locked
Connecting to the server failed. Error: 10060

    Question

  • Hi, One of the vendors of our company is not able to send the mails to us. When he tries to use smtpdiag tool to check the problem he is getting the error --> Connecting to the server failed. Error: 10060 Now i am able to receive the mails from all the mail servers except his. I tried to add his domain to bypassedsenderdomain but still I am not able to receive the mails. Is this problem related to his mail server or my own mail server. He is able to send and receive mails to other mail servers as well. How can I solve this problem. Thanks.
    Wednesday, October 7, 2009 9:49 AM

Answers

  • On Sat, 10-Oct-09 06:09:50 GMT, Dec0der wrote:


    >Rich thanks. Actually I have enabled logging on receive connector and found that no logs are being generated there. I mean they are not even able to telnet my server and get the welcome message back. And thats why there are no logs there in my receive connectors.

    No logs at all??? That's not right. Check if the logging's really
    enabled:

    Get-ReceiveConnector |ft name,ProtocolLoggingLevel

    Make sure you're looking in the right directory, too. Have you moved
    sportRoles directory to another location?

    >I just want to know whether its network problem or my server. On server I have no firewall configured. Only Forefront for exchange is installed as an anti-spam solution. I think that if its server problem at least welcome banner should be provided to the client. But he is not able to get the welcome banner.

    Well, then it's time for a network monitor. WireShark or NetMon both
    work well (I prefer WireShark, but that's just me). Just set the
    capture filter to watch port 25 and see if there are any connections
    from the IP address of the other server. Don't collect data in
    promiscuous mode until you know that the connection isn't arriving at
    your server. If it's not, check the firewall log files to see if the
    connections being handled correctly. If everything look to be in order
    you can install the network monitor software on another machine, set
    it to collect in promiscuous mode, and hook it up to a port on your
    ets to that port in
    addition to the one for the target MAC address. The connection's gotta
    be going somewhere!
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Proposed as answer by Elvis Wei Wednesday, October 14, 2009 2:49 AM
    • Marked as answer by Elvis Wei Thursday, October 15, 2009 9:03 AM
    Saturday, October 10, 2009 4:09 PM
  • Hi Dec0der,

     

    Please follow Rich's suggestions to troubleshoot the issue.

    At the current stage, it's not an Exchange Server issue, but a network connection issue...
    If the issue persists, I suggest you put the questions on the network forum as I mentioned before.

     

    Thanks,

     

    Elvis

    • Proposed as answer by Elvis Wei Wednesday, October 14, 2009 2:49 AM
    • Marked as answer by Elvis Wei Thursday, October 15, 2009 9:03 AM
    Monday, October 12, 2009 4:03 AM
  • Hi,

    Yes you are correct. Actually I asked for the tracert result from his side and get 2 results for 2 different ips and both the results shows blockage in the midway i.e at ISP routers. I have submitted my case to our ISP provider and he is trying to figure it out why its happening.

    This problem comes after BGP implementation at our ISP end and thats why i am sure that it is network problem.

    Thanks for all the help.
    • Marked as answer by Elvis Wei Thursday, October 15, 2009 9:04 AM
    Wednesday, October 14, 2009 7:18 AM

All replies

  • Are you able to send email to his domain? Have you registered your domain for RBL listing?

    Have him submit email to your domain using telnet session see below KB

    http://support.microsoft.com/kb/153119

    If your Server donot even open the banner for him or rejects that means either your Firewall/Antispam/Antivirus is not accepting his connection.

    You need to ask him to check his domain for any kind of blacklisting

    http://www.mxtoolbox.com/blacklists.aspx

    Last but not least you need to add his domain or ip in your Firewall/Antispam/Antivirus  whitelist




    Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
    Wednesday, October 7, 2009 11:36 AM
  • Hi,

    Vinod I tried to add the mail server ip of that domain to ip allow list and also added that particular domain to bypassedsenderdomain lists in my anti-spam filters but still the problem is there.

    I am using forefront for anti-virus scanning and I am not able to find any mails blocked for that particular domain. Please help.

    Thanks.
    Wednesday, October 7, 2009 3:16 PM
  • Is he getting any kind of NDR message from your side? Did also whitelisted him on FSE and ht Server?

    just in case did you restsrted Transport Service after adding him to whitelist on HT?
    Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
    Wednesday, October 7, 2009 3:19 PM
  • Hi,

    I am still waiting for the NDR from there side. Meanwhile I have restarted the transport service on my edge servers.

    As far as whitelisting is concerned on HT and FSE. How can i do that. As i checked HT and found no option for whitelisting there.

    Also can you please update me what logs will be relevant in this scenario to check. I check my transport logs on edge server but found no traces of mails from that particular domain being bounced back due to content filter restrictions or ip blacklist.

    Thanks.
    Wednesday, October 7, 2009 3:23 PM
  • So you also use Edge? did you perform the Edge Synchronization between ET and HT?

    you need to first start looking @ FSE becoz that is where your internet emails are going to hit

    See below also

    Description of the scan order in Antigen 8.0, in Antigen 9.0, and in and Forefront Security for Exchange Server


    Exchange 2007 Content FIlter: The Whitelist Is Here!


    Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
    Wednesday, October 7, 2009 3:37 PM
  • Hi,

    Actually I did the same and used the following command -->

    Set-ContentFilterConfig -BypassedSenderDomains "test.com", "test2.com"

    Is it made any difference if i use space between test.com and test2.com ?

    Thanks.
    Wednesday, October 7, 2009 4:44 PM
  • Yes that is perfect.

    Set-ContentFilterConfig -BypassedSenderDomains "microsoft.com","zenprise.com","somedomain.com"
    Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
    Wednesday, October 7, 2009 4:50 PM
  • Hi,

    I talked to there mail server administrator and he said that he is not able to telnet to our mail server. I have already whitelisted his ip and according to my theory I dont think that our mail server is rejecting there mail server connection.

    What should i do.

    Thanks.
    Thursday, October 8, 2009 7:01 AM
  • On Thu, 8-Oct-09 07:01:03 GMT, Dec0der wrote:

    >I talked to there mail server administrator and he said that he is not able to telnet to our mail server. I have already whitelisted his ip and according to my theory I dont think that our mail server is rejecting there mail server connection.
    >
    >What should i do.

    Can the other admin use traceroute (windows 'tracert') to your IP
    address? Does it work?

    It may be that there's an asymetric route between the two comapnies
    s because of that.
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP

    --- Rich Matheisen MCSE+I, Exchange MVP
    Friday, October 9, 2009 3:01 AM
  • Hi Dec0der,

     

    From your description:

     

    i am able to receive the mails from all the mail servers except his.

    He is able to send and receive mails to other mail servers as well

     

    Since they even aren't able to telnet your mail server, seems there is a network issue between your server and their server. Please double check your Firewall settings, if the issue persists. I suggest you write a post on the network forum to fix this issue first. After they can telnet your server port 25, the issue should be resolved.

     

    Thanks,

     

    Elvis

     

    Friday, October 9, 2009 3:02 AM
  • Hi,

    Elvis and Rich thanks for your valuable suggestion. I have already troubleshooted the problem by asking there admin to tracert our mail server. I found that they are not able to reach our network through tracert and there lies the problem.  I was somehow late in updating the post.

    You both were also correct regarding the issue. Thanks for all of your suggestions.

    Thanks.
    Friday, October 9, 2009 5:35 AM
  • Hi,

    Elvis and Rich now again the ball is in my court. Actually now routing problem is not there. But still they are not able to telnet to our server. We tried to monitor the logs of our pix firewall and we can see that they are hitting our pix firewall without any problem. Our pix firewall has no restriction for outside world on port 25. Still they are not able to connect.

    Please update me which logs should i search so that i can check why they are not able to telnet to my server. One intresting find is that when capturing the session packets I am seeing sync failure packets.

    Looking forward for your valuable suggestions.

    Thanks.
    Friday, October 9, 2009 12:13 PM
  • On Fri, 9-Oct-09 12:13:13 GMT, Dec0der wrote:

    >Hi,
    >
    >Elvis and Rich now again the ball is in my court. Actually now routing problem is not there. But still they are not able to telnet to our server. We tried to monitor the logs of our pix firewall and we can see that they are hitting our pix firewall without any problem. Our pix firewall has no restriction for outside world on port 25. Still they are not able to connect.
    >
    to my server. One intresting find is that when capturing the session packets I am seeing sync failure packets.

    If you have the protocol logging level on the receive connector set to
    "verbose", check the "C:\Program Files\Microsoft\Exchange
    Server\TransportRoles\Logs\ProtocolLog\SmtpReceive" directory.

    You can also try using a network monitor such as WireShark or NetMon
    if you con't see any connections from their IP address in your log
    files.

    Do they have any information to share with you from their log files?
    Are the messages delivered to your server and your server accepts them
    with a 250 status code?

    Are the messages quarantined or dropped by your anti-spam or
    anti-virus applications?
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP

    --- Rich Matheisen MCSE+I, Exchange MVP
    Saturday, October 10, 2009 3:20 AM
  • Hi,

    Rich thanks. Actually I have enabled logging on receive connector and found that no logs are being generated there. I mean they are not even able to telnet my server and get the welcome message back. And thats why there are no logs there in my receive connectors.

    I just want to know whether its network problem or my server. On server I have no firewall configured. Only Forefront for exchange is installed as an anti-spam solution. I think that if its server problem at least welcome banner should be provided to the client. But he is not able to get the welcome banner.

    Thanks.
    Saturday, October 10, 2009 6:09 AM
  • On Sat, 10-Oct-09 06:09:50 GMT, Dec0der wrote:


    >Rich thanks. Actually I have enabled logging on receive connector and found that no logs are being generated there. I mean they are not even able to telnet my server and get the welcome message back. And thats why there are no logs there in my receive connectors.

    No logs at all??? That's not right. Check if the logging's really
    enabled:

    Get-ReceiveConnector |ft name,ProtocolLoggingLevel

    Make sure you're looking in the right directory, too. Have you moved
    sportRoles directory to another location?

    >I just want to know whether its network problem or my server. On server I have no firewall configured. Only Forefront for exchange is installed as an anti-spam solution. I think that if its server problem at least welcome banner should be provided to the client. But he is not able to get the welcome banner.

    Well, then it's time for a network monitor. WireShark or NetMon both
    work well (I prefer WireShark, but that's just me). Just set the
    capture filter to watch port 25 and see if there are any connections
    from the IP address of the other server. Don't collect data in
    promiscuous mode until you know that the connection isn't arriving at
    your server. If it's not, check the firewall log files to see if the
    connections being handled correctly. If everything look to be in order
    you can install the network monitor software on another machine, set
    it to collect in promiscuous mode, and hook it up to a port on your
    ets to that port in
    addition to the one for the target MAC address. The connection's gotta
    be going somewhere!
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Proposed as answer by Elvis Wei Wednesday, October 14, 2009 2:49 AM
    • Marked as answer by Elvis Wei Thursday, October 15, 2009 9:03 AM
    Saturday, October 10, 2009 4:09 PM
  • Hi Dec0der,

     

    Please follow Rich's suggestions to troubleshoot the issue.

    At the current stage, it's not an Exchange Server issue, but a network connection issue...
    If the issue persists, I suggest you put the questions on the network forum as I mentioned before.

     

    Thanks,

     

    Elvis

    • Proposed as answer by Elvis Wei Wednesday, October 14, 2009 2:49 AM
    • Marked as answer by Elvis Wei Thursday, October 15, 2009 9:03 AM
    Monday, October 12, 2009 4:03 AM
  • Hi,

    Yes you are correct. Actually I asked for the tracert result from his side and get 2 results for 2 different ips and both the results shows blockage in the midway i.e at ISP routers. I have submitted my case to our ISP provider and he is trying to figure it out why its happening.

    This problem comes after BGP implementation at our ISP end and thats why i am sure that it is network problem.

    Thanks for all the help.
    • Marked as answer by Elvis Wei Thursday, October 15, 2009 9:04 AM
    Wednesday, October 14, 2009 7:18 AM