[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1149
  • Last Modified:

Backfill request emails from Public Folder with winmail.dat attachment


I am a newbie Exchange administrator and have much to learn.  Teach me oh wise ones!!!!

Everyday now I am getting emails addressed from Public Folder Store (FEEXC).  The email is addressed to nobody so our Spam system is tagging it as unknown recipient and forwarding the mail to me.  The subject of the email is "DC-1-IS@mydomain.com Backfill Request." It actually says our real domain name instead of "mydomain.com", but I don't want to share that info.  The email has an attachment called winmail.dat.

FEEXC is my Front end exchange server and DC-1 is the backend Exchange server which is also a domain controller (Yes I know it's bad to have exchange running on a DC).  

Any Ideas what is causing these emails and what I need to do to fix it?  Thanks in advance for your wisdom.

  • 4
  • 3
  • 2
1 Solution
The mails are usual, because your exchange servers will share / replicate the public folder content and is sending the content via SMTP replication mails. If your spam filter filters out these mails, your replication between the servers will not work anymore. Also, a few spam filters will change the mails (the winmail.dat file is a symptom of that), so that the content of the mail will be converted to an attachement.

You have to advice your spam filter, to leave these mails as they are, or you have to disable public folder replication to the front end server.
Public Folder Stores are not recommended on Front-end server. Dismount and delete the Public folder store from your front-end server and restart Information store service on both front-end and back-end server.

Please have a look at this for more information ->


Amit Aggarwal.
ckangas7Author Commented:
Hey guys,

Great answers.  Would non replication between servers also explain why my Outlook Web Access is not working correctly?  People can login to OWA but no mailboxes or any other folders will load and you get an "error on page" warning.  I just stepped into this job, so am still learning their system.  I do know that my predecessor recently installed GFI Essentials and Symantac Antivirus for Exchange.  The GFI Essentials has caused some headaches for me, but I thought I had them all worked out.

I read the article and will definiately disable public folders on the Front-End server.  The article states:

"If the front-end server also receives Simple Mail Transfer Protocol (SMTP) messages from the Internet, the Microsoft Exchange Information Store service should remain running, and a mailbox store must remain mounted."

Being that I want to use OWA does that mean I need to keep the Exchange Information Store service running and that a mailbox store must remain mounted on the Front-End Server?  OWA uses strictly HTTPS right?

How would I know if I am or need to be recieving SMTP messages from the internet?  I am fairly confident that we have no outside clients accessing our server using SMTP mail client software.  OWA is for the outside access.  Of course people on our system do send and recieve email to and from people on the internet.  

Thanks again for great answers.  I am learning a lot and will assign points accordingly.  
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Its always better to have a single issue being discussed in a single post. Once you will dismount and delete your public folder store from your front-end server, your primary issue (Problem described in this question) will be solved  or we will keep trying to assist you untill we get a solution.

However, i can provide you some KB articles and docs for more information on Front-end and Back-end architecture and would suggest you to open a new question for OWA or other issues for us to concentrate on one issue at a time.

Exchange Server 2003 and Exchange 2000 Server Front-End and Back-End Topology

When someone from internet will be sending a mail to any user in your organization, his/her exchange server will be connecting to your Exchange server (which you have specified) on SMTP port - 25 to deliver the mail. In case, you have your Front-end server exposed to internet to receive emails from internet, then you need Information store service and SMTP service running on your front-end server.

To check which server in your company is receiving emails from internet, you can go to dnsstuff.com and put your domainname and search for MX records. It will give you the name and IP address of the server which is receiving emails for your domain.

Amit Aggarwal

> Would non replication between servers also explain...
This may be the reason...

>If the front-end server also receives Simple Mail Transfer Protocol (SMTP) messages
This is usually the sense of a front-end server, but in your constellation, the front-end server acts more as a relay server for the backend server (i.e for spam filtering and virus protection. A usual front end server is something like a common gateway / common connection point for several backend servers.

OWA: You clients are connecting to the internet information server, which get its data from exchange. OWA need not neccessarily use SSL (https), but this is recommended for connections from the internet.

>How would I know if I am or need to be recieving SMTP messages from the internet?
--> Of course people on our system do send and recieve email to and from people on the internet.  
ckangas7Author Commented:

From how I understand you all this is what I need to do:

1.  As my front-end server does recieve SMTP messages from the internet, I do not want to dismount and delete the mailbox store.  

2.  In Exchange System Manager I should go to my front end server, right click the Public Folder Store, select dismount, and then delete after dismount is complete.

I looked at the public folder stores on both the front-end and back-end servers.  The Public folder store databases for each are stored in different locations.  Therefore, deleteing the Public Folder store on my front-end server should in no way effect the Public Folders people see on my network.  Is all that correct?  Just want to make sure I got it all right before I start deleting things.  Thanks.
1.) OK
2.) You may have replicas on your current front end server. If you go to ESM - Folders - public folder, you can right click this folder and connect to one of your servers. Then you can click through and with the tabs on the right side, you can see, if there is any conten on this server. Befor you disabling anything, you should take care, that your backend server hoists everything, that you can find on the frint end server. If you are sure, that your backendserver in complete, disable the replication to your front end server for the folders as well as for system folders (also right click on the public folders folder in ESM).

If all replication links are deleted, make sure, that the settings are replicated to the front end server / backend server (depends on where you have deleted the link). The target should be, that the replication links for all folders (including system folders) are pointing only to the backend server (check this by connectiong to both servers).  

I assume, that the replication had problems (due to your winmail.dat attachement), that means, that also the replication of the settings make trouble. Theresfore it may be necessary, to delete the links on both servers.

If all links are fine (pointing only to the backend server), you should not see any replication mails anymore. This is the point you can dismount the public folder store. If you get no errors for a while, then you can delete it.

Some Background:
If you simply disable the store, the replica links are still valid and may cause errors. As AD stores a lot of information about exchange, you have to make sure, that the AD information is clean. Therefore, first delete the links to the frontendserver before you disable it.

Simle dismount the store first and wait a while to see, if you get any errors. If you see errors, you can remount the store and correct it.

The clients are connecting to one available public folder store. This need not to be the server, where the mailbox resides. That means, a client can connect to the backend server for the mailbox, and the frontend server for public folders.  Also a reson, why to first clean the AD (replica links) before you dismount the store.
> I looked at the public folder stores...
Each exchange server stores its own public folders. With replica mails, the bothes stores are kept in sync. If you delete content from one server, a mail is sent to the other server to also delete the content in this store. That means, both servers host their own content and are exchanging the data.

Dismounting the store will usually not affect the other store, as this is a simle failure condition. The other server assumes, that the store will come back and all links to this store will be alive. So follow the instuction above to first clean up the links to the store. If the link is deleted (on both servers), no replication will take place anymore, means also no deletion mails are sent.

Keep in mind, that your replication makes trouble, therefore you cannot be sure, what the two servers are exchanging and what not.
ckangas7Author Commented:
Thanks guys that solved the problem.  

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now