How can I find out why an email was delayed in Exchange 2010

We had some very important emails that were time sensitive sent out yesterday, 4 in all. the one we set out at about 5pm somehow sat in Exchange until 100 am this morning. Message tracking shows:

Delivery Report for  email


Submitted
5/15/2013 5:14 PM our.server.com
The message was submitted to our.server.com.

Transferred
5/16/2013 11:04 AM our.server.com
The message was successfully handed off to a different e-mail system. This is as far as we can track it.

Not sure if I'm using Message Tracking right, but all the steps show a time stamp of 2013/05/15 17:14:10

Is there a place to look to see why it was delayed? The Execs aren't happy and want answers  I can't give.

Thanks!
canuseeitAsked:
Who is Participating?
 
Jeffery HayesSystem Support Technician Commented:
Received: from mail.ourserver.com (ip.add.re.ss) by CO9EHSMHS002.bigfish.com
 (10.236.130.12) with Microsoft SMTP Server id 14.1.225.23; Thu, 16 May 2013
 18:06:15 +0000
Received: from mail.ourserver.com ([::1]) by mail.ourserver.com ([::1]) with
 mapi id 14.01.0421.002; Wed, 15 May 2013 17:14:10 -0700

Bigfish would be forefront which is the Edge filter.

Look at the complete message Header's and see if there is any antivirus that is touching the mail. The delay occurs between when your server sends out the message externally and to the edge filter.

Other things to check is that this could have simply been due to message queuing as I understand that the message was sent to many recipients.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
If you can get the Original email from the Recipients system and check the Header of the Email it will tell you exactly where if so the delay happened with TIme zone and everything

- Rancy
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Rajitha ChimmaniCommented:
Check the application/system logs on the Exchange servers during that time if you believe the delay was on Exchange servers. If you find any errors there then you could work from there to find the root cause.
0
 
mousewareCommented:
You'll need to look through your SMTP logs (assuming you have logging enabled) and find that message. You should see the reason for the delay or failure. It could have been submitted on time, but there were failures out of your organization's control that prevented the message from reaching the recipient. Basicly you are looking for SMTP errors from 5PM to 11AM the following day for that message ID or recipient which indicate why it took so long to send. YOu may find something like recipient's server not responding/timeout/busy/etc.
0
 
canuseeitAuthor Commented:
The issue was it was an PR annoucment to our customers, so it was a long list of 200 contacts all in the bcc. The first 3 were only to about 50 email addresses and all went without a hitch. The last one we sent got delayed.

I am checking the logs now, I will report back to see if there is something there I don't understand.

For Rancy, I'm not going to post the entire thing, but here is the part from when I sent it, and the next part that is 18 hours later

Received: from mail.ourserver.com (ip.add.re.ss) by CO9EHSMHS002.bigfish.com
 (10.236.130.12) with Microsoft SMTP Server id 14.1.225.23; Thu, 16 May 2013
 18:06:15 +0000
Received: from mail.ourserver.com ([::1]) by mail.ourserver.com ([::1]) with
 mapi id 14.01.0421.002; Wed, 15 May 2013 17:14:10 -0700
0
 
canuseeitAuthor Commented:
unfortunetly I am stupid andout logging is only goes back to yesterday at 10:48pm... sigh
0
 
Rajitha ChimmaniCommented:
Uhhh :( Just wondering if there is a way out to find a root cause without logs. Have you checked that on all servers involved?
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Received: from mail.ourserver.com ([::1]) by mail.ourserver.com ([::1]) with
 mapi id 14.01.0421.002; Wed, 15 May 2013 17:14:10 -0700

Are both servers in Question the same or different ones ?

- Rancy
0
 
canuseeitAuthor Commented:
Correct we use Forefront protection. That is where the item got stuck, even though I have forefront turned OFF for outgoing mail. There is nothing except a delay leaving there. there is no other error, so I opened a ticket with Microsoft on this.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.