We’ve seen this happen at two environments recently. Both with Small Business Server 2011 running Exchange 2010 SP1 Rollup 3-v3 and 4. Our service provides monitoring of the Exchange server; however, we don’t have an eye on the queues. So, no alarms go off when a message is delayed.
When logging on to the Exchange Server and looking at the Outbound queues, we noticed mail for only a particular domain being held with the 451 4.4.0 Error DNS Query Failed error. Other symptoms:
1. The nslookup command run on the Exchange server could resolve the domain, proving the internal DNS server was normal.
2. After gaining the MX record from who.is, the nslookup command resolved the mail server’s IPv4 address, proving the receiver’s mail server was resolvable.
3. A telnet session to the MX record successfully contacted the suspected domain’s mail server on port 25.
4. Internal email delivery was functioning.
5. All other external mail delivery was functioning.
Now we’re down to Exchange itself, since everything DNS related on the server is working correctly. This is the current fix we use:
Change the Network properties of the Edge Transport Server. In this case, it’s the same one.
Step 1: Configure and External DNS server
- Click Server Configuration
- Right click the server and choose properties
- Click The External DNS Lookup tab
- Choose Use these DNS servers
- Add the DNS Server IPv4 address
- Click Apply
Step 2: Configure the Hub Transport to use the External DNS for external domains.
- Click on the Hub Transport of Organization Configuration
- Choose Send Connectors
- Right click the connector and choose properties
- Click the Network Tab
- Check the Use External DNS Lookup… box
- Restart the Transport Service
The queue should empty immediately.
We’re not sure why this is happening. We theorize it has to do with conflicting or corrupt DNS data being sent back on either the IPv4 or IPv6 stack to the internal DNS server. With this fix, we’re just telling Exchange to bypass the internal DNS for an external one for outbound mail that isn’t delivered to its domain.
Other fixes that may help:
1. Flush the DNS caches on the internal DNS servers and the Exchange server.
2. Add a Forwarder to the internal DNS server. I’m not a big fan of this one as the Root Forwarders should be sufficient. It did work at one site, though.