?
Solved

Understanding the "Queues" in Exchange 2003 - Message Errors

Posted on 2006-10-25
8
Medium Priority
?
582 Views
Last Modified: 2013-11-15
I am trying to understand where I can can track messages that are either not being sent out or not being delivered.  In the Queues console in Exchange System Manager, how do I properly read the information?

[IMG]http://i107.photobucket.com/albums/m295/jbobst/untitled.jpg[/IMG]

For example, under the "name" column, there are folders that have white circles with a blue arrow (I think), and there are folder that just look like they are open (with no arrows), and there are folders with green circles with white check marks.  Most of the folders with the white circle have at least one message in them, and they are almost all from the "postmaster@mydomain" account.  What are these messages and why are they not being sent (and WHY are they being sent in the first place?).  A couple of them appear to be sent from a valid user.

Also, I rebooted my exchange server last night, and as soon as it came back up, one of our managers got a bunch of System Administrator emails that were "undeliverable".  As I looked through the event viewer on our Exchange server I saw a bunch of messages like this:

**************************************************
Source:  MSExchangeTransport
Category: NDR
Event ID: 3030

A non-delivery report with a status code of 4.0.0 was generated for recipient rfc822:name@domain.com (Message-ID <9266DD65CF173B40B208A3FE984c7FD8FDDD6F@at-exchange.acoustic.local>.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp
**************************************************

the name@domain.com was really a valid email address of one of our customers.  There were many of these messages...all which corresponded to the system undeliverable messages our manager received last night after the server was rebooted.



0
Comment
Question by:jbobst
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 1

Author Comment

by:jbobst
ID: 17805844
I guess experts exchange isn't like other online threads where you can post pictures.  If a screen shot of my "queues" console is helpful, you can go to this link:  http://i107.photobucket.com/albums/m295/jbobst/untitled.jpg

Thanks.
Jeff
0
 
LVL 13

Accepted Solution

by:
George Sas earned 1200 total points
ID: 17807634
Do you have logging enabled on your Exchange and SMTP ? If not so then now is the time to do it.

Try to look trough the log files for that message ID and see what excatly happened with it.
You can also try to track the message with the exchange tools.

When was the message sent ?
What was the original message ? An ndr or something ?
If you select the respective domain and click on "Find Messages" you should be able to see the sender e-mail address , recipient and at least the subject.


Let me know and post your findings.
You might have a loop or something.

In the meantime you might want to read this article :
http://support.microsoft.com/kb/895853/


0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 800 total points
ID: 17807964
Bulk of those messages look like spam bounces. postmaster@ are NDRs.

If you are using Exchange 2003 then you should have recipient filtering and the tarpit turned on. That will deal with some of it. http://www.amset.info/exchange/filter-unknown.asp
Then all you will get is OOTO messages being generated for spam, not a lot you can do about those.

If you know the site then you know the types of messages that the users are sending. I can usually spot a spam message stuck in the queue very easily. If it is spam, or reject of spam, then I delete the message without an NDR.

If you have legitimate email stuck in the queue, then you need to see what the reason is. Clicking on the queue you should get some text at the bottom which is the reason.

I ignore the icons.

Simon.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 1

Author Comment

by:jbobst
ID: 17808150
GeoSs,

I do have message tracking enabled, and I was able to track the messages...to a degree.  There were about 6 emails sent by our corporate manager between late September and last week.  These six emails all got NDR's last night sent to his mailbox...right after I rebooted our servers.  These messages were sent to some internal people in our company, and to some employees at two customer companies.  I tracked one of the messages that was sent on October 18th, and it delivered the messages to our internal employees (who have mailboxes in our exchange server), and it then claims that the message was transferred to "customer1.com" and "customer2.com" through SMTP...all within the same minute of the message being sent on Oct. 18th.  Then, the next event in the message history has a date of last night at 9:01PM...which is the exact time our exchange server finished booting up from my after hours reboot.   The message history then says it was Sumbitted to Advanced Queuing, started submission, submitted to Categorizer, Queued for Routing, Queued for Remote Delivery, Queued for Local Delivery, Started Outbound Transfer of Message, Message transferrerd to "customer1.com" through SMTP, and then "Non-Delivered Report (NDR) Generated.  So, even though it looks as if everything was sent last October 18th, it somehow didn't get to "customer1.com" and re-tried it last night as soon as the server was rebooted...only to end with a NDR.  Of course, my corporate manager looks really bad now since "customer1" never got any of the status emails (6 in all) since the end of last month.

I assume there is nothing else I can do to try and find out why this happened, and I am afraid that since I don't have any answers as to why it failed and took a server reboot to finally deliver the NDR's, that I'll have to be constantly monitoring the message queue for this manager so he can safely know that his emails were sent.  Although, according to the message tracking of this email, it claims that on Oct. 18th it was transfered to "customer1.com" mail server, so how would I have even known in the first place that these messages were not really sent out?
0
 
LVL 13

Expert Comment

by:George Sas
ID: 17809593
Then you might have a DNS error.
This is the most common cause for the messages ending in queue and not being delivered. So I would also monitor the DNS.

Then try to contact the admin from the domain1 and ask him if he can track the same messages within his organisation so he can confirm / infirm the delivery to his end.
Is the exchange server the one that receives / send all of your mail in your organisation ? If it is make sure you set up a reverse DND for it and that you set the apropriate hostname.
Some smtp servers refuse the e-mails if the sender smtp does not match the domain and so long.

0
 
LVL 1

Author Comment

by:jbobst
ID: 17812873
It just seems strange that the exchange server claims the email was sent to the remote mail server of customer1 within the same minute it was sent from our manager...then All the messages he sent to customer1 got an NDR the minute I reboot...weeks after they were sent.  In addition, once our manager received the NDR's, he was very concerned and resent the messages to customer1 and they received them.  Seems like if it was a DNS issue, they still wouldn't be getting to the customer.  Also, I tracked any message that was sent to the customer1 domain in the month of October, and there were many emails from other users to this customer1 that were successful with no NDR's.

It almost points the our manager's mailbox...but yet he was able to send other emails all month long successfully...just not to this particular customer.

When I check the queues and see a message stuck in a queue, it retries MANY time to get delivered...the messages in question here never seemed to retry untiil after I rebooted the server last Tuesday night.

Must just be one of those Microsoft anomalies.
0
 
LVL 13

Expert Comment

by:George Sas
ID: 17815550
Might be that the recipient was about to receive the mail , confirmed the OK and then dropped the connection and the mail was never sent sucessfully.
Seen this aslo.
And in your case you say it is only that customer1 who gives you trouble , that's why I am more and more thinking of some kind of problem on his side.
Have you checked his MX records ? Do they point to the right server ? Does his mail server have a reverse dns set up ?
0
 
LVL 1

Author Comment

by:jbobst
ID: 17894191
I am going to close this question.  Seems like a strange problem, but all seems to work fine now.  Thanks for the help!
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question