Applies to: Exchange Server 2007 SP1, Exchange Server
2007
Topic Last Modified: 2007-09-25
This topic explains how to resolve the problem of inbound or outbound e-mail messages that are stuck in queues on a server running Microsoft Exchange Server 2007 with the Edge Transport server role installed. When this situation occurs, you will typically see the following errors in the Last Error column in the Exchange Queue Viewer:
- 451 4.4.0 DNS Query Failed
- 400 4.4.7 Message Delayed
This problem commonly occurs as a result of a mistake in the configuration of the DNS settings of the Edge Transport server. Therefore, you can resolve this problem by correcting the DNS configuation.
Before You Begin
Confirm that any firewall between your Hub Transport servers and your Edge Transport servers allow port 53 for DNS resolution and port 25 for SMTP traffic.
To perform this procedure, the account you use must be delegated the following:
- Local Administrator
- Exchange Organization Administrator
For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007 , see Permission Considerations.
Procedure
To use the Exchange Management Console to reconfigure DNS settings when inbound mail is queued on an Edge Transport server
-
Start the Exchange Management Console on the Edge Transport server.
-
Click Toolbox.
-
Select Queue Viewer under the Mail flow tools category to open the Queue Viewer tool.
-
Review the information in the Last Error column. Note whether you have an inbound message queue for an accepted domain, such as "company.com", and if there is an error similar to "451 4.4.0 DNS Query Failed".
-
Verify the DNS configuration on the Edge Transport server as follows:
- Log on locally to the Edge Transport server.
Important: Do not view or change these settings remotely from an administrative workstation or a server other than the Edge Transport server. You can use Remote Desktop Connection (RDC) 6.0 to access the physical server. We recommend that you use a console session by starting your RDC session using the /console switch. - Open the Exchange Management Console.
- Select the Edge Transport server in the Result pane, and then
select Properties.
- Select the Internal DNS Lookups tab.
- Log on locally to the Edge Transport server.
-
The default configuration is All Available. Your Edge Transport server will need to do external and internal DNS lookups. You have two options available:
- If you have multiple NIC adapters, and one is for the internal
network, select that network card in Use network card DNS
settings. The IP addresses will populate the box below with the
DNS server IP addresses that are specified on the internal network
card. Restart the Transport service, and then repeat step 5 to
confirm that the configuration is correct. If you do not see any IP
addresses, the NIC card may not be configured with DNS server
entries. Populate the card with DNS settings, and then repeat step
5 to ensure that the settings are correct.
- If you have only one network card, and it is using external
public DNS, you do not want to change this setting because it will
break external name resolution and e-mail flow. There are two
options in this scenario. You can select Use these DNS
servers and then select the IP address of the internal DNS
server, or you can add a host file containing the DNS server
information.
- If you have multiple NIC adapters, and one is for the internal
network, select that network card in Use network card DNS
settings. The IP addresses will populate the box below with the
DNS server IP addresses that are specified on the internal network
card. Restart the Transport service, and then repeat step 5 to
confirm that the configuration is correct. If you do not see any IP
addresses, the NIC card may not be configured with DNS server
entries. Populate the card with DNS settings, and then repeat step
5 to ensure that the settings are correct.
-
After making changes, test your DNS servers and name resolution with NSLOOKUP as described in the topic How to Use Telnet to Test SMTP Communication.
-
Next, test ping and telnet to your internal mail server. If ping or telnet connections are failing, check to see if the Windows Firewall in Control Panel/ Services has been enabled. It is typically disabled. If it is enabled, it needs to be configured on the NIC cards to allow services for mail flow, such as SMTP, LDAP, the Edge Transport server LDAP ports, and testing protocols such as ICMP. Enable only those ports that are required for the services that you are using.
To use the Exchange Management Console to reconfigure DNS settings when outbound mail is queued on an Edge Transport server
-
Start the Exchange Management Console on the Edge Transport server.
-
Click Toolbox.
-
Select Queue Viewer under the Mail flow tools category to open the Queue Viewer tool.
-
Review the information in the Last Error column. Note whether you have an outbound message queue and if there is an error similar to "451 4.4.0 DNS Query Failed".
-
Verify the DNS configuration on the Edge Transport server as follows:
- Log on locally to the Edge Transport server.
Important: Do not view or change these setting remotely from an administrative workstation or a different server. You can use Remote Desktop Connection (RDC) 6.0 to access the physical server. We recommend that you use a console session by starting your RDC session using the /console switch. - Open the Exchange Management Console.
- Select the Edge Transport server in the Result pane, and select
Properties.
- Select the External DNS Lookups tab.
- Log on locally to the Edge Transport server.
-
The default is All Available. Your Edge Transport server will need to do external and internal DNS lookups. You have two options available:
- If you have multiple NIC adapters, and one is for the external
network, select that network card Use network card DNS
settings. The IP addresses will populate the box below with the
DNS server IP addresses specified on the external network card.
Restart the Transport service, and then repeat step 5 to confirm
that the configuration is correct. If you do not see any IP
addresses, the NIC card may not be configured with DNS server
entries. Populate the card with DNS settings, and then repeat step
5 to ensure that the settings are correct.
- If you have only one network card, and it is using internal
DNS, you do not want to change this setting because it will break
internal name resolution and e-mail flow from the Internet to your
Hub Transport servers. Select Use these DNS servers, and
then select the IP address of the external public DNS
server(s).
- If you have multiple NIC adapters, and one is for the external
network, select that network card Use network card DNS
settings. The IP addresses will populate the box below with the
DNS server IP addresses specified on the external network card.
Restart the Transport service, and then repeat step 5 to confirm
that the configuration is correct. If you do not see any IP
addresses, the NIC card may not be configured with DNS server
entries. Populate the card with DNS settings, and then repeat step
5 to ensure that the settings are correct.
-
After making changes, test your DNS servers and name resolution with NSLOOKUP as described in the topic How to Use Telnet to Test SMTP Communication.
-
Next, test ping and telnet to your internal mail server. If ping or telnet connections are failing, check to see if the Windows Firewall in Control Panel/ Services has been enabled. It is typically disabled. If it is enabled, it needs to be configured on the NIC cards to allow services for mail flow, such as SMTP, LDAP, the Edge Transport server LDAP ports, and testing protocols such as ICMP. Enable only those ports that are required for the services you are using.
For More Information
For more information about configuring transport server properties, see Configuring Transport Server Properties.
For more information about DNS query failure, see Understanding DNS Query Failure Sensitivity in Exchange 2007 SP1 and SP2.
For more information about the Set-TransportConfig cmdlet, see Set-TransportConfig. For more information about the Start-EdgeSynchronization cmdlet, see Start-EdgeSynchronization.