GWIA: Error 450 Host Down

[jfk8680]

Hi,

One of my clients is using GroupWise 5.5. They cannot send email to what appears to be just one domain. GWIA moves all messages sent to this particular domain to the DEFER folder and gives an error 450 Host Down in the log. I did a lot of research and found that I am not the only one with this 450 error. I tried everything I could find but still don't have a clue what is causing this problem.

I donwloaded GWIP.NLM to test IP connectity to the remote mailserver:
- The MX lookup test was succesfull
- I could connect to port 25 without any problems.

I downloaded a telnet client for Netware (TEL.NLM):
- I copied the contents of a message in the DEFER folder and set up a TELNET session on port 25 and pasted the "script" into the telnet session. The mail was delivered correctly.

Also worth mentioning is that both the Groupwise server and the receiving server are in a corporate WAN. There are NO firewalls between them. The receiving server can receive mail from another domains and Groupwise servers in the same WAN.

Can anybody help me out here??

Thanks

Jeffrey Kusters

MCSA, MCSE, CCNA

 

[FarOut]

Have you did a search on here for posts that other people have posted with a like problem like yours? I find that a majority of the time someone else has had a problem, that I may be currently experiencing, and it was corrected by one or more of the very knowledgeable people on here already.I did a quick search for "450 Host Down" and got a few hits back. This problem could stem from a bad Domain or NameServer entry in your Resolv.cg to a DNS issue or a couple other things. Might be worth the look. Just a suggestion.

FarOut
V-Peace-V

 

[jfk8680]

I dare to say that I have read alomst every thread regarding this error on this board and a few others. It is obvious that GW has some serious problems in this area because I could not find one clear answer to this problem.

The RESOLV.CFG file is correct. It points to two internal DNS servers which contain a forward lookup zone for the destination domain with a MX and host record. I know the GW server can resolve the name correctly because LOAD TEL.NLM MAIL.DESTDOMAIN.COM 25 from the Netware console works fine. (TEL.NLM is a third party telnet client which I downloaded from the internet).

Thanks anyway for responding!

Jeffrey Kusters

MCSA, MCSE, CCNA

 

[marvhuffaker]

450 Host down errors are usually problems resolving the domain... The problem is that DNS can be misconfigured in so many different ways. And sometimes trying to convince someone that "THEIR CONFIG" is wrong is like pulling teeth out of a Grizzly Bear. That's why you can't find a clear answer -- it's not really a GW problem.

However.. you can do a few things to try to pinpoint the problem..

- First, make sure that you don't have ETC\RESOLV open.

- Second, do a simple PING DOMAIN.COM (at the server console)- does it resolve AND to the correct IP address.

- Third, try doing an NSLOOKUP (from the server console) and make sure that the default DNS server listed is in fact the one that you think it is. Then try typing in the domain and see what it comes up with.

- Fourth, make sure the DOMAIN you are having probs with isn't in your hosts file... let DNS resolve it - if you don't, your results from some of your tests could be invalidated.

This will hopefully help you narrow down the problem and you can troubleshoot further...

Marvin Huffaker MCNE, CNE
Marvin Huffaker Consulting

http://www.redjuju.com

 

[bytehd]

Marv is right

but also if like me, GW 5.5 is behind a PIX
and static NAT mapping is going on......
you get always get the error.

I will be upgrading GW 5.5 to GW 6.5 this weekend
Let you all know how it goes.

My attempts to upgrade simple 5.0OS to 5.1OS failed
miserably after reading nearly foot of TIDs.

absolute nightmare.

George Walkey
Senior Geek in charge

http://www.insyncva.com

 

[marvhuffaker]

Not trying to argue with you George... But most people now days use NAT and many of them have various firewalls in place.. and I've never seen a DNS problem that couldn't be fixed. Again, the solution is different in every environment so it's difficult to give a clear cut answer.

Marvin

Marvin Huffaker MCNE, CNE
Marvin Huffaker Consulting

http://www.redjuju.com

 

[bytehd]

I agree.
Ill figure it out.
But my 5.0 SP6A to 5.1 SP7 upgrade attempts failed
big time.
IT was always an NDS problem.
I had 7.51 on 5.0.
upgr to 7.62c was ok.
But anything further using the NW51SP7 overlay CD
bombed really bad.
Nothing worked.
Tons of public symbol errors.
NDS usually got trashed.
Couldnt get it back to 7.51 etc.
Doesnt matter what the TIDs say if it doesnt work.

George Walkey
Senior Geek in charge

http://www.insyncva.com

 

[jfk8680]

I would like to respond to Marv:

- The SYS:\ETC\resolv.cfg is not open and is correctly configured. It points to two internal (WIN200) DNS Servers which contain a forward lookup zone for <domain>.com with an MX record which points to an A record called MAIL and this corresponds to the internal IP address 10.88.0.12.

- pinging mail.<domain>.com works fine. The name is resolved to the correct IP address (10.88.0.12)

- My client is running NW4.11 and NSLOOKUP is not a valid console command. I did download GWIP.NLM and tried the MX lookup test and tried connecting to port 25. Both tests were successfull.

- Do you mean the HOSTS file in SYS:\ETC? Anyway, the domain is NOT listed in this file.

Furthermore I would like to stress again that I was able to set up a TELNET session from the server console of the GW server to the destination SMTP server (10.88.0.12) and execute a complete SMTP session. The mail was delivered succesfully.

The connection between these two servers is a completely open IP WAN link with no access lists, firewalls or other security measures...

Any more ideas????



Jeffrey Kusters

MCSA, MCSE, CCNA

 

[bytehd]

it had something to do with dns resolving to an external
address when the GWIA is really on a private IP?

George Walkey
Senior Geek in charge

http://www.insyncva.com

 

[marvhuffaker]

Your note about this:
"The SYS:\ETC\resolv.cfg is not open and is correctly configured. It points to two internal (WIN200) DNS Servers which contain a forward lookup zone for <domain>.com with an MX record which points to an A record called MAIL and this corresponds to the internal IP address 10.88.0.12."

-- I don't quite follow what you're doing.. But if I understand your setup, why do you need a forward lookup zone for the one specific domain? Do you mean you've added their domain to your DNS servers? I know you say that a Telnet works correctly and so you think that everything else should just work, but we gotta cover all bases here.

Also, you might want to run their domain through

http://www.dnsreport.com/

to make sure they don't have any problems.

Another thought... What GW5.5 patch are you(they) running.?



Marvin Huffaker MCNE, CNE
Marvin Huffaker Consulting

http://www.redjuju.com

 

[bytehd]

wonder if my lack of an internal DNS server causes 450

George Walkey
Senior Geek in charge

http://www.insyncva.com

 

[jfk8680]

Sorry for the late reaction. Have been on the road the last couple of days...

The reason I have the destination domain in my internal DNS setup is because the destination domain is on the same WAN as the source domain. So both domains are on the INSIDE of the central firewall which protects the WAN from the big bad internet. Through simple NAT translation both mailservers have been assigned a public IP address. If I let an public internet DNS server resolve the destination domain it will respond with the public IP address of the mail server and that doesn't work at all. I think this is a limitation of the firewall...

They think they are running SP4 with GroupWise 5.5

regards,



Jeffrey Kusters

MCSA, MCSE, CCNA

 

[marvhuffaker]

I kinda understand what you're trying to do.. But it's a notverystandard setup and I'm thinking that GWIA isn't resolving the MX record correctly. if you could do an NSlookup against your DNS server, you could find that out. Your testing you've done directly using TEL doesn't test the MX record, it only tests the connection from point to point. I suppose you could do this from a workstation since you can't do it on the NW4.11 box.

You should have an A Record in DNS for the mail host (mail.domain.com), and an MX record identified as the mail host dns name ie: mx record = mail.domain.com. It shouldn't reference the IP address directly. That is the proper way to do it if you want to stick to Internet standards.



Lets summarize what I think you're trying to say...

- Source server is on private network 172.16.10.10 (for example)..
- Destination server is on private network 172.16.24.10 another example)..
- The connection between the two is private and never hits the outside internet.. It's all a big happy internal private network.

Is this correct?


Marvin Huffaker MCNE, CNE
Marvin Huffaker Consulting

http://www.redjuju.com

 

[jfk8680]

Marvin,

The connection is indeed private and both servers are on a private network/WAN.

As I said in a previous post I also installed GWIP.NLM and ran that from the GW server console to test the MX lookup. The problem is that GWIP.NLM only shows if a MX record was found or not. It does not specify the contents of the MX record.

This shouldn't be a problem however because both the public MX record and the private MX record equal mail.domain.com. The only difference is that for the outside world mail.domain.com resolves to a public address while it resolves to an private internal address for the WAN. NSLookup from a Windows machine in the same LAN as the GW server gives the correct result.

So in my opinion:
- MX record is OK (tested it with GWIP.NLM and NSlookup)
- A record is OK (tested it with "ping mail.domain.com")
- Connection is OK (tested it with TEL.NLM)

If DNS is the problem I do not know where to look any further :-(



Jeffrey Kusters

MCSA, MCSE, CCNA

 

[marvhuffaker]

Just looking through some tids and there are a lot of other possible causes.. But I think you're going to have to call Novell or a Novell partner to get into your system and troubleshoot it.. It's easy to sit here and assume we understand your groupwise system, and it might be completely different than we'd expect. Or you might have part of your GW system configured wrong. There are a lot of possibilities and we could probably spend months going back and forth over every possible option. If you had someone remote into your system, they might be able to spot something immediately that you have completely overlooked.

Marvin Huffaker MCNE, CNE
Marvin Huffaker Consulting

http://www.redjuju.com

 

[jfk8680]

In understand that with the info I can provide you're in a dead end too. The problem is that I have very little knowledge and experience with Groupwise and Novell so I really have to rely on my basic networking knowledge. I also saw the TID with all the possible Error 450 causes a couple of days ago and that made me even more depressed

Thank you for your time anyway!

Jeffrey Kusters

MCSA, MCSE, CCNA

 

[bytehd]

Marv can do this for you!

George Walkey
Senior Geek in charge

http://www.insyncva.com

 

[marvhuffaker]

My expertise isn't really with GW5.5. I support it here and there but I haven't been dealing with GroupWise very long myself. Most of my GroupWise experience is with GW6.x, which is quite a bit different for GWIA related issues.

However, I could hook you up with some other people that have been supporting GroupWise for years. Let me know. Good luck.

Marvin

Marvin Huffaker MCNE, CNE
Marvin Huffaker Consulting, Inc.

http://www.redjuju.com/support

 

[bytehd]

I still need to do a EtherReal trace to see what
the heck GWIA is doing............

George Walkey
Senior Geek in charge

http://www.insyncva.com

 

[FarOut]

I noticed you said that you have two (2) DNS servers. Do you have both DNS servers listed in your Resolv.cfg file(primary and secondary)? With the Primary's IP being the first entry. A good tool or tools for testing your DNS from the outside can be found at

http://www.dnsstuff.com.

I know one of their querying tools found a DNS problem for me one time.

FarOut
V-Peace-V