• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 63
  • Last Modified:

Exchange Transport Rules

We are running exchange 2016 and having issues with transport rules.  We had the same issues on exchange 2010.  We have a basic rule that looks for messages going to customer service, and it forwards those messages to our ticket queue.  This used to work fine, but now has just stopped working.  I've been googling for some time now, with no answers.  Some things we have been looking at:

Set-TransportConfig -ShadowRedundancyEnabled $false (didn't fix it)
Get-MessageTrackingLog (not sure this is helping)

Would appreciate any direction you can give.
0
bschwarting
Asked:
bschwarting
  • 10
  • 5
  • 5
  • +1
1 Solution
 
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
Hi, check errors in the event viewer of your server.

You can use any of this 2 scripts:
(graphical) :  https://gallery.technet.microsoft.com/scriptcenter/Histogram-Analysis-of-16c3ee3c
(html) :  https://gallery.technet.microsoft.com/office/Get-event-logs-errors-and-6871f163

You first need to know what is the error you're getting on your server, and why did you say it is a transport rule issue?
0
 
bschwartingAuthor Commented:
I assume it's the transport rule, because it's not redirecting my message.

Tons of logs, not sure where to even start.
0
 
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
Well, 1st thing is to check the event viewer, scripts will compile the information and resume it in HTML format (or in an HTML graphics). that's why I suggested already a start.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
AmitIT ArchitectCommented:
Start with message and protocol logging logs.
0
 
bschwartingAuthor Commented:
ok, I had one email go through it at 11:02 am, and I keep getting this message in event viewer at the same time:

Log Name:      Application
Source:        MSExchangeTransportSubmission
Date:          4/16/2018 11:02:45 PM
Event ID:      16028
Task Category: Configuration
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE.domain.local
Description:
A forced configuration update for Microsoft.Exchange.Data.Directory.SystemConfiguration.MailboxTransportServer has successfully completed. Object details from  the last notification-based reload: . New details: 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeTransportSubmission" />
    <EventID Qualifiers="16388">16028</EventID>
    <Level>4</Level>
    <Task>16</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-04-17T03:02:45.082529500Z" />
    <EventRecordID>44558</EventRecordID>
    <Channel>Application</Channel>
    <Computer>EXCHANGE2.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Microsoft.Exchange.Data.Directory.SystemConfiguration.MailboxTransportServer</Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>

Open in new window

0
 
bschwartingAuthor Commented:
Amit,

I don't see either of those in event viewer.
0
 
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
My point was 1st check the "computer" event logs they usually give you a shot about what's going on.
After that, you can enter in the more complicated logs that are those that Amit requested to check, but If you are unable to check the event viewer logs, it will be harder to check the more complicated ones.

Jose
0
 
bschwartingAuthor Commented:
Jose,

My concern was running:
set-executionpolicy unrestricted

On our exchange server, wasn't sure that was safe.
0
 
Mohammad Ishtyaq KhatriCommented:
1. Your recipient where the emails are forwarded receiving new emails \ other emails?
2. Did you tried restarting transport service on your servers?
0
 
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
Well what it means "unrestricted" is that you can run any poweshell script on your server.
Which is a regular step when you want to run scripts that aren't signed by anyone.
The good practice is to use the scripts and then set it to "remotesigned" after you ran all your scripts, at least you have a task or something that requires the use of a custom script over and over again
0
 
bschwartingAuthor Commented:
1) What's bizarre is, the transport rule works fine if you direct email it from outside.  It doesn't work if sent from a web form on our website.
2) This has been happening on our old exchange 2010 server, and still happening on our new exchange 2016 server.
0
 
AmitIT ArchitectCommented:
no issue in setting it unrestricted. It seems you have relay issue. Did you added the server ip into Exchange relay. Simple test, you can use telnet from your web server and submit test mail. That can tell you, if you have relay issue.
0
 
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
Ok the question in here is, you need to show us 3 things.

1. The Message headers of an email sent from your "website".
(how are they sending it: what authentication is using, (if any), if not they need to add authentication and an account that exist on AD).
details about how are they sending it.

2. A header of any external unimportant email that is being sent from the outside, and compare. (1 with 2).

3. How is set the Transport rule, (a picture of details maybe).

Jose
0
 
bschwartingAuthor Commented:
See log screenshots:
application.png
System.png
0
 
Mohammad Ishtyaq KhatriCommented:
In your case seems like the email coming from Web form is not getting processed. Looks like you transport rule might need a bit of modification. If you want your web form emails to be included you might need to add another condition on the rule to either "Specify the specific sender" Or the "IP OR IP\Range from which email is sending out"
0
 
bschwartingAuthor Commented:
I tried the IP range and no luck.
0
 
AmitIT ArchitectCommented:
Did you made any changes before this issue started. Like any patching etc?
0
 
bschwartingAuthor Commented:
The bad thing is, I don't exactly know when the issues started.  We have only been applying the monthly security updates.
0
 
AmitIT ArchitectCommented:
As I advise, you login to your webserver first and then use telnet to send a test mail. This way we can rule out relay issue. Then we can focus on other troubleshooting steps.
0
 
bschwartingAuthor Commented:
I'm trying, my SSH session looks to be limited.  I can't telnet, ping, etc... Trying to get this fixed.
0
 
bschwartingAuthor Commented:
Ended up paying MS to support us.  There were multiple issues, but I think Symantec for Exchange was one issue.  We also setup contact cards for each auto-forward address.  We also turned auto-forward to true.  It's working, for now  :)
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

  • 10
  • 5
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now