Solved

Exchange Email Address Policy

Posted on 2015-01-12
13
200 Views
Last Modified: 2015-01-29
Hello Experts,
I walked into a problem today and I really don’t know how to begin to fix this. A little quick history about this Exchange 2010 setup. I have two servers in a DAG and two CAS Servers. On Friday evening 1/12/14 I have a round of Windows Updates and I installed Exchange 2010 SP3 Update Rollup 8. Everything went well or at least I thought. On Monday I started getting calls that people who were sending email to internal distribution groups we looking like they were being sent out to the local user but would just disappear and never reach their intended destination. After looking into the Mail flow troubleshooter it looks like I am seeing this:

The email address for recipient xx@thecompany.com was updated to the email address xx@company.com. The message is in the process of being delivered. The funny thing it the messages are trying to go to our old domain which is simply missed the word “the”.

I determined that the update must have done something to the default email address policy. Now this 2010 environment was upgraded from Exchange 2003 almost 4 years ago. When I look at the default email address policy in the EMC I don’t see anything but when I look in the console and do a
get-emailaddresspolicy I get a warning that I need to include the –IncludeMailboxSettingOnlyPolicy. When I do that I can see the default policy in the console.

I tried to create a new policy and applied it and it seemed to work but I can’t get rid of the old default policy, now when I do the get-emailaddresspolicy –includemailboxsettingonlypolicy I can see both polices. I tried the remove-emailaddresspolicy with no luck.

Anyone that can offer some assistance, I would greatly appreciate it. I still can’t get my distribution lists to work but I feel that solving this problem may help me in that direction.

Thanks
-Mike
0
Comment
Question by:BAYCCS
  • 8
  • 5
13 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40545358
Sounds like you didn't update things properly when you migrated from Exchange 2003.
You probably had a mailbox manager policy on Exchange 2003 which really should have been removed. That old policy is probably from those days and is now getting in the way.

You tried

get-emailaddresspolicy "policyname" | remove-emailaddresspolicy

Replacing policyname with the name of the suspect email address policy?

Simon.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 40545378
Simon,

Thank you for your reply. I just tried the above command to remove the default policy but I receive the error:

The operation couldn't be performed because object 'default policy' couldn't be found on dc.domain.local (name of the dc)
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40545406
If you run

get-emailaddresspolicy "default policy" –includemailboxsettingonlypolicy  | select identity, version

what comes back? (I am doing it off memory, so if nothing comes back, do | fl instead and then look for version).

That will show whether it is a policy created by Exchange 2003 or 2010.

I expect this is going to require an adsiedit hack.

Simon.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 40545419
Here are the outputs. The FL ended up telling me it was legacy.



[PS] C:\Windows\system32>get-emailaddresspolicy "default policy" -includemailboxsettingonlypolicy  | select identity, ve
rsion

Identity                                                    version
--------                                                    -------
Default Policy


[PS] C:\Windows\system32>get-emailaddresspolicy "default policy" -includemailboxsettingonlypolicy  | FL


RunspaceId                        : 0d534552-fea8-44af-addf-5aa941e23bbe
RecipientFilter                   :
LdapRecipientFilter               : (mailnickname=*)
LastUpdatedRecipientFilter        :
RecipientFilterApplied            : False
IncludedRecipients                :
ConditionalDepartment             : {}
ConditionalCompany                : {}
ConditionalStateOrProvince        : {}
ConditionalCustomAttribute1       : {}
ConditionalCustomAttribute2       : {}
ConditionalCustomAttribute3       : {}
ConditionalCustomAttribute4       : {}
ConditionalCustomAttribute5       : {}
ConditionalCustomAttribute6       : {}
ConditionalCustomAttribute7       : {}
ConditionalCustomAttribute8       : {}
ConditionalCustomAttribute9       : {}
ConditionalCustomAttribute10      : {}
ConditionalCustomAttribute11      : {}
ConditionalCustomAttribute12      : {}
ConditionalCustomAttribute13      : {}
ConditionalCustomAttribute14      : {}
ConditionalCustomAttribute15      : {}
RecipientContainer                :
RecipientFilterType               : Legacy
Priority                          : Lowest
EnabledPrimarySMTPAddressTemplate : @theoceancountylibrary.org
EnabledEmailAddressTemplates      : {smtp:@library.ocl, SMTP:@theoceancountylibrary.org, X400:c=US;a= ;p=OCLMAIL;o=Exch
                                    ange;}
DisabledEmailAddressTemplates     : {}
Enabled                           : True
HasEmailAddressSetting            : False
HasMailboxManagerSetting          : False
NonAuthoritativeDomains           : {}
AdminDescription                  :
AdminDisplayName                  :
ExchangeVersion                   : 0.0 (6.5.6500.0)
Name                              : Default Policy
DistinguishedName                 : CN=Default Policy,CN=Recipient Policies,CN=OCLMAIL,CN=Microsoft Exchange,CN=Service
                                    s,CN=Configuration,DC=LIBRARY,DC=OCL
Identity                          : Default Policy
Guid                              : b6c0453f-3ed9-4e6b-a431-f18e729d1dba
ObjectCategory                    : LIBRARY.OCL/Configuration/Schema/ms-Exch-Recipient-Policy
ObjectClass                       : {top, msExchGenericPolicy, msExchRecipientPolicy}
WhenChanged                       : 1/12/2015 1:58:36 PM
WhenCreated                       : 6/25/2007 3:33:37 PM
WhenChangedUTC                    : 1/12/2015 6:58:36 PM
WhenCreatedUTC                    : 6/25/2007 7:33:37 PM
OrganizationId                    :
OriginatingServer                 : TRLIB2.LIBRARY.OCL
IsValid                           : True



[PS] C:\Windows\system32>get-emailaddresspolicy "default policy" -includemailboxsettingonlypolicy  | select identity, ve
rsion
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 40545428
I also attempted to delete one of my distribution groups and re-add it but it created it with the @oceancountylibrary.org when it is missing "the" in the domain name. It looks like the policy has some old stuck info in it.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 40545501
Another piece to the puzzle:

Then in the EMC and I go to E-mail Address Polices the default policy isn't listed there. I can only see that using the shell. In the EMC I get this message:

Recipient policy objects that don't contain e-email addresses won't be shown unless you include the IncludeMailboxSettingOnlyPolicy parameter in the Get-EmailAddressPolicy cmdlet
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40546183
It is as I suspected - an old Exchange 2003 Recipient Update Services policy, which wasn't removed correctly during the removal of Exchange 2003.

One last thing to try...

Set-EmailAddressPolicy “Default Policy” -IncludedRecipients AllRecipients

Then see if that allows you to do anything. If it doesn't, then it is ADSIEDIT I am afraid.

http://blogs.msmvps.com/expta/2011/06/13/fix-for-quot-default-policy-quot-with-mailbox-manager-settings-cannot-be-managed-by-the-current-version-of-exchange-management-console/

- In the Configuration container, navigate to CN=Recipient Policies,CN=<Exchange Org>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<domain>,DC=<com>
- In the middle pane, view the properties of the Default Policy.
- Remove the value(s) of the MsExchMailboxManagerFolderSettings attibute so that it’s now <Not Set>
- Edit the MsExchPolicyOptionList attribute and remove all the attributes that do not begin with 0xfc.  The policy that begins with 0xfc is the email addressing policy.

Then repeat the upgrade command I have outlined above.
I would then probably delete the policy.

Simon.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 40546544
Well the good news since we last spoke is that I found an article online that basically outlined what you mentioned above and I was able to restore the default policy into the EMC and perform the upgrade to it. With that said I am now back to just the distribution group problem. For some reason if try to send mail to a group that was created years ago on the legacy 2003 exchange box, the messages are going to the old domain missing "the" in front of it. In the smtp properties the correct domain is showing and is also set to the default and when I look at the message in the Exchange 2010 Delivery Reports tool I get this:

The e-mail address for recipient "admin@thedomain.com was updated to the e-mail address "admin@domain.com". and it looks like it is trying to go outbound since we technically don't have that domain anymore and it isn't in the list of accepted domains.

Now I opened up ASDI on that particular distribution group and I found that the targeted address was set to admin@domain.com. I edited it to say admin@thedomain.com and exchange seems to pass the message off to our Barracuda and then back to the Exchange box and it is stuck in the queue showing as a loop.

Any ideas on where to look for that?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40547067
Have you actually deleted the old email address policy? If not, then I would do that to begin with.
Once you have done that, give the domain time to replicate the change, then apply your other email address policy. That should update all of the mail enabled objects with the address from the live domain.

Simon.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 40547137
When I try to delete it, I get an error basically saying that I can't delete the default policy.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 40547195
So I am trying a different solution, I took one of my distribution groups and disabled it in the Exchange 2010 EMC and tried to recreate it and when I do that I am now getting bounce backs saying #550 5.1.1 Resolver.ADR.RecipNotFound; not found ##

looking in ASDI the group has old Exchange Attributes. I try to delete them but when I recreate the group they seem to come back. Is there anyway I can delete all the Attributes and basically create a new Exchange group from the current AD group?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40547209
That makes sense.
Is the default policy applied? If not, then leave it like that.
Furthermore the policy level should be set to "Lowest" with one or more policies set higher.

By strict best practises, the policy domain should match your internal Windows domain - so if your domain is example.local, then that is what the default policy is set to, and is then no longer touched.

Simon.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 40548960
Okay, so I managed to fix most of my distribution groups by doing this:

1) checking the groups attributes in AD, if the group contains a targeted address attribute it seems to have it in this format xx@domain.com and it is missing the word the. If this is the case then I know I have to proceed to do the following

2) disable the group in the Exchange EMC

3) Use ADEditor and remove all the Exchange sttributes

4) Recreate the distribution group in the EMC and select existing group

5) Add an X500 address that points to the legacyExchangeDN attribute

6) Once I did that to all I updated the Address Book and had the Outlook clients download a new copy. Mostly everyone can now send email to the groups. Some still had to delete the cached address that came up.

My only problem now is still, some of my OWA clients are having trouble sending to some of the groups. Some users can send to a particular group and some get a bounce back that has the X500 5.1.1 error. I have tried deleting the users cache in IE and that still isn't working. Correct me if I am wrong but OWA users use the Address Book that is on the server right? I am lost why some users would still have trouble and some aren't sending e-mailto the same group. Would you have any ideas?
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now