, some DNS errors are there I think. This appears to be a DNS problem somehow, I'll post more detail tomorrow - thank you for pointing me (hopefully) the right direction, more to follow. – fishkake Nov 14 '17 at 23:21
  • Did you follow any guides to do this? Migrating exchange server is a massive task and takes a lot of steps. I know this is 2013 to 2016 but it should give you an idea of what is involved: https://www.kerneldatarecovery.com/blog/step-by-step-guide-for-migrating-exchange-server-2013-to-2016-part-1 – Appleoddity Nov 15 '17 at 00:07
  • Removing the mailbox database on the first Exchange server isn't the appropriate method of removing Exchange from the organization or from AD. Uninstall Exchange on the first server to remove it from the organization and from AD. Then see what the results of your tests are. – joeqwerty Nov 15 '17 at 01:36
  • OK - I uninstalled Exchange from server1 as suggested (I couldn't do that before removing the database). Now I can't log in to OWA or ECP on server2, I get a 500 error on either one. So I now can't see my inboxes, so I can't see if the mails are arriving. However I still get the same 451 4.7.0 Temporary Server Error when I try it with telnet. – fishkake Nov 15 '17 at 09:47
  • Well thanks for telling me to uninstall and re-test and then disappearing. I've ended up figuring it all out, removing every trace of Exchange and rebuilding it on a new server manually. – fishkake Nov 19 '17 at 00:19

1 Answers1

0

I'm going to use the answer section simply because in comments the code will not display properly.

For the receive connector part. Please show the results of:

Get-ReceiveConnector "Default Frontend server2" | fl name, TransportRole, Bindings, PermissionGroups

To make sure outside world is actually will be able to connect to your server. Navigate to https://mxtoolbox.com/diagnostic.aspx and validate that the world are able to reach your server on port 25.

For the part of the virtual directories, connectivity, etc:

Get-OabVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-WebServicesVirtualDirectory | fl server, Name,ExternalURL, InternalURL, *auth*
Get-EcpVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-ActiveSyncVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-OutlookAnywhere | fl server, Name, *hostname*, *auth*
Get-OwaVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-ClientAccessService | fl Name,OutlookAnywhereEnabled, AutodiscoverServiceInternalUri
Get-ExchangeCertificate | fl FriendlyName, Subject, CertificateDomains, Thumbprint, Services, Issuer, *not*
Get-MapiVirtualDirectory | fl server, Name,ExternalURL,InternalURL, *auth*

Mask the real FQDN of the domain.

Vick Vega
  • 2,398
  • 16
  • 22
  • Hi there, thanks a lot for coming back. Unfortunately I reached the point where I needed something working, so I backed up as much as I could manually, then emptied and removed the database so I could uninstall the server, and installed it afresh on a new server. For the record, I suspect Autodiscover was at least partly to blame. It's sad that I'll never know the cause, but such is life. Thanks anyway! – fishkake Nov 23 '17 at 08:05