Understanding the "Queues" in Exchange 2003 - Message Errors

Posted on 2006-10-25
Last Modified: 2013-11-15
I am trying to understand where I can can track messages that are either not being sent out or not being delivered.  In the Queues console in Exchange System Manager, how do I properly read the information?


For example, under the "name" column, there are folders that have white circles with a blue arrow (I think), and there are folder that just look like they are open (with no arrows), and there are folders with green circles with white check marks.  Most of the folders with the white circle have at least one message in them, and they are almost all from the "postmaster@mydomain" account.  What are these messages and why are they not being sent (and WHY are they being sent in the first place?).  A couple of them appear to be sent from a valid user.

Also, I rebooted my exchange server last night, and as soon as it came back up, one of our managers got a bunch of System Administrator emails that were "undeliverable".  As I looked through the event viewer on our Exchange server I saw a bunch of messages like this:

Source:  MSExchangeTransport
Category: NDR
Event ID: 3030

A non-delivery report with a status code of 4.0.0 was generated for recipient (Message-ID <9266DD65CF173B40B208A3FE984c7FD8FDDD6F@at-exchange.acoustic.local>.

For more information, see Help and Support Center at

the was really a valid email address of one of our customers.  There were many of these messages...all which corresponded to the system undeliverable messages our manager received last night after the server was rebooted.

Question by:jbobst
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3

Author Comment

ID: 17805844
I guess experts exchange isn't like other online threads where you can post pictures.  If a screen shot of my "queues" console is helpful, you can go to this link:

LVL 13

Accepted Solution

George Sas earned 300 total points
ID: 17807634
Do you have logging enabled on your Exchange and SMTP ? If not so then now is the time to do it.

Try to look trough the log files for that message ID and see what excatly happened with it.
You can also try to track the message with the exchange tools.

When was the message sent ?
What was the original message ? An ndr or something ?
If you select the respective domain and click on "Find Messages" you should be able to see the sender e-mail address , recipient and at least the subject.

Let me know and post your findings.
You might have a loop or something.

In the meantime you might want to read this article :

LVL 104

Assisted Solution

Sembee earned 200 total points
ID: 17807964
Bulk of those messages look like spam bounces. postmaster@ are NDRs.

If you are using Exchange 2003 then you should have recipient filtering and the tarpit turned on. That will deal with some of it.
Then all you will get is OOTO messages being generated for spam, not a lot you can do about those.

If you know the site then you know the types of messages that the users are sending. I can usually spot a spam message stuck in the queue very easily. If it is spam, or reject of spam, then I delete the message without an NDR.

If you have legitimate email stuck in the queue, then you need to see what the reason is. Clicking on the queue you should get some text at the bottom which is the reason.

I ignore the icons.

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.


Author Comment

ID: 17808150

I do have message tracking enabled, and I was able to track the a degree.  There were about 6 emails sent by our corporate manager between late September and last week.  These six emails all got NDR's last night sent to his mailbox...right after I rebooted our servers.  These messages were sent to some internal people in our company, and to some employees at two customer companies.  I tracked one of the messages that was sent on October 18th, and it delivered the messages to our internal employees (who have mailboxes in our exchange server), and it then claims that the message was transferred to "" and "" through SMTP...all within the same minute of the message being sent on Oct. 18th.  Then, the next event in the message history has a date of last night at 9:01PM...which is the exact time our exchange server finished booting up from my after hours reboot.   The message history then says it was Sumbitted to Advanced Queuing, started submission, submitted to Categorizer, Queued for Routing, Queued for Remote Delivery, Queued for Local Delivery, Started Outbound Transfer of Message, Message transferrerd to "" through SMTP, and then "Non-Delivered Report (NDR) Generated.  So, even though it looks as if everything was sent last October 18th, it somehow didn't get to "" and re-tried it last night as soon as the server was rebooted...only to end with a NDR.  Of course, my corporate manager looks really bad now since "customer1" never got any of the status emails (6 in all) since the end of last month.

I assume there is nothing else I can do to try and find out why this happened, and I am afraid that since I don't have any answers as to why it failed and took a server reboot to finally deliver the NDR's, that I'll have to be constantly monitoring the message queue for this manager so he can safely know that his emails were sent.  Although, according to the message tracking of this email, it claims that on Oct. 18th it was transfered to "" mail server, so how would I have even known in the first place that these messages were not really sent out?
LVL 13

Expert Comment

by:George Sas
ID: 17809593
Then you might have a DNS error.
This is the most common cause for the messages ending in queue and not being delivered. So I would also monitor the DNS.

Then try to contact the admin from the domain1 and ask him if he can track the same messages within his organisation so he can confirm / infirm the delivery to his end.
Is the exchange server the one that receives / send all of your mail in your organisation ? If it is make sure you set up a reverse DND for it and that you set the apropriate hostname.
Some smtp servers refuse the e-mails if the sender smtp does not match the domain and so long.


Author Comment

ID: 17812873
It just seems strange that the exchange server claims the email was sent to the remote mail server of customer1 within the same minute it was sent from our manager...then All the messages he sent to customer1 got an NDR the minute I reboot...weeks after they were sent.  In addition, once our manager received the NDR's, he was very concerned and resent the messages to customer1 and they received them.  Seems like if it was a DNS issue, they still wouldn't be getting to the customer.  Also, I tracked any message that was sent to the customer1 domain in the month of October, and there were many emails from other users to this customer1 that were successful with no NDR's.

It almost points the our manager's mailbox...but yet he was able to send other emails all month long successfully...just not to this particular customer.

When I check the queues and see a message stuck in a queue, it retries MANY time to get delivered...the messages in question here never seemed to retry untiil after I rebooted the server last Tuesday night.

Must just be one of those Microsoft anomalies.
LVL 13

Expert Comment

by:George Sas
ID: 17815550
Might be that the recipient was about to receive the mail , confirmed the OK and then dropped the connection and the mail was never sent sucessfully.
Seen this aslo.
And in your case you say it is only that customer1 who gives you trouble , that's why I am more and more thinking of some kind of problem on his side.
Have you checked his MX records ? Do they point to the right server ? Does his mail server have a reverse dns set up ?

Author Comment

ID: 17894191
I am going to close this question.  Seems like a strange problem, but all seems to work fine now.  Thanks for the help!

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question