Microsoft Exchange 2000 Server: DNS Troubleshooting in Transports Mohammad Nadeem Support Profession

1
Microsoft Exchange 2000 Server DNS
Troubleshooting in TransportsMohammad
NadeemSupport ProfessionalExchange Messaging
SupportMicrosoft Corporation
2
Contents

• Introduction
• Configuration
• Troubleshooting
• Logic
• Tools
• Resources

3
Introduction

• How to resolve Microsoft Exchange 2000 DNS
  issues faster
• Many mail flow issues are caused by DNS
• Very specific to DNS troubleshooting
• Think DNS because it is not SMTP
• Developed to help troubleshoot DNS problems
• Troubleshooting tools

4
Exchange 2000 Server Configuration

• Configure Exchange 2000 to point to internal DNS
  server
• Configure Exchange 2000 SMTP service to use
  external DNS servers, also known as DMZ resolver
  (optional)
• Windows 2000-based computers have
• A primary DNS domain name from computer
  configuration
• Each adapter may also have an IP DNS domain name
  from its TCP/IP configuration
• The caching resolver also keeps track of
  transient (Plug and Play) network adapters and
  their IP configuration

5
DNS Server Configuration

• Set the internal DNS server as
• Caching servers for Internet domains
• or
• Forwarders to external DNS servers
• Q300202, "HOW TO Configure DNS for Internet
  Access"
• Q277693, "DNS Setting on Exchange 2000 Bridgehead
  Server for Internet Mail"

6
The IP Address

• Use Nslookup.exe to trace through the SMTP DNS
  algorithm, and verify that the records are all
  correct on all the servers. The IP address must
  be obtainable through one of these chains
• MX A IP
• MX CNAME A IP
• A IP
• CNAME A IP
• MX Literal-IP
• For SMTP DNS resolver only WINS or .hosts file

7
Symptoms

• Establish that the problem is in DNS. Common
  things to look for
• There is a remote queue for the domain which is
  in retry mode
• The queue diagnostic indicates DNS, or at the
  very least, it doesnt indicate something else
• You are getting an NDR with the DNS error code
  (5.4.0 on Exchange 2000 SP1, or 5.0.0 before
  that)
• Event 4000 in the application log (might be an
  SMTP error)

8
SymptomsQueue Diagnostics

• The remote server did not respond to a connection
  attempt
• The error message can also indicate that the DMZ
  resolver did not resolve the target domain (if
  the VSI is configured as a DMZ) in installations
  before Exchange 2000 SP1 and Windows 2000 SP2

9
Verification / Relief

• Verifying DNS problems
• Bypass the DNS server
• Q285863, "XCON How to Bypass DNS Name Resolution
  to Test SMTP Mail Flow"
• Point the server to a known good DNS server
• ISPs DNS server
• Any known good DNS server
• Adding FQDN entry in Hosts file (if using core
  SMTP DNS resolver )

10
SMTP or DMZ Resolver?

• Figure out whether the resolution is being
  completed by SMTPs DNS or in the DNS sinks DMZ
  resolver. Resolution is in the DMZ resolver only
  if the following is true
• The VSI is configured for a DMZ
• The target domain is an FQDN, and it is not a
  server in the Exchange organization

11
DNS Servers?

• Figure out the DNS servers for your box
• If you have not configured your SMTP as a DMZ
  computer, these can be dumped using ipconfig
  /all
• If it is a DMZ computer, the servers are
  configured per VSI and viewable through ESM
• Figure out the problematic domain (from the NDRs,
  the ESM, or Aqadmcli.exe)

12
NSLookup

• Extremely powerful tool and probably best to
  troubleshoot DNS problems
• Comes with the operating system by default
• Internet gateways for NSLookup
• Q200525, "Using NSlookup.exe"
• Q203204, "XFOR How to Obtain MX Records with the
  Nslookup.exe Utility"

13
Reverse DNS Lookup Failures

• Telnet
• Q153119, "XFOR Telnet to Port 25 of IMC to Test
  IMC Communication"
• Exchange 2000 reverse lookup implementation
• Q289521, "XIMS VRFY Command Does Not Work in
  Exchange 2000"
• SMTP protocol log

14
Slow DNS

• Slowness of the DMZ DNS server can result in mail
  accumulating in the queues if the domains to
  which mail is going are external domains being
  resolved by the DNS sink DMZ resolver.
• Workaround Have more threads doing DNS
  resolution. The following metabase key controls
  this
• /SmtpSvc/1/MaxRemQThreads default is 1

15
DNS NDR Error Codes

• 5.0.0
• The generic error code for all unknown errors.
  There should not be many of these in versions
  later than Exchange 2000 SP1.
• 5.4.0 (Exchange 2000 SP1)
• Authoritative DNS failure on target domain.
• SMTP outbound protocol error.
• 5.5.0 (Exchange 2000 SP1)
• Generic SMTP protocol error.
• DNS reverse lookup failure.

16
5.4.0 NDR Authoritative Host Not Found

• Authoritative host not found
• DNS suffix search order incorrect
• Smarthost entry is incorrect
• FQDN name in HOSTS
• SMTP VS does not have a valid FQDN
• Lookup of your SMTP VS FQDN failed
• Contacts domain does not resolve to any SMTP
  address spaces

17
NetDiag

• NetDiag is a resource kit command-line utility.
  From a command-line prompt, type the command
  below in the directory where NetDiag lives
• NetDiag /testDNS
• Using the "netdiag /fix" (without the quotation
  marks) command on the domain controller will
  verify that all SRV records that are in the
  Netlogon.dns file are registered on the primary
  DNS server.
• Q219289, "Description of the Netdiag /fix Switch"

18
Configuration

• Configuration issues
• Full computer name (FQDN)
• DNS suffix name
• VSs FQDN
• Forwarding to external DNS servers
• Incorrect entries in .hosts file
• Incorrect records in DNS
• Missing records in DNS

19
IPConfig

• IPConfig /all
• IPConfig /flushdns
• Disable DNS client service
• IPConfig /registerdns
• IPConfig /displaydns

20
NetMon

• A NetMon trace can also be very useful to see
  what is being queried for and what fails
• If there is relatively less traffic on the
  server, a NetMon capture may be helpful

21
Regtrace

• DNS frequently, the quickest way to figure out
  what is wrong in DNS is to use Nslookup.exe to
  troubleshoot. If this is not possible, trace
  files may be used.
• Q238614, "XCON How to Set Up Regtrace for
  Exchange 2000"
• Modules "SMTP"

22
Known DNS Issues

• Q287667 "XFOR Mail Sits in the Exchange 2000
  Outbound Queue"
• Q305394 "XFOR Outbound SMTP Messages from
  Exchange 2000 Server Remain in the Outbound
  Queue and No NDRs Appear"
• Q296215 "XFOR Mail May Not Flow from One
  Exchange 2000 Server to Another"
• Q288718 "XIMS Message Cannot Be Sent to Domains
  with MX Record Pointing to IP Address"
• Q251951 "XADM Exchange System Manager Doesn't
  Verify Smart Host DNS Name"
• Q287423 "XADM NDR Unable to Forward the Message
  Because No Directory Was Available"
• Q280794 "XIMS Message Cannot Be Sent to Domains
  with MX Record Pointing to CNAME Record"
• Q277693 "DNS Settings on Exchange 2000 Bridgehead
  Server for Internet Messages"
• Q264111 "XFOR Installing IMS Fails Due to DNS
  Configuration"
• Q285863 "XCON How to Bypass DNS Name
  Resolution to Test SMTP Mail Flow to Remote
  Domains"
• Q289045 "XFOR "Host Unknown" Message When
  Sending Outbound Internet Mail"

23
Event Viewer DNS Log

• All DNS events will be logged in the Event View
  under its own folder called DNS Server

24
Working with Microsoft

• Provide the following with the problem
  reproduced
• NetMon trace
• Regtrace
• Application log (with logging set to level 7 in
  the registry for all Transport categories )
• WinRoute snapshot

25
Internet Gateways

• http//www.codeflux.com/tools.html
• http//www.network-tools.com/
• http//ldhp715.immt.pwr.wroc.pl/util/nslookup.htm
  l
• http//samspade.org/t/
• http//www.pleasepingme.com/

26
Verifying Domain Names

• Whois
• http//www.internic.com/whois.html
• http//www.codeflux.com/tools/
• http//www.networksolutions.com/cgi-bin/whois/who
  is/
• The NSI Registrar database contains only
  nonmilitary and non-US government domains and
  contacts

27
DNS Server Help File

• Installation/deployment
• Configuration and optimization
• How-tos
• Concepts
• Maintenance
• Troubleshooting
• Best practices

28
DNS Recommended Reading

• White papers
• Microsoft Windows 2000 Namespace Design
• Microsoft Active Directory Technical Summary
• Windows 2000 DNS
• Windows 2000 WINS Overview
• "DNS and Bind" (Cricket Liu) published by
  OReilly and Associates
• Related RFCs
• 1034,1035,1995,1996,2052,1123,2136,2181,2308

29
RFCs Related to Windows 2000 DNS

• 1034 Domain Names Concepts and Facilities
• 1035 Domain Names Implementation and
  Specification
• 1123 Requirements for Internet Hosts-
  Application and Support
• 1886 DNS Extensions to Support IP Version 6
• 1995 Incremental Zone Transfer in DNS

30
RFCs Related to Windows 2000 DNS (2)

• 1996 A Mechanism for Prompt DNS Notification of
  Zone Changes
• 2136 Dynamic Updates in the Domain Name
  System (DNS UPDATE)
• 2181 Clarifications to the DNS Specification
• 2308 Negative Caching of DNS Queries (DNS
  Negative CACHE)

31
Internet Drafts Related to Windows 2000 DNS

• A DNS RR for Specifying the Location of Services
  (DNS SRV)
• Draft-ietf-dnsind-rfc2052bis-02.txt
• Using the UTF-8 Character Set in the Domain Name
  System
• Draft-skwan-utf8-dns-02.txt
• Interaction between DHCP and DNS
• Draft-ietf-dhc-dhcp-dns-08.txt

32
Internet Drafts Related to Windows 2000 DNS (2)

• Secret Key Transaction Signatures for DNS (TSIG)
• Draft-ietf-dnsind-tsig-11.txt
• Secret Key Establishment for DNS (TKEY RR)
• Draft-ieft-dnsind-tkey-00.txt
• For additional information please go
  to http//www.ietf.org/

33

• Thank you for joining us for Todays Microsoft
  Support
• WebCast.
• For information on all upcoming Support WebCasts
  and
• access to the archived content (streaming media
  files,
• PowerPoint slides, and transcripts), please
  visit
• http//support.microsoft.com/WebCasts
• We sincerely appreciate your feedback. Please
  send any
• comments or suggestions regarding the Support
• WebCasts to supweb_at_microsoft.com