I have posted this question before and since no one responded I am going to try to be a bit better in describing the problem and what I have tried to do to resolve it before posting.

For about six months or more now, people emailing via SMTP are getting a NDR that the user account does not exist when, in fact, there is a valid user account.

I happened to be on the telephone with my ISP trying to troubleshoot what I thought was a dearth of email messages during the course of the day. As it turned out, there were a number of emails backing up in his queue trying to be sent to our server.

The way this works, as it most likely works with others, it that our ISP merely acts as a forwarder of all of our email. He doesn't hold it, but returns an NDR if the mail can not be expeditiously delivered.

This day, he tried sending mail via telnet and regular mail and could see the socket open between the servers yet the transaction, after about 10-30 seconds timed out and the error message about a non-existent account popped up again.

We have thought that this might have been due to the server being so busy that it just couldn't respond to the email request. In fact, I used to run our network backup on that machine but have subsequently moved backup to another server (and eventually to an Internet company) so that the total amount of backup time is about 10 minutes while the server backs up to a file on another server.

There is nothing else running on this machine other than Exchange 5.5 - SP4. I have SP3 on W2K and all the latest hotfixes and security updates applied to the box.

What I need help with is HOW to troubleshoot this problem. This is not an internal problem because internal email is delivered. So I don't think I can use server monitors. I need a way to track what is happening when mail is sent from outside the school to our server. Of course, I can send mail from my hotmail or other personal email accounts and I have tried that with SMTP logging enabled but it shows nothing in the logs so I either do not have the right kind of logging enabled or this is an issue that can't be resolved by logging?

The fact that the ISP said the socket was connecting, but nothing was happening after that should be a clue. I have tried looking through my Exchange documentation but I can't find enough information about the process of delivering the mail to figure out what I should be looking for.

I am in the process of scanning the Swink CD to see if this issue has come up before, but it's taking a bit of time to do that and so far I haven't found anything (except my prior unanswered posts) to help.

As I mentioned before, I need some troubleshooting advice on where to start and what I should be looking for.

Thanks in advance,

John Orban
System Administrator
The Country School

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q268324
Check the service pack version on the Outlook clients. This fixed a similar problem for us.


------------
John Orban at 10/6/2002 9:21:34 PM

I have posted this question before and since no one responded I am going to try to be a bit better in describing the problem and what I have tried to do to resolve it before posting.

For about six months or more now, people emailing via SMTP are getting a NDR that the user account does not exist when, in fact, there is a valid user account.

I happened to be on the telephone with my ISP trying to troubleshoot what I thought was a dearth of email messages during the course of the day. As it turned out, there were a number of emails backing up in his queue trying to be sent to our server.

The way this works, as it most likely works with others, it that our ISP merely acts as a forwarder of all of our email. He doesn't hold it, but returns an NDR if the mail can not be expeditiously delivered.

This day, he tried sending mail via telnet and regular mail and could see the socket open between the servers yet the transaction, after about 10-30 seconds timed out and the error message about a non-existent account popped up again.

We have thought that this might have been due to the server being so busy that it just couldn't respond to the email request. In fact, I used to run our network backup on that machine but have subsequently moved backup to another server (and eventually to an Internet company) so that the total amount of backup time is about 10 minutes while the server backs up to a file on another server.

There is nothing else running on this machine other than Exchange 5.5 - SP4. I have SP3 on W2K and all the latest hotfixes and security updates applied to the box.

What I need help with is HOW to troubleshoot this problem. This is not an internal problem because internal email is delivered. So I don't think I can use server monitors. I need a way to track what is happening when mail is sent from outside the school to our server. Of course, I can send mail from my hotmail or other personal email accounts and I have tried that with SMTP logging enabled but it shows nothing in the logs so I either do not have the right kind of logging enabled or this is an issue that can't be resolved by logging?

The fact that the ISP said the socket was connecting, but nothing was happening after that should be a clue. I have tried looking through my Exchange documentation but I can't find enough information about the process of delivering the mail to figure out what I should be looking for.

I am in the process of scanning the Swink CD to see if this issue has come up before, but it's taking a bit of time to do that and so far I haven't found anything (except my prior unanswered posts) to help.

As I mentioned before, I need some troubleshooting advice on where to start and what I should be looking for.

Thanks in advance,

John Orban
System Administrator
The Country School

Guru:
Is this a sending or receiving issue?

Idiot Newbie:
We can send just fine, it's a receiving issue. However the weird thing is that we seem to be able to receive internet mail just fine, I only have a problem with my ISP's sending us email through his spam filter. Must be his fault, huh?

Guru:
Not necessarily, John. You see when you get mail directly from the internet, his mail server is just passing through email to you. It's just like another router on the internet. HOWEVER, the spam filter is queueing messages for you and then waiting for you to pull them down via POP3.

Idiot Newbie:
POP3?

Guru:
Oh, come on, John, you've been running a network for nearly four years now with less than ONE WEEK of downtime. CERTAINLY you know the difference between POP3 and SMTP?

Idiot Newbie:
Why do you think they call me an idiot?

Guru:
(Sigh), oh, John, POP3 is for receiving and SMTP is for sending. Got that?

Idiot Newbie:
(Seeing light bulb go off over his head), Ohhhhhhhhhh...

Guru:
Sounds to me like it's a POP3 issue. Have you queried TechNet on POP3?

Idiot Newbie:
Yes, but the only thing I find are articles referring to Exchange 2000 or older versions of Outlook than we use.

Guru:
Please, John, MAYBE they might apply to your situation.

Idiot Newbie:
Well, there is this article referring to something about GroupShield fighting for port 110 with Exchange. They say to uninstall GroupShield and reinstall it, but I don't want to leave my Exchange server exposed to email viruses while I do this.

Guru:
Can't be helped.

Idiot Newbie:
(Uninstalls GroupShield 4.5 and updates to GroupShield 5.0+SP1)
O.K. now NOTHING works. Still can send, but I'm still not getting anything from my ISP. It works WORSE than before.

Guru:
O.K., O.K., don't get your pants in a twist, John, bear with me, we're almost there.

Can you connect to POP3 from inside your network.

Idiot Newbie:
Let's see...telnet <<IP address>> 110.

Holy crap! I can, I couldn't do that before.

Guru:
Good, John, that's a good thing.

Now, can you connect to it from OUTSIDE your network.

Idiot Newbie:
They don't call me Idiot Newbie for nothing, How the heck to I do that?

Guru:
Come on, John, go out through your router and come back the other way.

Telnet <<IP address of your internet mail router>> 110

Idiot Newbie:
Nothing, doesn't work.

Guru:
O.K., John so we know the problem is between your Exchange server and the Internet. What is between your server and the router?

Idiot Newbie:
Well, of course, there's the router and I have this McAfee Anti-Virus appliance that scans all my internet traffic and just recently I set it up for SMTP scanning as well.

Guru:
Let's start with the closest appliance to your server. Have you got the AV box configured correctly?

Idiot Newbie:
Well, it DOES have a POP3 and SMTP configuration page. Let me call McAfee since I'm paying for support on this thing AND they have an 800 number!!!

(Calls McAfee, gets really great, knowledgeable tech support guy who talks him through configuration of box. During the course of the conversation...)

McAfee:
O.K. so email comes from your router to the box and the box points it directly to your mail server.

Idiot Newbie:
But I don't have an opening in my router firewall to allow port 110 traffic.

McAfee:
You'll need to do that.

Idiot Newbie (another light bulb goes off over his head):
Done. (Hangs up with McAfee)

O.K., Telnet <<IP Address of Internet Mail Server>> 110

Holy CRAP! It works - I'm getting a response. (Reading TechNet article on troubleshooting POP3 - is able to authorize and log in, etc.)

Now, if only this solves my problem with Outlook not being able to get my mail on the Exchange server from home.

(RUNNING home -- logs on -- tests connection)

HOLY CRAP! IT WORKS TOO!!!!!

Oh, thank you Exchange Guru, I just don't know what I would have done without you.

Guru:
That's O.K., just send me a case of Corona.

Fade in - music - fade to black.


------------
John Orban at 10/6/2002 9:21:34 PM

I have posted this question before and since no one responded I am going to try to be a bit better in describing the problem and what I have tried to do to resolve it before posting.

----rest deleted-----