Troubleshooting Mail Queues That Are Increasing on Edge Transport Servers

  • Article

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1

This topic explains how to resolve the problem of inbound or outbound e-mail messages that are stuck in queues on a server running Microsoft Exchange Server 2007 with the Edge Transport server role installed. When this situation occurs, you will typically see the following errors in the Last Error column in the Exchange Queue Viewer:

  • 451 4.4.0 DNS Query Failed

  • 400 4.4.7 Message Delayed

This problem commonly occurs as a result of a mistake in the configuration of the DNS settings of the Edge Transport server. Therefore, you can resolve this problem by correcting the DNS configuation.

Before You Begin

Confirm that any firewall between your Hub Transport servers and your Edge Transport servers allow port 53 for DNS resolution and port 25 for SMTP traffic.

To perform this procedure, the account you use must be delegated the following:

  • Local Administrator

  • Exchange Organization Administrator

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007 , see Permission Considerations.

Procedure

To use the Exchange Management Console to reconfigure DNS settings when inbound mail is queued on an Edge Transport server

  1. Start the Exchange Management Console on the Edge Transport server.

  2. Click Toolbox.

  3. Select Queue Viewer under the Mail flow tools category to open the Queue Viewer tool.

  4. Review the information in the Last Error column. Note whether you have an inbound message queue for an accepted domain, such as "company.com", and if there is an error similar to "451 4.4.0 DNS Query Failed".

  5. Verify the DNS configuration on the Edge Transport server as follows:

    1. Log on locally to the Edge Transport server.

      Important

      Do not view or change these settings remotely from an administrative workstation or a server other than the Edge Transport server. You can use Remote Desktop Connection (RDC) 6.0 to access the physical server. We recommend that you use a console session by starting your RDC session using the /console switch.

    2. Open the Exchange Management Console.

    3. Select the Edge Transport server in the Result pane, and then select Properties.

    4. Select the Internal DNS Lookups tab.

  6. The default configuration is All Available. Your Edge Transport server will need to do external and internal DNS lookups. You have two options available:

    1. If you have multiple NIC adapters, and one is for the internal network, select that network card in Use network card DNS settings. The IP addresses will populate the box below with the DNS server IP addresses that are specified on the internal network card. Restart the Transport service, and then repeat step 5 to confirm that the configuration is correct. If you do not see any IP addresses, the NIC card may not be configured with DNS server entries. Populate the card with DNS settings, and then repeat step 5 to ensure that the settings are correct.

    2. If you have only one network card, and it is using external public DNS, you do not want to change this setting because it will break external name resolution and e-mail flow. There are two options in this scenario. You can select Use these DNS servers and then select the IP address of the internal DNS server, or you can add a host file containing the DNS server information.

  7. After making changes, test your DNS servers and name resolution with NSLOOKUP as described in the topic How to Use Telnet to Test SMTP Communication.

  8. Next, test ping and telnet to your internal mail server. If ping or telnet connections are failing, check to see if the Windows Firewall in Control Panel/ Services has been enabled. It is typically disabled. If it is enabled, it needs to be configured on the NIC cards to allow services for mail flow, such as SMTP, LDAP, the Edge Transport server LDAP ports, and testing protocols such as ICMP. Enable only those ports that are required for the services that you are using.

To use the Exchange Management Console to reconfigure DNS settings when outbound mail is queued on an Edge Transport server

  1. Start the Exchange Management Console on the Edge Transport server.

  2. Click Toolbox.

  3. Select Queue Viewer under the Mail flow tools category to open the Queue Viewer tool.

  4. Review the information in the Last Error column. Note whether you have an outbound message queue and if there is an error similar to "451 4.4.0 DNS Query Failed".

  5. Verify the DNS configuration on the Edge Transport server as follows:

    1. Log on locally to the Edge Transport server.

      Important

      Do not view or change these setting remotely from an administrative workstation or a different server. You can use Remote Desktop Connection (RDC) 6.0 to access the physical server. We recommend that you use a console session by starting your RDC session using the /console switch.

    2. Open the Exchange Management Console.

    3. Select the Edge Transport server in the Result pane, and select Properties.

    4. Select the External DNS Lookups tab.

  6. The default is All Available. Your Edge Transport server will need to do external and internal DNS lookups. You have two options available:

    1. If you have multiple NIC adapters, and one is for the external network, select that network card Use network card DNS settings. The IP addresses will populate the box below with the DNS server IP addresses specified on the external network card. Restart the Transport service, and then repeat step 5 to confirm that the configuration is correct. If you do not see any IP addresses, the NIC card may not be configured with DNS server entries. Populate the card with DNS settings, and then repeat step 5 to ensure that the settings are correct.

    2. If you have only one network card, and it is using internal DNS, you do not want to change this setting because it will break internal name resolution and e-mail flow from the Internet to your Hub Transport servers. Select Use these DNS servers, and then select the IP address of the external public DNS server(s).

  7. After making changes, test your DNS servers and name resolution with NSLOOKUP as described in the topic How to Use Telnet to Test SMTP Communication.

  8. Next, test ping and telnet to your internal mail server. If ping or telnet connections are failing, check to see if the Windows Firewall in Control Panel/ Services has been enabled. It is typically disabled. If it is enabled, it needs to be configured on the NIC cards to allow services for mail flow, such as SMTP, LDAP, the Edge Transport server LDAP ports, and testing protocols such as ICMP. Enable only those ports that are required for the services you are using.

For More Information

For more information about configuring transport server properties, see Configuring Transport Server Properties.

For more information about DNS query failure, see Understanding DNS Query Failure Sensitivity in Exchange 2007 SP1 and SP2.

For more information about the Set-TransportConfig cmdlet, see Set-TransportConfig. For more information about the Start-EdgeSynchronization cmdlet, see Start-EdgeSynchronization.