There was a recent post on the same issue, but I didn't want to hijack the guys post...so....
I'm in the same boat and really need to figure out a resolution as well. I thought I had things setup correctly as you have suggested, but things are still failing. What kills me is this WAS all working fine, but on Monday, something happened requiring the a server restart and it hasn't been the same since:
I've got an SBS2003 server, multihomed with a NIC on my internal network and one on the Internet with a static IP via the building's network we are in. My internal network Internet traffic goes out the bandwidth we have in here privately (not the building's) while the Internet connected NIC is used for Internet email coming out of the SBS Exchange through the building's network. On the firewall connected to my private bandwidth, I have all SMTP disabled. I had to do this because without blocking it, the Exchange server was sending SMTP traffic out that network and because the reverse DNS for our mail domain doesn't match that network IP, it was getting bounced as spoof/spam. With SMTP blocked there, the server was "forced" to sending it out the "right" NIC connected to the Internet through the building's network. Now, with SMTP blocked on the firewall on my network, Exchange doesn't release any email out of the que UNLESS I first diable the NIC connected to my private network! With both NICs enabled, my internal email works fine and people can send to Exchange for outgoing mail. However, the outgoing mail just sits in the que until I disable the NIC on my network. Then the emails go out through the right NIC fine. In Exchange, I have 2 SMTP virtual servers setup: Default SMTP Virtual Server & Internet SMTP Virtual Server The Default one has my private network IP associated with it The Internet one has the public IP of my mail server associated with it.
I DID only have one connector created called Internet Mail Connector. it was setup to use the * namespace and the bridgehead server listed was that server and it's Default SMTP Virtual Server. I have tried changing these settings (used the Internet virtual server as the bridgehead, put both in there, etc) but nothing seems to work.
After reading your post, I created a second connector for my Internal network (called it Internal SMTP). I entered the namespace as ourdomain.local and set the bridgehead to the Default SMTP (the one associated with our internal NIC). I then changed the * namespace in the Internet Connector to be ourdomain.com
Still didn't work HOWEVER I didn't restart any services..do I need to? Do these settings seem right now? I unfortunately don't fully understand the bridgehead, so that may be part of the problem.
Thanks TONS for any help!!!
Since you removed the default gateway on the internal NIC the server is trying to send responses on the external NIC. To fix this (and one of the reasons having two NICs isn't the best solution) is to add a static route to each of your remote locations on the server.
So from a command prompt you would run:
route add (remote network) mask (subnet mask) (local gateway) -p (this makes it persistant across reboots)
So if your local internal gateway was 10.1.10.1 and the remote network was 10.1.42.0 your command would look like this:
route add 10.1.42.0 mask 255.255.255.0 10.1.10.1 -p
- Joel
I followed the directions given for the Exchange Internet Mail Wizard:
When you configure the Internet Mail Wizard on a server with two NICs, the wizard configures the Server as follows: The wizard creates an additional SMTP virtual server on the Exchange server. It configures Internet mail delivery in as follow:
The Internet Mail Wizard guides you through the steps of assigning the internal IP address to the default SMTP virtual server on which it creates the SMTP connector to send outbound mail. You assign the internal IP address to this virtual server so that only internal users on your internal network can send outbound mail.
To configure the server to receive Internet mail, the wizard guides you through the process of assigning the Internet IP address to the external SMTP virtual server. You assign an Internet IP address to this virtual server because the external Server must be able to connect to the SMTP virtual server to send Internet mail.
The last step is to configure an MX record on your DNS Server that references to the IP address of the “Internet” Virtual SMTP Server.
In the DNS control panel (on the same server), I right clicked the ourdomain.local container inthe Forward Lookup Zone, clicked new MX Record. Left Host/Child empty, the FQDN is unchangeable as ourdomain.local. The FQDN of the mail server in the directions says to enter the IP address of the Internet SMTP Server (which would be the outgoing NIC, right?). I entered the IP address of that NIC and didnt change the mail priority from 10.
Unfortunately, it did not resolve the issue. ALL outbound SMTP traffic was still being sent through the local NIC to/through our outbound bandwidth and not out the building's pipe/NIC.
I'm not sure if this is signifant or now, but the VPN connections I used to be able to use came in through the external Internet NIC, now fail to connect. I CAN connect to the VPN still via the bandwidth connected to our Internal network, so i know the server is RAS enabled and authenticating OK, just not through that NIC
Do you have a default gateway specified for you external interface? If so do you also have a default gateway specificed for your internal interface? You may need to add the default gateway to the external interface while adding static routes for all internal networks on the inside interface.
My internal NIC had the VPN router (our outgoing bandwidth) set as the default gateway and the external NIC had it's gateway set to that bandwidth's gateway. I always was getting a message from the OS about different gateways on the NICs but it allowed it. I deleted the default gateway all together from my internal NIC and left the external one as is. That resolved part of the problem, however I think its causing the problem I'm now having with connectivity to my remote office...see below....
As of the end of the day yesterday, I had resolved the email flow issues. A combination of DNS entries and alterations in Exchange seemed to have done it. Don't ask me exactly what I did because i went through so many different attempts, I lost track. not only did the email routing work itself out, but i had my VPN access back up and running (from outside the network, not from the other office...that always was OK).
UNFORTUNATELY...this morning (and assumably yesterday afternoon), the remote office was not able to connect to the main server. They couldn't ping it by DNS name or IP. The thing would not respond. They could hit any other machine down here fine and any other machine could hit them up there, but the main server was not communicating with that office. Lovely.
I found an article online about DNS replication issues on a multihomed server, so I followed the directions which included turning off DNS registration on the external NIC, flushing the DNS, etc. I did all that...and everything went to sh!t again! lost the email routing BUT it did bring back the remote office's ability to hit the server.
Something is really screwed up in DNS somwhere I think. part of the instructions I've been following for the Internet mail wizard in Exchange say to create an MX record in my DNS for the external NIC's IP.
The only way that i can get the email to funnel out the right NIC is with the following settings:
in DNS - MX record for mail.ourdomain.local (our mail server's public name is mail.ourdomain.com) pointing to the IP on that NIC - an A record set to same as parent folder pointing to the EXTERNAL NIC IP (think this is a problem for the internal connectivity?)
In Exchange: (all created buy the Internet Wizard and telling it the server is NOT multihomed) - one Default SMTP server set to listen on all unnasigned IPs - one Internet SMTP CONNECTOR pointing to the Default SMTP bridgehead
I'm back up and running with the email flow being right, but I'm also back to no connectivity from the remote office to the main server.
Is there a way to wipe out DNS and let the server rebuild it correctly on its own?
Without sounding totally gay (not that there is anything wrong with that), I love you!
WORKED LIKE A CHARM.
This is what I've been trying to ask for since having this problem. A way to bind IP scheme to a selected NIC.
is there a way now to alter this code to say if the traffic is SMTP to use gateway 1.2.3.4 ?
Seriously, thank you SO MUCH!
When using route its strictly based on network topology and has no understanding of the application layers above it. When I suggested to the other guy to create two connetors/virtual servers, you can configure these to listen on specific IP addresses. So you COULD change your Virtual server to only listen on the external interface and if needed create a second Virtual server that listens on the internal IP address.
Now it really isn't going to buy you a whole lot because what you did prior with the routing is going to send all internally bound traffic on the internal interface and all externally bound traffic to the external interface regaurdless of the protocol.
To change the virtual server binding you go into ESM and go to the server, then to Protocols > SMTP > Virtual Server, Properties and in the IP Addresses drop down by default [All Unassigned] is selected which means that virtual server is listening on all IP addresses. If you set that to your external IP you will be sure to be receiving all mail on that IP. If you needed another Virtual Server internally you could create that and bind it to the internal IP. Then you would make sure your outbound connector is set to use the external virtual server for delivery.