451 4.4.0 DNS Query Failed

I recently was helping a customer migrate from Microsoft Exchange 2007 to Exchange 2013 in the same organization and after getting Exchange 2013 installed, we started testing mail routing between 2007 and 2013.  We found that the Exchange 2013 server could route to the Exchange 2007 server, but Exchange 2007 could not route to Exchange 2013.  When looking in the Queue Viewer, we saw that all messages destined for our test mailboxes on Exchange 2013 were stuck in the Exchange 2007 Transport queue with the following status “451 4.4.0 DNS Query Failed”.  It took me a bit to find the culprit and my buddies, Google and Bing did not help too much, so I thought I’d write this up in case someone else ran across the same issue.

The first steps I did were pretty similar to what I would imagine anyone would do when faced with a DNS related issue, I took to the command line.  I first tried to ping the FQDN of the server and it resolved and pinged fine.  Just to be safe, I jumped to NSLookup to see what was going on there, and all seemed fine.

NSLookup Results

This quickly started looking like a misconfiguration on the Exchange 2007 server, so I reviewed the basic network settings to make sure everything looked ok there.  We had all valid DNS Server settings and all appropriate protocols were enabled.  By this time what I thought was going to be a simple DNS issue was starting to turn into a “stump the chump” situation with the customer watching over my shoulder, just waiting to give me a hard time if I did not figure this one out.  All in fun, of course.

Convinced the network settings and DNS were correct, I turned my focus to Exchange and ran this in Exchange Management Shell:

Get-TransportServer –Identity 2007Server | FL

There were a few settings in there changed from the default that sparked my interest, so I cleaned up my output by running this command.

Get-TransportServer –Identity 2007Server | FL “External*”,”Internal*”

This produced the below output.

Bad Get-Transport

There are two settings here that are not their default and they are ExternalDNSServers and InternalDNSAdatperGuid.  I’ve copied the parameter descriptions from http://technet.microsoft.com/en-us/library/bb124238(v=exchg.141).aspx to better explain what they are used for.

InternalDNSAdapterGuid

The InternalDNSAdapterGuid parameter specifies the network adapter that has the DNS settings used for DNS lookups of servers that exist inside the Exchange organization. The concept of an internal network adapter and an external network adapter is only applicable in a multi-homed Exchange 2010 server environment. Typically, a multi-homed Exchange 2010 server is only used with the Edge Transport server role in a perimeter network. When no particular network adapter is specified as the network adapter for external DNS lookups, the value of the InternalDNSAdapterGuid parameter is 00000000-0000-0000-0000-000000000000, and internal DNS lookups are performed by using the DNS settings of any available network adapter. You may enter the GUID of a specific network adapter to use for internal DNS lookups. The default value of the InternalDNSAdapterGuid parameter is 00000000-0000-0000-0000-000000000000.

Note:

If the value of the InternalDNSAdapterEnabled parameter is set to $false, the value of the InternalDNSAdapterGuid parameter is ignored, and the list of DNS servers from the InternalDNSServers parameter is used. 

ExternalDNSServers

The ExternalDNSServers parameter specifies the list of external DNS servers that the server queries when resolving a remote domain. You must separate IP addresses by using commas. The default value is an empty list {}.

Note:

If the value of the ExternalDNSAdapterEnabled parameter is set to $true, the ExternalDNSServers parameter and its list of DNS servers isn’t used.

After readying that, I’m sure you can Scooby Doo it and figure out what the problem is, but let’s clean up a setting first.  As we can see from the parameter description note, ExternalDNSServers parameter is not used since our ExternalDNSAdapterEnabled is set to $true, so I did some house cleaning by running the following command.

Set-TransportServer –Identity 2007Server –ExternalDNSServers $null

Now let’s look at the InternalDNSAdapterGuid parameter.  The description of the parameter tells us that the default is a bunch of zeros, but the customer specified a GUID so I can assume that this was not a valid GUID or it was the GUID of the wrong adapter.  For me, I simply ran this command to set it back to default to fix the issue.

Set-TransportServer 2007Server –InternalDNSAdapterGuid 00000000-0000-0000-0000-000000000000

Now my Transport Server settings look like what I would expect them to, email was flowing, and the world seemed right again.

Good Get-Transport

For those of you that are of the curious type, if you want to find out the GUID of your network adapters, check out this below registry key.

HKLM > Software > Microsoft > WindowsNT > CurrentVersion > NetworkCards > (number)

The Description will list the interface and the ServiceName will list the GUID.

I hope this helps and if you have any questions, do not hesitate to ask.

 

39 Comments

  1. Comment by Lawrence:

    I experienced the same issue (Exchange 2007 and Exchange 2013 co-existence). But the setting you mentioned in your article is correct (ie ExternalDNSAdapterEnabled = True; ExternalDNSServer = {}; InternalDNSADapterEnabled = True; InternalDNSServer = {}, and the DNSAdapterGuid = 0.) Is there anything I can check to resolve this? Thanks

  2. Comment by Sham:

    I have the DNS query failed on my Edge 2007 server after p2v. This solution “Set-TransportServer 2007Server –InternalDNSAdapterGuid 00000000-0000-0000-0000-000000000000” works perfect for me. Once done i just restart MS transport..Mails started moving. Thank you

  3. Comment by Rescue Leokeng:

    This saved me loads. I am super grateful.

  4. Comment by Manoj Kumar:

    Hi,

    Can you please let me know the command to Set External DNS Server in DNS lookup as I am unable to change it via ECP. it is showing some error.
    We are using Exchange 2013 CU1.

    • Jerrid Williams
      Comment by Jerrid Williams:

      Hi, Manoj.
      Is there a reason you’re configured the External DNS Server settings in Exchange? I would recommend leaving that at default and configure the NIC adapter to handle the DNS server selection, unless I’m not understanding your questions.
      Also, feel free to email me the screen shot of the error message and I’ll take a look. jerrid@jerridwills.com.
      Thanks for posting.

      Jerrid

  5. Comment by Paul:

    Been troubled by some similar issues. Which also seems to be impacting OUTLOOK.COM & Office365 Microsoft’s exchange offering, people sending email from those accounts hosted on MS with or without a personal domain name, to Exchange Servers 2007/2010/2013 intermittent mail being received on the Exchange Server End, sometime it gets thru other times a Delayed NDR message at Outlook.com/Office365 sender. I found initially making the changes did nothing but by manually configuring DNS in Hub Transport to use specific DNS, then resetting and applying the Default’s as suggested in your article did the trick. Thanks

    • Comment by Paul:

      I should have added to my comment that we had the same communication issues between Exchange 2007 and 2010 with the 451 4.4.0 error, but prior to that error we were getting 451 4.4.0 Primary target IP address responded with: “421 4.4.2 Connection dropped due to Socket Error, which led us on a wild goose chase first. Thanks again

  6. Comment by Don Lapeno:

    you my friend are a god!

    i just installed a new 2013 Exchange co-existing with 2010 and i moved 1 mailbox over to test, but the 2010 box would not communicate at all. i had manually set the int and ext DNS some time ago i recall to fix another issue, i set the ext to use all ipv4 and my internal confirmed for my DNS and BAM! working.

  7. Comment by Paul P:

    I had the exact same issue as “Sham” above. Hub Transport was P2V’d months ago and working fine. Now we are doing a POC for Office 365 and have a hybrid Exchange 2007 – Exchange 2010 configuration. At first 2010 would route internal mail to 2007 w/o issue, but not 2007 to 2010. Messages were stuck in the transport queue with the “451 4.4.0 DNS Query Failed” error. I then recalled the need to set the ExternalDNSAdapterGUID when I P2V’d our 2007 Edge Transport the previous year and thought the internal setting was likely the culprit. Your article confirmed it and definitely helped. Thanks!

  8. Comment by Mike:

    I had the same error on a SBS 2011 to Exchange 2013 migration. I found the send connector had two external IP addresses defined. Since there was originally only an SBS server that setting worked. I guess when adding the Exchange server, the new server could not be resolved. I went to the server in the EAC and configured the DNS lookups to use the internal NIC. I then removed the external IP addresses on the send connector. Since the internal DNS can resolve both internal and external lookups, all the mail delivered successfully.

  9. Comment by Jared:

    Jerrid,

    From one Jared to another (Jerrid), I have to REALLY thank you. I had the same problem with a 2010 and 2013 co-existance. My 2013 would send, but could not receive. The problem was the settings in my 2010 server configuration. I’ve been perplexed by the problem for a while now and it took just the RIGHT Google search terms to find you.

    For me, I went into the EMC and expanded Server Configuration. On the right I double clicked on the server name. I had old settings in both the internal and external DNS lookup tabs. I cleared out all the IP’s on both tabs and set to “Use network card DNS settings” and BAM. Mail flowed to the 2013 server. Awesome!

    • Jerrid Williams
      Comment by Jerrid Williams:

      Nice to see another Jared out there in the geek world!! Glad it helped and you are absolutely correct, and thanks for pointing it out that there is a GUI option for fixing this issue.
      Thanks for commenting!

  10. Comment by Thomas:

    Hi all,

    I hate to revive an old thread but I need some help.

    I’m having a similar problem as described above. Office365, Outlook.com and Hotmail emails that are coming to my domain are being blocked. All other entities are sending just fine. Customers are getting bounce backs stating 451 4.4.0 DNS Query issues.

    I’m still using 2003 DNS servers and I’m also using GoDaddy as a backup DNS server.

    All tests from DNS check sites are showing that things are clear.

    Is there anything else that I can try to resolve this issue?

    Thanks
    Thomas

    • Jerrid Williams
      Comment by Jerrid Williams:

      Hey Thomas,
      Would you mind giving me your domain name so I can take a look at your MX records? If you’re not comfortable posting it, just email it to me. The first thing that pops in my mind, is way back when, I had an issue with people trying to send email to me and getting a similar issue. I found that all of them used a hosting service that my company had recently stopped using, and the hosting company still had some old, bad data regarding our environment and was making email routing decisions based off of that.
      Did you run a trial version of O365 with the domain name you’re having problems with? If not, still shoot me the domain name and I’ll see if I can’t fish something up.

      Thanks for posting!

  11. Comment by Alex:

    YOU ROCK! This worked on exchange 2013!!!!

  12. Comment by DavidW:

    I am running Exchange 2010 on Server 2008 R2. I can receive email from all domains but I cannot send email to some of them. The one thing they all have in common is that they are Office 365 or Outlook.com domains.

    • Jerrid Williams
      Comment by Jerrid Williams:

      Hey David,
      Thanks for the question. I would try to trace the emails through your system and see where they are getting hung up. This will help you narrow down where to look and focus your troubleshooting. I would start by reviewing your queues to see if they are getting stuck there. If you have any smarthosts, I would check that second. If they are getting out of your environment, then you’re stuck helping other people troubleshoot their environment or asking them to open tickets with Microsoft.
      I hope this helps.
      Thanks,
      Jerrid

  13. Comment by Josh Harris:

    This worked for me on Exchange 2010 after P2V’ing it. Great stuff!

  14. Comment by simo:

    Hello JW ,

    I have to put in place of the000000 the numbers that I found in HKLM> Software> Microsoft> Windows NT> CurrentVersion> NetworkCards> (number). ?????

    thanks for your help

    • Jerrid Williams
      Comment by Jerrid Williams:

      Hey Simo,
      Sorry for the late reply but thanks for your question. I’m not 100% sure what you’re asking. If you already have 0000000… in place, that means this setting is not configured, so if you’re having issues with email routing due to DNS, I would look at the DNS settings that are configured on the NIC. If that looks good, then you’ll probably have to start troubleshooting DNS itself.
      I’m not suggesting you take what you found in the Reg Key and replace the 0000… with what’s in the registry.
      I hope this helps and makes sense.
      Thanks,
      Jerrid

  15. Comment by simo:

    My problem is that I have to reboot my server every day to send and receive my emails. I get the error 451 4.4.0 DNS Query failed.

    I do not know what to do, sometimes I restart my dns server, sometimes the transportation service.

    • Jerrid Williams
      Comment by Jerrid Williams:

      Hey Simo,
      It’s tough to say without looking at the issue and I’m to world’s worst remote troubleshooter, because I need to put my hands on it to be effective. I would guess that your servers are configured with a bad DNS server on the network side, maybe? Here is how I would start.
      First I would find a domain name that is not being delivered because of the 451 error. Then I would connect to each one of my DNS servers using NSLOOKUP and search for the email domain’s MX records. I’d be looking for a DNS server that’s failing. Hopefully that would point me in the right direction. Again, I’m just guessing here and trying to help get you moving in a direction, so I apologize if it’s not that helpful. Run through that and if you can’t get anywhere after that, let me know and we can try something else.
      Thanks,
      Jerrid

  16. Ping from How To Fix Dns Query Error Email in Windows:

    […] 451 4.4.0 DNS Query Failed – jerridwills.com – Humbly sharing … – Email not routing from Exchange 2007/2010 to Exchange 2013 during migration. Queue status shows 451 4.4.0 DNS Query Failed. […]

  17. Comment by Jabulani:

    Hi Jerrid, thanks for your Tutorial, may you please assist me if possible
    I’ve currently installed Exch 2013 on a Exch 2010 environment
    Exch 2013 – I’m able to send internally/externally without any issues but not receiving anything except from mailboxes on the same exch 2013 server
    I have not configured and Send or Receive connectors as yet
    Send Connectors available reside from the existing exch 2010 environment, I just added the new exch 2013 on them
    There a couple of Receive connectors residing on the exch 2010 environment but not yet migrated over
    How would I go about making sure that I can send/receive from both exch 2010 and 2013 and vise versa

  18. Comment by Lost:

    Excellent Post. Life Saver. May the Force be with You. Live long and Prosper.

  19. Comment by Rob:

    Thank you so much…
    I am working on an Exchange 2007 to 2013 upgrade at the moment & this issue had become a show stopper.
    However, implementing your solution fixed the issue instantly…

    You are a life saver.

    Thanks Again,

    Rob

  20. Ping from NIC DNS Registration and Exchange Servers | Troubleshooting Exchange:

    […] This is a fairly common error indicating there is an issue contacting the DNS Server or Servers that Exchange is configured to use. ReferenceA ReferenceB […]

Leave a Reply

Your email address will not be published. Required fields are marked *