The standard tools for troubleshooting network connectivity, such as Ping,
Tracert, Nslookup, and Ipconfig, are well known but sometimes do not provide the
answers you are looking for, particularly on servers such as Windows Server 2008
and Windows Server 2008 R2, whose internal firewalls by default block the
Internet Control Message Protocol Echo command.
However, the main thrust of this lesson is the use of the Telnet tool and EMS
cmdlets to obtain network connection information and to test connectivity over
the various client-to-server and server-to-server protocols used to implement an
Exchange Server 2010 organization.
1. Using Telnet to Test SMTP Communication
On client computers that have a Telnet client installed, you can use the
Telnet tool to test connectivity for protocols defined by their port
numbers. For example, opening a Telnet session and entering open
VAN-EX1.contoso.com 25 tests connectivity to server VAN-EX1.contoso.com on
port 25, and if this connection can be made, the Telnet command ELHO tests
that ESMTP connections can be made to that server.
You can use the Telnet utility to connect to and verify the functionality
of the SMTP service on an Edge Transport server and to test whether this
server is able to receive email sent from other SMTP servers on the
Internet. By default, SMTP listens on port 25. If you use Telnet on
port 25, you can enter the SMTP
commands that are used to connect to an SMTP server and send a message
exactly as if your Telnet session were an SMTP messaging server.
However, before you use Telnet to test SMTP communication, you need to
consider a number of factors. For example, message transfers that occur
between Hub Transport servers are encrypted and authenticated by default.
You can use Telnet on port 25 to submit messages only to an internal Hub
Transport server that has a Receive connector configured to allow anonymous
access or basic authentication. Anonymous access is required for
Internet-facing servers. When you send a message to a Receive connector that
accepts basic authentication, you must have a utility to convert the text
strings that are used for the user name and password into the Base64 format.
Warning:
BASIC AUTHENTICATION CAN BE A SECURITY
RISK
Because the user name and password are easily discernible when basic
authentication is used, Microsoft recommends that you do not use basic
authentication without encryption.
Typically, Internet-facing SMTP messaging servers are configured to
validate the source IP address, the corresponding Domain Name System (DNS)
domain name, and the reverse-lookup IP address of any Internet host that
tries to send a message to the server. If you connect a client computer to
the Internet and try to send a test message to a remote messaging server by
using Telnet on port 25, your message is likely to be rejected. In this
case, you should connect to the remote messaging server from your Edge
Transport server. The accepted domains that are configured on the Edge
Transport server have the appropriate DNS mail exchanger (MX) records,
address (A) records, and reverse-lookup records that identify the Edge
Transport server as a legitimate and traceable email message source.
You can use Telnet to connect to your organization’s Edge Transport
server from a host that is located outside your perimeter network and send a
test message. You can also use Telnet to connect to a remote messaging
server from your organization’s Edge Transport server and send a test
message. Note that the syntax of Telnet commands may differ depending on the
third-party Telnet client you use. Remember that you cannot use the
backspace key after you have connected to a destination SMTP server within
the Telnet session. If you make a mistake as you type an SMTP command, you
must press Enter and then type the command again.
To use Telnet on port 25 to connect to a destination SMTP server, you must
first discover the fully qualified domain name (FQDN) or the IP address of
the SMTP server. You can use the Nslookup command-line tool to find the MX
record for the destination domain and hence the address of the SMTP server
by carrying out the following procedure:
On the computer you are using to run the Telnet session and to
connect to a remote SMTP server on the Internet, right-click Command
Prompt on the Accessories menu and click Run As Administrator. If
you are not logged on with an Administrator-level account, you need
to supply credentials.
Enter
the following command:
nslookup
Enter the following command:
set type=mx
Enter the following command:
set timeout=20
Note:
DNS QUERY TIME-OUT
By default, Windows DNS servers have a 15-second recursive DNS
query time-out limit.
Enter the name of the domain for which you want to find the MX
record, followed by a trailing period. For example, to find the MX
record for the contoso.com domain, enter the following
command:
contoso.com.
Note:
USING A TRAILING
PERIOD
The trailing period indicates a FQDN. The use of the trailing
period prevents any default DNS suffixes configured for your
network from being unintentionally added to the domain name.
Note also that the domain must be reachable on the Internet and
must contain at least one messaging server.
Obtain the FQDN and IP address for the server to which you want to
connect. The portion of the command’s output that is of
significance to you should look similar to the following (note that
the IP addresses will be public Internet addresses and not the
private addresses shown here as an illustration):
contoso.com mx preference=10, mail exchanger = mail1.contoso.com
contoso.com mx preference=20, mail exchanger = mail2.contoso.com
mail1.contoso.com internet address = 10.0.10.20
mail2 contoso.com internet address = 10.0.10.30
To end the Nslookup session, enter the following command:
exit
The above procedure discovers the FQDNs and IP addresses of messaging
servers in an external Exchange organization reachable over the Internet. To
find the FQDNs of Hub Transport and Edge Transport servers within your
internal Exchange Server 2010 organization, enter the following command in
the EMS:
Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isEdgeServer -eq
$true} | FL Fqdn,ServerRole
Figure 1 shows the output
from this command.
When you have obtained the FQDN of the target messaging server, you can
use Telnet on port 25 to test SMTP communication (assuming that a Telnet
client is installed in your source computer—remember that Microsoft
Windows Vista and Microsoft Windows 7 client computers do not have a Telnet
client installed by default). The procedure described below uses the
following values:
Destination SMTP
server
mail01.contoso.com
Source domain
adatum.com
Sender’s email
address
[email protected]
Recipient’s email
address
[email protected]
Message subject
Test from Adatum
Message body
Test message
To use Telnet on port 25 to test SMTP communication, carry out the
following procedure:
On an Edge Transport server in the Adatum.com domain, open a
command prompt by specifying Run As Administrator and enter the
following command to open the Telnet session:
telnet
Optionally, to view the characters as you type them, enter the
following command:
set localecho
Optionally, to enable logging of the Telnet session to the log
file telnet.log, enter the following command:
set logfile C:\Logfiles\telnet.log
To access the server mail01.contoso.com on port 25, enter the
following command:
open mail01.contoso.com 25
If access is successful, you receive a response similar to the
following:
220 mail01.contoso.com Microsoft ESMTP MAIL Service ready at <day-date-time>
To test that ESMTP is operating in the
Contoso.com domain, enter the following command:
EHLO contoso.com
If ESMTP is working correctly, you receive a response similar to
the following:
250 mail01.contoso.com Hello [<sourceIPaddress>]
To specify the sender’s email address, enter the following
command:
MAIL FROM:[email protected]
If the sender’s email address is recognized as valid, you
receive a response similar to the following:
250 2.1.0 Sender OK
To specify the recipient’s email address and to define the
particular delivery status notification (DSN) messages that the
destination SMTP server must provide to the sender, enter the
following command:
RCPT TO:[email protected] NOTIFY=success,failure
If the recipient’s email address is recognized as valid, you
receive a response similar to the following:
250 2.1.5 Recipient OK
Note:
DSN MESSAGES
DSN messages are defined in RFC 1891. For more information,
see http://www.faqs.org/rfcs/rfc1891.html.
To start mail input, enter the following command:
DATA
You receive a response similar to the following:
354 start mail input; end with <CLRF>.<CLRF>
Enter Subject: Test from Adatum.
Press Enter. You need a blank line between the Subject: header
field and the message body.
Press Enter, type a period, and then press Enter again. You
receive a response similar to the following:
250 2.6.0 <GUID> Queued mail for delivery
To disconnect from
the destination SMTP server, enter the following command:
QUIT
You receive a response similar to the following:
221 2.0.0 Service closing transmission channel
To close the Telnet session, enter the following command:
QUIT