none
Exchange 2013 - When some external recipients reply to emails the reply gets routed to an old Exchange server address

    Question

  • First off, thank you in advance for reading this essay and offering any help you can provide. I am 100% stumped and my client is really, really frustrated.

    I have a client who was using an offsite Exchange server. The IT provider who hosted it had an Exchange 2003 server set up, along with a terminal server in Texas that my client would RDP into. The service did not work reliably and my client was unhappy and unable to do any work for 90% of the day.

    Two years ago they asked me to deploy an onsite Exchange 2013 server for them and migrate their Exchange data from the old server to the new server. The old email/rdp provider would not give me admin access and tried to charge my client $25k for 'offboarding' so instead of paying them, we opted to create PST files for each user from the old server, copy them to a local computer and use the PST capture tool to import them into a new set of mailboxes on a new domain.

    Initially we had an issue where internally if anyone replied to an old email it would use an old x.400 entry (pulled from the NK2 files we brought over, I assume) and create a new nk2 entry (or whatever they are called now) for that user which would in turn make all email going to that autocomplete entry fail because it was looking for the old Exchange server. We had to make them all type in the (again, internal only) addresses on any replies for a few months to prevent them from making any new NK2 entries based on those old addresses and we manually delete all of the old nk2 entries.

    Regarding external to internal email, we've never had a single issue with email being routed to the new server correctly.

    I give all of that information as context. We now have a VERY bizarre issue that I haven't seen before and I am not sure if it is related.

    A few weeks ago, some users started claiming that they weren't getting responses from some clients who are sending external to internal (internal to internal users aren't a problem.) These are clients which they have never had a problem getting email from before. A bunch of their clients can't email them at all. Outgoing emails from our Exchange 2013 server to these clients go through. Incoming emails from most external addresses come through (I can email them fine) but for the companies who are affected, the email doesn't hit our server at all.

    I've been able to get some of the NDRs from some of these clients. One in particular today has me thrown for a loop. It is an NDR from my client's old Exchange/RDP provider. It says:

    Generating server: TX2CH009.myxt.net

    christine@XXXXXXXXXX.com
    #550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ##

    john@XXXXXXXXXX.com
    #550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ##

    That myxt.net is their old provider and that hasn't been used for over two years.

    What I can't figure out is how or why email is being routed to the old server. Our DNS is hosted at networksolutions and all of the records are correct. Doing an MX lookup shows the correct records. Using the Microsoft RCA shows that everything works fine. My guess is that one of two things is happening:

    1) Networksolutions is messing up DNS and routing some email to the old server even though that DNS record hasn't existed in two years

    2) There is some part of Exchange that I somehow have misconfigured to blast email out and show the old server as the place to route email (which doesn't make sense but what do I know) and therefore email being replied to get routed to the old server somehow

    3) Somehow the old server's mx record is cached on these clients internal dns servers (which again doesn't make sense to me as it all worked up until three weeks ago and nothing has changed.)

    Thanks for reading this horribly long post. If anyone has any ideas I am 100% stumped and feeling 100% stupid by this. My client is 100% pissed and that's a total of 300% misery for everyone involved.

    Tuesday, September 27, 2016 5:22 PM

Answers

  • Can you send me the name of the domain and I'll do some querying of records? If you don't feel comfortable posting the domain here, you can send via twitter @ByronWrightGeek or email Byron at btwsolutions.ca.

    However, the first thing I'd be doing as a consultant on site would be working with one of the clients that can't email and working with them to check out the DNS resolution.

    Hinte's idea about the old DNS provider is a good one too. The old web hoster may have been obscure, but they often buy hosting and DNS services from a larger provider and just do the web design portion. A domain left at an ISP/hoster would fit. I have had that happen before when a client changed from hosting their DNS on a local ISP to different DNS registrar.

    For the customers sending the messages, do they all host their own email? Maybe the are at a hosting provider for their mail. That could also be a hint.


    Byron Wright (http://byronwright.blogspot.ca)

    Thursday, September 29, 2016 8:56 PM

All replies

  • As improbable as this seems, this is screaming DNS configuration problem.

    If you can work with one of the clients getting the NDR, get them to work through DNS queries with them. If you can see if from their end, you might be able to track down where the problem is.

    From your end, start doing queries right at the authoritative DNS servers. I'd look up the NS records for your domain and query each of those to verify that they have the correct information.

    In the past I've seen scenarios where web development companies got a hold of DNS records and set up all sorts of whacky stuff. Not saying that's what happened here, but you can't assume nothing has changed and have to look it every possible step.


    Byron Wright (http://byronwright.blogspot.ca)

    Tuesday, September 27, 2016 6:28 PM
  • That is great advice and that's what I am leaning toward. They did just get a new web page and I'm a bit worried that they tweaked something although nothing looked weird to me and I've checked maybe twenty times.

    My client is hugely unwilling to ask their clients to work with me for some reason. I could go into how hard it is to ask the same question (can you ask one client to have their IT team contact me?) and be shut down over and over again but I think I'm preaching to the choir.

    I am going to switch nameservers today at 5pm and see if that helps. Thanks for the response and keep your fingers crossed for me.

    Tuesday, September 27, 2016 9:07 PM
  • If they just got a new web page, I'm definitely betting that the web developers took over DNS name as part of the process. They like to do that so that they can move the web site between their hosts.

    Just be careful, because if you point back to the old name servers, their www.domain.com record might not be pointing at the right IP.


    Byron Wright (http://byronwright.blogspot.ca)

    Tuesday, September 27, 2016 9:12 PM
  • I care a lot less about their web page than I do about email. The name servers look correct, weirdly enough, but there has to be something off. They say this coincided perfectly with their web page switch so I'm betting something changed here although I don't see anything fishy. I'll keep you posted and again, thanks so much for your help.
    Tuesday, September 27, 2016 10:43 PM
  • Well, no dice. I changed the nameservers to godaddy (which they have never used before) and I recreated all of the DNS records on there so I could start with a blank slate. We are now seeing this problem increasing a bit, where my clients aren't getting email from a larger number of customers than they were before.

    I honestly don't know what to do. If you have any other thoughts, I am 100% open to them.


    • Edited by betabenji Thursday, September 29, 2016 2:17 PM
    Thursday, September 29, 2016 2:15 PM
  • Are the customers that are sending emails to your customer hosted by the provider that you left?  



    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    Thursday, September 29, 2016 3:16 PM
  • No, I thought about that too. The provider is super obscure and I have never come across anyone else who uses them.
    Thursday, September 29, 2016 4:20 PM
  • Well, an update on this. I routed another internet domain to the server (same domain name but .info instead of .com)

    I created additional aliases for my existing users with the new domain. Emails to the .info address come in perfectly, even from the clients who can't email us at .com

    This cements that it has to be a DNS problem.

    I have:

    Deleted and recreated all the DNS records

    Moved our nameservers to godaddy from network solutions and recreated all the records there

    Contacted the old email provider to see if they had any insight (they didn't)

    Contacted Network Solutions to see if they had any insight (they didn't)

    If either of you is interested, we are willing to pay for help solving this. I don't know what else to try other than moving this .com away from Network Solutions and to a different registrar. I'm a fairly competent IT guy but this is a completely different kind of problem than anything I've ever seen before.

    Thursday, September 29, 2016 7:07 PM
  • Can you send me the name of the domain and I'll do some querying of records? If you don't feel comfortable posting the domain here, you can send via twitter @ByronWrightGeek or email Byron at btwsolutions.ca.

    However, the first thing I'd be doing as a consultant on site would be working with one of the clients that can't email and working with them to check out the DNS resolution.

    Hinte's idea about the old DNS provider is a good one too. The old web hoster may have been obscure, but they often buy hosting and DNS services from a larger provider and just do the web design portion. A domain left at an ISP/hoster would fit. I have had that happen before when a client changed from hosting their DNS on a local ISP to different DNS registrar.

    For the customers sending the messages, do they all host their own email? Maybe the are at a hosting provider for their mail. That could also be a hint.


    Byron Wright (http://byronwright.blogspot.ca)

    Thursday, September 29, 2016 8:56 PM