I'm having trouble with basic Exchange 2013 mail flow troubleshooting

September 24, 2015, 11:44 am

≫ Next: [Exchange 2013]Does not exchange support widecard smtp address?

≪ Previous: RBL not working on Exchange 2013 Edge Transport

We recently upgraded from Exchange 2007 to 2013. I'm still adjusting to the many changes. I'm trying to troubleshoot a problem where one of our managers is reporting that an external client isn't getting all expected mail from us. We have a SharePoint application that sends automated replies.

This particular end-user made 4 inquiries, and says they only received one response from us instead of 4.

So in Exchange 2007 I would open the toolbox, open the mail flow troubleshooter, and enter the recipients email address to see how many times my transport server tried to send mail.

In this case, if I saw 4 entries, I could confirm that our application did indeed hit the relay server 4 times, then I could start looking in other areas, like on their end, as to why they didn't receive them.

I have no NDR's coming back from the recipient. This recipient has been receiving mails from us for years.

The mail flow delivery reports lone-tool in EAC only seem to work when there is a mailbox involved, but in this case the local SMTP service on my Sharepoint server is directly contacting my transport server and relaying mail to the outside.

So i tried looking at the transport logs. I did a test email and found the below log data from me sending a test email with subject "Test2"

The only thing i can see that looks fishy is the "No suitable shadow servers,,SMTP,HAREDIRECTFAIL" but I don't even know if that is an issue. I used the MX record, then tried telnetting to their mail server on port 25 from mine and did a manual test which seemed to work just fine. Is the below method the only way for me to look and see if the older missing emails were relayed off my server?

MSGTRK2015092418-1.LOG(473): 2015-09-24T18:11:57.027Z,,,,Arthas,No suitable shadow servers,,SMTP,HAREDIRECTFAIL,5952824672375,<249e53b07a54436e8598c23cc3f20da9@Arthas.ibts.org>,1c3f8cd2-5b83-491a-af72-08d2c50ba240,1004cprocessing@rels.info,,15466,1,,,Test2,srubin@ibts.org,srubin@ibts.org,,Originating,,,,S:DeliveryPriority=Normal;S:AccountForest=ibts.org
MSGTRK2015092418-1.LOG(474): 2015-09-24T18:11:57.137Z,192.168.25.12,ARTHAS.ibts.org,192.168.25.12,Arthas,08D2C509C256A5F3;2015-09-24T18:11:57.012Z;0,ARTHAS\Default Hub connector,SMTP,RECEIVE,5952824672375,<249e53b07a54436e8598c23cc3f20da9@Arthas.ibts.org>,1c3f8cd2-5b83-491a-af72-08d2c50ba240,1004cprocessing@rels.info,,15466,1,,,Test2,srubin@ibts.org,srubin@ibts.org,0cI: ,Originating,,192.168.20.145,fe80::1dff:eb3:dbfd:d269%21,S:FirstForestHop=ARTHAS.ibts.org;S:DeliveryPriority=Normal;S:AccountForest=ibts.org
MSGTRK2015092418-1.LOG(475): 2015-09-24T18:11:57.152Z,,Arthas,,,,,AGENT,AGENTINFO,5952824672375,<249e53b07a54436e8598c23cc3f20da9@Arthas.ibts.org>,1c3f8cd2-5b83-491a-af72-08d2c50ba240,1004cprocessing@rels.info,,19735,1,,,Test2,srubin@ibts.org,srubin@ibts.org,,Originating,,192.168.20.145,fe80::1dff:eb3:dbfd:d269%21,S:CompCost=|ETR=0;S:DeliveryPriority=Normal;S:AccountForest=ibts.org
MSGTRK2015092418-1.LOG(476): 2015-09-24T18:11:57.152Z,,,,Arthas,ContentConversion,,ROUTING,TRANSFER,5952824672376,<249e53b07a54436e8598c23cc3f20da9@Arthas.ibts.org>,1c3f8cd2-5b83-491a-af72-08d2c50ba240,1004cprocessing@rels.info,,14682,1,,5952824672375,Test2,srubin@ibts.org,srubin@ibts.org,,Originating,,,,S:DeliveryPriority=Normal;S:AccountForest=ibts.org
MSGTRK2015092418-1.LOG(477): 2015-09-24T18:11:58.371Z,192.168.25.12,Arthas,207.67.116.86,mx02.rels.info,;250 B56043ce80000 Message accepted for delivery;ClientSubmitTime:,To Internet,SMTP,SEND,5952824672376,<249e53b07a54436e8598c23cc3f20da9@Arthas.ibts.org>,1c3f8cd2-5b83-491a-af72-08d2c50ba240,1004cprocessing@rels.info,250 recipient ok <1004cprocessing@rels.info>,14790,1,,,Test2,srubin@ibts.org,srubin@ibts.org,2015-09-24T18:11:56.027Z;SRV=ARTHAS.ibts.org:TOTAL-SUB=0.984|SA=0.968|MTSSDA=0.002|MTSSDC=0.005;MTSS|MTSSD;SRV=ARTHAS.ibts.org:TOTAL-HUB=1.359|SMRDI=0.003|SMRCL=0.082|SMRC=0.082|SMR=0.085|CATRS-Index Routing Agent=0.010|CATRS=0.011|CATRT-Journal Agent=0.003|CATRT=0.003|CCC=0.005|CAT=0.021|QDE=0.213|SMSC=0.244|SMS=0.460,Originating,,,,S:E2ELatency=2.344;S:ExternalSendLatency=1.125;S:Microsoft.Exchange.Transport.MailRecipient.RequiredTlsAuthLevel=Opportunistic;S:Microsoft.Exchange.Transport.MailRecipient.EffectiveTlsAuthLevel=EncryptionOnly;S:DeliveryPriority=Normal;S:AccountForest=ibts.org
MSGTRKMS2015092418-1.LOG(115): 2015-09-24T18:11:57.012Z,fe80::1dff:eb3:dbfd:d269,ARTHAS.ibts.org,fe80::1dff:eb3:dbfd:d269%21,Arthas,08D2B4C6F8D41B7B,,STOREDRIVER,RECEIVE,0,<249e53b07a54436e8598c23cc3f20da9@Arthas.ibts.org>,1c3f8cd2-5b83-491a-af72-08d2c50ba240,1004cprocessing@rels.info,To,14876,1,,,Test2,srubin@ibts.org,srubin@ibts.org,04I: ,Originating,,192.168.20.145,fe80::1dff:eb3:dbfd:d269%21,S:MailboxDatabaseGuid=2a2fec18-ee56-4e39-b985-ca587e33279e;S:ItemEntryId=00-00-00-00-CB-C7-4A-72-27-EE-62-45-8F-7F-ED-9F-2D-4B-6C-0D-07-00-A5-42-E0-1B-80-F1-E2-4E-BF-2A-CF-39-C9-28-19-E1-00-27-4A-D1-BB-D9-00-00-F2-B5-1E-2C-A0-07-36-41-AD-18-07-68-12-29-51-93-00-00-1C-65-59-19-00-00;S:DeliveryPriority=Normal;S:AccountForest=ibts.org
MSGTRKMS2015092418-1.LOG(116): 2015-09-24T18:11:57.137Z,fe80::1dff:eb3:dbfd:d269%21,ARTHAS,,ARTHAS.ibts.org,"MDB:2a2fec18-ee56-4e39-b985-ca587e33279e, Mailbox:6a63e51b-ad61-4da3-8142-5a2457d693d7, Event:29547146, MessageClass:IPM.Note, CreationTime:2015-09-24T18:11:56.027Z, ClientType:MOMT",,STOREDRIVER,SUBMIT,,<249e53b07a54436e8598c23cc3f20da9@Arthas.ibts.org>,1c3f8cd2-5b83-491a-af72-08d2c50ba240,1004cprocessing@rels.info,,,1,,,Test2,srubin@ibts.org,,2015-09-24T18:11:56.027Z;LSRV=ARTHAS.ibts.org:TOTAL-SUB=1.109|SA=0.968|MTSSDA=0.002|MTSSDC=0.005|SMSC=0.006|SMS=0.085|MTSSDMO=0.092|MTSSDPL=0.003|MTSSDSS=0.004|MTSSD=0.109|MTSS=0.109,Originating,,192.168.20.145,,S:ItemEntryId=00-00-00-00-CB-C7-4A-72-27-EE-62-45-8F-7F-ED-9F-2D-4B-6C-0D-07-00-A5-42-E0-1B-80-F1-E2-4E-BF-2A-CF-39-C9-28-19-E1-00-27-4A-D1-BB-D9-00-00-F2-B5-1E-2C-A0-07-36-41-AD-18-07-68-12-29-51-93-00-00-1C-65-59-19-00-00

Any help is greatly appreciated!

↧

[Exchange 2013]Does not exchange support widecard smtp address?

September 23, 2015, 6:39 pm

≫ Next: Email encryption like the new 365 hosted Excahnge feature

≪ Previous: I'm having trouble with basic Exchange 2013 mail flow troubleshooting

Hi ,everyone,

I am trying to make exchange 2013 works in following way:

We have several email address for public , like

help@mycustomersupport.com,

help1@mycustomersupport.com,

........

I want all of above email received, go to the mailbox with default smtp address customersupport@mydomain.com.

I am trying to accomplish in this way:

1. the exchange default domain is mydomain.com

2. Add mycustomersupport.com as authorized accept domain.

3. update mailbox customersupport@mydomain.com, add a smtp address binging to "*@mycustomersupport.com"

But it does not work,

Exchange reply NDR for user mailbox not found , testing with email send to help@mycustomersupport.com

Would anyone suggest any approach? Does exchange support widecard smtp like *@mycustomersupport.com?

↧

Email encryption like the new 365 hosted Excahnge feature

September 28, 2015, 9:07 am

≫ Next: Exchange 2013 Outlook Anywhere Autodiscovery Not able to set up Profiles (Exchange Server is Unavailable)

≪ Previous: [Exchange 2013]Does not exchange support widecard smtp address?

Forgive my lack of keeping up!

Does anyone know if the new email encryption feature in hosted Exchange (365) can be deployed in house? The one that allows a one time password, etc?

Thanks!

Bret

↧

Exchange 2013 Outlook Anywhere Autodiscovery Not able to set up Profiles (Exchange Server is Unavailable)

September 25, 2015, 4:49 am

≫ Next: How to secure anonymous relay in exchange 2013? can we have an alternative for this?

≪ Previous: Email encryption like the new 365 hosted Excahnge feature

Hi,

I have a 3 node Exchange 2013 (CU9) with a CAS Server and 2 node (MBX Servers) DAG which has been working fine for well over 8 months but during some Office 365 Preparation work, I noticed that Outlook clients (INTERNALLY only) were continually prompting for credentials (that were subsequently not accepted), to log onto their Exchange mailboxes.

By setting the IISAuthenticationMethods set to "Basic, Ntlm, Negotiate" (see below settings), I was able to get the EXISTING INTERNAL outlook clients to connect (they just ignore the credentials request)

ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : True
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}

but I can still NOT set up new profiles. Autodiscovery should obviously find the CAS server and return the mailbox GUID but it resolves to the Mailbox Node Server instead and then refuses to connect.

I have a different internal to external Domain so have used an autodiscover SRV setting on my internal DNS that points to the external name on my SSL certificate (eg mail.domain.com) and this all used to work so a bit stumped as to what to troubleshoot.

John Philipson

↧

How to secure anonymous relay in exchange 2013? can we have an alternative for this?

September 20, 2015, 10:13 pm

≫ Next: Issue sending to group with nested groups restricted to authenticated users

≪ Previous: Exchange 2013 Outlook Anywhere Autodiscovery Not able to set up Profiles (Exchange Server is Unavailable)

Hi,

We use exchange 2013 CU5,

In our environemnt there are certain application which uses anonymous relay. For this we created a dedicated "Application Relay" connector and added our HLB (KEMP 2200) IP in this connector. In HLB we have option to allow IPs of APPLICATION SERVERS to allow for relaying.

The above is the method we folow usually

Now

1. Our security team is insisting that this anonymous method should not be used as oer policy

2. How we can modify or above setup in a secured way?

3. Current settings for "Default Frontend " shows Anonymos selected.....is this correct?

Manju Gowda

↧

Issue sending to group with nested groups restricted to authenticated users

September 30, 2015, 8:24 am

≫ Next: Remote Server returned '550 5.7.1 Not authorized

≪ Previous: How to secure anonymous relay in exchange 2013? can we have an alternative for this?

Post upgrade from exchange 2010 we had a group that we would use and publish externally: groupA- the members of this distribution list were groupb groupc and groupd - groupA does not require that all senders are authenticated, (or in delivery managment senders inside and outside of my oranization is selected) and in exchange 2010 received emails from outside the company and they were received by the members of groupb/c/d. Since migrating to exchange 2013, when sending to group A we are getting NDR from groups b/c/d saying senders must be authenticated.

my workaround is to setup groups b/c/d to receive email from all senders, but im a bit loathe to expose all of my nested distribution lists to the outside world when this wasnt an issue in exch2010.

would anyone have any ideas on where to look on this? finding this particular query very difficult to search.

↧

Remote Server returned '550 5.7.1 Not authorized

September 29, 2015, 5:21 am

≫ Next: Server components states keep getting marked at inactive

≪ Previous: Issue sending to group with nested groups restricted to authenticated users

We are in the middle of a Migration from Exchange 2003 to 2010 to 2013.

2003 is no more. After moving 3 mailboxes to the 2013 Servers, we are not able to send mails with them.

We have 3 Locations (1 Root and 2 subdomains)

Domain a.de (root)

Subdomain b.a.de

Subdomain c.a.de

a.de is able to send to the subdomains, but b and c are not.

If a user in c trys to send an internal mail to a or b, the mail Returns with:

Remote Server returned '550 5.7.1 Not authorized

The same happens from b to c or a

We are working with Microsoft Support on that. We have been told to execute "Setup /preparealldomains" in all Domains.

Does this make any sense? The execution fails in b and c as there is a third subdomain d.a.de which cannot be reached from the sites b and c. (no ip Routing to b and c but a, no Exchange site planned in d)

(hope that i haven´t convused too much....)

↧

Server components states keep getting marked at inactive

April 3, 2015, 6:07 am

≫ Next: Users are unable to receive email with attachement >= 17MB , sender haven't any NDR

≪ Previous: Remote Server returned '550 5.7.1 Not authorized

I have a new Exchange 2013 server on premisses. Twice in the last week some of the server components have been marked as inactive. Is there a way ti figure out why this is happening?

This is randomly stopping mail flow from our ticket tracking software because it uses POP3

These are the commands I had to run before. I will correct this IMAP proxy one in just a bit;

Set-ServerComponentState -Identity lo-exch2 -Component imapproxy -Requester HealthAPI -State Active

Set-ServerComponentState -Identity lo-exch2 -Component forwardsyncdaemon -Requester HealthAPI -State Active

Set-ServerComponentState -Identity lo-exch2 -Component PopProxy -Requester HealthAPI -State Active

Set-ServerComponentState -Identity lo-exch2 -Component provisioningrps -Requester HealthAPI -State Active

↧

Users are unable to receive email with attachement >= 17MB , sender haven't any NDR

October 5, 2015, 8:20 pm

≫ Next: Delayed delivery of messages for mailboxes

≪ Previous: Server components states keep getting marked at inactive

Hello all,

I have a strange problem that is my exchange 2013 need to receive some email from EXTERNAL which may contains 15-20MB attachement.

Before I have changed the "Transportconfig" and receive connector, the sender will receive the NDR showing "552 5.3.4 Message size exceeds fixed maximum message size"

But once I have updated the "Transportconfig" and receive connection to both size 28MB (include 33% increasement of MIME), the sender now found that he will not receive any NDR, BUT the email is not coming thru to our users.

Please help me out ..... thanks a lot !

*Remarks: Users have NO size restrictions individually set.

Attached the configuration file

Transport Config

AddressBookPolicyRoutingEnabled : False
AnonymousSenderToRecipientRatePerHour : 1800
ClearCategories : True
ConvertDisclaimerWrapperToEml : False
DSNConversionMode : UseExchangeDSNs
JournalArchivingEnabled : False
ExternalDelayDsnEnabled : True
ExternalDsnDefaultLanguage :
ExternalDsnLanguageDetectionEnabled : True
ExternalDsnMaxMessageAttachSize : 28 MB (29,360,128 bytes)
ExternalDsnReportingAuthority :
ExternalDsnSendHtml : True
ExternalPostmasterAddress :
GenerateCopyOfDSNFor : {}
HygieneSuite : Standard
InternalDelayDsnEnabled : True
InternalDsnDefaultLanguage :
InternalDsnLanguageDetectionEnabled : True
InternalDsnMaxMessageAttachSize : 65 MB (68,157,440 bytes)
InternalDsnReportingAuthority :
InternalDsnSendHtml : True
InternalSMTPServers : {}
JournalingReportNdrTo : <>
LegacyJournalingMigrationEnabled : False
LegacyArchiveJournalingEnabled : False
LegacyArchiveLiveJournalingEnabled : False
RedirectUnprovisionedUserMessagesForLegacyArchiveJournaling : False
RedirectDLMessagesForLegacyArchiveJournaling : False
MaxDumpsterSizePerDatabase : 30 MB (31,457,280 bytes)
MaxDumpsterTime : 7.00:00:00
MaxReceiveSize : 28 MB (29,360,128 bytes)
MaxRecipientEnvelopeLimit : 500
MaxRetriesForLocalSiteShadow : 2
MaxRetriesForRemoteSiteShadow : 4
MaxSendSize : 14 MB (14,680,064 bytes)
MigrationEnabled : False
OpenDomainRoutingEnabled : False
RejectMessageOnShadowFailure : False
Rfc2231EncodingEnabled : False
SafetyNetHoldTime : 2.00:00:00
ShadowHeartbeatFrequency : 00:02:00
ShadowMessageAutoDiscardInterval : 2.00:00:00
ShadowMessagePreferenceSetting : PreferRemote
ShadowRedundancyEnabled : True
ShadowResubmitTimeSpan : 03:00:00
SupervisionTags : {Reject, Allow}
TLSReceiveDomainSecureList : {}
TLSSendDomainSecureList : {}
VerifySecureSubmitEnabled : False
VoicemailJournalingEnabled : True
HeaderPromotionModeSetting : NoCreate
Xexch50Enabled : True

Receive Connectors config

RunspaceId : 3622a035-49ac-480d-89d0-a4e0d01e23cd
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:2525}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
SmtpUtf8Enabled : False
BareLinefeedRejectionEnabled : False
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
ProxyEnabled : False
AdvertiseClientSettings : False
Fqdn :
ServiceDiscoveryFqdn :
TlsCertificateName :
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : Unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : Unlimited
MaxInboundConnectionPercentagePerSource : 100
MaxHeaderSize : 128 KB (131,072 bytes)
MaxHopCount : 60
MaxLocalHopCount : 12
MaxLogonFailures : 3
MaxMessageSize : 50 MB (52,428,800 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 5000
PermissionGroups : ExchangeUsers, ExchangeServers, ExchangeLegacyServers
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : EXCH01
TransportRole : HubTransport
SizeEnabled : EnabledWithoutValue
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default EXCH01
DistinguishedName
Identity : EXCH01\Default EXCH01
Guid : c7b3fc09-ae83-46a4-83e4-54f5af73d887
ObjectCategory : .local/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 9/29/2015 2:54:53 PM
WhenCreated : 8/14/2015 4:20:57 PM
WhenChangedUTC : 9/29/2015 6:54:53 AM
WhenCreatedUTC : 8/14/2015 8:20:57 AM
OrganizationId :
Id : EXCH01\Default EXCH01
OriginatingServer :
IsValid : True
ObjectState : Unchanged

RunspaceId : 3622a035-49ac-480d-89d0-a4e0d01e23cd
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {[::]:465, 0.0.0.0:465}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
SmtpUtf8Enabled : False
BareLinefeedRejectionEnabled : False
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
ProxyEnabled : False
AdvertiseClientSettings : False
Fqdn :
ServiceDiscoveryFqdn :
TlsCertificateName :
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : 5
MessageRateSource : User
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 128 KB (131,072 bytes)
MaxHopCount : 60
MaxLocalHopCount : 12
MaxLogonFailures : 3
MaxMessageSize : 50 MB (52,428,800 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : ExchangeUsers, ExchangeServers
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : True
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : EXCH01
TransportRole : HubTransport
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Client Proxy EXCH01
DistinguishedName :
Identity : EXCH01\Client Proxy EXCH01
Guid : d9d34ad0-fb91-4991-99a7-a361413297d0
ObjectCategory : .local/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 9/29/2015 2:55:16 PM
WhenCreated : 8/14/2015 4:20:57 PM
WhenChangedUTC : 9/29/2015 6:55:16 AM
WhenCreatedUTC : 8/14/2015 8:20:57 AM
OrganizationId :
Id : EXCH01\Client Proxy EXCH01
OriginatingServer :
IsValid : True
ObjectState : Unchanged

RunspaceId : 3622a035-49ac-480d-89d0-a4e0d01e23cd
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
SmtpUtf8Enabled : False
BareLinefeedRejectionEnabled : False
DomainSecureEnabled : True
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
ProxyEnabled : False
AdvertiseClientSettings : False
Fqdn :
ServiceDiscoveryFqdn :
TlsCertificateName :
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : Unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 128 KB (131,072 bytes)
MaxHopCount : 60
MaxLocalHopCount : 12
MaxLogonFailures : 3
MaxMessageSize : 50 MB (52,428,800 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers, ExchangeServers, ExchangeLegacyServers
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : EXCH01
TransportRole : FrontendTransport
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default Frontend EXCH01
DistinguishedName :
Identity : EXCH01\Default Frontend EXCH01
Guid : 04eb7248-4d13-4576-9902-5c1404dfff28
ObjectCategory : .local/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 9/29/2015 2:54:46 PM
WhenCreated : 8/14/2015 4:36:34 PM
WhenChangedUTC : 9/29/2015 6:54:46 AM
WhenCreatedUTC : 8/14/2015 8:36:34 AM
OrganizationId :
Id : EXCH01\Default Frontend EXCH01
OriginatingServer :
IsValid : True
ObjectState : Unchanged

RunspaceId : 3622a035-49ac-480d-89d0-a4e0d01e23cd
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {[::]:717, 0.0.0.0:717}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
SmtpUtf8Enabled : False
BareLinefeedRejectionEnabled : False
DomainSecureEnabled : True
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
ProxyEnabled : False
AdvertiseClientSettings : False
Fqdn : EXCH01.zhcpa.local
ServiceDiscoveryFqdn :
TlsCertificateName :
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : Unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 128 KB (131,072 bytes)
MaxHopCount : 60
MaxLocalHopCount : 12
MaxLogonFailures : 3
MaxMessageSize : 50 MB (52,428,800 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : ExchangeServers
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : EXCH01
TransportRole : FrontendTransport
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Outbound Proxy Frontend EXCH01
DistinguishedName :
Identity : EXCH01\Outbound Proxy Frontend EXCH01
Guid : a2181b49-076c-4ab6-8770-1015cc36173e
ObjectCategory : .local/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 9/29/2015 2:55:08 PM
WhenCreated : 8/14/2015 4:36:34 PM
WhenChangedUTC : 9/29/2015 6:55:08 AM
WhenCreatedUTC : 8/14/2015 8:36:34 AM
OrganizationId :
Id : EXCH01\Outbound Proxy Frontend EXCH01
OriginatingServer :
IsValid : True
ObjectState : Unchanged

RunspaceId : 3622a035-49ac-480d-89d0-a4e0d01e23cd
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
Banner :
BinaryMimeEnabled : True
Bindings : {[::]:587, 0.0.0.0:587}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
SmtpUtf8Enabled : False
BareLinefeedRejectionEnabled : False
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
ProxyEnabled : False
AdvertiseClientSettings : False
Fqdn :
ServiceDiscoveryFqdn :
TlsCertificateName :
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : 5
MessageRateSource : User
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 128 KB (131,072 bytes)
MaxHopCount : 60
MaxLocalHopCount : 12
MaxLogonFailures : 3
MaxMessageSize : 50 MB (52,428,800 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : ExchangeUsers
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : True
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : EXCH01
TransportRole : FrontendTransport
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Client Frontend EXCH01
DistinguishedName :
Identity : EXCH01\Client Frontend EXCH01
Guid : af5ba61e-d031-41d1-9e07-6f2d667b5e9d
ObjectCategory :.local/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 9/29/2015 2:55:23 PM
WhenCreated : 8/14/2015 4:36:35 PM
WhenChangedUTC : 9/29/2015 6:55:23 AM
WhenCreatedUTC : 8/14/2015 8:36:35 AM
OrganizationId :
Id : EXCH01\Client Frontend EXCH01
OriginatingServer :
IsValid : True
ObjectState : Unchanged

↧

Delayed delivery of messages for mailboxes

October 7, 2015, 8:02 am

≫ Next: Edge Exchange Server 2010/2016: High Availability

≪ Previous: Users are unable to receive email with attachement >= 17MB , sender haven't any NDR

I have a task to implement for a group of mailboxes:
1. Messages from a specific list of addresses in the mailboxes are delivered immediately
2. All other messages are stored in a buffer and are delivered to the mailboxes on a schedule (for example, 2 times a day)
It is possible to implement?

↧

Edge Exchange Server 2010/2016: High Availability

October 11, 2015, 12:20 am

≫ Next: microsoft outlook has accepted this meeting on behalf of

≪ Previous: Delayed delivery of messages for mailboxes

1) How get High Availabilty on Edge Exchange Server 2010 ?

2) How get High Availabilty on Edge Exchange Server 2016 ?

↧

microsoft outlook has accepted this meeting on behalf of

August 5, 2014, 8:25 am

≫ Next: Is it possible to use multiple layers of anti-spam filtering Exchange 2013?

≪ Previous: Edge Exchange Server 2010/2016: High Availability

Having the same problem as these threads below:

http://community.office365.com/en-us/f/158/t/230472.aspx

http://community.office365.com/en-us/f/158/t/255913.aspx

Can't pinpoint what might have caused this to start, could be when I installed CU5 recently?

Any thoughts?

Thanks!

Update - I migrated these mailboxes from one forest to another using the Cross-Forest Mailbox Migration tool in Exchange 2013. The messages began once the Cross-Forest Migration completed. All the permissions migrated and worked correctly, it just looks like it is causing a problem somewhere else.

↧

Is it possible to use multiple layers of anti-spam filtering Exchange 2013?

October 12, 2015, 12:51 pm

≫ Next: Can I create this transport rule

≪ Previous: microsoft outlook has accepted this meeting on behalf of

Hello.

I have an on-premise Exchange 2013 (all roles on the one server) used in conjunction with McAfee's cloud based email protection (anti-spam and anti-malware) product. All mail goes to McAfee in the cloud and then is cleaned and delivered on premise.

My question is, would there be any harm in also enabling the anti-spam features on the Exchange server itself?

The reason we are considering this is because we would like to utilize some of the Sender Filtering available on Exchange anti-spam, which is not an option on McAfee.

Specifically the ability to filter SMTP FROM values.

Any feedback or help would be very appreciated.

Thank-you

Fred Weymouth

↧

Can I create this transport rule

October 6, 2015, 8:35 pm

≫ Next: Problems when forwarding NDR's the get translated to Chinese garble (if it is Chinese :) )

≪ Previous: Is it possible to use multiple layers of anti-spam filtering Exchange 2013?

Is it possible to create an exchange 2013 transport rule that will do the following:

IF the message header indicates that the email has originated in domain X

AND the the email is addressed to recipient Y

AND the subject line does not contain an 8 digit number

THEN either redirect the email to a different recipient

OR send it to a specific folder in recipient Y's mail file

Thanks in advance

Tom

↧

Problems when forwarding NDR's the get translated to Chinese garble (if it is Chinese :) )

September 17, 2014, 11:50 pm

≫ Next: Log onto incoming mail server (POP3): Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.

≪ Previous: Can I create this transport rule

Hi There

We're running on an Exchange 2013 server. When users get a NDR (look OK at this time), but when forwarding the NDR to system admin, they get garbled into Chinese (or what looks like Chinese). Any ideas on solving this ?

Kind Regards
Kim

Kind Regards Kim

↧

Log onto incoming mail server (POP3): Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.

April 15, 2015, 11:17 pm

≫ Next: HubTransport Unhealthy

≪ Previous: Problems when forwarding NDR's the get translated to Chinese garble (if it is Chinese :) )

Hi All,

This is my first post to ms exchange forum am getting Log onto incoming mail server (POP3): Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance. in my outlook clients, till last Sunday (12.04.15) my exchange was well & good, Monday morning suddenly the problem started like none of our outlook pop3 clients are able to communicate with exchange (rest IMAP, SMTP & Exchange accounts are working fine). i have tried with all port no but no luck. please help me to get raid of this one.

Exchange 2013 CU6 with server 2012 Std 64Bit

Thanks,

Murali

↧

HubTransport Unhealthy

October 13, 2015, 1:42 pm

≫ Next: Exchange 2013 (on premise) Disclaimer Rule not working for distribution/security group

≪ Previous: Log onto incoming mail server (POP3): Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.

Hi, all.

I have an Exchange 2013 DAG with 4 mailbox servers and 2 CAS servers in 2 sites: 1 CAS and 2 MBs in each site. There are 6 databases, and all MB servers hold a copy of each database. So there are 1 live and 3 copies of each database.

Two of my MB servers – one in each site - show unhealthy HubTransport. Luckily, the other MB server in each site is working, so mail is still flowing. But I need to solve why these HubTransports are showing unhealthy. Both servers behave as follows:

I run: Get-HealthReport -Identity EX104 | Where {$_.AlertValue -eq Unhealthy"} | ft -a

Results:

Server     State         HealthSet        AlertValue LastTransitionTime      MonitorCount
------       -----          ---------          ----------   ------------------         ------------
EX104      Online        HubTransport   Unhealthy 10/12/2015 12:19:58 PM 123

Then I run: Get-ServerHealth EX104.rai-energy.local | ?{$_.HealthSetName -eq "HubTransport"} | where {$_.AlertValue -eq "Unhealthy"} | ft -a name,targetresource,alertvalue

Results:

Name                                                                   TargetResource AlertValue
----                                                                      --------------       ----------
Transport.ReceiveConnectorAvailabilityLow.Monitor       HubTransport     Unhealthy

Current status:
Mail queues are clear and mail flows ok. The Application and System event logs are pretty clean - nothing that I think is related to this issue.

What has changed:
Last week we raised the domain functional level from 2003 to 2008R2. The DB servers then had some issues connecting to Active Directory, and Managed Availability rebooted them automatically a few times. I found some posts where this could be fixed by restarting the Kerberos Key Distribution service on all domain controllers, or just rebooting all the domain controllers, which I did last night. I then rebooted the problem Exchange servers for good measure. The Windows and Crimson Channel event logs are all clear this morning on all servers, so I believe this particular issue is resolved. However I cannot say whether the unhealthy hubtransport existed before raising the domain functional level.

I'm not sure how to continue troubleshooting. And I cannot find any documentation on this Monitor. Anyone know how to troubleshoot this issue? Thanks!

Dan

↧

Exchange 2013 (on premise) Disclaimer Rule not working for distribution/security group

October 13, 2015, 9:34 am

≫ Next: Email address blocked

≪ Previous: HubTransport Unhealthy

Greetings,

This should be simple, so I've most likely missed something somewhere. Defined a new rule using EAC, mail flow, rules. Simple rule to add a disclaimer to mail for users in a group.

Apply this rule if... The sender is a member of... some group
Do the following... Append the disclaimer.... blah blah blah disclaimer text
Priority 0
Audit this rule with severity level: Low
Choose a mode for this rule: Enforce
Match sender address in message: Header

Built a new distribution group using the EAC, added users, configured the rule, ask them to test by emailing me, NO JOY! No disclaimer added. Okay, build a new security group using EAC. Add myself to the group, send test email to myself. No Joy. Build a new distribution group using AD, add myself, test, no joy. Change the rule, apply the rule if the sender is... Me. Test the rule, it works.

So, the rules are working and the rule just me works. The rule to a group, security or distribution, doesn't work.

Now, I can change the rule, add the users individually to the rule, and see if it'll work. If it does, that may do the trick for now, but ongoing maintenance is going to be a significant effort, managing the rule each time a user comes or goes, rather than just adjusting the group membership.

I've read a number of posts already, describing this process and followed their instructions. No luck. I've seen reference to looking at the transport logs, but, where are these logs now? I don't see them available in the EAC, does that mean going through the \LOGS folder(s) and browsing through all the text files??? How does one check/test to see why the group is failing?

Probably get this figured out just in time to upgrade to 2016...

Thanks in advance,

Steven

↧

Email address blocked

August 5, 2015, 2:08 pm

≫ Next: Displaying message classifications in Outlook 2013 when in hybrid

≪ Previous: Exchange 2013 (on premise) Disclaimer Rule not working for distribution/security group

Hi,

Running on Exchange 2013.

So I ran into a strange problem the other day. We have an email enabled security group that has been around since the beginning of time. It’s our network admins group. Recently we noticed that it is unable to receive external emails (reports, weekly updates etc), internal everything is fine. I made sure everything is enabled on the exchange side to allow for receiving externally, no luck. I then gave this group another email address and everything worked just fine. I then added the problematic email address to my account and no luck. I can’t receive email based on this email address. I took a look at our journaling and no reference of this email address exists. I did a trace on the email and nothing. Also, my from Gmail account I don't receive any kind of NDR. Anyone have any ideas why a particular email address would be blocked from the system?? Or how???

TIA

↧

Displaying message classifications in Outlook 2013 when in hybrid

October 15, 2015, 7:54 am

≫ Next: Exchange Server 2013: Failed to connect. Winsock error code: 10060, Win32 error code: 10060.

≪ Previous: Email address blocked

Hi,

So i am trying to get message classifications to show up in OL2013, I can see them in OWA.

Using hybrid setup, onprem-o365.

Have exported XML (excellent article and script from StevieG) and added to local machine and created reg entries, confirmed path to xml as good.

Can anyone see what I have missed please, its driving me a little mad?

Thanks in advance,

Damian.

↧