Bad NIC Settings Cause Internal Messages to Queue with 451 4.4.0 DNS query failed (nonexistent domain)


Overview:

I’ve come across this with customers a few times now & it can be a real head scratcher. However, the resolution is actually pretty simple.

 

Scenario:

Customer has multiple Exchange servers in the environment, or has just installed a 2nd Exchange server into the environment. Customer is able to send directly out & receive in from the internet just fine but is unable to send email to/through another internal Exchange server.

This issue may also manifest itself as intermittent delays in sending between internal Exchange servers.

In either scenario, messages will be seen queuing & if you run a “Get-Queue –Identity QueueID | Formal-List” you will see a “LastError” of “451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDomain; nonexistent domain”.

 

Resolution:

This issue can occur because the Properties of the Exchange Server’s NIC have an external DNS server listed in them. Removing the external DNS server/servers & leaving only internal (Microsoft DNS/Active Directory Domain Controllers in most customer environments) DNS Servers; followed by restarting the Microsoft Exchange Transport Service should resolve the issue.

 

Summary:

The Default Configuration of an Exchange Server is to use the local Network Adapter’s DNS settings for Transport Service lookups.

(FYI: You can alter this in Exchange 07/10 via EMS using the Set-TransportServer command or in EMC>Server Configuration>Hub Transport>Properties of Server. Or in Exchange 2013 via EMS using the Set-TransportService command or via EAC>Servers>Edit Server>DNS Lookups. Using any of these methods, you can have Exchange use a specific DNS Server.)

Because the default behavior is to use the local network adapter’s DNS settings, Exchange was finding itself using external DNS servers for name resolution. Now this seemed to work fine when it had to resolve external domains/recipients but a public DNS server would likely have no idea what your internal Exchange servers (i.e. Ex10.contoso.local) resolve to.The error we see is due to the DNS server responding, but it just not having the A record for the internal host that we require. If the DNS server you had configured didn’t exist or wasn’t reachable you would actually see slightly different behavior (like messages sitting in “Ready” status in their respective queues).

 

An Exchange server, or any Domain-joined server for that matter, should not have its NICs DNS settings set to an external/ISPs DNS server (even as secondary). Instead, they should be set to internal DNS servers which have all the necessary records to discover internal Exchange servers.

 

References

http://support.microsoft.com/kb/825036

http://technet.microsoft.com/en-us/library/bb124896(v=EXCHG.80).aspx

“The DNS server address that is configured on the IP properties should be the DNS server that is used to register Active Directory records.”

http://technet.microsoft.com/en-us/library/aa997166(v=exchg.80).aspx

http://exchangeserverpro.com/exchange-2013-manually-configure-dns-lookups/

http://thoughtsofanidlemind.com/2013/03/25/exchange-2013-dns-stuck-messages/

 

Advertisements

Cant send to a moved email domain.


After removing a domain from the local Exchange 2003 server and moving to a different mail solution (cloud or on prem doesn’t matter) we were unable to send any more email to that domain at all…… it would get stuck in categorizer and return an NDR

We removed the Domain from the Email address policy as well as making sure it didn’t exist in the SMTP virtual server or any connectors.

 

After doing that we were still unable to send any email to the external domain ( mail tracking showed it getting an NDR from categorizer)

also any email sent to that domain from the new 2010 mail system on the same domain does work, so only mail from the 2003 does not work…… hmmm

After much log reading and troubleshooting the answer was in the IIS MetaBase. (increase categorizer logging and look for event 6015)

 

We had to use MetaBase explorer to remove the old removed domain from IIS\SMTP

To resolve this problem, follow these steps:

  1. Install IIS 6.0 Resource Kit Tools. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

    840671 (http://support.microsoft.com/kb/840671/ ) The IIS 6.0 Resource Kit Tools

  2. Open IIS Metabase Explorer.
  3. Expand LM, and then expand SmtpSvc.
  4. There are two items that are listed under SmtpSvc. 1 and another item If you expand the both items, you can see domain names.
  5. Right-click the invalid domain name, and then click Delete.
  6. Restart the Simple Mail Transfer Protocol service and the Microsoft Routing Engine service.

http://support.microsoft.com/kb/952841

Testing SMTP


So this is fairly basic but I realized I don’t have anything laying out the basic tools for testing SMTP posted.

Test with Telnet

  1. Determine the address of your SMTP server (unless you already know it or are testing local to the server)
    1. Open a command line (each line is a line return)
    2. type nslookup
      1. set type=mx
      2. domain.com
      3. Record the results
  2. Test with Telnet
    1. telnet <mail.domain.com> 25
      1. (this could be localhost or the output from the nslookup step)
      2. If you mistype past this point hit enter and try again don’t use backspace)
    2. ehlo mail.mydomain.com (you can replace ehlo with helo if your not using an exchange server)
    3. mail from: test@domain.com
    4. rcpt to: user@domain.com
    5. data
    6. Subject: This is a test
    7. Here you type your test message
    8. . (this is a period)
    9. quit

Web Based tools

Local Test tools

  • Pop3\SMTP mail client (outlook\express, thunderbird)
  • powershell
  • CMD\Telnet

Exchange 2007\2010 Powershell tools

  • Test-EdgeSynchronization (if using an edge subscription)
  • Test-Mailflow
  • Test-SmtpConnectivity

Supporting URLs

Cant upgrade an Address Policy after removing your 2003 exchange server.


When you try to update your address policy according to documentation  on your 2010 or 2007 Exchange:

Set-EmailAddressPolicy “Default Policy” –IncludedRecipients AllRecipients

You get the following error:
Set-EmailAddressPolicy : The recipient policy “Default Policy” with mailbox man
ager settings cannot be managed by the current version of Exchange Management C
onsole. Please use a management console with the same version as the object.
At line:1 char:23
+ Set-EmailAddressPolicy  <<<< “Default Policy” -IncludedRecipients AllRecipien

  1. Remove Mailbox manager from 2003
  2. Manually change the attrib of the Policy
    1. Start –> Run –> Adsiedit
    2. Right Click ADSI Edit –> Connect to –> Configuration
    3. image
    4. Expand Configuration Container [server_dc.yourdomain.com] –> CN=Configuration… –> CN=Services –>  CN=Microsoft Exchange –> CN=Your_Exchange_Org_Name Expand Recipient Policies
    5. image
      default policy -> properties
      MsExchPolicyOptionList value
    6. image
    7. Click Edit –> Edit
    8. image
    9. remove the MailBox Manager Policy hex Value
      • FC 1C 49 26 50 9E 57 48 86 1B 0C B8 DF 22 B5 D7 = Address List pol
      • EC 13 68 3B 89 CE BA 42 94 42 D8 7D 4A A3 0D BC = MailBox Manager Policy
  3.  

 

http://msexchangeteam.com/archive/2007/01/11/432158.aspx

Meeting invite changes and cancelations get stuck in queue


When sending meeting changes or cancelations to another mail server outside of your exchange 2003 organization messages get stuck in the queue and you Get the following errors:

Event Type: Warning
Event Source: MSExchangeTransport
Event Category: Exchange Store Driver
Event ID: 327

If an administrator tries to open the message in the Exchange System Manager console, the administrator may receive the following error message:Unable to open for delivery

To verify this is the issue follow these steps on the message that is stuck.

  1. Launch MFCMAPI and select OK.
  2. Choose Session –> Logon –> Display Store Table
  3. Select the proflle used to open the mailbox
  4. In the returned items look for the row that has "Mailbox – <username>" and double click to open the row
  5. In the new "Mailbox – <username>" window expand the Root – Mailbox folder
  6. Expand the IPM_SUBTREE (or the mailbox) folder
  7. Open the calendar folder by double clicking on it.
  8. In the new "Calendar" window navigate to the appointment item (you can sort by Subject by clicking the Subject column)
  9. Right click the appointment item and choose "Display Recipient Table" from the menu
  10. In the recipients table scroll to the right until you can view the column named "PR_RECIPIENT_TRACKSTATUS"
  11. Note the number value for each recipient and this will indicate their tracking status on the item.
  12. If the value is 0 then it means that the tracking status is not available.

In order to fix this issue apply this hot fix.
http://support.microsoft.com/kb/938650

Error when Creating an Recovery Storage Group in 2007


You may get an error similar to this when you are trying to create a RSG in 2007

Error encountered while trying to add database (Mailbox Database) into recovery storage group (Recovery Storage Group). Error message is: The mailbox database that you specified is already associated with a recovery mailbox database. Specified mailbox database: DATA-BASE-GUID.

 

This may be caused by an existing RSG, this includes on your 2003 exchange server.

Remove any RSGs on all exchange servers and re-run the RSG creation on 2007

New user takes a long time to show up in the GAL


Add these all together and you can have quite a lag in seeing new users in your GAL.

  1. GAL generation (should happen at time of user creation but may be delayed by DC replication)
  2. Offline address book generation (every 24 hrs)
  3. OAB replicated to the CAS (can take up to 8 hours)
  4. Outlook download of OAB (24 hours from last download)

Things you can do to reduce lag.

  • Increase the OAB generation schedule (default is once a day @ 5:00 am)
    • EMC –> Organization Configuration –> Mail Box –> Offline address Book <tab> –> Properties of OAB –> Click Customize next to Update schedule –> modify to fit your needs (be careful to not make it often)
    • Sample script to set it to 4 times a day for every OAB (use caution as this could cause undue load on the server\client)
      • get-offlineaddressbook | set-offlineaddressbook -schedule “Sun.5:00 AM-Sun.6:00 AM, Sun.10:00 AM-Sun.11:00 AM, Sun.3:00 PM-Sun.4:00 PM, Sun.8:00 PM-Sun.9:00 PM, Mon.5:00 AM-Mon.6:00 AM, Mon.10:00 AM-Mon.11:00 AM, Mon.3:00 PM-Mon.4:00 PM, Mon.8:00 PM-Mon.9:00 PM, Tue.5:00 AM-Tue.6:00 AM, Tue.10:00 AM-Tue.11:00 AM, Tue.3:00 PM-Tue.4:00 PM, Tue.8:00 PM-Tue.9:00 PM, Wed.5:00 AM-Wed.6:00 AM, Wed.10:00 AM-Wed.11:00 AM, Wed.3:00 PM-Wed.4:00 PM, Wed.8:00 PM-Wed.9:00 PM”
  • Change OAB download interval in outlook (From MSKB# 841273)
    1. On the Tools menu, point to Send/Receive, point to Send/Receive Settings, and then click Define Send/Receive Groups.
    2. Click New.
    3. Type a name for the custom group.
    4. Click your Exchange account, and then click to select the Include the selected account in this group check box.
    5. Under Select the options you want for the selected account group, make sure that the only check box that is selected is Download offline address book, and then click OK.
    6. In the Send/Receive Groups dialog box, click your new group.
    7. Under Setting for group Group_name, click to select only the Schedule an automatic send/receive every check box, and then enter the number of minutes.
    8. Under When Outlook is offline, click to clear the check boxes.
    9. Click Close.

Forcing update

  1. Get-GlobalAddressList | Update-GlobalAddressList
  2. Get-OfflineAddressBook | Update-OfflineAddressBook
  3. Get-ClientAccessServer | Update-FileDistributionService
  4. Download Full OAB in outlook
    1. On the Tools menu, point to Send/Receive, and then click Download Address Book.
    2. In the Offline Address Book dialog box, make sure that the Download changes since last Send/Receive check box is checked.
    3. Click OK.