Monday, May 26, 2014

Fix Exchange Error 451 4.4.0 DNS Lookup Failed

Resolving Exchange Server Error : DNS Lookup Failed

Recently, many users are seen facing a common issue with emails not getting delivered to particular or other domains. This issue is associated with system failing DNS lookup due to misconfiguration or the address manually blocked by the recipient domain. To resolve this query simple steps of reconfiguration and testing connections are done. 
Tools such as NSLOOKUP & TELNET are used to test working of the Edge transport layer that controls inbound or outbound exchange of emails.

Symptoms That Point Towards The Issue:
  •  Unable to send messages to a specific domain
  •  451 4.4.0 DNS query Failed Error

  • DNS Query Failed Error

The users face trouble with inbox or outbox mails getting stuck / not getting delivered. This issue is often faced by Exchange 2007 Server version with Edge Transport Role installed.
It is associated to mail queues associated with the edge transport layer.
Edge Transport Server Role

  •  If you have any firewall installed check if it is allowing transport over port 25 for SMTP and port 53 for DNS resolution.

Reconfigure the DNS Setting over Edge transport layer.

Inspecting Queue Viewer:

1.       Open EMC on the Edge transport Server.
2.       Navigate to toolbox->Queue Viewer.
3.       Locate the Mail flow tools -> Queue Viewer tool.
4.       Check the last error column for any inbound messages from accepted domains facing similar issues or not.
Verifying DNS Configuration On The Edge Transport Server:

  • It is mandatory to log in locally on the Edge transport server. In case you are remotely accessing the physical server using RDC(Remote Desktop Connection)6.0 then it is highly recommended to use “/console” switch.
  • Open Exchange Management Console->Edge Transport Server->Properties
  • Choose Internal DNS lookups the default configuration should be set to All Available.

Performing Internal and External DNS Lookups:
Internal Lookup:
For users having multiple network adapters installed; navigate to the internal network card and select that card for Use Network Card DNS Settings.

  •  This step populates all the IP addresses present and you can modify in case of any misconfiguration.
  •  Restart the Transport Service and check Exchange Management Console->Edge Transport Server->Properties to confirm correct configuration.
  •   Incase no IP addresses are visible; the NIC might not be configured with DNS server entries. Fill in the card with proper details and check transport server properties again to confirm correct configuration.

External Lookup:

  •  For the users having a single network card using a public DNS, altering configuration would affect the external name resolution and might restrict email flow.
  •  In either case you have to select Use these DNS servers and select IP of the internal DNS server and then add the host file containing DNS information. Finally, check the correctness of the configuration.

Testing DNS Servers AndName Resolution:
After ensuring that the DNS Servers are properly configured, we need to test that they are performing proper DNS name resolution or not. We use port 25 for sending SMTP or outbound mails, which in this case is causing the issue of queue due to improper DNS name resolution.Testing the port using NSLOOKUP tools is the optimal solution.

Using NSLOOKUP Tool:
Before jumping into NSLOOKUP tools, we need to know about the process and why we are doing it.
DNS records contain IP addresses and domain names using which the name & server address is resolved. NSLOOKUP or Name Server Lookup is a network administration command line tool used to obtain DNS records containing server and IP address information. To perform testing of the port we use TELNET service which is again a command line interface providing a bidirectional interactive text-oriented communication facility using a virtual terminal connection.

Locating IP Address oftheServer:

  • Use cmd ,type “nslookup” and hit enter to open the NSLOOKUP tool.
  • Type set type=mx and hit enter (MX record is a resource record which helps to indentify the mail server responsible for accepting email messages. This ensures that you get MX records while performing ns-lookup)
  •  Type set timeout=20, as by default we have a time out limit of 15 seconds to perform DNS query.
  •   Enter the name of the domain for which you want to extract the MX record and hit enter .E.g.

Testing SMTP Connection Using TELNET

  • Use cmd and type in; telnet to start its services.
  • Enter set logfile (location:/filename)
          NOTE:If the specified path doesn’t exist then, it will be created for you.
  • Now type open 25 and then press Enter.
  •  Type EHLO and press Enter.
  • Use parameters such as MAIL From, RCPT TO,Notify,Data,and Subject to compose a test email message.
  • The success or failure report would be generated as per the configuration success.
If the ping or telnet services report failure then check if Windows Firewall is enabled or not .Most probably, it must be disabled; else it needs to be configured on the NIC cards to allow services such as SMTP, LDAP ports& testing protocols such as ICMP.


Hamed Mounir said...

We are running Exchange 2010 and lately I have noticed that some outgoing messages get stuck in the queue with the error "451 4.4.0 DNS Query Failed".

On every domain that this happens on I have been able to use nslookup to find the MX record and open a connection to their server over SMTP so I am reasonably sure that this problem is on my end.

My send connector isn't routing mail through a smart host nor is set to use a different DNS server to do the lookup so I'm stumped as to why these messages aren't going out. Any ideas?


Post a Comment

Post a reply