Exchange cannot send mail to some domains

Have you encountered that Exchange cannot deliver mail to some destinations on Internet? This is becoming more and more common. You may ask why this happen in the first place and why it’s becoming more common.

The answer lies in how Exchange do DNS queries. Exchange was designed to run on a corporate network where you have full control on how DNS is setup and configured. Basically Exchange believe that DNS will always respond with a correct answer. But when Exchange send mail to Internet, DNS queries and answers might not always be what you expect, this is especially true when more and more organizations start using IPv6.

Using Network Monitor or any other network sniffer when Exchange tries to deliver a mail over Internet you will see that there is query for MX. One problem here is if the destination domain have IPv6 information in their Internet DNS but do not have AAAA records for hosts specified in their MX records, Exchange will simply do not another query for A records for the MX hosts and mail will queue on Exchange.
There are variations on what information is in the destination DNS zone and how your DNS is configured, if you have IPv6 yourself etc, but the behavior is the same, DNS will sometimes fail.

Solution is very simple. configure the sendconnector used for sending mail to Internet to use an external DNS, that is not to reconfigure your windows box to query another name server but simply use the Exchange configuration
Set-SendConnector <SendConnectorNameToInternet> -UseExternalDNSServersEnabled $True

You don’t even have to specify a specific name server on your HUB/Edge server, but you can if you like.

This will change the behavior of Exchange DNS queries to not to stop when there is no AAAA records if other IPv6 information is found, but to continue to do IPv4 DNS queries. remember that Windows prefer IPv6 over IPv4. This can be verified by using a network sniffer.

Have done testing both with HUB and Edge servers and with Exchange 2010 and 2013, and the behavior is the same.

The only reference on Technet on this matter is this article http://technet.microsoft.com/en-us/library/bb676467(v=exchg.150).aspx that talks about normal and lenient mode, but it doesn’t explain the changed behavior if using external DNS or not.

So in short, configure your sendconnectors sending to Internet to use an external DNS to make your live easier.

Looking for Exchange 2013 CU3 ?

look no further other than KB2892464. As usual it contains several bugfixes, support for IE11 in OWA, less memory consumption for the search infrastructure, bug around backup and restore which you can read more about in KB2888315.
To install CU3, you must deploy schema updates so talk with your Active Directory team to have them deployed before you run the CU3 setup.
Download is found here

Microsoft also released Exchange 2010 SP3 UR3 which can be found in KB2891587 and download from here

As always, read the KB and notes carefully before deploy.

happy patching.

Microsoft Masters program canceled

I June I did my rotation of the Exchange Masters training and also passed the test to become Exchange Master, MCSM (Microsoft Certified Solution Master). Training and test are intense and I am both glad and proud to have gained a lot of knowledge and new friends together with the MCSM title. so life is good with med and the Masters community until an email from Microsoft Learning sits in my inbox on Friday saying that the Masters and Architect programs are to be canceled. Read Neil Johnson (who is one of the teachers at the training) blog for the full email.

It has been a very intense day of people expressing their feelings and thoughts about this and the overall saying is that this is cannot be true it must be a very bad joke. Personally I couldn’t agree more. Cancel the highest certification you can achieve on Microsoft technology is something you simple don’t do, no matter what. Think about what signals this send out to people out there.

See what others are writing on the subject on Internet:
http://www.stevieg.org/2013/08/are-microsoft-losing-friends-and-alienating-it-pros/

http://paulrobichaux.wordpress.com/2013/08/31/microsoft-certified-systems-master-certification-now-dead/

http://up2v.nl/2013/08/31/microsoft-retires-its-top-level-certifications-mcm-mca-and-mcsm/

http://www.devinonearth.com/2013/08/defending-a-bad-decision/

http://michaelvh.wordpress.com/2013/08/31/microsoft-is-retiring-the-mcsmmca-program/

A SQL master guy even posted suggestion to vote on Connect site, sadly the connect site has been up and down the past 24 hours.

Windows 2012 shortcuts

As much as I like Windows Server 2012 I also dislike the logoff/reboot/restart functionality because the are very hard to do when you use remote desktop to your server, fiddling with your mouse in the corners trying to get something to click on.

Thinking about this I searched Internet and discovered this: http://gallery.technet.microsoft.com/scriptcenter/Create-a-ShutdownRestartLog-37c8111d which is fine. I took this script and did some small adjustment  (adding Windows Update and shortcuts to desktop)

Get the script DesktopLinks.ps1

Another version 2 update again

Exchange has a long history of being a solid product, of course it has been bugs in it but they have been addressed with patches and service packs. But the last year or two the set has changed, who doesn’t remember the series of version 2 UR for Exchange 2010 SP about two years ago. My thinking of this is that Microsoft has changed focus from delivering Exchange as regular product with a roadmap of looking forward to a service pack that has a set number of bug-fixes and features. With the service in mind this is not the case to the same extent but rather that the service has become a living thing that constantly are patched and upgraded. With this approach, developers are constantly tossing in new fixes and functionality that sometimes break something else. One reason for this could be that Microsoft is trying to introduce a new feature or fix a problem really fast which is good but it looks like Microsoft is more focused on speed instead of quality it might also be that Microsoft trust and rely on the Managed Availability not to fix the problem but restore functionality for the end-user.
Both myself and customer that for some years now has been comfortable with applying patches as they comes out of Redmond compared to what was the case 15 years ago when patching was something that wasn’t that common. This fear of patching is now back in the Exchange world because of the rollups and CU’s that correct some stuff but also introduce others. Of course the message is to try patches in your lab, but to be honest who has time and can spend money on a lab that mimics your production system? Labs are almost every time smaller and you cannot try everything users do in production. With this several of my customers has now taken a step back and not applying Exchange patches as fast as they would like because of fear breaking things.
Nevertheless Microsoft has now release a version 2 of Exchange 2013 RTM CU2. It mainly addresses the problem with mail enabled Public Folder permissions introduced in CU2 http://blogs.technet.com/b/exchange/archive/2013/07/12/e2013-rtm-cu2-issue-public-folder-permissions-loss-after-pf-mailbox-move.aspx.
The new version 2 of CU has build 712.24 compared to the CU2 712.22. If you already have deployed CU2 you can simply run “setup.exe /m:upgrade /IAcceptExchangeServerLicenseTerms” to install CU2v2.
Download link Exchange 2010 RTM CU2 ver 2 and look on the details to see that you download the correct CU2.
Read Microsoft Exchange team announcement http://blogs.technet.com/b/exchange/archive/2013/07/29/now-available-updated-release-of-exchange-2013-rtm-cu2.aspx