Export (0) Print
Expand All
Expand Minimize

Reverse DNS lookups have been enabled in the metabase but not on the associated SMTP server in the Active Directory

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2007-01-17

The Microsoft® Exchange Server Analyzer Tool reads the following property in the Internet Information Services (IIS) metabase to determine if its value matches the configured value for the msExchSmtpPerformReverseDnsLookup attribute in the Active Directory® directory service:

/LM/SmtpSvc/<SMTP virtual server instance>/EnableReverseDnsLookup

If the Exchange Server Analyzer finds that the values do not match, a warning message is displayed.

If the value in the IIS metabase does not match the value in Active Directory, it could indicate a problem with Active Directory replication or a problem with the Directory-service-to-Metabase-replication component (DS2MB) in Exchange.

The function of the DS2MB process is to transfer configuration information from Active Directory to the local metabase. This configuration is stored in the local metabase instead of the registry for performance and scalability reasons. In Exchange 2000 Server and Exchange Server 2003, all of the Internet protocols (SMTP, NNTP, POP3, IMAP4, and HTTP) run as components of IIS.

Every 15 minutes, the DS2MB process copies entire subtrees from Active Directory without changing the shape of the subtree. This is a one-way write from Active Directory to the metabase; the metabase never writes to Active Directory.

The EnableReverseDnsLookup property and the msExchSmtpPerformReverseDnsLookup attribute can both have a value of TRUE or FALSE. A value of TRUE means that the SMTP virtual server will perform reverse DNS lookups on all incoming messages. A value of FALSE means that it will not perform reverse DNS lookups. Because of the potential for performance degradation due to mis-configured DNS records or intermittent connections to the Internet, the EnableReverseDnsLookup property and the msExchSmtpPerformReverseDnsLookup attribute are set to FALSE by default.

If the EnableReverseDnsLookup property is set to TRUE (enabled) and the msExchSmtpPerformReverseDnsLookup attribute is set to FALSE (disabled), it means that Active Directory and the IIS metabase are not in sync. If the problem is caused by a failure of the DS2MB process, you can correct the problem by following the procedure below for the version of Exchange Server you are running. If the problem is caused by a partial or complete failure of Active Directory replication, you can use the Active Directory Replication Monitor utility (ReplMon.exe) to check the health and status of Active Directory replication. You can find ReplMon.exe in the Windows® Support Tools on the Windows Server CD-ROM.

  1. Check for the presence of application event log entries with a source of MSExchangeMU. If DS2MB fails, it will log an event on Exchange Server 2003.

  2. If you do not see any DS2MB failures, use ReplMon to diagnose Active Directory replication. Pay particular attention to the global catalog servers that are being used by your SMTP virtual server.

  3. If you do see DS2MB failures, or after you have eliminated or resolved any problems with Active Directory replication, restart the Exchange System Attendant service.

  1. Use ReplMon to diagnose Active Directory replication. Pay particular attention to the global catalog servers that are being used by your SMTP virtual server.

  2. After you have eliminated or resolved any problems with Active Directory replication, restart the Exchange System Attendant service.

For more information about the reverse DNS lookup feature in Exchange, see Microsoft Knowledge Base article 297412, "The 'Perform Reverse DNS Lookup for Incoming Messages' Option Is for Host Name Resolution" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=297412).

For more information about SMTP virtual server settings, see Microsoft Knowledge Base articles 266686, "XCON: How to Configure a SMTP Virtual Server Part 1" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=266686) and 268163, "XCON: How to Configure a SMTP Virtual Server Part 2" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=268163).

For more information about Active Directory replication, see Microsoft Knowledge Base article 232072, "Initiating Replication Between Active Directory Direct Replication Partners" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=232072).

For more information about the DS2MB process, see Microsoft Knowledge Base article 240105, "XGEN: General Information on Directory Service/Metabase Synchronization in Exchange 2000 Server" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=240105).

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft