• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 696
  • Last Modified:

Exchange 2010 users can't send to each but can to other domain

New exchange 2010 sp1 install - single server running roles. In Organization Configuration | Hub Transport | Accepted domains: et.local (our active directory domain name) = authoritative and DEFAULT = TRUE. Second domain: etfbank.org (our internet email addresses) = authoritative and DEFAULT = FALSE.

ISSUE: Users cannot send each other emails when using user1@etfbank.org to User2@etfbank.org, etc. But either one can successfully send and receive to any other internet email address domain (like: microsoft.com, google, gmail, aol, etc.)

They CAN send each emails if they send an email to user1@etfb.local to user2@etfb.local - obviously we are not using the etfb.local for our emails, but rather etfbank.org.

How do we fix this. THank you.
0
comstrat
Asked:
comstrat
  • 6
  • 6
  • 4
  • +1
1 Solution
 
S_K_SCommented:
What is the primary email addresss assigned to users is it .local or is it .org one?
0
 
comstratAuthor Commented:
.org is the email address for everyone.

.local is simply the internal domain name
0
 
Jamie McKillopCommented:
Hello,

If you open a mailbox in EMC and look at the email addresses tab, is the .org address listed? When a users tries to send to a .org address, do they receive an NDR? If so, what does the NDR say? Can users receive email when an external user sends to a .org address? Did you migrate to Exchange 2010 from another mail system? If so, was it a previos version of Exchange hosted internally or was it an externally hosted system or different mail platform?

JJ
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
S_K_SCommented:
Sharing NDR would be of great help.
0
 
comstratAuthor Commented:
Both emails are in the email address tab: user@et.local and user@etfbank.org
Users can receive and send to anyone on "earth" except to the usersname@etfbank.org
This is a new install of exchange
Users were using a previous Exchange 2010 off-site hosted environment. We exported those mailboxes and imported them into a new outlook profile.

NDR:
DELIVERY HAS FAILED TO THESE RECEIPIENTS OR GROUPS:
duser@etfbank.org . the username you entered couldn't be found ... (yes, we cleared the auto-complete cache in outlook 2010)


Diagnostic information for administrators:
 
Generating server: EXCHANGE.et.local
 
IMCEAEX-_O=ETFB_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=D+20Userd6e@et.local
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##
 
Original message headers:
 
Received: from EXCHANGE.et.local ([::1]) by exchange.et.local ([::1]) with
 mapi id 14.01.0379.000; Mon, 27 Aug 2012 18:16:23 -0500
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: J user <juser@etfbank.org>
To: D user <duser@etfbank.org>
Subject: TEST after cache clear
Thread-Topic: TEST after cache clear
Thread-Index: Ac2EqfkEeWPjYjSKR7CGyjgsOqLw6Q==
Date: Mon, 27 Aug 2012 18:16:23 -0500
Message-ID: <50B093CCEFC52F4FB6D05B79BE58FDC93C8C75@exchange.et.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: <50B093CCEFC52F4FB6D05B79BE58FDC93C8C75@exchange.et.local>
MIME-Version: 1.0
X-Originating-IP: [10.1.15.102]
0
 
S_K_SCommented:
IS it the same behavior with OWA as well...Does the user get same NDR while sending through OWA
0
 
Jamie McKillopCommented:
Your problem is do to The Outlook cache. Please see my article for a full explanation - http://mobile.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_9650-NDRs-and-the-legacyExchangeDN.html

JJ
0
 
comstratAuthor Commented:
using OWA did not bounce back.
0
 
S_K_SCommented:
Perfect...in that case....simply recreate the outlook profile and you are good to go.
0
 
Jamie McKillopCommented:
You do not need to recreate the Outlook profile. Either use the instructions in my article to create X500 addressed on your mailboxes or simple clear the names cache in Outlook.

JJ
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Did you happen to export PST create new mailbox and Import PST ... if thats so you need to create X500 with LegacyExchangeDN of the old account or from this NDR and that will fix the issue.

- Rancy
0
 
comstratAuthor Commented:
ended up with Microsoft Tech support:
- I appreciate your article but the code snippets did not work on our system while it provide some helpful background info - it did not resolve the issue

Here though is the strategy we used successfully:
Using ADSIEDIT utility on the exchange server (that is simply where i used it from)
Open the domain name
Open the organization unit where the exchange users are located
Right-click PROPERTIES on the CN=user that is kicking back UNDELIVERABLE messages to other users
In the appearing ATTRIBUTE EDITOR tab, scroll down to PROXYADDRESSES
Click EDIT
You will probably see the current smtp addresses, etc.
CLICK ADD
Enter in the X500 STRING:
X500:/O=ETFB /OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=%'mailNickname'%

Now:
/O = YOUR DOMAINNAME
/OU = ORGANIZATION UNIT
RANDOM ALPHANUMERICS
/CN=RECIPIENTS
/CN=MAILBOX-USERNAME

This information was gleaned from the actual UNDELIVERABLE EMAIL that a user received when attempting to send to the failing email address

The top portion of that had this information:
Generating server: EXCHANGE.et.local
 
IMCEAEX-_O=ETFB_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=D+20Userd6e@et.local
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##
 
So you can see the DOMAINNAME
The OU unit with the alphanumeric (the +20 are spaces as noted in the string that works)
Also note the (    )   that microsoft added to the alphanumerics
Replace the %'mailNickname'% with just the username: /cn=EmailMailboxUsername

That is what we did and it works great.

NOTE:  We initially used ADMODIFY utility to all the users at once. I just use the specifc string above per user for the future if needed.

You can download ADMODIFY: http://admodify.codeplex.com/releases/view/6065
ADMODIFY USAGE: http://support.microsoft.com/kb/909271


WE USED ADMODIFY WITH THIS EXACT STRING TO FIX ALL THE USERS AT ONCE:

X500:/O=ETFB /OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=%'mailNickname'%

Of course, your solution will be different based on your information in the UNDELIVERABLE EMAIL.

Hope that provides a successful resolution for others who might have the same situation as we did.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Good to know a brief information and solution from your end .... Appreciate :)

- Rancy
0
 
Jamie McKillopCommented:
Your solution is exactly what is described in my article. You simply used a different tool to add the x500 addresses than powershell.

JJ
0
 
comstratAuthor Commented:
Ms tech supprt resolved. Don't recall what they did exactly
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
you can always ask them to send you a closing email with troubleshooting and issue resolving details

- Rancy
0
 
comstratAuthor Commented:
I've requested that this question be deleted for the following reason:

old issue -
0
 
Jamie McKillopCommented:
Points should be assigned here. I provided the solution to the issue.

JJ
0
 
Jamie McKillopCommented:
http:#a3833899 should be accepted as the answer. This answer describes the exact  problem and solution. The solution provided by the asker is just another method to arrive at the same solution (adding the legacyExchaneDN of the previous object as an X500 address of the new object).

JJ
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
  • 6
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now