locked
Edge Transport Server Fails DNS Query When Emailing to one Specific Domain

    Question

  • This issue occurs for the same domain across three different edge transport servers.

    All servers are Windows 2008 STD SP2, Exchange 2007 SP1 U9.  Emails are delivered using DNS connector from edge.  Emails to this one specific domain would sit in the retry queue with DNS query error until NDR was generated.  Connectivity Logging generated the following:

    2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,>,DNS server returned ErrorRetry reported by 208.241.124.200
    2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,-,The DNS query for 'DnsConnectorDelivery':'subdomain.domain.com':'cd771f71-77a3-4aca-b002-86f477816910' failed with error: ErrorRetry

    I changed the servers DNS settings to different servers with the same response.  Validated that manual MX lookups worked, and that I could telnet to any of the three MX records and deliver mail via telnet.

    I did a packet capture and received the following:

    12    32.280037    172.28.16.55    208.241.124.200    DNS    Standard query AAAA SMTPSERVER.subdomain.domain.com

    So what is happening is the Edge servers are only performing IP6 lookups, and throughout the log, only for subdomain.domain.com do they NOT perform a regular IP4 A record lookup.  I then went about disabling TCP/IP6 as per this article:

    http://technet.microsoft.com/en-us/network/cc987595.aspx

    this stated to do the following:

    Alternately, from the Windows XP or Windows Server 2003 desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt . At the command prompt, type netsh interface ipv6 uninstall .

    To remove the IPv6 protocol for Windows XP with no service packs installed, do the following:

    1. Log on to the computer with a user account that has local administrator privileges.
    2. From the Windows XP desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt .
    3. At the command prompt, type ipv6 uninstall .

    Unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista and Windows Server 2008 by doing one of the following:

    • In the Network Connections folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items .

      This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.
    • Add the following registry value (DWORD type) set to 0xFF:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents

      This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect.
    I did the above, and still, the Edge Transport servers would only perform AAAA lookups, and messages would sit in the queue.





    As temporary workaround, created new send connector with the three available MX hosts as possible smarthosts for subdomain.domain.com, and this allowed email flow.

    I've tried disabling the TCPIP6, and still doesnt work.  Any suggestions?

    Wednesday, September 16, 2009 7:11 PM

Answers

  • Hi,

    Thank you for your information.

    After viewing the information, I found that the Exchange server make a request to query MX record, the first response is successful. Then do the request of AAAA type, this is failed.

    Actually, this is the product issue in Exchange 2007 if the the platform is Windows 2008. By default, the IPV6 couldnot be disabled completely even though the interface and connection is disabled. And unlike Windows XP and Windows 2008, the IPV6 cannot be uninstalled in Windows 2008 and Vista.

    Now please check "Use the External DNS Lookup settings on the Transport Server" option under Network tab in Send Connector to check this issue. If the issue persists, please refer to the workaround on the similar thread as Hari provided.

    Thanks

    Allen
    • Marked as answer by Paul Ponzeka Friday, September 25, 2009 1:06 PM
    Tuesday, September 22, 2009 4:21 AM

All replies

  • Hi,

    After reviewing the description and doing a local test on my lab, I found this is not the IPV6 issue. It seems that's the DNS server issue.

    Now please reproduce this issue and use Network Monitor to capture the data, then send the log to me at v-allson@microsoft.com

    Thanks

    Allen
    Monday, September 21, 2009 7:05 AM
  • As per the below forums, seems like ita a bug with Exchage 2007 on Windows 2008...

    http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/2e9a6263-7863-4d13-9480-7611db222e9e
    http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/5ac614ee-e4fb-41d9-88f0-363f912634b1

    Lets wait and see any forum users suggestions, meanwhile go through the links and cross check your server...
    Monday, September 21, 2009 1:40 PM
  • Allen,

    I sent you the network capture, it's frame 684 that you can see the beginning of the issue.
    Monday, September 21, 2009 1:58 PM
  • Hi,

    Thank you for your information.

    After viewing the information, I found that the Exchange server make a request to query MX record, the first response is successful. Then do the request of AAAA type, this is failed.

    Actually, this is the product issue in Exchange 2007 if the the platform is Windows 2008. By default, the IPV6 couldnot be disabled completely even though the interface and connection is disabled. And unlike Windows XP and Windows 2008, the IPV6 cannot be uninstalled in Windows 2008 and Vista.

    Now please check "Use the External DNS Lookup settings on the Transport Server" option under Network tab in Send Connector to check this issue. If the issue persists, please refer to the workaround on the similar thread as Hari provided.

    Thanks

    Allen
    • Marked as answer by Paul Ponzeka Friday, September 25, 2009 1:06 PM
    Tuesday, September 22, 2009 4:21 AM
  • Ill try that.  Does it do anything different if i am using the same DNS servers for the external DNS as i am for the NIC's DNS?
    Tuesday, September 22, 2009 1:29 PM
  • Hi,

    This can make no AAAA request not send from the Exchange server.

    Thanks

    Allen
    Friday, September 25, 2009 10:07 AM
  • Setting the External DNS entry resolved the issue.  Thanks for the help Allen.
    • Proposed as answer by SNosko Wednesday, April 21, 2010 1:27 PM
    Friday, September 25, 2009 1:06 PM
  • http://technet.microsoft.com/en-us/library/bb851512(EXCHG.80).aspx

    This worked for me.  Email started flowing out of the queue right away.

    • Proposed as answer by DITSupp Friday, July 05, 2013 1:11 AM
    Wednesday, April 21, 2010 1:28 PM
  • Hi Allen and Paul,

    we experience problems in receiving mails from senders with this Exchage server problem. When we are aware of the problem, we send them the above mentioned link and ask them to make adjustments. Then afterwards usually mail arrives without any problems.

    The problem for us is that it seems as if the problem grows. More and more mail does not arrive on our mailadresses (mine for example is leonard@servicesites.nl) And not all of the senders recieve notifications that mail cannot be delivered. As you can imagine this situation is unacceptable and damaging our customer relations.

    Is there anything WE can do? (apart from sending them the information to make adjustements in their Exchange servers...)

    I hope you can help us...

    Thanks in advance

    Leonard

    Friday, June 24, 2011 10:46 AM
  • Hi Everyone,

     

    a customer of hours is experiencing the same problem, and like Leonard Jansen said, he too believes the problem is growing and has asked us the same question, if there's anything on his side he can do about it.

     

    Kind regards,

    Philipp

    Saturday, June 25, 2011 9:07 AM
  • Hi Allen and Paul,

    we experience problems in receiving mails from senders with this Exchage server problem. When we are aware of the problem, we send them the above mentioned link and ask them to make adjustments. Then afterwards usually mail arrives without any problems.

    The problem for us is that it seems as if the problem grows. More and more mail does not arrive on our mailadresses (mine for example is leonard@servicesites.nl) And not all of the senders recieve notifications that mail cannot be delivered. As you can imagine this situation is unacceptable and damaging our customer relations.

    Is there anything WE can do? (apart from sending them the information to make adjustements in their Exchange servers...)

    I hope you can help us...

    Thanks in advance

    Leonard


    Hi Leonard,

     

    as stated below we where experiencing the same problem with one of our customers. Seeing that it's a DNS related problem we suggested to the customer to change or add an additional DNS service through i.e. dyndns.com. After adding the current DNS records to the new DNS service mail started coming in from every customer that had problems.

     

    So for your clients i would suggest a similar solution, it helped over here at least.

     

    Kind regards,

    Philipp

    Tuesday, June 28, 2011 7:59 AM
  • We had a similar issue recently. Our problem was that the Exchange server had 2 DNS servers configured. The second one was unreachable from the local subnet. Our fix was to add a second valid DNS server that was on the local subnet. The mail queue emptied immediately.

    Sincerely,

    Mike K.


    Mike Kullish
    Wednesday, August 10, 2011 7:16 PM
  • I tried this in the following article and it work for me.

    http://wfcastle33.wordpress.com/2011/06/26/exchangednserror451/

    Monday, November 17, 2014 2:25 PM