Tag Archives: Bindings

Exchange 2016 Edge Transport Server and IPv6

I’ve never paid too much attention to IPv6, except for turning it off completely in case of strange issues. And admit it, most of you do the same.

Security is getting more and more important, and as a messaging consultant you want your Exchange environment top notch. In the Dutch community NGN I was pointed to internet.nl where you can check your presence on the Internet. Lots of red crosses when it comes to messaging and IPv6, reason for me to start looking into that.

In this blogpost I will focus on the Exchange 2016 Edge Transport server (I have two for inbound and outbound email) and the Exchange 2016 Mailbox server, which is load balanced behind a Kemp LoadMaster LM3600.

Exchange 2016 Edge Transport server

Although a lot of Exchange admins disable IPv6 on their Exchange servers (through a registry key) in case of strange issues, it is not a recommended solution.

I have two Exchange 2016 Mailbox servers, one Exchange 2013 multi-role server and two Edge Transport servers (one Exchange 2013 and the other Exchange 2016) for inbound and outbound SMTP traffic. There are two MX records which point to these Edge Transport servers. Both have an external IPv4 address.

The first step of course is to add an IPv6 address to the network adapter of the Edge Transport servers, your provider should be able to supply you with a sufficient IP range.

image

This should not result in too much issues. If you want to ping your server on IPv6 make sure that the File and Printer Sharing (Echo request – ICMPv6-In) inbound rule is enabled in Windows Firewall.

The next step is to enable the Edge Transport server for IPv6 usage. The Mailbox server has everything setup by default, but the Edge Transport server is only configured for IPv4.

Open Exchange Management Shell and enter the following command:

Get-ReceiveConnector "*default*" | Select Bindings,RemoteIPRanges

And you’ll see that the Default Receive Connector is only bound to IPv4 and only accepts remote IPv4 connections:

image

You can bind IPv6 to the Default Receive Connector ([::]:25) and have it listen to all available remote IPv6 addresses (“,”::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) by using the following command in the Exchange Management Shell:

Get-ReceiveConnector "*default*" | Set-ReceiveConnector -Bindings "0.0.0.0:25","[::]:25" -RemoteIPRanges "0.0.0.0-255.255.255.255","::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"

You can use the Get-ReceiveConnector “*default*” command again to check if the changes were carried out correctly.

image

When I send an email from my Gmail account to a mailbox on my Exchange 2016 environment and check the header information I can see that it’s actually using my IPv6 address:

image

When using a site like https://internet.nl I can see that my servers are configured correctly.

image

Summary

In contrast to the Exchange 2016 Mailbox server, which is fully configured for use with IPv6, the Exchange 2016 Edge Transport server is only configured for IPv4.

This is not a big problem though, after adding an external IPv6 address to your Exchange 2016 Edge Transport server you can bind the local IPv6 address (or range) to the Default Receive Connector. You can also add all remote IPv6 ranges to the Default Receive Connector. After adding the FQDN to public DNS using an AAAA record you’ll see email coming in on IPv6.

Upgrade to CU8 Fails on Receive Connector misconfiguration

During an upgrade of an Exchange 2013 SP1 multi-role server to Exchange 2013 CU8 the upgrade crashed, apparantly on a strange Receive Connector configuration since the following error message was raised:
The values that you specified for the Bindings and RemoteIPRanges parameters conflict with the settings on Receive connector ” SERVER1\Relay Connector SERVER1″. Receive connectors assigned to different Transport roles on a single server must listen on unique local IP address & port bindings.

image

Continue reading Upgrade to CU8 Fails on Receive Connector misconfiguration