 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows 2000 / DNS / February 2006outbound email problems
i have a win2k3 domain, active dir integ dns (on 2 dns servers) all behind isa 2000 server. dcdiag says everything is great , lol fantastic even. on all 3 dc's. reverse lookups fail everytime when i use the internal dns, if i use the server = (external dns server ip address) i can do all the querys i want. i think my forwarders are not working. this all came up becasue i have no outbound email with exch 2k3. the mail sits in the queue and eventually fails. when i run smtp diag i am told that it cant find the external dns server. i have tried leaving the dns servers in the smtp vs1, and tried with out ... neither works. (dns has external forwarders set up). i need all the help i can get... oh yeah my dns servers are not published. we pay the isp for a registered domain mx etc. oh yeah one more thing when i use the smtp diag with the same email address's but tell it to use a external dns server ip... it passes the tests.. weird eh > i have a win2k3 domain, active dir integ dns (on 2 dns servers) all > behind isa 2000 server. dcdiag says everything is great , lol [quoted text clipped - 15 lines] > > weird eh Lot's of assumptions here I'm sorry to say, on my part and your part. If dcdiag says AD is fine and error free, then it more likely is. It seems you have a configuration problem elsewhere causing mail not to flow. The nslookup "problem" you may be speaking of is probably something like it saying (and I;m guessing here with the LIMITED info you provided) that it can't find server name or domain name or along those lines. This is a message saying that it cannot find YOUR DNS server name in YOUR reverse zone. If you don;t have one, create a reverse zone for your internal private subnet and make sure a PTR entry exists for your DNS server. If nslookup is working when you select to use an external server, then I am assuming that ISA is allowing DNS query traffic to your internal subnet, that is if you are testing nslookup using an external server from a machine on the internal private subnet, unless of course you are testing it from the ISA server. To test if the forwarders are working, why not just select to use the forwarders with nslookup to see if they answer queries. If they do, then there;s nothing wrong with the forwarders. Maybe the issue is with your ISA config. It sounds like the mail server is not properly published. Maybe it's also an ISA rule to allow DNS traffic, or a combo of both. We'll need much more specific info about ISA and how it's configured, it's role (Secure NAT or just web caching, etc). This maybe more suitable for the ISA newsgroup, depending on your respones. Sorry, I just had to go over all the possibilities and factors affecting a possible diagnosis.  SignatureAce This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Having difficulty reading or finding responses to your post? Instead of the website you're using, I suggest to use OEx (Outlook Express or any other newsreader), and configure a news account, pointing to news.microsoft.com. This is a direct link to the Microsoft Public Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you to easily find, track threads, cross-post, sort by date, poster's name, watched threads or subject. Not sure how? It's easy: How to Configure OEx for Internet News http://support.microsoft.com/?id=171164 Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft MVP - Windows Server Directory Services Microsoft Certified Trainer Assimilation Imminent. Resistance is Futile. Infinite Diversities in Infinite Combinations. The only thing in life is change. Anything more is a blackhole consuming unnecessary energy. =========================== > > i have a win2k3 domain, active dir integ dns (on 2 dns servers) all > > behind isa 2000 server. dcdiag says everything is great , lol [quoted text clipped - 17 lines] > > Lot's of assumptions here I'm sorry to say, on my part and your part. sorry i couldnt be clearer...lol ive read and looked at so many things latley my brain is fried.... > If dcdiag says AD is fine and error free, then it more likely is. It seems > you have a configuration problem elsewhere causing mail not to flow. i figured as much > The nslookup "problem" you may be speaking of is probably something like it > saying (and I;m guessing here with the LIMITED info you provided) that it > can't find server name or domain name or along those lines. This is a > message saying that it cannot find YOUR DNS server name in YOUR reverse > zone. If you don;t have one, create a reverse zone for your internal private > subnet and make sure a PTR entry exists for your DNS server. i have a pointer record, and its also has a name server record > If nslookup is working when you select to use an external server, then I am > assuming that ISA is allowing DNS query traffic to your internal subnet, > that is if you are testing nslookup using an external server from a machine > on the internal private subnet, unless of course you are testing it from the > ISA server. correct i can use nslookup from any machine and the reverse query's work when i tell it to use the same forwarder ip's > To test if the forwarders are working, why not just select to use the > forwarders with nslookup to see if they answer queries. If they do, then [quoted text clipped - 5 lines] > configured, it's role (Secure NAT or just web caching, etc). This maybe more > suitable for the ISA newsgroup, depending on your respones. securenat i though of that too, but if i use telnet to port 25 on an external smtp server (ex mx4.hotmail.com) it talks, i cant send an email, but i expect that because i am trying to use it from the outside. the point is that i can connect and go through the motions of an email test. if i use the internal smtp server i get a unable to relay error when i try to set the rcpt to: account > Sorry, I just had to go over all the possibilities and factors affecting a > possible diagnosis. no again, sorry i couldnt have been clearer when i use smtpdiag with the internal dns it gives an error THE DNS SERVER (IP ADDRESS) DID NOT RETURN A VALID SOA RECORD but if i use smtpdiag with the -d external dns server ip it still fails the internal one when it checks, but the external one passes. i only figured it had something to do with dns because i cant resolve external ips even with forwarders set up this is what i get from dnsdiag with internal dns servers C:\WINNT\system32\inetsrv>dnsdiag www.hotmail.com -s 192.168.48.16 Created Async Query: -------------------- QNAME = www.hotmail.com Type = MX (0xf) Flags = UDP default, TCP on truncation (0x0) Protocol = UDP DNS Servers: (DNS cache will not be used) 192.168.48.16 Connected to DNS 192.168.48.16 over UDP/IP. Received DNS Response: ---------------------- Error: 9002 Description: Not available. Querying via DNSAPI: -------------------- QNAME = www.hotmail.com Type = A (0x1) Flags = DNS_QUERY_TREAT_AS_FQDN, (0x1000) Protocol = Default UDP, TCP on truncation Servers: (DNS cache will not be used) 192.168.48.16 Received DNS Response: ---------------------- Error: 1460 Description: Not available. Cannot resolve using DNS only, calling gethostbyname as last resort. This will query - Global DNS servers. - DNS cache. - WINS/NetBIOS. - .hosts file. Target hostnames and IP addresses --------------------------------- HostName: "www.hotmail.com" 206.24.192.250 this is what i get with external servers set up C:\WINNT\system32\inetsrv>dnsdiag www.hotmail.com -s 198.164.30.2 Created Async Query: -------------------- QNAME = www.hotmail.com Type = MX (0xf) Flags = UDP default, TCP on truncation (0x0) Protocol = UDP DNS Servers: (DNS cache will not be used) 198.164.30.2 Connected to DNS 198.164.30.2 over UDP/IP. Received DNS Response: ---------------------- Error: 0 Description: Success These records were received: www.hotmail.com CNAME www.hotmail.com.nsatc.net www.hotmail.com.nsatc.net CNAME www.hotmail.aate.nsatc.net nsatc.net SOA (SOA records are not used by us) Processing MX/A records in reply. Sorting MX records by priority. Querying via DNSAPI: -------------------- QNAME = www.hotmail.com Type = A (0x1) Flags = DNS_QUERY_TREAT_AS_FQDN, (0x1000) Protocol = Default UDP, TCP on truncation Servers: (DNS cache will not be used) 198.164.30.2 Received DNS Response: ---------------------- Error: 0 Description: Success These records were received: www.hotmail.com CNAME www.hotmail.com.nsatc.net www.hotmail.com.nsatc.net CNAME www.hotmail.aate.nsatc.net www.hotmail.aate.nsatc.net A 66.35.214.30 nsatc.net (Record type = 2) Unknown record type nsatc.net (Record type = 2) Unknown record type nsatc.net (Record type = 2) Unknown record type nsatc.net (Record type = 2) Unknown record type nsatc.net (Record type = 2) Unknown record type l.ns.nsatc.net A 216.206.179.6 c.ns.nsatc.net A 64.240.90.167 a.ns.nsatc.net A 206.25.8.69 us-ny-3.ns.nsatc.net A 64.152.2.44 us-wa-4.ns.nsatc.net A 208.172.91.5 Processing CNAME: www.hotmail.com CNAME www.hotmail.com.nsatc.net Processing CNAME: www.hotmail.com.nsatc.net CNAME www.hotmail.aate.nsatc.net www.hotmail.com.nsatc.net is an alias for www.hotmail.com.nsatc.net www.hotmail.com is an alias for www.hotmail.com 1 A record(s) found for www.hotmail.aate.nsatc.net Target hostnames and IP addresses --------------------------------- HostName: "www.hotmail.com" 66.35.214.30 both of these were done from the dns server. i can give you the messages from the smtpdiag tool too if you want man thanks alot for looking, i am behind the 8 ball here undr just for sh.ts and giggles ill include the smtpdiag from the exchange server when i tell it to us the default method (use internal, and then any external forwarders set up un smtp vs1) C:\Program Files\Windows Resource Kits\Tools\smtpdiag\SmtpDiag>smtpdiag validmailaddress @hotmail.com validmailaddress@xerox.ca Searching for Exchange external DNS settings. Computer name is NBCC-SJS04. VSI 1 has the following external DNS servers: 198.164.30.2 Checking SOA for xerox.ca. Checking external DNS servers. Checking internal DNS servers. DNS server [192.168.48.16] did not return a valid SOA record. SOA serial number match: Failed with one or more failures. Checking local domain records. Checking MX records using TCP: hotmail.com. Warning: The TCP DNS query returned no results. Checking MX records using UDP: hotmail.com. Warning: No MX or A records were found for the local domain. If the records are not configured, incoming mail can fail to be delivered to this server. Checking remote domain records. Checking MX records using TCP: xerox.ca. Warning: The TCP DNS query returned no results. Checking MX records using UDP: xerox.ca. Error: No MX or A records were found for the remote domain. Verify that the remote domain is valid. Your firewall allows outbound DNS queries (Windows NT/2000 Server requires TCP), and your DNS server can resolve external domains. ################################################################ when i tell it to use a external server for dns ( the same one i use for dns forwarders ) C:\Program Files\Windows Resource Kits\Tools\smtpdiag\SmtpDiag>smtpdiag validmailaddress @hotmail.com validmailaddress@xerox.ca -d 198.164.30.2 Searching for Exchange external DNS settings. Computer name is NBCC-SJS04. VSI 1 has the following external DNS servers: 198.164.30.2 Checking SOA for xerox.ca. Checking external DNS servers. Checking internal DNS servers. DNS server [192.168.48.16] did not return a valid SOA record. SOA serial number match: Failed with one or more failures. Checking local domain records. Checking MX records using TCP: hotmail.com. Checking MX records using UDP: hotmail.com. Both TCP and UDP queries succeeded. Local DNS test passed. Checking remote domain records. Checking MX records using TCP: xerox.ca. Checking MX records using UDP: xerox.ca. Both TCP and UDP queries succeeded. Remote DNS test passed. Checking MX servers listed for validmailaddress@xerox.ca Connecting to xbs.xerox.ca [205.150.246.2] on port 25. Connecting to the server failed. Error: 10060 Failed to submit mail to xbs.xerox.ca. Connecting to mail.uunet.ca [142.77.2.9] on port 25. Successfully connected to mail.uunet.ca. Connecting to mail.uunet.ca [142.77.1.58] on port 25. Successfully connected to mail.uunet.ca. Connecting to mail.uunet.ca [142.77.2.24] on port 25. Successfully connected to mail.uunet.ca. Connecting to mail.uunet.ca [142.77.2.13] on port 25. Successfully connected to mail.uunet.ca. Connecting to mail.uunet.ca [142.77.2.11] on port 25. Successfully connected to mail.uunet.ca. Connecting to mail.uunet.ca [142.77.2.10] on port 25. Successfully connected to mail.uunet.ca. hope it helps undr > just for sh.ts and giggles ill include the smtpdiag from the exchange > server [quoted text clipped - 134 lines] > > undr It seems that possibly ISA is not allowing DNS traffic. When using nslookup from the Exchange server, and you select to use 192.168.48.16 as the server for nslookup, does it work? On your internal DNS, did you disable recursion or does the Root zone exist? Ace the root zone does not exist, and no recursive doesnt work when i tell it to use internal dns > In news:eBclHP8MGHA.2828@TK2MSFTNGP12.phx.gbl, > news.microsoft.com <mortonj@spammernb.sympatico.ca> stated, which I [quoted text clipped - 145 lines] > > Ace sorry also the recursion is not diabled, and there are no errors in the dns event log, i have had some related to problems with active directory replication, but after i sorted that out everything has been fine other than outound email > sorry also the recursion is not diabled, and there are no errors in > the dns event log, i have had some related to problems with active > directory replication, but after i sorted that out everything has > been fine other than outound email Ok, so recursion is NOT disabled, as I see you've posted that a couple times. Understood. BUT, you didn't respond to my ISA question. That is relevant, believe it or not. I still believe there's something up with the ISA config. Maybe posting this to the ISA group may yield better results. Ace >> The nslookup "problem" you may be speaking of is probably something >> like it saying (and I;m guessing here with the LIMITED info you [quoted text clipped - 5 lines] > > i have a pointer record, and its also has a name server record I was hoping you would offer what message or error was nslookup giving you?? FYI, if the machine you are running nslookup from is using the internal DNS in it;s IP properties, then it should be able to do a reverse lookup and won';t show that 'can't find domain' message, if that what you were talking about?? >> If nslookup is working when you select to use an external server, >> then I am assuming that ISA is allowing DNS query traffic to your [quoted text clipped - 4 lines] > correct i can use nslookup from any machine and the reverse query's > work when i tell it to use the same forwarder ip's Then I'm leaning to something up with YOUR DNS. What Event log errors do you have? Post the Event ID#'s and Source Names please. >> To test if the forwarders are working, why not just select to use the >> forwarders with nslookup to see if they answer queries. If they do, [quoted text clipped - 54 lines] > > undr It seems as I said, something it up or misconfigured in your DNS. Is recursion disabled under ADvanced tab, or an yting else disabled? Does the Root zone exist? Ace recursion is not disabled when i do an nslookup with the internal server, i get dns request timed out. however when i ping say hotmail dot com ... the thing wont ping (i have that blocked) but it resolves the ip even after i do a flush dns etc > In news:ueKnRH8MGHA.1088@tk2msftngp13.phx.gbl, > news.microsoft.com <mortonj@spammernb.sympatico.ca> stated, which I [quoted text clipped - 93 lines] > > Ace i replied via outlook express if it doesnt show up here in five or ten minutes, i will post it in here...okay? > > i have a win2k3 domain, active dir integ dns (on 2 dns servers) all > > behind isa 2000 server. dcdiag says everything is great , lol [quoted text clipped - 46 lines] > Sorry, I just had to go over all the possibilities and factors affecting a > possible diagnosis. recursion for thing sinside the network does work, iut is only domains outside of the network > recursion for thing sinside the network does work, iut is only domains > outside of the network Is there a firewall? |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.