Exchange Transport Rules

We are running exchange 2016 and having issues with transport rules.  We had the same issues on exchange 2010.  We have a basic rule that looks for messages going to customer service, and it forwards those messages to our ticket queue.  This used to work fine, but now has just stopped working.  I've been googling for some time now, with no answers.  Some things we have been looking at:

Set-TransportConfig -ShadowRedundancyEnabled $false (didn't fix it)
Get-MessageTrackingLog (not sure this is helping)

Would appreciate any direction you can give.
LVL 1
bschwartingAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jose Gabriel Ortega CastroCEOCommented:
Hi, check errors in the event viewer of your server.

You can use any of this 2 scripts:
(graphical) :  https://gallery.technet.microsoft.com/scriptcenter/Histogram-Analysis-of-16c3ee3c
(html) :  https://gallery.technet.microsoft.com/office/Get-event-logs-errors-and-6871f163

You first need to know what is the error you're getting on your server, and why did you say it is a transport rule issue?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bschwartingAuthor Commented:
I assume it's the transport rule, because it's not redirecting my message.

Tons of logs, not sure where to even start.
0
Jose Gabriel Ortega CastroCEOCommented:
Well, 1st thing is to check the event viewer, scripts will compile the information and resume it in HTML format (or in an HTML graphics). that's why I suggested already a start.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

AmitIT ArchitectCommented:
Start with message and protocol logging logs.
0
bschwartingAuthor Commented:
ok, I had one email go through it at 11:02 am, and I keep getting this message in event viewer at the same time:

Log Name:      Application
Source:        MSExchangeTransportSubmission
Date:          4/16/2018 11:02:45 PM
Event ID:      16028
Task Category: Configuration
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE.domain.local
Description:
A forced configuration update for Microsoft.Exchange.Data.Directory.SystemConfiguration.MailboxTransportServer has successfully completed. Object details from  the last notification-based reload: . New details: 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeTransportSubmission" />
    <EventID Qualifiers="16388">16028</EventID>
    <Level>4</Level>
    <Task>16</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-04-17T03:02:45.082529500Z" />
    <EventRecordID>44558</EventRecordID>
    <Channel>Application</Channel>
    <Computer>EXCHANGE2.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Microsoft.Exchange.Data.Directory.SystemConfiguration.MailboxTransportServer</Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>

Open in new window

0
bschwartingAuthor Commented:
Amit,

I don't see either of those in event viewer.
0
Jose Gabriel Ortega CastroCEOCommented:
My point was 1st check the "computer" event logs they usually give you a shot about what's going on.
After that, you can enter in the more complicated logs that are those that Amit requested to check, but If you are unable to check the event viewer logs, it will be harder to check the more complicated ones.

Jose
0
bschwartingAuthor Commented:
Jose,

My concern was running:
set-executionpolicy unrestricted

On our exchange server, wasn't sure that was safe.
0
Mohammad Ishtyaq khatriSr. EngineerCommented:
1. Your recipient where the emails are forwarded receiving new emails \ other emails?
2. Did you tried restarting transport service on your servers?
0
Jose Gabriel Ortega CastroCEOCommented:
Well what it means "unrestricted" is that you can run any poweshell script on your server.
Which is a regular step when you want to run scripts that aren't signed by anyone.
The good practice is to use the scripts and then set it to "remotesigned" after you ran all your scripts, at least you have a task or something that requires the use of a custom script over and over again
0
bschwartingAuthor Commented:
1) What's bizarre is, the transport rule works fine if you direct email it from outside.  It doesn't work if sent from a web form on our website.
2) This has been happening on our old exchange 2010 server, and still happening on our new exchange 2016 server.
0
AmitIT ArchitectCommented:
no issue in setting it unrestricted. It seems you have relay issue. Did you added the server ip into Exchange relay. Simple test, you can use telnet from your web server and submit test mail. That can tell you, if you have relay issue.
0
Jose Gabriel Ortega CastroCEOCommented:
Ok the question in here is, you need to show us 3 things.

1. The Message headers of an email sent from your "website".
(how are they sending it: what authentication is using, (if any), if not they need to add authentication and an account that exist on AD).
details about how are they sending it.

2. A header of any external unimportant email that is being sent from the outside, and compare. (1 with 2).

3. How is set the Transport rule, (a picture of details maybe).

Jose
0
bschwartingAuthor Commented:
See log screenshots:
application.png
System.png
0
Mohammad Ishtyaq khatriSr. EngineerCommented:
In your case seems like the email coming from Web form is not getting processed. Looks like you transport rule might need a bit of modification. If you want your web form emails to be included you might need to add another condition on the rule to either "Specify the specific sender" Or the "IP OR IP\Range from which email is sending out"
0
bschwartingAuthor Commented:
I tried the IP range and no luck.
0
AmitIT ArchitectCommented:
Did you made any changes before this issue started. Like any patching etc?
0
bschwartingAuthor Commented:
The bad thing is, I don't exactly know when the issues started.  We have only been applying the monthly security updates.
0
AmitIT ArchitectCommented:
As I advise, you login to your webserver first and then use telnet to send a test mail. This way we can rule out relay issue. Then we can focus on other troubleshooting steps.
0
bschwartingAuthor Commented:
I'm trying, my SSH session looks to be limited.  I can't telnet, ping, etc... Trying to get this fixed.
0
bschwartingAuthor Commented:
Ended up paying MS to support us.  There were multiple issues, but I think Symantec for Exchange was one issue.  We also setup contact cards for each auto-forward address.  We also turned auto-forward to true.  It's working, for now  :)
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.