Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

451 4.4.0 DNS query failed to some domain from Hub transport

Network Sharing , TCP/IP, Internet, Wireless, Exchange, IIS, ISA and Print

451 4.4.0 DNS query failed to some domain from Hub transport

Postby guest » Tue Oct 05, 2010 7:51 pm

Exchange 2007 hub running on Windows Server 2008. IPv6 has been disabled per http://www.microsoft.com/technet/networ ... v6faq.mspx. Looking at a packet capture, I see the following:

DNS Standard query AAAA webmail.xxxxxxxxx.com
DNS Standard query response, Server failure

Both servers are in the same AD domain/site and running Windows Server standard 2008 SP1.

Email will sit in the queue until it expires.

Nslookup (from Windows XP or hub server) against the same DNS server will resolve the xxxxxxxxx.com to webmail.xxxxxxxxx.com with a valid IP address. I can telnet using port 25 to that IP address from the Hub server without any problems.

Once the hub server receives the DNS error, it will retry again at the set time interval using IPv6 DNS query. Of course it fails again and the pattern continues until the email expires.

If I put the mx record in the hosts file, email is delivered immediately.

I have seen http://technet.microsoft.com/en-us/libr ... 78121.aspx where it mentions having the DNS server respond to a second query, but the trace doesn't even show a second attempt.

No smarthost involved in outgoing email.

The destinations worked in Exchange 2003 on Windows Server 2003. If we redirect the email from Exchange 2007 to Exchange 2003, it will be delivered. Not a good solution since we are removing 2003.

I would expect when the IPv6 query fails it would try IPv4. This does not seem to be the case with Server 2008.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9561
Joined: Mon Nov 27, 2006 1:10 pm

Re: 451 4.4.0 DNS query failed to some domain from Hub transport

Postby guest » Tue Oct 05, 2010 7:51 pm

Hi,

Please run nslookup -q=mx domain.com (the problematic domain) command in CMD, then post the information on the forum.

Thanks

Allen
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9561
Joined: Mon Nov 27, 2006 1:10 pm

Re: 451 4.4.0 DNS query failed to some domain from Hub transport

Postby guest » Tue Oct 05, 2010 7:52 pm

Until now, that is the product issue in Exchange 2007 which running on Windows Server 2008. If any update, I will inform you.

Thanks

Allen
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9561
Joined: Mon Nov 27, 2006 1:10 pm

Re: 451 4.4.0 DNS query failed to some domain from Hub transport

Postby guest » Tue Oct 05, 2010 7:52 pm

Hi Guys,

For this issue, please try to refer to the the below thread to workaround this issue:
http://social.technet.microsoft.com/For ... ecebb4c6fa

Thanks

Allen
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9561
Joined: Mon Nov 27, 2006 1:10 pm

Re: 451 4.4.0 DNS query failed to some domain from Hub transport

Postby guest » Tue Oct 05, 2010 7:53 pm

This issue occurs for the same domain across three different edge transport servers.

All servers are Windows 2008 STD SP2, Exchange 2007 SP1 U9. Emails are delivered using DNS connector from edge. Emails to this one specific domain would sit in the retry queue with DNS query error until NDR was generated. Connectivity Logging generated the following:

2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,>,DNS server returned ErrorRetry reported by 208.241.124.200
2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,-,The DNS query for 'DnsConnectorDelivery':'subdomain.domain.com':'cd771f71-77a3-4aca-b002-86f477816910' failed with error: ErrorRetry

I changed the servers DNS settings to different servers with the same response. Validated that manual MX lookups worked, and that I could telnet to any of the three MX records and deliver mail via telnet.

I did a packet capture and received the following:

12 32.280037 172.28.16.55 208.241.124.200 DNS Standard query AAAA SMTPSERVER.subdomain.domain.com

So what is happening is the Edge servers are only performing IP6 lookups, and throughout the log, only for subdomain.domain.com do they NOT perform a regular IP4 A record lookup. I then went about disabling TCP/IP6 as per this article:

http://technet.microsoft.com/en-us/netw ... 87595.aspx

this stated to do the following:

Alternately, from the Windows XP or Windows Server 2003 desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt . At the command prompt, type netsh interface ipv6 uninstall .

To remove the IPv6 protocol for Windows XP with no service packs installed, do the following:

1.Log on to the computer with a user account that has local administrator privileges.
2.From the Windows XP desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt .
3.At the command prompt, type ipv6 uninstall .

Unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista and Windows Server 2008 by doing one of the following:

•In the Network Connections folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items .

This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.
•Add the following registry value (DWORD type) set to 0xFF:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents

This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect.
I did the above, and still, the Edge Transport servers would only perform AAAA lookups, and messages would sit in the queue.

As temporary workaround, created new send connector with the three available MX hosts as possible smarthosts for subdomain.domain.com, and this allowed email flow.

I've tried disabling the TCPIP6, and still doesnt work. Any suggestions?
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9561
Joined: Mon Nov 27, 2006 1:10 pm

Re: 451 4.4.0 DNS query failed to some domain from Hub transport

Postby guest » Tue Oct 05, 2010 7:55 pm

Hi,

Thank you for your information.

After viewing the information, I found that the Exchange server make a request to query MX record, the first response is successful. Then do the request of AAAA type, this is failed.

Actually, this is the product issue in Exchange 2007 if the the platform is Windows 2008. By default, the IPV6 couldnot be disabled completely even though the interface and connection is disabled. And unlike Windows XP and Windows 2008, the IPV6 cannot be uninstalled in Windows 2008 and Vista.

Now please check "Use the External DNS Lookup settings on the Transport Server" option under Network tab in Send Connector to check this issue. If the issue persists, please refer to the workaround on the similar thread as Hari provided.

Thanks

Allen
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9561
Joined: Mon Nov 27, 2006 1:10 pm

Re: 451 4.4.0 DNS query failed to some domain from Hub transport

Postby guest » Tue Oct 05, 2010 7:56 pm

I think Transport is the right place for this question. I've recently setup and Exchange 2007 server which we will be migrating to from Exchange 2003. The Exchange 2007 is one server, and has the Mailbox, Client Access, and Hub Transport roles installed. Everything seems to be working fine for outbound mail to 95% of all domains. For the other 5% I get 451 4.4.0 Errors, saying either "Primary target IP address responded with 421 4.2.1 Unable to connect," or "DNS query failed." I've tried everything I could find with various Google and Live searches, to no avail. Things I've tried:

1. Changing DNS servers from internal ones to external. No help.
2. Manually doing an nslookup and telnet connection to the smtp servers listed in the MX record for the affected domains. This has been successful in all cases.
3. Setting -IgnoreStartTLS to true on the send connector. This did not help.

Any other advice on why this might be occuring?
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9561
Joined: Mon Nov 27, 2006 1:10 pm

Re: 451 4.4.0 DNS query failed to some domain from Hub transport

Postby guest » Tue Oct 05, 2010 7:56 pm

Yes, after reviewed the trace, I also found the info below:

=========

Standard query MX ExternalDomain

Standard query response MX ...

Standard query AAAA ExternalDomain

Standard query response, Server failure

Standard query AAAA ExternalDomain

Standard query AAAA ExternalDomain

Standard query response, Server failure

=========

After spent more time on the issue, I found that the issue is still caused by IPv6. IPv6 cannot be completely disabled in Windows 2008 even by adding the registry

Here’s a similar case as yours

Explanation: The registry entry will only disable the IPv6 but does not uninstall it completely from the windows 2008 server, exchange will still querying for remote domain’s AAAA record (QuadA – IPV6) for delivering. And if exchange server were asking the AAAA record to a remote domain that doesn’t have one, same symptom will occur, and it won’t continue to seek for remote domain’s A record for delivering

Current workarounds:

· Add target IP in the host file (Just like you did)

· Set up send connector for specify correct remote server IP address (A record) on them

· If there is lots of target domains (without AAAA record) encountered the error, suggest setting up non-Windows 2008 IIS SMTP Server and forward all outgoing messages to the smart host for externally delivering

Notes: If the ISP (hosting remote domain’s MX records) can publish AAAA records for the remote domain’s MX Record FQDN, then this issue won’t be seen even as Exchange 2007 gets a successful response for its queries
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9561
Joined: Mon Nov 27, 2006 1:10 pm

Re: 451 4.4.0 DNS query failed to some domain from Hub transport

Postby guest » Tue Oct 05, 2010 8:00 pm

When this situation occurs, you will typically see the following errors in the Last Error column in the Exchange Queue Viewer:

451 4.4.0 DNS Query Failed

400 4.4.7 Message Delayed

This problem commonly occurs as a result of a mistake in the configuration of the DNS settings of the Edge Transport server. Therefore, you can resolve this problem by correcting the DNS configuation.

To use the Exchange Management Console to reconfigure DNS settings when inbound mail is queued on an Edge Transport server
Start the Exchange Management Console on the Edge Transport server.

Click Toolbox.

Select Queue Viewer under the Mail flow tools category to open the Queue Viewer tool.

Review the information in the Last Error column. Note whether you have an inbound message queue for an accepted domain, such as "company.com", and if there is an error similar to "451 4.4.0 DNS Query Failed".

Verify the DNS configuration on the Edge Transport server as follows:

Log on locally to the Edge Transport server.
Open the Exchange Management Console.

Select the Edge Transport server in the Result pane, and then select Properties.

Select the Internal DNS Lookups tab.

The default configuration is All Available. Your Edge Transport server will need to do external and internal DNS lookups. You have two options available:

If you have multiple NIC adapters, and one is for the internal network, select that network card in Use network card DNS settings. The IP addresses will populate the box below with the DNS server IP addresses that are specified on the internal network card. Restart the Transport service, and then repeat step 5 to confirm that the configuration is correct. If you do not see any IP addresses, the NIC card may not be configured with DNS server entries. Populate the card with DNS settings, and then repeat step 5 to ensure that the settings are correct.

If you have only one network card, and it is using external public DNS, you do not want to change this setting because it will break external name resolution and e-mail flow. There are two options in this scenario. You can select Use these DNS servers and then select the IP address of the internal DNS server, or you can add a host file containing the DNS server information.

After making changes, test your DNS servers and name resolution with NSLOOKUP as described in the topic How to Use Telnet to Test SMTP Communication.

Next, test ping and telnet to your internal mail server. If ping or telnet connections are failing, check to see if the Windows Firewall in Control Panel/ Services has been enabled. It is typically disabled. If it is enabled, it needs to be configured on the NIC cards to allow services for mail flow, such as SMTP, LDAP, the Edge Transport server LDAP ports, and testing protocols such as ICMP. Enable only those ports that are required for the services that you are using.

To use the Exchange Management Console to reconfigure DNS settings when outbound mail is queued on an Edge Transport server
Start the Exchange Management Console on the Edge Transport server.

Click Toolbox.

Select Queue Viewer under the Mail flow tools category to open the Queue Viewer tool.

Review the information in the Last Error column. Note whether you have an outbound message queue and if there is an error similar to "451 4.4.0 DNS Query Failed".

Verify the DNS configuration on the Edge Transport server as follows:

Log on locally to the Edge Transport server.
Open the Exchange Management Console.

Select the Edge Transport server in the Result pane, and select Properties.

Select the External DNS Lookups tab.

The default is All Available. Your Edge Transport server will need to do external and internal DNS lookups. You have two options available:

If you have multiple NIC adapters, and one is for the external network, select that network card Use network card DNS settings. The IP addresses will populate the box below with the DNS server IP addresses specified on the external network card. Restart the Transport service, and then repeat step 5 to confirm that the configuration is correct. If you do not see any IP addresses, the NIC card may not be configured with DNS server entries. Populate the card with DNS settings, and then repeat step 5 to ensure that the settings are correct.

If you have only one network card, and it is using internal DNS, you do not want to change this setting because it will break internal name resolution and e-mail flow from the Internet to your Hub Transport servers. Select Use these DNS servers, and then select the IP address of the external public DNS server(s).

After making changes, test your DNS servers and name resolution with NSLOOKUP as described in the topic How to Use Telnet to Test SMTP Communication.

Next, test ping and telnet to your internal mail server. If ping or telnet connections are failing, check to see if the Windows Firewall in Control Panel/ Services has been enabled. It is typically disabled. If it is enabled, it needs to be configured on the NIC cards to allow services for mail flow, such as SMTP, LDAP, the Edge Transport server LDAP ports, and testing protocols such as ICMP. Enable only those ports that are required for the services you are using.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9561
Joined: Mon Nov 27, 2006 1:10 pm

Re: 451 4.4.0 DNS query failed to some domain from Hub transport

Postby guest » Tue Oct 05, 2010 8:02 pm

This problem occurs because Exchange Server 2007 does not check the hosts file if the Edge Transport server has no DNS server configured.
To resolve this problem, install the following update rollup:

979784 (http://support.microsoft.com/kb/979784/ ) Description of Update Rollup 3 for Exchange Server 2007 Service Pack 2
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9561
Joined: Mon Nov 27, 2006 1:10 pm


Return to Networking

Your Ad Here

Who is online

Users browsing this forum: blin, Google [Bot] and 9 guests