Hi all,

have created a distribution Group and add Global Security Group to it that contains members,but it is not working.Tried to Google for what Groups are accepted to be added,but cant find.

Does distribution Group work by adding Global Security Groups With members?

Of not what kind of Group Works?

thanks

Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

Having many of these below:

Event ID 16028 A forced configuration update for Microsoft.Transport.TransportServerConfiguration has successfully completed.

Followed by this every few hours.

Event ID 15004 Resource Pressure Increased from Medium to High

Version buckets =219

Did not have this issue before CU5 update.  Updated from CU5

Hey Guys,

since we upgraded from Exchange 2010 to Exchange 2013 (SP1) any SMTP Receive Connector we create (including the default one) show the same strange behavior. When you send an email (no matter if internal or external) it sometimes takes up to 30 seconds for the exchange server to acknowledge the message. Using the SMTP log I see the following entries:

2014-08-08T08:58:29.053Z,                       MAIL FROM:<test@test.de>,

2014-08-08T08:58:29.053Z,                       SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions

2014-08-08T08:58:29.053Z,                       receiving message

2014-08-08T08:58:29.053Z,                       250 2.1.0 Sender OK,

2014-08-08T08:58:29.053Z,                       RCPT TO:<fake@mail.de>,

2014-08-08T08:58:29.053Z,                       250 2.1.5 Recipient OK,

2014-08-08T08:58:29.053Z,                       DATA,

2014-08-08T08:58:29.053Z,                       354 Start mail input; end with <CRLF>.<CRLF>,

2014-08-08T08:58:29.068Z,                       Proxy destination(s) obtained from OnProxyInboundMessage event

2014-08-08T08:58:40.960Z,                       "250 2.6.0 <5160cd2a-9160-4a35-9007-1f9c17761bc0@--------> [InternalId=17776869639170, Hostname=-----------] Queued mail for delivery",

As you can see there’s a delay between 08:58:29 and 08:58:40 where nothing happens. The sending smtp service waits for the server to acknowledge the message – at least that’s what I guess. Since we use this kind of connector a lot for internal mail traffic with non-Outlook clients it is essential to get rid of this issue. For example using Trac Ticket system or Subversion also leads to slow or delayed responses. Creating a ticket in Trac sometimes takes up to a Minute since several emails are created and sent in background processes. We didn’t have this issue with Exchange 2010 and I actually couldn’t find much using google. 

Since there's no error showing it's quite difficult to track down the issue. After I did some researching I tried configuring the receive connector to change this behavior but nothing helped. I tested the following options:

-         MaxAcknowledgementDelay 00:00:00

-         TarpitInterval 00:00:00

-         MessageRateSource None

-         MessageRateLimit unlimited

-         MaxInboundConnectionPercentagePerSource: 20

-         MaxInboundConnectionPerSource 100

 I Also took a look at the Throttling Policies with no luck either. 

Calling the Microsoft support simply led to the typical “we do not support 3^rd party issues”. In fact this is NOT a third party issue but arguing didn't help. I tested every possible solution I found and after weeks I simply dont' have the slightest idea any more, how to solve the problem.

Some information about our Exchange environment:

-         Exchange DAG with 2 servers

-         Windows Server 2012 (latest updates)

-         Exchange 2013 SP1 installed

Disabling DAG members also didn’t help and all the members show the same behavior no matter which connector I choose to use.  

Any hint or idea would be very much appreciated.

Thanks,

Christoph

I've been trying to catch some really pesky spam from .RU that contain links in this format: 

http://username.somedomain.ru/?53245abunchofnumbers342342

I've been trying to inspect them using text patterns ('http.*\.ru/\?') but it doesn't seem Exchange 2013 will even touch HTML formatted email content. I've even attempted to create a rule that just looks for "http" in the email and they still get past the rule. Is there an option I need to turn on in Exchange to actually inspect these types of emails? Maybe a different condition I need to set?  This has been driving mecrazy for the last few weeks. Please, any help is appreciated.

Exchange 2013 CU3 CAS & MBX are on Windows 2012

I would like to use a Exchange 2013 CU5 as an Edge Transport on a separate server running Windows 2012 R2.

Is this compatible?

Using Exchange 2013 SP1 and it serves both roles. It is not in deployment yet as we are still testing. Currently we have a problem trying to receive mail (have not been able to since testing started) and we got to thinking we need a contingency plan should Exchange stop receiving mail for a period of time so that users could go to the ISP's webmail interface to see their mail. Plus, once we get the receive working we still want to have this "backup" to compare to for some period of time.

We use SMTP to send and receive mail using the  default connectors. Is there a setting to allow messages to remain at our ISP's server after they are brought into the mailboxes? 

Or is this controlled at the ISP?

Thank you!

Dear Support Team,

Now, current environment is Exchange Server 2007 and Outlook 2007. We have some question.

1. How do I scan external/public domain before email sent out? Should I config in Exchange and Outlook 2007?

2. How do I encrypted email? Do you suggested solution? required 3rd party? Exchange or outlook?

3. Can I encrypted email only email that send to external email?

Thank you.

Hi,

Got a few Exchange 2013 Servers that have the default receive connectors however using default FQDN, this obviously throws out errors RE Certificate because i do NOT have internal FQDN for servers on the certificate.

So i know i need to simply "Set-ReceiveConnector -fqdn ....." to use the default FQDN of mail.domain.com however i can't do this without removing Exchange Servers from "Permissions Group" in the receive connector.  As i currently get this error which is all expected;

If the AuthMechanism attribute on a Receive connector contains the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server...

My question is, what's the best way around this because my event log is filled with warning about the SSL certificate not matching FQDN of internal server.  I take it i need Exchange Servers permissions on default because i have multiple Exchange servers in my DAG, do i need it for all others OR am i better off  creating a new receive connector just for internal etc...  I have no real idea how to best tackle this;

Client Proxy SERVER1
Default FrontEnd SERVER1
Default SERVER1
Outbound Proxy Frontend SERVER1

Thanks!

Greetings, community! 
Maybe someone has faced a similar problem ?: 

Upgrading Exchange 2007 (with all the latest SP and UR) to Exchange 2013 SP1. 
I used to have a single physical server Exchange 2007 with of all roles. Instead, the role of EDGE I used MDaemon. 
Now all of the Exchange Server 2013 roles in the virtual configuration: 2CAS, 2MBX, 2EDGE in the DMZ. 

Actually what is the problem: 
When I subscribe two EDGEs, they are correctly subscribed and correctly created send connectors (2 pcs.) 
However, Exchange 2007 does not want to send e-mails via connector "EdgeSync - Site to Internet". In the Application Log every 3-5 minutes appear errors from MSExchange EdgeSync: 

Error 1033 
The Microsoft Exchange EdgeSync service could not decrypt the credential for Edge Transport server EDGE2.domain.local by using the private key of the internal transport certificate with exception Bad Data. 
. The certificate's thumbprint is 4EE35648FFB41AC5C3D603C9688499E99FC28D67 and its subject is CN = mail.domain.ru, OU = IT, O = DOMAIN, L = Moscow, S = Moscow, C = RU. Use the Enable-ExchangeCertificate cmdlet or New-ExchangeCertificate cmdlet in the Exchange Management Shell to set the correct Exchange internal transport certificate and resubscribe Edge Transport server EDGE2.domain.local. 

and 

The Microsoft Exchange EdgeSync service could not decrypt the credential for Edge Transport server EDGE1.domain.local by using the private key of the internal transport certificate with exception Not enough storage is available to process this command. The certificate's thumbprint is 4EE35648FFB41AC5C3D603C9688499E99FC28D67 and its subject is CN = mail.domain.ru, OU = IT, O = DOMAIN, L = Moscow, S = Moscow, C = RU. Use the Enable-ExchangeCertificate cmdlet or New-ExchangeCertificate cmdlet in the Exchange Management Shell to set the correct Exchange internal transport certificate and resubscribe Edge Transport server EDGE1.domain.local. 

Tried to change to Exchange 2007 SMTP certificate on the other, including and commercial and our own PKI, then did EDGE subscription again - same fault result. 

PS: I enable Edge Subscription on MBX servers with Exchange 2013. Exchange 2007 have different syntax for enable subscription, and whether it is necessary to activate it on the old MBX? 
PPS: If the message came through the connector "EdgeSync - Inbound to Site", it correctly reach the mailbox on Exchange 2007. Probably because going through SmartHost ... 
PPPS: Messages from mailbox stored on Exchange 2013 go through "EdgeSync - Site to Internet" connector without any problems.

greetings to all,

I have exchange 2013 run and working except two domains that i am not able to send email to.

one of them giving me NDR of

smtp.hec-group.com.tw rejected your message to the following email addresses:

smtp.hec-group.com.tw gave this error: Service unavailable

A problem occurred while delivering this message to this email address. Try sending this message again. If the problem continues, please contact your helpdesk.

Diagnostic information for administrators:

Generating server: Mail.TEST.local

 smtp.hec-group.com.tw Remote Server returned '500 5.0.0 Service unavailable'

Original message headers:

Received: from Mail.TEST.local (10.0.5.4) by Mail.TEST.local (10.0.5.4) with

 Microsoft SMTP Server (TLS) id 15.0.847.32; Fri, 22 Aug 2014 10:17:28 +0300

Received: from Mail.TEST.local ([fe80::bc95:26fb:eac0:be73]) by

 Mail.TEST.local ([fe80::bc95:26fb:eac0:be73%12]) with mapi id 15.00.0847.030;

 Fri, 22 Aug 2014 10:17:28 +0300

================================================================================

the other domain gave me this NDR

‏‏create by the server : Mail.TEST.localreceiving server: mx20.013net.net (194.90.9.19) Total retry attempts: 1

aaa Remote Server at mx20.013net.net (194.90.9.19) returned '400 4.4.7 Message delayed' 20/08/2014 16:28:29 - Remote Server at mx20.013net.net (194.90.9.19) returned '441 4.4.1 Error encountered while communicating with primary target IP address: "421 4.4.2 Connection dropped due to TimedOut." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 194.90.9.19:25'

i wondering if better for me implementing by using smart host in thereceiving connector

due to the fact my domain is 'new' to the 'world' ?

Thank you.

Hi,

I must ancrypt email traffic from printer to Exchange 2010. On receive Connector I enabled Transport Layer Security (TLS). But not Mutual Auth TLS.

In SMTP protocol logs I see:

,>,"220 <blabla> Microsoft ESMTP MAIL Service ready
at Thu, 28 Aug 2014 11:07:18 +0200",

,>,250-STARTTLS,

response is:

,<,STARTTLS,

>,220 2.0.0 SMTP server ready,

*,,Sending certificate

*,"CN=.....",Certificate subject

*,"CN=<blabla>",Certificate issuer name

*,.....,Certificate serial number

*,92D44750CB765456D278B6A72AB68BDA0BC4A4,Certificate thumbprint

but later is:

<,EHLO <printerName>,

*,,TlsDomainCapabilities='None'; Status='NoRemoteCertificate'

>,250-<serverName> Hello [IPAddres],

>,250-SIZE 10485760,

>,250-PIPELINING,

>,250-ENHANCEDSTATUSCODES,

>,250-AUTH LOGIN,

>,250-8BITMIME,

>,250-BINARYMIME,

>,250 CHUNKING,

<,MAIL From:email@blabla,

*,08D17EBB66CFE110;2014-08-28T09:07:18.802Z;1,receiving message

>,250 2.1.0 Sender OK,

<,RCPT To:recipient@blabla,

>,250 2.1.5 Recipient OK,

So is TLS working or not? IF not, why? Do I need certyficate on printer?

Adam

Hello,

In our organization when we are trying to send to some external users we recieve this error:

externaldomain.com #550 5.5.2 Sender address rejected: SPF fail - mydomain.com[External IP address] is not allowed to send mail with this domain. ##

Any ideas?

thanks

Hello,

Currently, I applied enterprise license on my Exchange 2013 servers. Is there a way that I can use to switch the licensing to standard without reinstall the exchange servers? Thanks

Hi guys,

After trying many possible fixes for this error, I'm back to square one.

We're currently running Exchange 2013 on Windows Server 2012 R2. Our accounts department are getting '550.5.7.1 unable to relay' when sending external email payslips out of MYOB. We have no problems sending/receiving internal or external emails in general. The error occurs only when sending emails out of MYOB. MYOB has no specific email services it needs to configure to run, it should be a straight forward process.

All the threads I've read regarding this error revolve around creating a new receive connector in Exchange for the Application (MYOB) 

I've followed this thread to a tee -http://exchangeserverpro.com/exchange-2013-configure-smtp-relay-connector/. Create new Receive connecter->Set everything up, IP, checked Anonymous, run shell script, run TELNET, get no 550.5.7.1 unable to relay error, but even after all that, still 550.5.7.1 unable to relay error appears when sending external emails out of MYOB.

Any help appreciated.

Cheers.

We are in the migration process from 2010 to 2013.  We have installed 2013 and have tested moving mailboxes and all is well except for our transport rules.

We have several rules where groups of users have any outgoing email with attachments have to have them approved by managers due to HIPAA compliance. 

After the initial install of 2013 we immediately had issues where managers had to approve the emails two or more times before they would go out.  We read where transport rules didn't translate well in the upgrade so we deleted the rules on the old server and recreated them on the new to no change.  Currently most senders have to have their email approved twice.  My email, since I'm the one guinnea pig that moved my mailbox to the new server, won't go out at all, it is stuck in a loop where it keeps going to my manager seemingly forever. 

I'm hesitating to migrate actual user mailboxes till this is settled, but this might also go away when we retire the 2010 server so I'm torn. 

I find little written about transport rule troubleshooting, but I did run a delivery report on an email I sent and found the message sent to an approver, approved, sent to an approver, approved, sent, etc.  I'll paste it below my signature.

Any assistance or insight is appreciated.

Jim

Delivery Report for  David.Simpson@wiXXXXXX.com‎‎

Submitted
3/26/2014 11:27 AM OPT-EXCH1
The message was submitted to opt-exch1.local.xxx.com.
Pending
3/26/2014 11:27 AM opt-exch1.local.xxx.com
Message was received by opt-exch1.local.giftrapcorp.com from opt-Exch1.local.xxx.com.
Failed
3/26/2014 11:27 AM opt-exch1.local.xxx.com
The message was rejected by a rule set at the organization level. For more information, check your organization's Transport rules.
Pending
3/26/2014 11:27 AM opt-exch1.local.xxx.com
The message was sent to a moderator. Messages sent to this address must be approved by a moderator before delivery.

3/26/2014 11:32 AM mail01.local.xxx.com
The message was approved by the moderator.

3/26/2014 11:32 AM mail01.local.xxx.com
The message was sent to a moderator. Messages sent to this address must be approved by a moderator before delivery.

3/26/2014 11:32 AM mail01.local.xxx.com
The message was approved by the moderator.

3/26/2014 11:32 AM mail01.local.xxx.com
The message was sent to a moderator. Messages sent to this address must be approved by a moderator before delivery.

3/26/2014 11:33 AM mail01.local.xxx.com
The message was approved by the moderator.

3/26/2014 11:33 AM mail01.local.xxx.com
The message was sent to a moderator. Messages sent to this address must be approved by a moderator before delivery.
Failed
3/26/2014 11:34 AM mail01.local.xxx.com
The moderator has rejected this message.

Jim Tall

My apology if this is posted under incorrect forum category.

We have issue with SCOM Alerts and we use Exchange 2013 server and have provided relay permission for SCOM server. We had configured channel, subscriber and notification subscription on SCOM pointing exchange hub transport server. 

Server : SCOM 2012r2 on Windows 2012

Server : Exchange 2013 on Windows 2012

When i searched through google, most of them says something to do with Exchange server. Please help!

Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

Hello Anyone,

Anyone can help? I've prepare MS Exchange 2013 already, for Migration MS Exchange 2007 and I got the issue.
My issue is I can't send email from Exchange 2007 to Exchagen 2013, but for Exchange 2013 can send email to Exchange 2007,
is my issue only internal email for external email both Exchange server is working fine.

Regards,

Eakkasak

my emails are suddenly stuck in queue with delayed error. wired thing is if i check the message details it shows me connector of my old exchange server which i removed months ago(MAGEX01) as i migrate my exchange 2007 to 2013 but i dk why it shows old exchange connector.. I highlight it below.

Identity: MAG-EX-01\32987\12644383719439
Subject: Vista mail

Internet Message ID: <7deed6c3-77b4-410b-9f05-5be4e8cdc020@MAG-EX-01.mag.local>
From Address: <>
Status: Active
Size (KB): 12
Message Source Name: Pickup
Source IP: ::
SCL: 0
Date Received: 8/26/2014 12:30:01 AM
Expiration Time: 8/28/2014 12:30:01 AM
Last Error: 
Queue ID: MAG-EX-01\32987
Recipients:  stats@vista.sophos.com;2;2;[{LRT=};{LED=400 4.4.7 Message delayed};{FQDN=};{IP=}];0;CN=Internet Mail SMTP Connector (MAGEX01),CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=MAG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mag,DC=local;0