Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot send mail from one subnet

Status
Not open for further replies.
disturbedone

disturbedone

Vendor
Sep 28, 2006
781
AU
Here's a strange one.....

Relatively new E2K10 environment upgraded from E2K7. All worked fine after upgrade. Various teething issues but generally good.

We have:
2x CA servers in DMZ
2x mailbox servers in LAN
multiple W2K3/W2K8 servers in DMZ and LAN
CA servers configured with NLB

A few weeks ago our proxy server in DMZ could not ping the NLB address. The CAs could not ping the proxy server. This sounds like a routing issue eg gateway incorrect. Rebooting CA2 resolved the issue.

Not long after our helpdesk software server, also in DMZ, could not send email updates. Could telnet to CA1 but not CA2 to send mail. Also could not telnet to NLB address on port 25. Reboot of CA2 resolved issue.

Yesterday the same issue with the helpdesk software returned. But this time I can telnet to both CAs on port 25 but not the NLB address. Rebooting both CAs does not resolve the issue. I can ping both CAs and also the NLB. Using t4eportping (Google it) I cannot "ping" the NLB on 25, 80 or 443 but can to each CA - this shows there's no firewall issue. At least 1 other server (and I suspect all) in the DMZ cannot telnet to the CAs on port 25. Windows Firewall is disabled on both the CAs and other servers. Because they're all in the DMZ it's not going through the Cisco ASA firewall.

Any ideas?
 
Sort by date Sort by votes
I remember having a problem like this with NLB years ago. When I would put the two NLB'd CAS NICs on a VLAN or DMZ Cisco switch, this problem would crop up, but when I added a cheap hub to the mix and put both CAS NICs on that and plugged the hub into the switch, I never had those issues again. Occasionally someone would try to "consolidate" and undo this setup, but the NLB problem would always crop up again.

I'm too rusty with my CCNA to remember what the exact switch incompatibility was, but thought I'd share anyway in case it helps.

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Upvote 0 Downvote
Interesting. Unfortunately (fortunately?) we're completely VMware visualized so adding a hub isn't an option. So looks like I'll have to do some digging. If you remember what inside the Cisco caused it I'd be interested to know.
 
Upvote 0 Downvote
Why are the CAS servers in the DMZ? I don't believe that's a supported scenario.

All domain joined Exchange servers should be in the internal network, with HTTP/S access being secured via reverse proxy.

Also, NLB isn't service aware. A HLB is a much better solution that gives you far better HA performance.

Do you have your Tek-Tips.com Swag? I've got mine!

Stop by the new Tek-Tips group at LinkedIn.
 
Upvote 0 Downvote
Good catch, Pat. That's true, if your CAS role servers are in a DMZ, that in and of itself could make the solution flaky. For people that want that sort of solution, you'd want TMG servers in the DMZ and CAS servers in the trusted network.

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
1K
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
Moved to 365 in cloud, cannot get iPhones default mail app to connect
Replies
2
Views
1K
Priyanka_Chauhan
Priyanka_Chauhan
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
BroBias
  • Locked
  • Question
mailbox databases dismounting frequently without followable reason
Replies
1
Views
1K
BroBias
BroBias
david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
1K
david jackson
david jackson

Part and Inventory Search

Sponsor

Back
Top