HPE MSA 2040 (and 2050/2052) – SMTP/E-Mail Notification issue (through SMTP proxy/relay servers)

 Exchange Server, HP, iSCSI, Storage  38 Responses »
Jul 302016
 

I have identified and confirmed with 2 different HPE MSA 2040 SANs an issue with SMTP notifications. I’ve identified the issue with multiple firmware versions (even the latest version as of the date of this article being written). The issue stops e-mail notifications from being sent from the MSA 2040 when the SAN is configured with some SMTP relays. This issue also occurs on HPE MSA 2050 arrays, as well as HPE MSA 2052 arrays.

The main concern is that some administrators may configure the notification service believing it is working, when in fact it is not. This could cause problems if the SAN isn’t regularly monitored and if e-mail notifications alone are being used to monitor its health.

Configuration:

-MSA 2040 (2050/2052) Dual Controller SAN configured with SMTP notifications

-SMTP destination server configured as EXIM mail proxy (in my case a Sophos UTM firewall)

Symptoms:

-Test notifications are not received (even though the MSA confirms OK on transmission)

-Real notifications are not received

-Occasionally if numerous tests are sent in a short period of time (5+ tests within 3 seconds), one of the tests may actually go through.

Events and Logs observed:

/var/log/smtp/2016/06/smtp-2016-06-20.log.gz:2016:06:20-20:44:29 SERVERNAME exim-in[16539]: 2016-06-20 20:44:29 SMTP connection from [SAN:CONTROLLER:IP:ADDY]:36977 (TCP/IP connection count = 1)

/var/log/smtp/2016/06/smtp-2016-06-20.log.gz:2016:06:20-20:44:29 SERVERNAME exim-in[18615]: 2016-06-20 20:44:29 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[SAN:CONTEROLLER:IP:ADDY]:36977 input=”NOOP\r\n”

Resolution:

To resolve this issue, I tried numerous things however the only fix I could come up with, is configuring the SAN to relay SMTP notifications through a Exchange 2013 Server. To do this, you must create a special connector to allow SMTP relaying of anonymous messages (security must be configured on this connector to stop SPAM), and further modify security permissions on that send connector to allow transmission to external e-mail addresses. After doing this, e-mail notifications (and weekly SMTP reports) from the SAN are being received reliably.

Additional Notes:

-While in my case the issue was occurring with EXIM on a Sophos UTM firewall, I believe this issue may occur with other E-mail servers or SMTP relay servers.

-Tried configuring numerous exceptions on the SMTP relay with no effect.

-Rejected e-mail messages do not appear in the mail manager, only the SMTP relay log on the Sophos UTM.

-Always test SMTP notifications on a regular basis.

Shaw WideOpen Internet 150 / Business Internet 150

 Internet  2 Responses »
Jul 182016
 

Last Friday I read online Shaw had released a new offering for their coax (cable) customers. Speeds of 150mbps down and 15mbps up. Checked out their website and found the accompanying business package (Shaw Business Internet 150).

Called up, requested a quote and pulled the trigger. As always Shaw sweetened the deal for me as I’ve been a long time customer and have quite a few additional services (phone, extra cable modem, numerous static IPs, etc…).

Had the install booked for today, just got everything setup. Here’s some initial speed tests I want to share with you:

 

Speedtest.Net test of Business Internet 150

Speedtest.Net test of Business Internet 150

Speedtest.shaw.ca test of Business Internet 150

Speedtest.shaw.ca test of Business Internet 150

 

I have to say I’m quite impressed! I actually had to do some tweaking on my firewalls IPS system to handle the bandwidth.

The residential plan offers 1TB of data per month, whereas I believe the business plan offers unlimited data.

Happy downloading!

 

Update: August 13th, 2016

I just wanted to post an update after running with this service for a while now. It’s been great, no changes in speed, and latency is great!

I have however identified one issue (observed at some client sites): When scheduled or emergency maintenance is performed on Shaw’s side, when the maintenance completes, the cable modem reports as being online, however the internet connection is lost and doesn’t come back up. A restart or power cycle is required on the Hitron modem to bring services back online. I noticed this around a month ago with a client, and found out as of 2 weeks ago it is a confirmed issue, and Shaw is working on resolving this with the Hitron modems.

Also, some users may be noticing issues with VPN connections. When packets go in/out that are larger than 1500 bytes and are fragmented, I noticed on one Hitron modem that the cable modem was dropping these fragmented packets. This is noticeable on VPN connections. Typically a power cycle temporarily resolves this issue, however it occurs again within a couple days. Shaw confirmed this was a firmware related issue and rolled back the cable modem’s firmware for that specific client and it resolved the issue. I have not seen this issue occur on my Hitron modem. To test for this issue, send a ping from the effected site towards the internet to a host using this command, or send a ping from the internet to an IP at the effected site:

ping enterhosthere -l 2000

This command will send a 2000 byte ICMP packet to a host. Typically MTUs on network are 1500, so the packet will be fragmented and should go through. If it drops and you know the destination should accept it, then you are experiencing this issue. You should place a support call, explain the issue and request a firmware downgrade. This may have been resolved by the time I posted this note.