locked
Mail Flow from Edge Server to Mailbox Server Hangs RRS feed

  • Question

  • Hello all

    Within about 24 hours after a reboot of my edge server, mail stops flowing from the edge server to the mailbox server.

    I have one edge server and one mailbox server.  The mailbox is Exchange 2016 on Server 2012 R2 and the edge is Exchange 2016 on Server 2016.  The edge server is in a public-IP-addressed DMZ.  This edge server is a new deployment.  The old edge server was was on the same subnet as the mailbox server and did not have this problem.

    This has been going on for a week.  I restore mail flow by rebooting the edge server with its windows firewall turned off.  Then mail flows to the mailbox server for about a day.  When I reboot the edge server with the windows firewall still up, mail does not start flowing.  I turn the windows firewall back on immediately after rebooting.  

    The Application event log on the edge server shows events 1022, 12025, and 8019 after reboot regardless whether the firewall was up or down.

    Nslookup on edge shows that it obtains DNS for the Active Directory DNS server and for the mailbox server.

    Telnet port 25 from edge to mailbox, and mailbox to edge, is successful.

    A port query tool on the mailbox server indicates port 50636 on edge is listening.

    Test-EdgeSynchronization is always "Normal".

    The edge firewall has an inbound rule allowing traffic on all ports from the mailbox server.

    I believe this all shows that DNS and edge synchronization are working correctly.

    As time goes by, after a reboot of edge, the connections indicated in Event ID 8019 will start incrementing.  Right after the reboot Event ID 8019 shows the following:

    "Creating extra connection for idle queue: 3 with queue type: SmartHostConnectorDelivery and next hop domain: mailbox.blah.blah. Current number of connections is: 1"

    As time goes by the "number of connections is:" will increment up to 19 and then will go no higher.  I don't know yet whether mail stops flowing when the connections start incrementing or when they reach 19.

    I figure this has to be a edge firewall issue, but I have been unable to nail it down. The above confirms that the ports indicated as necessary at the following link are available.

    https://docs.microsoft.com/en-us/exchange/plan-and-deploy/deployment-ref/network-ports?view=exchserver-2019

    Thanks bunches.  Jim

    Monday, November 12, 2018 4:46 PM

All replies

  • Hi jsemmel,

    If you send mails from Exchange server to internet, whether this mail could be send out successfully? You can use command below to check this mail from Mailbox server and Edge server:

    Get-MessageTrackingLog -Recipients xx@xx.xx  -Sender xx@xx.xx -MessageSubject “xxx”

    From this log, you can know this mail is blocked by which part.

    I would suggest you temporarily disable the firewall, then remove Edge Subscriptions and  recreate it. Make sure Edge Subscriptions could work successfully, then enable the firewall and check whether this issue is caused by settings on firewall.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, November 13, 2018 6:40 AM
  • Kyle

    After we close tonight, I will follow your suggestion to recreate the Edge subscription, and report back tomorrow.  Thanks for the tip.

    jim

    Tuesday, November 13, 2018 7:31 PM
  • Hi Kyle

    Regarding the first part of your comments, I never have trouble sending out messages, only moving messages from the edge server to the mailbox server.

    Second, I have removed the former edge subscription and installed another as per your suggestion, but it has made no difference.  This evening messages have stopped flowing again.  I am rebooting the edge server to reestablish message flow from edge to mailbox.

    Jim

    Wednesday, November 14, 2018 3:23 AM
  • Hi Kyle

    I think I have the problem solved.  If it continues to work for another 24 hours, I can say it is done.

    Someone told me about the Windows firewall log which is enabled via group Policy.  That log provided a lot of clues.

    I seem to have determined that my root problem was a lack of coordination between my routing configuration and my firewall configuration between my internal LAN and my DMZ.

    Thanks for the tip earlier.

    Jim

    Wednesday, November 14, 2018 7:48 PM
  • Hi jsemmel,

    Any update now?

    If this issue solved, please be free to mark it as answer for helping more people.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, November 16, 2018 1:28 AM