Hello,
I've got a problem with the initial configuration of an Exchange Server 2016. Sending/receiving internal emails works but not to/from the oudside. I tested the inbound SMTP mail flow with testconnectivity.microsoft.com which presents the following error message:
"Testing TCP port 25 on host mx0.DOMAIN.TLD to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response."
According to "netstat -a", a service is listening on port 25 on the mail server. However, this is not the case for the firewall server. Since all the network communication is routed through the firewall server, I guess no SMTP communication is possible between the mail server and outside. Can you confirm the analysis so far? How can I tell a service to listen on port 25 on the firewall, too? The respective firewall port is already opened.
Can this be caused by an Autodiscover issue? When I test the Exchange ActiveSync with testconnectivity.microsoft.com it returns the following four error messages that I am also not able to solve:
"The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://DOMAIN.TLD:443/Autodiscover/Autodiscover.xml for user MAIL@keyman .TLD
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
A Web exception occurred because an HTTP 404 - 404 response was received from Unknown.
[...]"
Furthermore, it returns again similar port problems as described before:
"Testing TCP port 443 on host autodiscover.DOMAIN:TLD to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Additional DetailsA network error occurred while communicating with the remote host."
and
"Testing TCP port 80 on host autodiscover.DOMAIN.TLD to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Additional Details
A network error occurred while communicating with the remote host."
Besides that, it presents a certificate warning:
Analyzing the certificate chains for compatibility problems with versions of Windows.
The test passed with some warnings encountered. Please expand the additional details.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update.
Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Thanks a lot for any hint to solve the problem!