Welcome to ISAserver.org

Unable to send/receive Internet email

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> General >> Unable to send/receive Internet email

Page: [1]

Message

<< Older Topic Newer Topic >>

Unable to send/receive Internet email - 23.Jul.2003 5:17:00 PM

nowikn

Posts: 87
Joined: 27.Jun.2001
From: Dallas, TX
Status: offline

For the past few days, I have been unable to send/receive Internet email . . . I have not made any changes to my ISA Server or Exchange 5.5 server. Please review my setup and provide assitance!

* Exchange 5.5 server pointing to ISA Server via SecureNAT

* All clients using SecureNAT to connect to Internet.

* Unable to resolve NSLOOKUP from Exchange server or clients on network - BUT am able to do this from ISA Server itself.

* Have stopped the web proxy and firewall service on ISA Server (and removed the cache file) then restarted related service.

* Stopped / Restarted Internet Mail Service on Exchange server.

* Removed and re-added Exchange server on ISA Server.

* From the ISA server after typing NSLOOKUP, then SETQ=MX, I get this error message:

*** yogi.yada.net can't find setq=mx: Non-existent domain (this is my ISP's DNS server)

==========

Any help would be appreciated - please send responses to nowikn@yahoo.com if possible.

Post #: 1

Featured Links*

RE: Unable to send/receive Internet email - 23.Jul.2003 8:24:00 PM

nowikn

Posts: 87
Joined: 27.Jun.2001
From: Dallas, TX
Status: offline

C'mon guys . . . no response??! I have been posting on this site for over 2 years now, and this issue really has me (and my ISP) stumped!

[Confused]

(in reply to nowikn)

Post #: 2

RE: Unable to send/receive Internet email - 23.Jul.2003 8:37:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Nicholas,

if you can't resolve external DNS names, then you have a DNS related issue. Do you have an internal DNS server with forwarders?

To test your inbound SMTP, perform a 'telnet IP_Address 25' from an external host. The IP address is the ISA external IP address from your publishing rule. The connection should succeed.

To test your outbound SMTP, perform a 'telnet IP_Address 25' from the exchange server. The IP address is one of a SMTP server on the Internet. The connection should succeed.

HTH,
Stefaan

(in reply to nowikn)

Post #: 3

RE: Unable to send/receive Internet email - 23.Jul.2003 8:39:00 PM

nowikn

Posts: 87
Joined: 27.Jun.2001
From: Dallas, TX
Status: offline

Our DNS is being hosted by our ISP.

Can you test this for me as I cannot test from within my network:

www.benefit1.com
mail.benefit1.com
66.60.79.130

Your assistance is greatly appreciated!

P.S. Could this be an issue on my ISP's side? If so, what as I have not changed my ISA config in over 2 years!

(in reply to nowikn)

Post #: 4

RE: Unable to send/receive Internet email - 23.Jul.2003 9:18:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Nicholas,

I can resolve mail.benefit1.com and mail.benefit1.com from any ISP DNS server. I can happily surf to http://www.benefit1.com/ . So, your ISA server is still running. However, I can *not* connect to your published SMTP server:

code:

Winsock: Connecting to 66.60.79.130:25
Winsock Error: 10061
* Description: Connection is forcefully rejected
* Scode: 0x800A274D
Winsock: Closed

Please do the following test: from ISA server itself, perform a 'telnet IP_address 25'. Use as IP address the internal IP address of the Exchange_Server. If that is *not* working, there is a problem with the exchange server. I would then first reboot the exchange server.

Which DNS server IP addresses do you use? I can check if they are still valid.

HTH,
Stefaan

(in reply to nowikn)

Post #: 5

RE: Unable to send/receive Internet email - 23.Jul.2003 9:28:00 PM

nowikn

Posts: 87
Joined: 27.Jun.2001
From: Dallas, TX
Status: offline

I rebooted both my Exchange and ISA servers at 2pm CST / both servers were back online by 2:07pm. I had connectivity to my ISP from the Exchange server from 2:07pm to 2:11pm CST (IP of ISP's DNS 66.60.64.32 & 33). When I telnet to my Exchange server's IP address / port 25 I get this:

220 bnft1.benefit1.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready

Thanks again for your help!

(in reply to nowikn)

Post #: 6

RE: Unable to send/receive Internet email - 23.Jul.2003 9:41:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Nicholas,

the exchange server seems to be OK. Also, the DNS servers are still valid and working:

code:

Header:
   ID=58350, QR=Response, Opcode=QUERY, RCODE=NO ERROR
   Authoritative Answer=Yes, Truncation=No
   Recursion Desired=Yes, Recursion Available=Yes
   QDCOUNT=1, ANCOUNT=1, NSCOUNT=2, ARCOUNT=2
Question:
   Name=www.benefit1.com, QTYPE=ALL, QCLASS=1
Answer Section:
- Name=www.benefit1.com
    Type=A, Class=1, TTL=600 (10 Minutes), RDLENGTH=4
    IP Address=66.60.79.130
Authority Records Section:
- Name=benefit1.com
    Type=NS, Class=1, TTL=600 (10 Minutes), RDLENGTH=14
    Name Server=ns1.yada.net
- Name=benefit1.com
    Type=NS, Class=1, TTL=600 (10 Minutes), RDLENGTH=6
    Name Server=ns2.yada.net
Additional Records Section:
- Name=ns1.yada.net
    Type=A, Class=1, TTL=600 (10 Minutes), RDLENGTH=4
    IP Address=66.60.64.32
- Name=ns2.yada.net
    Type=A, Class=1, TTL=600 (10 Minutes), RDLENGTH=4
    IP Address=66.60.64.33

So, it seems to be an ISA server problem.
I assume you have also configured the ISP DNS servers on ISA server. Can you perform a nslookup from there?

Also, web publishing seems to work and I suppose you can surf from an internal host too. Correct?

Did you already explored the event log for any warnings/errors? What are the ISA logs telling you, particular the Firewall and IP packet log?

HTH,
Stefaan

[ July 23, 2003, 09:42 PM: Message edited by: spouseele ]

(in reply to nowikn)

Post #: 7

RE: Unable to send/receive Internet email - 23.Jul.2003 9:45:00 PM

nowikn

Posts: 87
Joined: 27.Jun.2001
From: Dallas, TX
Status: offline

We are able to surf the Internet w/ no issues (my DNS rules were re-verified), and I am able to resolve NSLOOKUP on the ISA Server itself . . . I am looking at the ISA logs now and have already looked at the event view on both the Exchange and ISA servers (no strange / new errors to report).

Thanks again, and I'll report back in a few minutes w/ my findings from the ISA logs.

(in reply to nowikn)

Post #: 8

RE: Unable to send/receive Internet email - 23.Jul.2003 9:52:00 PM

nowikn

Posts: 87
Joined: 27.Jun.2001
From: Dallas, TX
Status: offline

Stefaan, is there anything in particular that will stand out in the ISA logs as a 'smoking gun' . . .?

(in reply to nowikn)

Post #: 9

RE: Unable to send/receive Internet email - 23.Jul.2003 9:58:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Nicholas,

ok, it sounds it is only the Firewall service who has problems!

In the IP packet log look for blocked packets to TCP port 25 inbound/outbound and UDP/TCP port 53 outbound. In the Firewall log, first check if you have entries with Result Code (sc-status) = 13301 what means 'Request denied by the firewall policy'.

HTH,
Stefaan

[ July 23, 2003, 10:00 PM: Message edited by: spouseele ]

(in reply to nowikn)

Post #: 10

RE: Unable to send/receive Internet email - 23.Jul.2003 10:04:00 PM

nowikn

Posts: 87
Joined: 27.Jun.2001
From: Dallas, TX
Status: offline

Here is a line from the FWxxxxx.log file w/ with Result Code (sc-status) = 13301:

192.168.1.2 - - 2003-07-23 13:30:13 BNFT2 - 64.23.81.68 25 - - - 25 TCP Connect 13301 3 3308

(in reply to nowikn)

Post #: 11

RE: Unable to send/receive Internet email - 23.Jul.2003 10:17:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Nicholas,

this line is telling me that the internal station 192.168.1.2 tries to connect to 64.23.81.68 on TCP port 25 (SMTP) but is denied access by the ISA server. I can't determine if it is a protocol or site&content rule which is causing this because the fields Rule#1 and Rule#2 seems not to be logged.

To get the most information out of the logfiles, I strongly recommend to enable the logging of all fields. In the MMC, go to the node Monitoring Configuration, then select Logs. In the details pane, right-click the applicable service and then click Properties. On the Fields tab, click Select All.

HTH,
Stefaan

(in reply to nowikn)

Post #: 12

RE: Unable to send/receive Internet email - 24.Jul.2003 3:43:00 PM

nowikn

Posts: 87
Joined: 27.Jun.2001
From: Dallas, TX
Status: offline

RESOLUTION!

The ISA Server issue was finally resolved last evening w/ the help of Microsoft (yes, Microsoft) . . . the issue was that I needed to apply ISA Server "Feature Pack 1" which contained a few obscure patches for ISA along with an unpublished patch that is only available to users that had the same problem I did over the past few days.

The Microsoft tech reviewed every aspect of my config on the ISA Server and gave his blessing (i.e. everything was very secure & configured properly) but offered a few pointers to boost performance a bit on the ISA Server.

Bottom line: be sure to have Feature Pack 1 installed PLUS the update which was released after Feature Pack 1 . . . do it as soon as you can as it will resolve any current or future problems that may arise.

(in reply to nowikn)

Post #: 13

RE: Unable to send/receive Internet email - 24.Jul.2003 9:06:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Nicholas,

glad to hear you got it working and thanks for the follow up! [Smile]

For keeping the ISA servers up-to-date, I implement the recommended updates mentioned at http://www.microsoft.com/isaserver/downloads/default.asp .

You said "...PLUS the update which was released after Feature Pack 1...". Can you elaborate on this?

Thanks,
Stefaan

(in reply to nowikn)

Post #: 14

RE: Unable to send/receive Internet email - 28.Jul.2003 6:47:00 PM

nowikn

Posts: 87
Joined: 27.Jun.2001
From: Dallas, TX
Status: offline

What's really frustrating is that Feature Pack 1 is an 'optional' update, but it turns out that FP1 includes updates that are not listed on Microsoft's website. And to top it off, I was instructed by the support engineer to install another patch on my ISA server that is NOT available to the general public which expires in 2 days if not used (ID and password needed for the udpate).

Very interesting stuff............. [Mad]

[ July 28, 2003, 06:55 PM: Message edited by: nowikn ]

(in reply to nowikn)

Post #: 15

RE: Unable to send/receive Internet email - 28.Jul.2003 8:04:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Nicholas,

according to the Microsoft ISA server site http://www.microsoft.com/isaserver/downloads/default.asp , the Feature Pack 1 is an *recommended* update! [Smile]

Thanks,
Stefaan

(in reply to nowikn)

Post #: 16

RE: Unable to send/receive Internet email - 29.Jul.2003 1:10:00 AM

nowikn

Posts: 87
Joined: 27.Jun.2001
From: Dallas, TX
Status: offline

Tomato, tomato - potato, potato - recommended, optional . . . don't ya just love it??!

[Big Grin]

(in reply to nowikn)

Post #: 17

RE: Unable to send/receive Internet email - 29.Jul.2003 9:29:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Nicholas,

after more then 25 years in the networking world you have to love service packs, patches, hotfixes, etc. from Cisco, Netscreen, Extreme networks, 3Com, Siemens, Microsoft and many others, otherwise you should step out of this business! [Razz]