Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Not able to send to cross trusted Exchange forest due to the recipient addresses turning into IMCEAEX-_O.......

Posted on 2016-09-27
4
Medium Priority
?
44 Views
Last Modified: 2016-10-17
We have two trusted Exchange forests -- domain1 and domain2. We tried to use a utility (Forefront Identity Management) to sync the AD user accounts/contacts and by accident caused duplicate email accounts/contacts in both forests. It prevented users from sending email cross the forests with the error:  
"More than one user has this e-mail address. #550 5.1.4 RESOLVER.ADR.Ambiguous; ambiguous address ##"

So we got into AD to delete all the sync-ed accounts/contacts in the destination domains, and thought that should be it. Unfortunately, the issue remained except the error is different:
"The e-mail address you entered couldn't be found."

Further investigation found the recipient email address we carefully typed out in the recipient field is correct for sure as we can see but from the bounced NDR we can see after sending the recipient address being altered to an ExchangeLegacyDN such as:

IMCEAEX-_O=DOMAIN2_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Frank+20Gaines625@domain2.com

And that's why got the "address not found" error.
Again, it only happens while trying to send cross the forest. There is no issue while using OWA.
And the most strange thing is, it only happens to many but NOT all users, whether it is in cached mode or not. We suspected it is cache issue so we did update OAB, GAL, redownloading OAB, etc. But the issue still remains.

Any help is appreciated.
0
Comment
Question by:Castlewood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
Todd Nelson earned 2000 total points (awarded by participants)
ID: 41818533
I hate those annoying X400/X500 addresses but at times they are necessary and must be added the the accounts as a proxy address.

Take a look at this article and the associated references ... https://oddytee.wordpress.com/2014/08/22/imceaex-ndrs-after-migrating-psts-to-office-365/

Hopefully it provides you a direction to head.
0
 

Author Comment

by:Castlewood
ID: 41819928
Thanks Todd.
The MS support article in the above link states that the auto-complete cache in Outlook or OWA uses  LegacyExchangeDN to route internal emails. Still very confused about how the "translation" works from SMTP to LegacyDN. Look, in our case, all accounts do have at least one proper X.500 in place and I understand the internal recipient SMTP we entered in Outlook will be translated to a LegacyDN for internal routing, according to the above MS support article.
But the problem is, say, the user in domain1 wants to send an email cross forest to jsmith@domain2.com. So he entered the correct SMTP address in Outlook. We verified it was the correct spelling before hitting Send. Right after sending we got the NDR where we can see the translated LegacyDN is with the wrong domain -- @domain1.com. We entered @domain2.com in SMTP, which was translated to @domain1.com in LegacyDN. How could this happen?

Lastly, even more mysterious is, the issue disappeared on the second day around 10:40am EST. Does it mean a LegacyDN has a time to live or what?
0
 

Author Comment

by:Castlewood
ID: 41820277
Spoken too early. There was still one user running into this issue. But this time, I empty the Auto-Complete cache list on his Outlook 2013 and fixed his issue. So the issue seems to become randomly in individual users. But what could cause this issue in the Exchange server side?
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41846320
Sufficuent information provided that resolved issue.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question