problem with Windows 2003 server and exchange 2003

Hello, I am trying to setup an AD 2003 server domain and exchange server. I have got most of it completed with a small problem.
After I setup the Exchange server, users can send email to external sources no problem. Incoming messages never arrive.
I tried to telnet into port 25 on the exchange server and everything goes as expected. However if I try to telnet into my exchange server from a workstation on the internal LAN i get the following message:
Connecting To dcsrvr...Could not open connection to the host, on port 25: Connec
t failed.
I have the firewall on the exchange server truned of, i do not have any extra installed software such as groupshield, anti-virus or anything other then Windows 2003 server std sp2 and exchange 2003 sp1. I used netstat -an to verify that port 25 has nothing else using the port and the status is listening.
Can anyone help me here?

Configured any SMTP Connectors?

How, exactly, is incoming SMTP meant to work if you never set it up anywhere

khgiese wrote:

I have the firewall on the exchange server truned of, i do not have any extra installed software such as groupshield, anti-virus or anything other then Windows 2003 server std sp2 and exchange 2003 sp1. I used netstat -an to verify that port 25 has nothing else using the port and the status is listening.
Can anyone help me here?

I'm going to assume that you've got those two service pack numbers the wrong way round, since the current Exchange Server 2003 service pack is SP2, while there isn't yet an SP2 for Windows Server 2003.

You must have some kind of firewall switched on. Did you run the Security Configuration Wizard from Windows Server 2003 SP1? See this Exchange team blog post for information on using SCW with Exchange Server.

The only other alternative I can think of is that DNS resolution between the client you tried and the DC is broken, which typically means that you don't have the right DNS configuration on the client. For AD to work, your clients - indeed all computers on your network including member servers and domain controllers - should only have internal DNS servers listed, so that all DNS queries go to your domain DNS servers. Your domain DNS servers should have forwarders set up (normally your ISP's DNS servers) to forward DNS queries for external sites.

If that's the case, the failure to connect to port 25 from a client computer is a red herring. Firstly, you need to tell the world where to send email. This is done by setting up MX records in your public DNS zone, to point to the appropriate server. Then you need to ensure that the SMTP server is exposed to the internet - if you have a hardware firewall you need to allow communication to port 25 on your SMTP server, and if you're using NAT you need to ensure port 25 on the external interface is mapped to port 25 on your server.

Normally I'm not a fan of Steve Gibson but he does have an end-user accessible port scanner. See ShieldsUp on his homepage. Enter port 25, then choose User Specified Custom Port Probe. The service is intended to tell you that ports are closed, therefore you want it to tell you that the probe failed and that port 25 is open.

You don't need any SMTP Connectors for inbound or outbound mail with Exchange 2003.  Outbound mail works by default, and inbound mail works for the domain(s) configured in the Recipient Policy.

There must be some sort of firewall between the client and the server.  XP SP2 clients?  XP firewall turned on?  Hardware firewall between the clients and the server?  If you really want to get to the root of why you can't telnet  from another client internally, you can put a packet sniffer up (there are free software packet sniffers available) and see what happens when the client tries to telnet on port 25.

Then, as Mike says, you need to "publish" your server so folks on the Internet know of it.

Ben

I am running a LinkSys WRT54GC and port 25 is pointing to my Exchange server. I did set up a SMTP connector, I forgot to mention it in my first post, sorry.
Windows SP2 and Exchange SP1 is correct. Again my apologies.

I was able to resolve no other clients on the LAN connecting via Telnet port 25. McAfee was to blame.

I still can not ge incoming mail. I did netstat -an and nothing is litening on port 25. I have the Windows Firewall configured in the advanced tab of the Local Area Connection settings configuration, I checked Internet Mail Service.

I have a single Windows 2003 server that is the whole domain, DNS server and Exchange server in one, yes, I know not a good idea, but i have a very fixed budget.

My apologies for the hasty post and I hope this answers some questions and helps you all help me.

Thanks for your help so far.

The error message suggests that it isn't an internal DNS issue.  Your client machine might have outbound port 25 locked down via a firewall.  External DNS could be an issue and a port scanner could help.  Common causes are just as Mike described, bad (or missing) MX records or router/NAT issues.

What's the domain name?
What's the DSN name of the Exchange server?
What's the public IP address of the NAT firewall?

EDIT: Some NAT firewalls won't let you connect to a port-forward from the inside.  If that is the case with your firewall, you may run into a situation where you can receive mail from the outside, but inside clients can't send mail to the public IP of your firewall.

If that happens, hard-configure the SMTP server on the local clients to be the PRIVATE IP of your Exchange server.  Leave the MX records as the public IP.

ON NO ACCOUNT should you EVER list a private IP in a public MX record.  That can cause horrible problems for people on the internet trying to send you mail.

domain name is khgiese.com
There is an MX record defined with my NS service.

Using www.dnsstuff.com I am able to find the MX record which points to my public IP. Do I need a MX record on my local DNS server?

It appears as though the problem is some how related to the port 25. Either Something is blocking it, or Exchange is not listening there.

Telnet internally proves that I can connect to the mail server. but does that mean exchange is listening of port 25, or merely that i can connect?

This real is frustrating.

Checking DNS for khgiese.com (type=MX) at www.squish.net/dnscheck/
20% of queries will fail at ns1.mydyndns.org (probably a temporary problem)
80% of queries will succeed -- MX record for khgiese.com is khgiese.com

Checking DNS for khgiese.com (type=A) at www.squish.net/dnscheck/
100% of queries will succeed:
khgiese.com is 216.114.246.123

telnet 216.114.246.123 25
... could not open a connection

So your DNS is correct, but your router is NOT port forwarding correctly (or your server isn't listening.)

When you connect, the server should send you a banner that looks something like:
220 server-name.khgiese.com Microsoft ESMTP MAIL Service, Version: 6.something ready at (time)

Well, now I'm connecting, but I'm not getting the banner.
So the router is correct, but there's something wrong with your Exchange installation.

I picked up a utility called Portquery.
http://support.microsoft.com/default.aspx?kbid=832919 
that gives me an error on port 25. Error # is 10053. This number I looked up but the explaination it gives leaves me even farther lost.
I finally gave up and reinstalled fresh.
Now i get no error on any of the ports with portquery, but still no incoming mail
Everything looks like it should be working to me.

I am still at a loss to figure out what is wrong.

Port 25 is open on the Router to point to my exchange server.

I can telnet into port 25 and send a message.

I can send email from OWA on a client account, but I can not receive emails. When emails are sent to a user on the exchange server the message times out.

Domain name: khgiese.com

Exchange server: Windows 2003 Std server SP1, Exchange 2003 sp2.

Router: WRT54GC

CNAME, Mx record and domain are registared with Dyndns.

MS portqry tool shows port 25 is functioning and that exchange is listening on that port.

Please any help would be greatly appreciated.

Well after three weeks of fotmatting and reconfiguring and double checking port and router settings, I found out why I could not receive incoming mail on my exchange server.

It appears my ISP does not allow incoming port 25 to residental DSL customers.

Thanks for all the suggestions and advice.

That'll do it.  See if they'll relay mail to you.

khgiese wrote:

It appears my ISP does not allow incoming port 25 to residental DSL customers.

That's technically good news, it means you can sue your ISP for false advertising.

If a company is selling "Internet" access, they must offer full access to the complete Internet, if they block ports then it isn't the Internet (as far as the RFCs that define it go) therefor they aren't ISPs.

Simple, really

Disclaimer: I learned this from a +5 moderated Slashdot comment.