• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1008
  • Last Modified:

Exchange global settings not being overridden by per user specifications

I'm currently working with Microsoft on an Issue but was hoping a few other seasoned IT staff may know the answer to this.  Our Exchange server (OS W2K3 SP1 + Exchange SP2) has Exchange message delivery default limits on sending and receiving size currently set to 10240KB.  Our connector settings and SMTP settings are unrestricted.  We have a few specific users that we've set the global settings to be overridden at the per user level in AD to something higher than the general default limits - these would be administrators and the like that may need to send and receive larger emails.  Based on the following KB, it was our understanding that the per user overrides should trump the global setting and therefore it should allow email larger than 10MB be delivered to administrative staff.  It doesn't seem to and that is our core issue.  I am informed that this used to work.  Articles in reference:

http://www.microsoft.com/technet/prodtechnol/exchange/2003/insider/Message_Restrictions.mspx

Another article that has been referenced is:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;322679 

That stated, can someone confirm if you can set up general restrictions on incoming mail and then tweak the few users that should be exceptions to be allowed the option of receiving larger emails than the default?  My alternative is to fill in restrictions on every user - but that seems more complicated than it should be.

Any suggestions?
0
thundt
Asked:
thundt
  • 5
  • 4
  • 4
  • +1
1 Solution
 
redseatechnologiesCommented:
I have seen mixed results with this.

Yes, MS say that User settings should override, but it is either in tha article or another of theirs where they also say "harshest rules apply".

Personally, I have experienced the same as you have with this - global setting override everything else.  Although, I have heard or people saying it does what it says on the box.

Either way, I am subscribed and interested in the outcome here

-red
0
 
MATTHEW_LCommented:
I have personally had success with the user override limits set globally.  The connector ones should trump all else as far as I understand.  How long has it been since you set these higher limits for these specific users.  It does take some time to update.  I suppose you could restart the exchange services to force a faster update.
0
 
thundtAuthor Commented:
I would change settings and wait up to a day for them to populate without luck.  Likewise I did restart Exchange services to ensure they were populated.

The latest from Microsoft is as follows (limits were some test limits on my server)
____________________________________

Per User Limits:
============
- Sending message size: Maximum KB: 2,000,000
- Receiving message size: Max: 2,000,000

Global Setting Limits:
=================
- Sending Message Size: 10240 Max (KB)
- Receiving Message Size: 10240 Max (KB)

Users aren't able to receive messages over 10 MB because Global Settings are applied to external recipients. When a message is submitted via SMTP/X.400 the Categorizer checks for the Max Submission Content Length (SubmissionContLength) for both the Sender and the Recipient. Since the Sender does not exist in Active Directory, the Global Setting are applied to the Sender and a 5.2.3 NDR is sent back to the recipient.
____________________________________

Unfortunately, this raises more questions.  I was informed that I should reference the article below to understand it, but I've already seen it.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;322679.

I replied with the following:
____________________________________
Please allow me to verify:

"Since the Sender does not exist in Active Directory, the Global Setting are applied to the Sender and a 5.2.3 NDR is sent back to the recipient."

Ultimately, Exchange checks the AD for all individuals that send us internet email and if they do not exist as users in our domain, regardless of who they send the email too or what the recipient is specifically allowed to receive, Global Settings are enforced based on the sender and therefore the message is rejected?
____________________________________

Final response from Microsoft. . . .

Correct. The same thing can happen between Exchange users. If User1 has a Sending limit of 1 MB and User2 has a Receiving limit of 3 MB. If User1 sends a  2 MB attachment to User2 he'll get the 5.2.3 NDR. Even though User2 can receive a 2 MB attachment, because the Sender limit is 1 MB the message will not be delivered.

External users have no User limits in AD so the Global Settings are used for the Sender.
____________________________________

To correctly get it working from Mircosofts standpoint, Global limits needed to be set as the largest portal(which I hate because it leaves the exchange server to process all large emails before rejecting them), then work my way into restrictions on every user.

They've suggested the following tool to do it:  ADModify Net 2.0

Regardless, if anyone has had this working I'd love to hear some of the specifics on how.  For the time being, I've taken their tool and flipped all my settings around.
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
redseatechnologiesCommented:
That is bizarre - if senders that are not in AD (which would be all external senders) require limits set on them to work, otherwise failing back to the global settings, what is the point? :)

I am quite happy that we seem to have an answer from MS that makes sense (in an MS kind of way) and it explains why it hasn't worked as advertised for me.

Matthew_L, can you test your working config to see if the above fits in with it?
0
 
MATTHEW_LCommented:
My global limits are currently set at 17000
I changed my account limits send / receive to 25000

I have sent a 22MB file to myself from an external account.  I will post the results as soon as I get the email or the NDR.
0
 
redseatechnologiesCommented:
Your external account isnt listed as a mail enabled contact is it?
0
 
thundtAuthor Commented:
Sorry about the delay - I am slightly confused.  Why would I be concerned about mail enabling an external account?  I can tell you I currently do not have an external account listed as mail enabled.  However, my current understandng of that is the following:

. . . a mail-enabled recipient object is a user who does not have a valid user account, but who does have an email address that reflects your organization's domain.

You would typically create a mail-enabled Exchange Server recipient object for someone who doesn't actually work for your company, but who needs to maintain the appearance of working there.

By using a mail-enabled recipient object, you would be able to publish an external user's email address as externaluser@yourcompany.com. Any email messages sent to that address would pass through your Exchange server and be forwarded to that person's normal email account in his own domain.

--Thank you SearchExchange.com.

Based on that info, are you suggesting I should enable my local domain users to somehow look like they are external accounts?  Please help me to understand what you are suggesting in the post above.

I appreciate it,

Thanks.

0
 
redseatechnologiesCommented:
>>Based on that info, are you suggesting I should enable my local domain users to somehow look like they are external accounts?

No, that is not what I was suggesting, I am just trying to cover all the bases with this confusion of limits.

From what I have found, user specific limits ONLY apply if BOTH users are in AD - so if it is an external user, that doesn't have a mail enabled contact to reflect them (why you would do this, i don't know, but bear with me) then it will only use the global setting.

Matthew, you got any more information for us?

-red
0
 
MATTHEW_LCommented:
I am going to try this on a brand new Exchange / AD install that I have in the lab and get back.  Mine continues to work.
0
 
thundtAuthor Commented:
Red - I see what you are saying.  I'll also continue to hold tight and see what Mathew says.

Thanks.
0
 
MATTHEW_LCommented:
I have tried a brand new Exchange 2003 SP2 install on Windows 2003 SP1 and I am able to define the limits and they seem to work.
0
 
redseatechnologiesCommented:
I now have access to a few more resources at Microsoft, so I will put the call out to them and see what turns up.

-red
0
 
thundtAuthor Commented:
Modorator - is it possible to close this?  I've not heard anything back and decided I would use a registry edit tool to convert all my users.

Thanks.
0
 
Computer101Commented:
PAQed with points refunded (250)

Computer101
EE Admin
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

  • 5
  • 4
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now