Solved - Connected To - Ip Address - But Connection Died. (#4.4.2) - Experts Exchange

 ASK THE EXPERTS   
Featured Programming DevOps Virtualization Databases Security OS Microsoft Networking
+
Explore More Content Please verify your email at your earliest convenience. Verify Email
SOLUTION
How eliminate #4.4.2
connection died - message has
been in queue too long error? Connected to <ip address> but connection died.
ARTICLE
(#4.4.2)
Exchange Database failed due
Marc Jacobs asked on 2011-03-17
to Exchange 2013 Logs Drive
Full Exchange Email Servers SBS
13 Comments | 1 Solution | 5,336 Views | Last Modified: 2012-05-11

VIDEO
Exchange 2019:- Update the
Offline Address Book (OAB) Hi,
with PowerShell
My client has an SBS 2003 Server running Exch 03 SP2.
Search More Related Content Recently emails haven't been getting through to my client and its getting to
become a very critical problem.
We have been lucky enough to get a bounceback message from one of their
clients, which is below.
Get your personalized The setup is as follows:
solution. Domain name is with Messagelabs (in the cloud anti virus filter) and the MX
record points ot the public IP address of the mail server.
There is no pattern to the types of emails not getting through.
ASK THE EXPERTS The ISP have confirmed its nothing to do with them.
Messagelabs have said from the smtp logs that its the mail server itself not
them, an extract of the log is also below.
Please help.
Thanks
Extract 1: Bounce back from the original sender:

From: MAILER-DAEMON@messagelabs.com
Date: 16 Mar 2011 17:13:27
To: <abc@btopenworld.com>
Subject: Expired Delivery Retry Notification (7 days ): RE: subject of email :
P00449-0070 This is the mail delivery agent at messagelabs.com.
I was not able to deliver your message to the following addresses.
<user@myclient.co.uk>:
Connected to 62.49.xx.xxx but connection died. (#4.4.2)
Despite repeated attempts, this message could not be delivered.

Get access to all features with a 7-day free trial! 
Extract 2: SMTP logs from Messagelabs
Delivery Results - Tower 195, Server 10
Featured Programming DevOps Virtualization Databases
2011-03-16 19:33:50.693312500Security OS 624099
new msg Microsoft Networking
2011-03-16 19:33:50.693314500 info msg 624099: bytes 88244 from
<abc@btopenworld.com> qp 12486 uid 1001
2011-03-16 19:33:50.693332500 ref msg 624099: server-10.tower-
195.messagelabs.com!1300304029!53607840!1
2011-03-16 19:33:50.693594500 starting delivery 159927: msg 624099
to remote user@myclient.co.uk
2011-03-16 19:37:51.226223500 delivery 159927: deferral:
Connected_to_62.49.xx.xxx_but_connection_died._(#4.4.2)/|
Delivery of this message was deferred. Click here to search for further
delivery attempts
Connected_to_62.49.xx.xxx_but_connection_died._(#4.4.2)/
 Knowledgebase  Print  Share

Comment Monitor Report
Question
VIEW SOLUTION ONLY

bluebook

Commented: 2011-03-17
Do you have any corresponding logs on the SBS, maybe using the
timestamps from the MessageLabs logs to cross reference? (Their
timestamps are GMT).
Also, when you say "the MX record points ot the public IP address of the mail
server", you mean the MX record for your client's domain? And pointing to
the IP of the SBS, or to MessageLabs? Finally, can you confirm that the IP
address in the MessageLabs logs exactly matches the public IP of the SBS?
Actually one more thought: is there any kind of firewall in front of it (eg pics,
or even ISA)?

Marc Jacobs
AUTHOR Commented: 2011-03-17
Hi,
Thanks for the post, i dont, but we have just enabled Logging settings on the
exchange server for the MSexchange Transport.
I can confirm the IP address in the message lab logs are the same as the
public ip of the sbs server.
The MX record for my clients domain name points ot the public ip address.
Nothing on the sbs box itself, we do have a netgear router/firewall.

Thanks

Marc Jacobs
domain name points to messagelabs then messge labs sends to public ip of

sbs just for clarification.

Get access to allbluebook
features with a 7-day free trial! 

Will be interesting to see the exchange logs when you have them, but
meanwhile here is what I was thinking regarding the firewall question: some
firewalls, and pics is one of them, act as an smtp proxy. That means that it is
the firewall itself, and not the exchange server, which terminates the
incoming smtp connection (from MessageLabs in this case). So step 1 is
MessageLabs connects to the firewall, and that gives you the "connected to
<ip address>" part of the log message. The firewall then attempts to
connect to the exchange server, after which it will proxy the exchange
server's SMTP greeting back to the connecting client. However if for some
reason it can't connect to the exchange server, then all it can do is drop the
connection it accepted from the client - hence the "but connection died" part
of the log message.
Another permutation of essentially the same problem is when the firewall is

proxying at the TCP level, which is essentially what happens if you are using
NAT, with a DMZ host or similar concept configured. I.e. the SBS does not
actually have a public address, but instead the firewall accepts the
connection on the public address and then forwards it to a configured
internal address. Depending on the implementation it may accept the
connection before or after establishing its own connection to the internal
address; if it accepts it before, and then can't create the internal connection,
again you will see connection dropped. Does the SBS have an interface with
the 62.49.xx.xxx address in the logs, or is that address forwarded to it by the
firewall?
Without knowing more about your Netgear router I couldn't say whether
either of these cases might apply, but in either case the question would be
why the firewall is not able to connect to the exchange server. You will
probably need to see the logs to establish that (if indeed it is the case), but
one possibility in the NAT case would be that the internal IP address of the
SBS has changed since the firewall was configured. If it's a static address
that would be unlikely, but if for any reason it was dynamic then it could
happen.

Marc Jacobs

Here is the exchange log whenASK 1 user sent
THE an email. both
EXPERTS internal
users

didn't get it, a non local address received it successfully.
We are using NAT, the firewall is accepting the connection on the public
address and forwarding it onto the SBS box.
If you went ot the IP address you would get the SBS RWW component.
The internal IP hasn't changed for over 10 years and the IP is static.
Thanks
2011-3-18 9:9:47 GMT 0 - c=US;a= ;p=LS;l=SERVER-

110318090947Z-14069 - EX:/O=FIRST ORGANIZATION/OU=FIRST
ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=USER -
2011-3-18 9:9:47 GMT - - - SERVER -
abc@btopenworld.com 1027 F3DC1AA3C654474FA487870136
B68E9501609DC6@server.domain.local 0 0 8058 3 2011-3-
18 9:9:47 GMT 0 - c=US;a= ;p=LS;l=SERVER-110318090947Z-
14069 - EX:/O=FIRST ORGANIZATION/OU=FIRST ADMINISTRATIVE
GROUP/CN=RECIPIENTS/CN=USER -
2011-3-18 9:9:47 GMT - - - SERVER - /O=FIRST
ORGANIZATION/OU=FIRST ADMINISTRATIVE
GROUP/CN=RECIPIENTS/CN=User1 1019
F3DC1AA3C654474FA487870136B68E9501609DC6@server.domain.l
ocal 0 0 8058 3 2011-3-18 9:9:47 GMT 0 - - -
- -
2011-3-18 9:9:47 GMT - - - SERVER -
thirdparty@domain.com 1019 F3DC1AA3C654474FA487870136
18 9:9:47 GMT 0 - - - - -
2011-3-18 9:9:47 GMT - - - SERVER -
18 9:9:47 GMT 0 - - - - -
ocal 0 0 8058 3 2011-3-18 9:9:47 GMT 0 - - -
- -
2011-3-18 9:9:47 GMT - - - SERVER -
18 9:9:47 GMT 0 - - - - -
2011-3-18 9:9:47 GMT - - - SERVER -
18 9:9:47 GMT 0 - - - - -
ocal 0 0 8058 3 2011-3-18
ASK THE EXPERTS  -
9:9:47 GMT 0 
- -
- -
2011-3-18 9:9:47 GMT - Security OS
- - SERVERMicrosoft
- Networking
18 9:9:47 GMT 0 - - - - -
2011-3-18 9:9:47 GMT - - - SERVER -
18 9:9:47 GMT 0 - - - - -
2011-3-18 9:9:48 GMT - - - SERVER -
user1@myclient.co.uk 1033 F3DC1AA3C654474FA487870136
18 9:9:47 GMT 0 - - - user@myclient.co.uk -
2011-3-18 9:9:48 GMT - - - SERVER -
2011-3-18 9:9:48 GMT - - - SERVER -
2011-3-18 9:9:48 GMT - - - SERVER -
2011-3-18 9:9:48 GMT - - - SERVER -
2011-3-18 9:9:48 GMT - - - SERVER -
2011-3-18 9:9:48 GMT - - - SERVER -
2011-3-18 9:9:48 GMT - - - SERVER -
2011-3-18 9:9:48 GMT - - - SERVER -
2011-3-18 9:9:48 GMT - - - SERVER -
Get abc@btopenworld.com 1020
access to all features with F3DC1AA3C654474FA487870136
a 7-day free trial! 
B68E9501609DC6@server.domain.local 0 08058 2 2011-3-18
9:9:47 GMT 0 -  ASK THE EXPERTS
- - user@myclient.co.uk   
-
2011-3-18 9:9:48 GMT - - anchor-post-2.mail.demon.net
SERVER - Security
thirdparty@domain.com OS Microsoft
1031 Networking
ocal 0 0 8058 2 2011-3-18 9:9:47 GMT 0 - - -
user@myclient.co.uk -
2011-3-18 9:9:48 GMT - - anchor-post-2.mail.demon.net
SERVER - abc@btopenworld.com 1031
ocal 0 0 8058 2 2011-3-18 9:9:47 GMT 0 - - -
user@myclient.co.uk -
2011-3-18 9:10:17 GMT 85.158.138.147
mail195.messagelabs.com -

bluebook
I can't reconcile the log with your description of it. Maybe I'm being stupid or
maybe it's the formatting. Can you post the header line from the log (the one
with the list of field names in it)?
As I read this log, there appears to be a message created on your exchange

server by user@myclient.co.uk, addressed to user1@myclient.co.uk,
thirdparty@domain.com, and abc@btopenworld.com - is that right? But
above you said that "both internal users didn't get it, a non local address
received it successfully." I'm only seeing one internal user, and I'm seeing
two non-local (external), so something doesn't tally.
It also appears that you have your smarthost set to anchor-post-

2.mail.demon.net, rather than MessageLabs - is that right? It's probably not
relevant to your problem, but I wonder why that is?
Finally, assuming I haven't completely mis-intepreted this, your original

question was about a problem where MessageLabs was connecting to your
client and then losing the connection, whereas this log appears to be for a
message which should be going the other way -i.e. a message originating on
your client's exchange server and going out (although there is a partial entry
right at the end of the log which shows MessageLabs as a client).
To understand the original "connection died" problem, the SMTP log is going
to be more useful than the message tracker log. If you can get the
corresponding log from MessageLabs to compare with, so we can see both
sides of the connection, that will help considerably.

Featured Programming DevOps Virtualization Marc Jacobs Security
Databases OS Microsoft Networking
Hi,
Just to clarify
abc@btopenworld.com is the sender.
user@myclient.co.uk is the intended recipient who doesn't get the email
user1@myclient.co.uk is a 2nd recipient who also didn'tget the mail
3rdparty@domain.com is me
abc@ sent the email to user, user1 and 3rdparty

our ISP is Demon, hence the smarthost
Meesagelabs scans our emails before being delivered to the mail server.
i'll speak to messagelabs to get the logfile.

Thanks

bluebook
If you can get your smtp log as well that will definitely help.
Still can't get my head round that tracker log. If this mail was sent from
outside the exchange server, then thirdparty@domain.com shouldn't appear
in the log at all. Nor, for that matter, should your demon smarthost, because
this should be message from outside coming in (via messagelabs), whereas
the log shows a message from the inside going out (via demon).
MessageLabs usually act as smarthost for their customers, in addition to

scanning their inbound mail, especially if you have the anti-virus service.
That way your outbound mail gets acanned as well, which is good for
protecting your reputation - but it's not essential.

Marc Jacobs

So, in your opinion without confirming theEXPERTS
logs, this is someone
  inside
 ASK THE 
sending to all recipients rather than our btopenworld client sending message
to us?
If thats the case, then exchange is def not seeing the email coming in at all
yet messagelabs say its a problem on the server itself, which i still can't see
how, when all other mail works fine.

bluebook
Yes, that's my opinion, although I'm not sure what the last line of the log
(which mentions MessageLabs) is about. That line looks as if it is truncated,
but also there's a 20 second gap between it and the previous entry, which
makes me think the 2 are not related.
When you say all other mail works fine, you mean internal mail and outgoing
mail? Or do you have other mail coming in from outside which works? If it's
just internal and outgoing which is working that again suggests there's an
issue in either the firewall or the smtp server. Have you tried connecting
directly from outside using telnet to port 25? If you have configured your
firewall to only accept connections from MessageLabs then you won't be
able to do that, but otherwise you should get an SMTP banner from your
exchange server, and you should then be able to send in a message by
typing SMTP commands directly.

Marc Jacobs
Both internal and external mail is fine apart from a handful of domain names.
Interestingly enough after messagelabs told me categorically thats its the
exhange server, one decent knowledgeable guy indicated the problem could
be that exchange needs to know all the ip's that mail could come from and
that this could be the problem that maybe a single or small cluster of
messagelabs servers are at fault.
they are sending over to me all the trusted ip's for their servers and see
whether this helps get the mail in.

I will keep you posted and so far thanks for all you help, as this is driving me
crazy!  ASK THE EXPERTS   

ASKER CERTIFIED SOLUTION ™

Marc Jacobs
I was advised certain messagelab servers weren't making a connection to

the server, they issued a list of trusted IP's and this didn't make a difference,
in fact things got worse.
We have decided to remove messagelabs out of the equation and so far

things have been working well.
Thanks bluebook for all your help, greatly appreciated.

Marc Jacobs
self resolved.
This question has a veri ed

solution.
Continue the conversation by leaving a comment.
Not the solution you were looking for? Submit your
own question to our certified professionals and receive
a custom solution that works for you.
Explore More Content

Explore articles, solutions, and other research materials related to this topic.
WFCRR RECEIVED A SOLUTION MARSHAL HUBS WROTE AN ARTICLE
How to alias a users name to a How to Extract Ex‐
generic email address change Mailbox
from Exchange
Backup File
Exchange Outlook Email Servers SBS
4 comments 0 comments
EDWARD VAN BILJON CREATED A VIDEO
Exchange 2016 -
Update your Ad‐
dress Lists
0 comments

OUR COMPANY EXPERTS COMMUNITY TOPICS
Featured
Contact Us Programming DevOps
Our Experts Virtualization
Podcasts Databases Popular
Security
Topics OS Microsoft Networking
Charities Certified Expert Program Expert Tutorials Apple OS

Careers Expert Awards Articles AWS
Feedback Posts Cisco
Videos Citrix
Our Experts Databases
Groups Exchange
IT Administration
Java
Microsoft Access
Microsoft Excel
Microsoft Office
Microsoft Sharepoint
Microsoft SQL Server
Office 365
Oracle Database
Outlook
PowerShell
Printers & Scanners
Security
VMware
Windows OS
Windows 7
Windows 10
SEE ALL
Take hold of your future.
Privacy Policy Terms of Use © 1996-2021 Experts Exchange, LLC. All rights reserved. Covered by US Patent.

Solved - Connected To - Ip Address - But Connection Died. (#4.4.2) - Experts Exchange

Uploaded by

Copyright:

Available Formats

You might also like

Solved - Connected To - Ip Address - But Connection Died. (#4.4.2) - Experts Exchange

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Solved - Connected To - Ip Address - But Connection Died. (#4.4.2) - Experts Exchange

Uploaded by

Copyright:

Available Formats

 ASK THE EXPERTS   

Featured Programming DevOps Virtualization Databases Security OS Microsoft Networking

13 Comments | 1 Solution | 5,336 Views | Last Modiﬁed: 2012-05-11

Extract 1: Bounce back from the original sender:

Despite repeated attempts, this message could not be delivered.

 Knowledgebase  Print  Share

Featured Programming DevOps Virtualization Databases Security OS Microsoft Networking

AUTHOR Commented: 2011-03-17

Nothing on the sbs box itself, we do have a netgear router/ﬁrewall.

AUTHOR Commented: 2011-03-17

domain name points to messagelabs then messge labs sends to public ip of

Featured Programming DevOps Virtualization Databases Security OS Microsoft Networking

Another permutation of essentially the same problem is when the ﬁrewall is

AUTHOR Commented: 2011-03-22

Get access to all features with a 7-day free trial! 

2011-3-18 9:9:47 GMT 0 - c=US;a= ;p=LS;l=SERVER-

As I read this log, there appears to be a message created on your exchange

It also appears that you have your smarthost set to anchor-post-

Finally, assuming I haven't completely mis-intepreted this, your original

AUTHOR Commented: 2011-03-23

abc@ sent the email to user, user1 and 3rdparty

i'll speak to messagelabs to get the logﬁle.

MessageLabs usually act as smarthost for their customers, in addition to

Get access to all features with a 7-day free trial! 

AUTHOR Commented: 2011-03-24

Get access to all features with a 7-day free trial! 

Featured Programming DevOps Virtualization Databases Security OS Microsoft Networking

I was advised certain messagelab servers weren't making a connection to

We have decided to remove messagelabs out of the equation and so far

AUTHOR Commented: 2011-08-15

This question has a veri ed

Explore More Content

EDWARD VAN BILJON CREATED A VIDEO

Get access to all features with a 7-day free trial! 

Charities Certiﬁed Expert Program Expert Tutorials Apple OS

Take hold of your future.

Get access to all features with a 7-day free trial! 

You might also like