Re: Dual-homed SBS *Standard* server won't accept SMTP connections

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Les Connor [SBS Community Member - SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 01/07/05 

Date: Thu, 6 Jan 2005 22:00:38 -0600

Hi Eliot,

The settings I posted should be applicable. I don't have a any single nic
SBS installs ;-). 

-- 
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Eliot Sennett" <eliot102@hotmail.com> wrote in message 
news:udOkQ9D9EHA.2552@TK2MSFTNGP09.phx.gbl...
> Hey Dude!
>
> Yeah, I'm over the Sox celebration/hangover, but am indeed faced with Pats
> terror. C'est la guerre...
>
> Anyway, I'll double-check, but I think everything was as set by default in
> CEICW. I think the variant is the dual-homed, non-ISA issue. This is the
> first time I rolled one out like that, b/c so many you-know-who's advised 
> me
> to do it that way. Always used to use a single NIC, since we always use an
> external firewall. In every case with a single NIC, it has worked as you 
> say
> it should.
>
> Btw, I did restart the virtual server after every test change. I didn't
> restart any Exchange services, but the changes in the VS appear to have
> taken without a reboot.
>
> This is what I get for listening to other people instead of being a 
> stubborn
> pain-in-the-...
>
> Have an OV for me.
>
> -E
>
> "Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca>
> wrote in message news:eS5pgJC9EHA.3756@TK2MSFTNGP14.phx.gbl...
>> Hi Eliot !,
>>
>> How's the (sox) headache? Replace by a new years celebration, no doubt 
>> :-)
>>
>> A default configuration should allow any client on the lan to send to
>> exchange. So from a client on the lan, telnet <servername> 25 should 
>> bring
>> up the exchange banner.
>>
>> ESM | Default Virtual Server Properties
>> > General Tab
>> IP addresses (All Unassigned)
>>
>> >Access Tab
>> Authentication - Anynymous, Basic and Integrated checked
>> Connection - All except list below (list empty)
>> Relay - Only the list below - Internal nic IP, localhost( 127.0.0.1), and
>> external nic IP
>>
>> If you make any changes, stop and start the default SMTP Virtual Server.
>>
>> -- 
>> Les Connor [SBS Community Member - SBS MVP]
>> -----------------------------------------------------------
>> SBS Rocks !
>>
>>
>> "Eliot Sennett" <eliot102@hotmail.com> wrote in message
>> news:u7wcq%23B9EHA.1564@TK2MSFTNGP09.phx.gbl...
>> > Perhaps I was indeed to brief.  We did use telnet to test the 
>> > operations
>> > from inside the lan, outside the firewall, and on the server itself.
>> > Responses to telnet were only received from outside the firewall, whose
>> > internal interface is on the same subnet as the server's external NIC.
>> >
>> > We tried every test and configuration you've described below. The port
> 26
>> > on
>> > the inside NIC plus port 25 on the external NIC was the only
> configuration
>> > in which anything on the LAN's subnet could telnet into the Exchange
>> > server
>> > via SMTP, and it still is.
>> >
>> > FWIW, I just think this is inconvenient. I disagree with you that this
> is
>> > likely to screw anything up. If there's something specific that you
> think
>> > can go wrong by virtue of having the two NICs listen on two different
>> > ports,
>> > I'd appreciate it if you'd clarify what that is.
>> >
>> > Here's the IP Config you asked about:
>> >
>> > Windows IP Configuration
>> >
>> >   Host Name . . . . . . . . . . . . : abc-sbs
>> >   Primary Dns Suffix  . . . . . . . : abc.internal
>> >   Node Type . . . . . . . . . . . . : Unknown
>> >   IP Routing Enabled. . . . . . . . : Yes
>> >   WINS Proxy Enabled. . . . . . . . : Yes
>> >   DNS Suffix Search List. . . . . . : abc.internal
>> >
>> > Ethernet adapter Internal:
>> >
>> >   Connection-specific DNS Suffix  . :
>> >
>> >   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
> Ethernet
>> >   Physical Address. . . . . . . . . : 00-11-43-D2-9F-43
>> >   DHCP Enabled. . . . . . . . . . . : No
>> >   IP Address. . . . . . . . . . . . : 192.168.16.2
>> >   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> >   Default Gateway . . . . . . . . . :
>> >   DNS Servers . . . . . . . . . . . : 192.168.16.2
>> >   Primary WINS Server . . . . . . . : 192.168.16.2
>> >
>> > Ethernet adapter External:
>> >
>> >   Connection-specific DNS Suffix  . :
>> >   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
> Ethernet
>> > #2
>> >   Physical Address. . . . . . . . . : 00-11-43-D2-9F-44
>> >   DHCP Enabled. . . . . . . . . . . : No
>> >   IP Address. . . . . . . . . . . . : 192.168.0.2
>> >   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> >   Default Gateway . . . . . . . . . : 192.168.0.1
>> >   Primary WINS Server . . . . . . . : 192.168.16.2
>> >   NetBIOS over Tcpip. . . . . . . . : Disabled
>> >
>> > Thanks, Phillip.
>> >
>> > "Phillip Windell" <@.> wrote in message
>> > news:OpciUtB9EHA.4072@TK2MSFTNGP10.phx.gbl...
>> >> "Eliot Sennett" <eliot102@hotmail.com> wrote in message
>> >> news:OS48ZYA9EHA.2016@TK2MSFTNGP15.phx.gbl...
>> >> > We figured the CEICW set the rules so that only the external NIC
> could
>> >> > handle inbound SMTP mail,
>> >>
>> >> Shouldn't have done that. You need it to listen on all Interfaces for
>> >> what
>> >> you want to do.
>> >>
>> >> > So we looked a the Default Virtual Server for SMTP, and couldn't 
>> >> > find
>> >> > anything that made us really believe that.
>> >>
>> >> Look at the Relay restrictions in Properties-->Access-->Relay.  Your
>> >> LAN's
>> >> Address Range needs to be in this as "allowed to relay".
>> >>
>> >> > In addition, the server was set to listen on all unassigned IP
>> > Addresses.
>> >>
>> >> It should be set to "All Unassigned"
>> >>
>> >> > We tested setting up the addresses
>> >> > specifically (assigning one address in General, then adding the
> second
>> > in
>> >> > the Advanced button window), so that we forced both to be listening.
>> > Still
>> >>
>> >> No. One *normal* address per NIC.  There may be reasons for adding
> other
>> >> secondary IP#s,...but this isn't one of them.
>> >>
>> >> > Finally, we got the result we needed by assigning a different SMTP
> port
>> >> for
>> >> > the internal NIC and locking that onto the internal NIC's IP 
>> >> > Address.
>> >>
>> >> Should never have to do that,... you will probably screw something up
>> >> somewhere by doing that.
>> >>
>> >> > What I'm wondering is whether this is expected behavior or whether
>> > there's
>> >> a
>> >> > way to get SMTP to listen on two different NICs on two different IP
>> >>
>> >> Did you *Telnet* to that IP#/Port? You never stated *how* you don't
> think
>> > it
>> >> is listening properly. You may be running around in circles thinking
> that
>> > it
>> >> isn't listening on those when it may very well be listening perfectly
>> >> fine
>> >> but it just is "hearing" what it wants to hear.
>> >>
>> >> We also don't even know if the TCP/IP config of the Nics is even
>> >> correct,...you need to post that information.
>> >>
>> >> -- 
>> >>
>> >> Phillip Windell [MCP, MVP, CCNA]
>> >> www.wandtv.com
>> >>
>> >>
>> >
>> >
>>
>>
>
>
Quantcast