Jack Holmes 
United Kingdom
Member since
6/3/2008
Registered Users
Posts: 25
 |
| 7/15/2008 05:56 PM |
|
Hi everyone, I'm really desperate for help!
Our email system was fine until very recently. Last Friday a member of staff tried to send some data in a zip file to someone and it wasn't received on the other side even though it showed up in the Sent Items as being sent, and the attachment wan't too large. The staff member didn't receive any "Undeliverable" messages. Same thing happened to another user (staff member) yesterday, and I am keen for it not to happen again.
Today, another user came to me with a different problem. They were expecting an email from someone, and the other party had sent the email four times but it didn't reach my user. The email was then sent to the user's yahoo, and they received it fine. This email had an attachment of only about 1.1MB, and I'm sure that the user isn't over their usage limit yet.
To make matters worse, the user tried to send a test email from their yahoo to their work email (the domain name registered with the Exchange Server in question) and got an undeliverable email from yahoo with the message:
89.16.176.57 does not like recipient.
Remote host said: 550 Unrouteable address
Giving up on 89.16.176.57.
I tried to send an email from my work address ( so internal) and the user received it. However I tried to send to the same user@workdomain from my yahoo and I got a similar mailer-daemon email.
Now I have just tried to send an email to myself@workdomain from my yahoo, and whilst I haven't received it ( I sent it 6 minutes ago), I haven't had a "mailer-daemon" email either! It all just seems bizarre, can anyone help with this please?! It'll be so very much appreciated. Thanks!
|
|
|
|
|
|
Kevin Da Silva
Mississauga, Canada
Member since
1/12/2008
Registered Users
Posts: 563
|
| 7/15/2008 06:36 PM |
|
Try to telnet to your Exchange server from an External address and see if it goes through.
Have your MX records changed? Can you resolve them correctly?
Are there any errors on the Exchange server in the application log? |
|
MCSE:Messaging, MCTIP, SBS Specialist |
|
|
|
Jack Holmes
United Kingdom
Member since
6/3/2008
Registered Users
Posts: 25
|
| 7/16/2008 02:26 AM |
|
I can't Telnet to my Exchange server... and I can't even access RWW from home! - though I believe those two things amount to the same thing?
I can't check the MX records, or errors in the app log until I get into work in the morning.
Is it also worth mentioning that on Sunday and Monday we had some SYN Flood attacks and UDP & TCP Port Scans detected. They were picked up by the first firewall that our server is behind (or so I thought), which is one provided by our ISP. The server is behind another firewall provided by a Linksys WRVS4400N. Could those DoS attacks have anything to do with these issues?
|
|
|
|
|
|
Kevin Da Silva
Mississauga, Canada
Member since
1/12/2008
Registered Users
Posts: 563
|
| 7/16/2008 03:48 AM |
|
They very well might, can you even ping your external IP's?
Can you resolve your DNS records externally? From the sounds of things it looks like a network issue, can you access any external resources from inside the LAN?
|
|
MCSE:Messaging, MCTIP, SBS Specialist |
|
|
|
Jack Holmes
United Kingdom
Member since
6/3/2008
Registered Users
Posts: 25
|
| 7/16/2008 10:11 AM |
|
Hi, I can ping my external IP Address from inside the LAN.
Unfortunately I'm not quite sure what you mean by "resolve my DNS records externally"..?
I believe I can access external resources from inside the LAN, I mean I can access websites on the internet, and I can send emails to both internal and external (web-based) email accounts.
Also, I've checked on the web interface for the broadband entry point (which is a router provided by my ISP), and there are no devices listed as in the "Local Network". Previously, and as recently as Monday, there was one device listed, which was our SBS Box (also our Exchange server), and now there's none. We have also had 426 attacks this week, 2 of them Syn Flood ones... Is there a way to stop these attacks?! |
|
|
|
|
|
Jack Holmes
United Kingdom
Member since
6/3/2008
Registered Users
Posts: 25
|
| 7/16/2008 10:16 AM |
|
| Oh and in the Event Viewer, the only Exchange related Warning is that a message tracking log file was deleted. However this seems to have been happening for some time now, so I'm guessing it's normal? |
|
|
|
|
|
Jack Holmes
United Kingdom
Member since
6/3/2008
Registered Users
Posts: 25
|
| 7/16/2008 12:48 PM |
|
Right, I have contacted my ISP, and they gave me a solution, although I think it is a temp one. We have two routers before the SBS Box, both with firewalls, and they said for me to allow all applications through the first one, so that only the second one did any real work. This new setting means emails can now be received from third party domains, but I am concerned because the previous settings worked, and I don't see why it should change. The more protection the better I would've though, especially in the world today. Therefore I see this as only a temporary solution.
What I'd like to know is, are there any "Best Practice" guides/articles about how to correctly set up network access to and from an SBS Box, and maybe even one that is specific to certain network device manufacturers?
|
|
|
|
|
|
Marina Roos
The Netherlands
Member since
3/24/2005
Forum Admins
Posts: 12290
|
| 7/17/2008 02:44 AM |
|
Hi Jack,
Why do you have 2 routers before the SBS?
Please, post an ipconfig /all from the server and a workstation. Open a command prompt by opening Start -> Run from the Start Menu and type cmd. From the command prompt type ipconfig /all >ip.txt. Attach this file to your answer.
|
|
| Marina Roos Smallbizserver.Net Administrator | Mission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain' |
|
|
|
|
Jack Holmes
United Kingdom
Member since
6/3/2008
Registered Users
Posts: 25
|
| 7/17/2008 01:53 PM |
|
We have that because we have the modem/router provided by our ISP, and then the IT Consultant who helped us set up the server advised for us to get a Wireless N router (as we have wired and wireless functionality in our offices). So the summary of the setup is Broadband Entry Point --> BT Router --> Linksys WRVS4400N --> Switch --> Server, workstations, PoE Switches, printer etc.
I've attached the ipconfig details for a server(ips) and workstation. Thanks for the links, I'll download the BPA as well.
|
 Attachment: 1717532559354.txt
Attachment: 1717532559358.txt
|
|
|
|
|
Marina Roos
The Netherlands
Member since
3/24/2005
Forum Admins
Posts: 12290
|
| 7/19/2008 06:12 PM |
|
Hi Jack,
A very weird setup indeed. I hope you have set security on the wireless router. You are missing WINS on the servernic, which should be pointing to 192.168.1.10. The clients are pointing to two gateways, which is wrong. They should only point to the 192.168.1.1 IP (which you set in the DHCP server, Scope options).
|
|
| Marina Roos Smallbizserver.Net Administrator | Mission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain' |
|
|
|
|
Jack Holmes
United Kingdom
Member since
6/3/2008
Registered Users
Posts: 25
|
| 7/24/2008 11:48 AM |
|
[quote]You are missing WINS on the servernic, which should be pointing to 192.168.1.10 [/quote]
How do I fix this please? In DHCP, Scope Options, WINS/NBINS Server IS set to 192.168.1.10 already...
[quote] The clients are pointing to two gateways, which is wrong. They should only point to the 192.168.1.1 IP[/quote]
I had it set with two gateways because I put in the internal IP Addresses of the two wireless routers that we have (to cover two buildings).
Thanks |
|
|
|
|
|
Jack Holmes
United Kingdom
Member since
6/3/2008
Registered Users
Posts: 25
|
| 7/24/2008 04:38 PM |
|
I have installed and run the BPA. It found a number of issues that I am working through. However I am stumped on one which says "LANNIC registry value may be incorrect". I have gone to the KB article http://support.microsoft.com/default.aspx/kb/875422 , was following Method 3 like the BPA suggested, and was fine up until I got to Point 2, and specifically "Make a note of the external network adapter GUID also."
Sounds pretty naive, but what is the external network adapter (and does its GUID look anything like the LAN Adapter's)? I have three GUIDs come up under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ and I know which is the LAN Adapter GUID, just don't know which would be the external network adapter GUID. I've googled it but no joy there. All help is as always very much appreciated! |
|
|
|
|
|
Marina Roos
The Netherlands
Member since
3/24/2005
Forum Admins
Posts: 12290
|
| 8/31/2008 03:06 AM |
|
Hi Jack,
The icwlog.txt file will have the GUIDs for the internal and external nics. To add WINS: properties nic, tcp/ip, advanced, tab WINS.
|
|
| Marina Roos Smallbizserver.Net Administrator | Mission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain' |
|
|
|
|
Jack Holmes
United Kingdom
Member since
6/3/2008
Registered Users
Posts: 25
|
| 9/01/2008 01:47 PM |
|
Thanks Marina.
I have been able to add a WINS value. I have also been able to change the LANNIC entry in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer subkey to the right one.
However for the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\Connectivity\ICW subkey, I don't have a Last_2nd_Nic_Guid entry. Which might have something to do with the fact that there was no "WAN NIC GUID" value in the icwlog. (I'm guessing that's what the external nic would be called if the internal is called LAN NIC GUID). Am I still alright, or do I need to create a value for the 2nd_Nic. Please advise. Thanks for all your help so far, it is very much appreciated. |
|
|
|
|
|
Marina Roos
The Netherlands
Member since
3/24/2005
Forum Admins
Posts: 12290
|
|
Jack Holmes
United Kingdom
Member since
6/3/2008
Registered Users
Posts: 25
|
| 9/02/2008 04:48 PM |
|
Hi Marina,
All the previous issues flagged up by the BPA have been cleared, thanks! There are a few others, but they mainly have to do with installing some Windows Updates, nothing that looks too bizarre!
I do have a final question about something though, I just installed WSUS 3.0 (on the BPA's) recommendation. In the setup I told it to only download updates for products which I had selected (based on what we have in-house). Now I've got the Blue Shield issue coming up on BPA. Surely I can ignore this as I have configured BPA purposely for this - so that it doesn't d/l updates that I don't need (as I don't have the software)?
|
|
|
|
|
|
Marina Roos
The Netherlands
Member since
3/24/2005
Forum Admins
Posts: 12290
|
| 9/08/2008 10:36 PM |
|
Hi Jack,
If you have R2, you would have to change those settings in WSUS if you want to keep using the Update Services in the Server Management. If you don't have R2, or if you don't care about the Update Services, you can ignore the BPA for that.
|
|
| Marina Roos Smallbizserver.Net Administrator | Mission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain' |
|
|
|
|
Nick Petry
United States
Member since
9/26/2007
Registered Users
Posts: 15
|
| 9/09/2008 05:55 PM |
|
Jack,
You may want to set your Cable Modem Router to pass through to your 2nd Router. Be careful that you are using a Firewall Box or are using Windows Security. There will be instructions or your ISP will be able to assist you in setting it up to pass through.
Hope it helps.
Nick Petry
|
|
|
|
|
|
Jack Holmes
United Kingdom
Member since
6/3/2008
Registered Users
Posts: 25
|
| 9/10/2008 10:52 AM |
|
Thanks Marina,
I think I will have to ignore the BPA and SBS Update Services. Seems a shame, but I can't now undo what I've done, seems pointless. Which begs the question, why oh why have MS developed software that conflicts with other MS products?! This just makes an IT professionals work harder! Or am I alone in thinking this?
|
|
|
|
|
|
Jack Holmes
United Kingdom
Member since
6/3/2008
Registered Users
Posts: 25
|
| 9/10/2008 10:58 AM |
|
Cheers Nick, I already configured this a while back right after the problems occured. Good to know thought that the idea is shared by another pro :o).
|
|
|
|
|
|