bschwarting
asked on
Exchange Transport Rules
We are running exchange 2016 and having issues with transport rules. We had the same issues on exchange 2010. We have a basic rule that looks for messages going to customer service, and it forwards those messages to our ticket queue. This used to work fine, but now has just stopped working. I've been googling for some time now, with no answers. Some things we have been looking at:
Set-TransportConfig -ShadowRedundancyEnabled $false (didn't fix it)
Get-MessageTrackingLog (not sure this is helping)
Would appreciate any direction you can give.
Set-TransportConfig -ShadowRedundancyEnabled $false (didn't fix it)
Get-MessageTrackingLog (not sure this is helping)
Would appreciate any direction you can give.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Well, 1st thing is to check the event viewer, scripts will compile the information and resume it in HTML format (or in an HTML graphics). that's why I suggested already a start.
Start with message and protocol logging logs.
ASKER
ok, I had one email go through it at 11:02 am, and I keep getting this message in event viewer at the same time:
Log Name: Application
Source: MSExchangeTransportSubmission
Date: 4/16/2018 11:02:45 PM
Event ID: 16028
Task Category: Configuration
Level: Information
Keywords: Classic
User: N/A
Computer: EXCHANGE.domain.local
Description:
A forced configuration update for Microsoft.Exchange.Data.Directory.SystemConfiguration.MailboxTransportServer has successfully completed. Object details from the last notification-based reload: . New details:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchangeTransportSubmission" />
<EventID Qualifiers="16388">16028</EventID>
<Level>4</Level>
<Task>16</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-04-17T03:02:45.082529500Z" />
<EventRecordID>44558</EventRecordID>
<Channel>Application</Channel>
<Computer>EXCHANGE2.domain.local</Computer>
<Security />
</System>
<EventData>
<Data>Microsoft.Exchange.Data.Directory.SystemConfiguration.MailboxTransportServer</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
ASKER
Amit,
I don't see either of those in event viewer.
I don't see either of those in event viewer.
My point was 1st check the "computer" event logs they usually give you a shot about what's going on.
After that, you can enter in the more complicated logs that are those that Amit requested to check, but If you are unable to check the event viewer logs, it will be harder to check the more complicated ones.
Jose
After that, you can enter in the more complicated logs that are those that Amit requested to check, but If you are unable to check the event viewer logs, it will be harder to check the more complicated ones.
Jose
ASKER
Jose,
My concern was running:
set-executionpolicy unrestricted
On our exchange server, wasn't sure that was safe.
My concern was running:
set-executionpolicy unrestricted
On our exchange server, wasn't sure that was safe.
1. Your recipient where the emails are forwarded receiving new emails \ other emails?
2. Did you tried restarting transport service on your servers?
2. Did you tried restarting transport service on your servers?
Well what it means "unrestricted" is that you can run any poweshell script on your server.
Which is a regular step when you want to run scripts that aren't signed by anyone.
The good practice is to use the scripts and then set it to "remotesigned" after you ran all your scripts, at least you have a task or something that requires the use of a custom script over and over again
Which is a regular step when you want to run scripts that aren't signed by anyone.
The good practice is to use the scripts and then set it to "remotesigned" after you ran all your scripts, at least you have a task or something that requires the use of a custom script over and over again
ASKER
1) What's bizarre is, the transport rule works fine if you direct email it from outside. It doesn't work if sent from a web form on our website.
2) This has been happening on our old exchange 2010 server, and still happening on our new exchange 2016 server.
2) This has been happening on our old exchange 2010 server, and still happening on our new exchange 2016 server.
no issue in setting it unrestricted. It seems you have relay issue. Did you added the server ip into Exchange relay. Simple test, you can use telnet from your web server and submit test mail. That can tell you, if you have relay issue.
Ok the question in here is, you need to show us 3 things.
1. The Message headers of an email sent from your "website".
(how are they sending it: what authentication is using, (if any), if not they need to add authentication and an account that exist on AD).
details about how are they sending it.
2. A header of any external unimportant email that is being sent from the outside, and compare. (1 with 2).
3. How is set the Transport rule, (a picture of details maybe).
Jose
1. The Message headers of an email sent from your "website".
(how are they sending it: what authentication is using, (if any), if not they need to add authentication and an account that exist on AD).
details about how are they sending it.
2. A header of any external unimportant email that is being sent from the outside, and compare. (1 with 2).
3. How is set the Transport rule, (a picture of details maybe).
Jose
ASKER
In your case seems like the email coming from Web form is not getting processed. Looks like you transport rule might need a bit of modification. If you want your web form emails to be included you might need to add another condition on the rule to either "Specify the specific sender" Or the "IP OR IP\Range from which email is sending out"
ASKER
I tried the IP range and no luck.
Did you made any changes before this issue started. Like any patching etc?
ASKER
The bad thing is, I don't exactly know when the issues started. We have only been applying the monthly security updates.
As I advise, you login to your webserver first and then use telnet to send a test mail. This way we can rule out relay issue. Then we can focus on other troubleshooting steps.
ASKER
I'm trying, my SSH session looks to be limited. I can't telnet, ping, etc... Trying to get this fixed.
ASKER
Ended up paying MS to support us. There were multiple issues, but I think Symantec for Exchange was one issue. We also setup contact cards for each auto-forward address. We also turned auto-forward to true. It's working, for now :)
ASKER
Tons of logs, not sure where to even start.