RE: Exchange VPN DNS issue
Is the Outlook profile you are using set for your work account as the main or only account? When I have used VPN access from home, I use that profile with no problem or interference from my SBS server, but, then, again, I am not using some fancy schmantzy Cisco VPN, but the plain ole MS VPN. I have now got my laptop only set up to use RPC, which, after some initial problems getting connected, and a rebuild of the laptop to remove a long lingering problem that affected exploerer.exe in certain situations, it works just fine. The laptop was the one on which I used the VPN on the most. I also pop mail down onto my main desktop, and I had to set Exchange to allow me to relay from here. The only pain in the butt is that anything I send through the work server, I need to choose the work account to send it with. I used to be able to just send replies without having to set the account, and never had to set anything when sending to another user on the work Exchange. If I do not set it, I get an NDR that the message is undeliverable. However, it is different than what you get, You do not have permission to send to this recipient. For assistance, contact your system administrator. If you are sending through your Exchange server, have you checked message tracking to see what may be happening? \\Steve// From: Bob Fronk [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 10:11 AM To: MS-Exchange Admin Issues Subject: Exchange VPN DNS issue I am sure I am missing something simple here, but I have looked at everything I can think of and have not found the solution. Here is the setup: At my house, I have commercial Internet service with static IPs. I have a Cisco 2811 with AIM VPN module, with a VPN to the Cisco Concentrator at my office. I have an AD setup with SBS2K3 on a separate domain. In order to be able to access my work network I have added a forwarder for that domain in my SBS DNS. Everything works great. Except for one thing: I cannot send email from my personal domain to my work domain. If I remove the forwarder, I can send email to that domain fine. I can telnet from my home to the work Exchange and drop an email that way. I can ping work Exchange machine. I have tried adding a host record on my SBS to send the email to the Internet rather than the VPN, but that does not seem to fix the issue. I tried to add a static record on the SBS DNS to the work Exchange. Did not help. The error is Could not deliver the message in the time limit specified. Please retry or contact your administrator. #4.4.7 Do I need to setup another connector and point it to a relay within the work network? Any Ideas? Bob Fronk [EMAIL PROTECTED] ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange VPN DNS issue
I have no idea why this posted again. This was something I sent out last week. It is resolved. (I setup another DNS server) Bob Fronk [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Steve Szabo [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2008 9:52 PM To: MS-Exchange Admin Issues Subject: RE: Exchange VPN DNS issue Is the Outlook profile you are using set for your work account as the main or only account? When I have used VPN access from home, I use that profile with no problem or interference from my SBS server, but, then, again, I am not using some fancy schmantzy Cisco VPN, but the plain ole MS VPN. I have now got my laptop only set up to use RPC, which, after some initial problems getting connected, and a rebuild of the laptop to remove a long lingering problem that affected exploerer.exe in certain situations, it works just fine. The laptop was the one on which I used the VPN on the most. I also pop mail down onto my main desktop, and I had to set Exchange to allow me to relay from here. The only pain in the butt is that anything I send through the work server, I need to choose the work account to send it with. I used to be able to just send replies without having to set the account, and never had to set anything when sending to another user on the work Exchange. If I do not set it, I get an NDR that the message is undeliverable. However, it is different than what you get, You do not have permission to send to this recipient. For assistance, contact your system administrator. If you are sending through your Exchange server, have you checked message tracking to see what may be happening? \\Steve// From: Bob Fronk [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 10:11 AM To: MS-Exchange Admin Issues Subject: Exchange VPN DNS issue I am sure I am missing something simple here, but I have looked at everything I can think of and have not found the solution. Here is the setup: At my house, I have commercial Internet service with static IPs. I have a Cisco 2811 with AIM VPN module, with a VPN to the Cisco Concentrator at my office. I have an AD setup with SBS2K3 on a separate domain. In order to be able to access my work network I have added a forwarder for that domain in my SBS DNS. Everything works great. Except for one thing: I cannot send email from my personal domain to my work domain. If I remove the forwarder, I can send email to that domain fine. I can telnet from my home to the work Exchange and drop an email that way. I can ping work Exchange machine. I have tried adding a host record on my SBS to send the email to the Internet rather than the VPN, but that does not seem to fix the issue. I tried to add a static record on the SBS DNS to the work Exchange. Did not help. The error is Could not deliver the message in the time limit specified. Please retry or contact your administrator. #4.4.7 Do I need to setup another connector and point it to a relay within the work network? Any Ideas? Bob Fronk [EMAIL PROTECTED] ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Exchange VPN DNS issue
On Thu, Jun 5, 2008 at 1:48 PM, Bob Fronk [EMAIL PROTECTED] wrote: I cannot send email from my personal domain to my work domain. If I remove the forwarder, I can send email to that domain fine. Use NSLOOKUP to lookup the MX records for both domains (sending and receiving). Also resolve the MX names to A records, if needed. Compare the results of those tests with and without the DNS forwarder. I can ping work Exchange machine. Can you connect to it on TCP port 25? Could not deliver the message in the time limit specified. Please retry or contact your administrator. #4.4.7 Exchange DSNs are useless when it comes to diagnostics. That's just a message telling you that Exchange had trouble, tried again few times, and then gave up. It does not actually tell you what went wrong. You have to turn on SMTP protocol logging on the Exchange server, and read the IIS protocol log to get the transcript of the SMTP session. That will tell you what's actually going wrong. -- Ben ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
