Firewall

[cmg214]

Find out what your external IP is, there are many online services that can show it to you.
Then start a command prompt (cmd) and type:

nslookup
server <your ISP's DNS> (override your hosted dns if any)
set type=mx
<yourdomain.com>

This will return the real MX record(s) of your server. Sometimes ISP's forget to update it at your first request or might not do it unless they have a signed fax with your company header, etc, etc...
If the MX record is different from the IP address and you aren't using any mail reflector or other mail forwarding service, this is your problem (unless you have a more complex configuration, with several Internet IP addresses on the firewall so that your outgoing IP might be different, but most likely still in the same subnet)
There might be another "hidden" issue: some ISP's are blocking incoming traffic to client's ports 25 and 80. Using a different ISP that you know is not blocking those ports, try in a command prompt "telnet <router's external ip> 25". If you get "connect failed" then something is blocking you (either your ISP or the router). Just make sure the router is properly configured.
You can also find the route of your connection. In a command prompt type "tracert www.yahoo.com" and see the hops. Check that it matches what you know it should be.
Going back to command.com - it just emulates the MS-DOS environment for 16 bit applications; it also doesn't support long filenames.
Now stab me.

I did get connect failed when I tried the telnet ........25

[corturbra]

Okay, where do I start:

I have called the ISP to update Mx records, which they must have doen, because we are getting email-right?
I did run the tracert, but I didn't recognized any of IP's it "jumped" to or from.....all started with 216. . .

Correct if they have updated your MX records so long as they are pointing directly to your server then e-mail should now be flowing.

As for the tracert command.... it will basically list all ip addresses (hops) it finds on its way to the destination for example tracert to www.yahoo.co.uk, assuming that your IP address is 10.0.0.1, gateway of 10.0.0.5

On a tracert the first hop should be to your gateway - 10.0.0.5 in this example, the next should be a router at your ISP.....

[corturbra]

I did get connect failed when I tried the telnet ........25

Where were you telneting in from? If your server has been configured correctly it should only be accepting port 25 connections from the server itself and the mail server at your ISP that delivers mail to you, so this is not an unusual occurrence.

[cmg214]

Right picked up your ipconfig and a modded version is here for others to help out..... I'd say CeeBee is on the money, I can't get command to work on my 2000/XP machine, all I get is an error... also not nice to dig at those trying to help

Here are the results of ipconfig/all:
Node type: Hybrid
IP Routing Enabled:yes
WINS Proxy Enabled: no

Ethernet adapter LAN-Intel:
IP: 10.0.0.1
Subnet Mask: 255.255.255.0
DNS Servers: 10.0.0.1
Primary WINS server: 10.0.0.1

Ethernet WAN-USB
DHCP enabled: no
IP Address: 1.1.1.1
Subnet Mask: 255.255.255.248
Default Gateway: 1.1.1.2
DNS servers: 10.0.0.1

Ok I've changed the IP addresses on the ipconfig for obvious reasons.... so I'm guessing that when the ICW was run it has setup the MS firewall, which is where I'm now at a loss, as I've never used it. I've also never setup a server in this way, always using separate hardware to achieve the DMZ instead of the server itself. Technically there is no reason why this should cause a problem, it all appears fine.

However, as on one of my original posts if the WAN IP address has changed from what your ISDN router previously had, then that will affect mail delivery/OWA. If this consultant chap has just changed you over, but not commmunicated these changes to your ISP, then I think this is where the problem lies.

1. Check with your ISP to see where they think your mail is being delivered to
2. Send an e-mail to an internet account (I've some GMail accounts going if you want one) and reply, and see what the message is that comes back, this message will tell us heaps about the issue
3. From outside of your work organisation, ping the name of what you are using for OWA (for example mail.overhere.com (no need to use the /exchange on the ping)) and see if the address matches either of the two addresses listed on the WAN-USB config.
4. Ask your consultant to do more than say 'it should work' thats about as helpful as a chocolate fire guard. If it was configured correctly then it WOULD work, obviously something is not working and its to do with the transfer from ISDN to T1. If you haven't paid him yet for the work, tell him you're not until he fixes it....

Keep us informed!

I am not too familar with gmail, although I hear it's cool. Please tell me how to get one.
As far as the WAN IP address changing, router is now in T1 connector. Not sure what configuration changes needed to be made, hence the visit from the "Ken", the consultant. I assumed he made, all necessary changes, and he says he did.......

Now here's a weird one. I was able to connect to OWA from my machine this a.m., but it still is inaccessible from outside. ...

[cmg214]

Where were you telneting in from? If your server has been configured correctly it should only be accepting port 25 connections from the server itself and the mail server at your ISP that delivers mail to you, so this is not an unusual occurrence.

I did it from the server.......

[corturbra]

Ok, to check the right syntax open up a command prompt (cmd) and type (without quotes) "telnet <ip address of server> 25" remember the space after the ip address, that should let you telnet.

OWA will work internal to your network as it will contact the server locally, rather than going out through the internet and back in again.

[cmg214]

Ok, to check the right syntax open up a command prompt (cmd) and type (without quotes) "telnet <ip address of server> 25" remember the space after the ip address, that should let you telnet.

OWA will work internal to your network as it will contact the server locally, rather than going out through the internet and back in again.

Here's what I got back telnet:
220 servername.domainname.com Microsoft ESMTP MAIL Service. Version: 5.0.2
ready at thu, 7 Oct 2004 10:31:33 -0400
Here the cursor is "stuck" like more inof is coming, but doesn't.
I tried hitting enter and I get:
500 5.3.3 Unrecognized command

It's still "sitting" like that. no way to exit (unless I x out screen)

OWA wouldn't let me in yesterday via my machine. It kept giving me a sign in box, asking for username and password, like 4 times, then I got Error Access denied.

I did run sopme diagnostic stuff that Ken faxed over, titled
"general information on Directory Service/Metabase synchronization in exchange 2000 Server

I also changed to "enable packet filtering", as that was not on before.....

[corturbra]

Here's what I got back telnet:
220 servername.domainname.com Microsoft ESMTP MAIL Service. Version: 5.0.2
ready at thu, 7 Oct 2004 10:31:33 -0400
Here the cursor is "stuck" like more inof is coming, but doesn't.
I tried hitting enter and I get:
500 5.3.3 Unrecognized command

It's still "sitting" like that. no way to exit (unless I x out screen)

OWA wouldn't let me in yesterday via my machine. It kept giving me a sign in box, asking for username and password, like 4 times, then I got Error Access denied.

I did run sopme diagnostic stuff that Ken faxed over, titled
"general information on Directory Service/Metabase synchronization in exchange 2000 Server

I also changed to "enable packet filtering", as that was not on before.....

Right, the telnet behaviour is normal, the commands don't show up under telnet, if you type exit or bye I think it will get you back to a prompt. So Ken as he shall be known from now on, has sent you over some stuff on DS Sync when you have a problem with OWA/e-mails from an external source? Mmmmmm

I still think the issue is with the external IP address change on the routers/cards. Nothing to do with DS synching or packet filtering or anything else. We need to confirm that your ISP is aware of the change and have made the necessary DNS/routing changes. Once they have done that, give it 24 hours and all should be working. From an external source to your work in the meantime, open an internet browser and type in your WAN-USB ip address with /exchange at the end. I reckon this will get you into OWA..... also if you PM me your first/last name and a valid e-mail address I'll send you a GMail invite.

If it doesn't accept your username, enter the name in domain\username format.

[CeeBee]

Was the telnet done from outside or from inside? Make sure you were disconnected from the local network (ex unplug cable and connect through a dial-up)
Once you are connected you can start typing commands (you might not see what you type!), such as:
--------------
HELO_somedomain.com
MAIL_FROM:_ [email protected]
RCPT_TO:[email protected] (use YOUR email)
DATA
From:_SomeUser_<[email protected]> (type the < >)
To:_The_Administrator_<[email protected]>
Subject:_Test email

This is a test.
.
QUIT
------------------
Replace all the underscores above with blank spaces!

If you make a typo mistake you can't use the backspace key to delete, it would just add an extra character (ASCII code 8)
See if the message gets accepted for delivery.

[corturbra]

Can you send e-mail to each other internally without issue? That would suggest that your Exchange server is working..... OWA works internally.....

[cmg214]

Can you send e-mail to each other internally without issue? That would suggest that your Exchange server is working..... OWA works internally.....

internal email if fine.......

[cmg214]

Can you send e-mail to each other internally without issue? That would suggest that your Exchange server is working..... OWA works internally.....

so, I called the ISP provider, to verify that they have the correct IP, and ask them if I needed any info from them, and did I need to make any config. changes on their behalf.
They said no to both.......

[corturbra]

so, I called the ISP provider, to verify that they have the correct IP, and ask them if I needed any info from them, and did I need to make any config. changes on their behalf.
They said no to both.......

Did you check that they have the correct DNS entry for your OWA? so wherever they send the mail down to, the OWA name (mail.yourdomain.com) should point to the same address.

Are people able to reply to you now?

[cmg214]

Did you check that they have the correct DNS entry for your OWA? so wherever they send the mail down to, the OWA name (mail.yourdomain.com) should point to the same address.

Are people able to reply to you now?

They said they needed to make no further adjustments. In the meantime, I have got it working!!!
I found an article online that addressed the Error access denied message. The only glich now is that users need to supply administrator username and password to get into their mailboxes.

FYI-this was the fix. the only question remaining is how to allow users to use their own credentials to log in...

If you are using Secure Sockets Layer (SSL), you can allow cross-domain access for the mailbox site in Internet Explorer by doing the following:
In Internet Explorer, click Internet Options on the Tools menu.


On the Security tab, click Trusted sites, and then click Sites .


Add your site to the zone.


Click Custom Level .


Under Miscellaneous/Access data sources across domains , click Enable .


Once again, many, many thanks.