• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Exchange 2007 and port 80?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Message Routing >> Exchange 2007 and port 80? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Exchange 2007 and port 80? - 10.Aug.2009 12:35:22 PM   
techstorm

 

Posts: 7
Joined: 10.Aug.2009
Status: offline
I have a client that is using Microsoft Exchange 2007 server for their email. They recently decided to add a new web server to their office and host their public web site themselves. About 2 weeks ago I installed the web server, setup IIS, and logged into the router. The router has an option called virtual server and it was forwarding traffic from port 80 to the Exchange server (users were logging into OWA without SSL). I changed the virtual server to redirect port 80 traffic to the web server and told the users to type in https from now on when using OWA from outside of the office (port 443 was already forwarded to Exchange). Everything seemed to be working great.

Then 3 days later at 4:30pm on Friday afternoon I get a call that they cannot send to or receive email from anyone outside of their office. I logged in remotely and began troubleshooting. During this time outside senders were not getting a NDR message and the Exchange users would try to send emails and would not get any errors. This was especially bad because people on both sides thought that the other was getting the messages since there was nothing to indicate otherwise.

After a few minutes I remembered that the only thing that had changed recently was the web server and I had changed port 80 forwarding in the router. So I switched the virtual server to point port 80 back to the Exchange server. Immediately all the incoming and outgoing email began to work again. I was curious if this was the actual reason for our issue, so after a few minutes I logged back into the router. I changed the port 80 to forward to the web server again. After the router rebooted I sent a test message to my hotmail email. I came through almost immediately. So I replied and got that message as well. I just sat there and scratched my head. Clearly something happened but what? Everything I did to make it work I had just set it back exactly like it was.

I told the directors at the office to notify me asap if another problem occurred. I completely expected to come in Monday morning and have a crashed Exchange server. Much to my surprise it was not! It continued to work flawlessly all week, until this last Friday. At 4:30pm they called me to say it was happening again. I noticed that it was happening at almost the same time that it did the previous Friday. I signed into the router switched the port 80 to point to the Exchange server again. For some reason, it began to work again. So I changed it back to point to the web server and everything continued to work. So I came in this morning and so far all is good. I am certain that I have until 4:30 this Friday to figure this out. My question is this: why would port 80 have anything to do with mail delivery? I understand that there are several functions such as OWA, AutoDiscover, ActiveSync but why would it stop it from sending and receiving email messages? Also, why does Exchange only need to “see” itself on port 80 for a few minutes every week? This problem really does not make any sense and I need some help.

Thanks,
John
Post #: 1
RE: Exchange 2007 and port 80? - 10.Aug.2009 12:36:23 PM   
techstorm

 

Posts: 7
Joined: 10.Aug.2009
Status: offline
Just in case anyone needs to know the network setup here it is: There are two T1 lines that run into a Cisco router with 2 CSU/DSU cards. The Cisco is setup by the ISP to forward all traffic and is almost like a dumb cable modem for the T1 lines. Behind the Cisco is a Linksys Business series WRV200 wireless VPN router and a 48 port Netgear Switch. From there we have the Microsoft Windows Server 2003 that is the Active Directory server which also serves as DNS and File server for the network. Then we have a Microsoft Exchange 2007 server and a Microsoft Web Server 2008. The router does DHCP except for a small range above 200 that is for our servers, copiers, etc. I have checked the DNS in the AD server and made sure there is an A record for our mail server. Also, when we first setup the Exchange server we had to call our ISP and have them create a PTR record because several domains were rejecting our email. I have the following ports forwarded in the router to point at the Exchange server: 25,88,110,123,135,389,443,445,3268,6001-6004.

< Message edited by techstorm -- 10.Aug.2009 12:42:58 PM >

(in reply to techstorm)
Post #: 2
RE: Exchange 2007 and port 80? - 10.Aug.2009 3:57:41 PM   
Nazim

 

Posts: 170
Joined: 23.Oct.2008
Status: offline
Did you see any errors in the event logs of exchange server during this issue?
Did the users  receive  the mails (which were sent during the issue) after the issue was resolved?

(in reply to techstorm)
Post #: 3
RE: Exchange 2007 and port 80? - 10.Aug.2009 4:40:55 PM   
techstorm

 

Posts: 7
Joined: 10.Aug.2009
Status: offline
Thanks for the reply Nazim. The users never received any of the test messages that I sent them during the down time. Likewise I never got their messages either. There are some errors in the Event Viewer, 5 to be exact, that seem to repeat over and over. I've tried to research them today but I haven't found any clear cut answers. I have included the errors from the Event Viewers Application log:

quote:



==========================================================================================

Event Type: Warning
Event Source: MSExchangeSA
Event Category: OAL Generator
Event ID: 9327
Date: 8/10/2009
Time: 3:07:44 PM
User: N/A
Computer: EX-SERVER
Description:
OALGen skipped some entries in the offline address list '\Global Address List'. To see which entries are affected, event logging for the OAL Generator must be set to at least medium.
- Default

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

==========================================================================================

Event Type: Information
Event Source: MSExchange ADAccess
Event Category: Topology
Event ID: 2080
Date: 8/10/2009
Time: 3:10:00 PM
User: N/A
Computer: EX-SERVER
Description:
Process STORE.EXE (PID=5988). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
adserver.xxxxxxxx.local CDG 1 7 7 1 0 1 1 7 1
Out-of-site:


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

==========================================================================================

Event Type: Warning
Event Source: MSExchange ADAccess
Event Category: General
Event ID: 2601
Date: 8/10/2009
Time: 3:11:03 PM
User: N/A
Computer: EX-SERVER
Description:
Process MSEXCHANGEADTOPOLOGY (PID=1680). When initializing a remote procedure call (RPC) to the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the SID for account <WKGUID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX,CN=Microsoft Exchange,CN=Services,CN=Configuration,...> - Error code=8007077f.
The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

==========================================================================================

Event Type: Error
Event Source: MSExchange ADAccess
Event Category: General
Event ID: 2604
Date: 8/10/2009
Time: 3:11:03 PM
User: N/A
Computer: EX-SERVER
Description:
Process MSEXCHANGEADTOPOLOGY (PID=1680). When updating security for a remote procedure call (RPC) access for the Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object EX-SERVER - Error code=8007077f.
The Exchange Active Directory Topology service will continue with limited permissions.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

==========================================================================================

Event Type: Error
Event Source: MSExchange ADAccess
Event Category: General
Event ID: 2501
Date: 8/10/2009
Time: 3:11:03 PM
User: N/A
Computer: EX-SERVER
Description:
Process MSEXCHANGEADTOPOLOGY (PID=1680). The site monitor API was unable to verify the site name for this Exchange computer - Call=DsctxGetContext Error code=8007077f. Make sure that Exchange server is correctly registered on the DNS server.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

==========================================================================================


The last two show critical errors, the first and third show warnings, and the second is Informational. I feel like it is a DNS issue now based on the errors I am getting. I called to check on them and oddly enough everything is running great... for now.

(in reply to Nazim)
Post #: 4
RE: Exchange 2007 and port 80? - 10.Aug.2009 5:42:52 PM   
John Weber

 

Posts: 1236
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline
I would check and see if some physical event is disrupting the ability of the Exchange server to see AD. 
Is the DC/GC server(s) set to DNS of 127.0.0.1 primary and the seconday DC as the secondary?
Is the Kerberos expiring for some silly reason?

_____________________________

John Weber [Lync MVP] http://tsoorad.blogspot.com

(in reply to techstorm)
Post #: 5
RE: Exchange 2007 and port 80? - 11.Aug.2009 10:37:50 AM   
techstorm

 

Posts: 7
Joined: 10.Aug.2009
Status: offline
I did check the Primary DNS of the Active Directory DC and it is set to 127.0.0.1
There is not a secondary DC. How can I check to see if Kerberos is expiring?

Here are the results from a DCDIAG I ran on the Active Directory server:

quote:

C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\ADSERVER
Starting test: Connectivity
......................... ADSERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\ADSERVER
Starting test: Replications
......................... ADSERVER passed test Replications
Starting test: NCSecDesc
......................... ADSERVER passed test NCSecDesc
Starting test: NetLogons
......................... ADSERVER passed test NetLogons
Starting test: Advertising
......................... ADSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... ADSERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... ADSERVER passed test RidManager
Starting test: MachineAccount
......................... ADSERVER passed test MachineAccount
Starting test: Services
......................... ADSERVER passed test Services
Starting test: ObjectsReplicated
......................... ADSERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... ADSERVER passed test frssysvol
Starting test: frsevent
......................... ADSERVER passed test frsevent
Starting test: kccevent
......................... ADSERVER passed test kccevent
Starting test: systemlog
......................... ADSERVER passed test systemlog
Starting test: VerifyReferences
......................... ADSERVER passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : xxxxxxxx
Starting test: CrossRefValidation
......................... xxxxxxxx passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxxxxxxx passed test CheckSDRefDom

Running enterprise tests on : xxxxxxxx.local
Starting test: Intersite
......................... xxxxxxxx.local passed test Intersite
Starting test: FsmoCheck
......................... xxxxxxxx.local passed test FsmoCheck

C:\Program Files\Support Tools>

(in reply to John Weber)
Post #: 6
RE: Exchange 2007 and port 80? - 11.Aug.2009 12:16:45 PM   
techstorm

 

Posts: 7
Joined: 10.Aug.2009
Status: offline
Just in case this matters, here are the results from DCDIAG /TEST:DNS

quote:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>dcdiag /TEST:DNS

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\ADSERVER
Starting test: Connectivity
......................... ADSERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\ADSERVER

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : xxxxxxxx

Running enterprise tests on : xxxxxxxx.local
Starting test: DNS
......................... xxxxxxxx.local passed test DNS

C:\Documents and Settings\Administrator>

(in reply to techstorm)
Post #: 7
RE: Exchange 2007 and port 80? - 12.Aug.2009 2:39:19 PM   
techstorm

 

Posts: 7
Joined: 10.Aug.2009
Status: offline
So apparently it is every 5 days because mail flow on the Exchange server stopped again today. I ran the mailflow troubleshooter and I did get two red errors that simply said, "Error submitting mail. Mail submission failed: Error message: Server does not support secure connections." It actually says the same thing twice. I do know that our 3rd party SSL certificate is current and working because I can log into the OAW using https://mail.ourdomainname.com/owa

I ran the Best Practices Analyzer and the only two errors it found were that a storage driver for the RAID card was 2 years old and we were allowing all Outlook clients (2000-2007). So nothing major there. I needed to get email working again. So I opened up the router config page, changed port 80 back to the Exchange. Immediately email began coming in and going out. I went back to the router page, changed port 80 back to the web server. Mail is still coming in from outside senders and they can send to anyone.

I noticed that the errors I posted earlier are happening very frequently. It fills up the Event logs and are showing up at least every 15 minutes. I can't help but believe that the errors are telling me what's wrong but I can't find anything on the net about them. When I google the error "Process MSEXCHANGEADTOPOLOGY (PID=1680). The site monitor API was
unable to verify the site name for this Exchange computer" the first site to come up is the one where I am posting this message from! I can't be the first person to ever see this error. At least for now I know how to fix it even if it is only temporary.

< Message edited by techstorm -- 12.Aug.2009 2:40:57 PM >

(in reply to techstorm)
Post #: 8
RE: Exchange 2007 and port 80? - 12.Aug.2009 2:44:38 PM   
techstorm

 

Posts: 7
Joined: 10.Aug.2009
Status: offline
Just a note: one of my major concerns was that the messages were just disappearing and never actually making it to the user's inbox. The good thing is that when I do my port 80 trick they do eventually show up. So it seems that the messages are making it to the Exchange server even during the down time. They just aren't being delivered until after I open port 80 and then they show up in Outlook.

(in reply to techstorm)
Post #: 9
RE: Exchange 2007 and port 80? - 13.Aug.2009 11:49:22 PM   
Nazim

 

Posts: 170
Joined: 23.Oct.2008
Status: offline
How many GC's do you have?

At the time of the issue try to reboot the GCs and see if the mails show up in Outlook.

(in reply to techstorm)
Post #: 10
RE: Exchange 2007 and port 80? - 14.Aug.2009 12:41:17 AM   
sai_prasad

 

Posts: 95
Joined: 11.Dec.2008
From: Sub-Continent
Status: offline
Also, Check Directory Services logs in your GC’s to see Errors. I am keen to see if any errors are present here which will point us in repect to the new web Server.


(in reply to techstorm)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Message Routing >> Exchange 2007 and port 80? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter