Avatar of SIMON FANNING
SIMON FANNING
Flag for Canada asked on

User not receiving emails from mail-enabled security group they are a member of (Exchange 2013)

Hi all,

I hope everyone is keeping well!

I've an issue with a single user account receiving emails from a mail enabled security group.
The user is not hidden from the GAL, the outlook cache has been flushed, and outlook profile deleted and recreated to no avail, I have also removed the user account from the security account for over 1 hour then added it back in.. no change there.

Message tracing shows that email is being delivered to other members of the group, but the users email address is not even being detected or picked up in order to send an email to them. 

It must be an issue within our Exchange environment (Exchange 2013 and EAC).

Any help would be greatly appreciated.. I've been stuck for a couple of days now..

Thank you!

SecurityExchangeOutlook

Avatar of undefined
Last Comment
DEMAN-BARCELO (MVP) Thierry

8/22/2022 - Mon
DEMAN-BARCELO (MVP) Thierry

Hi,

I found a similar problem (With a Distribution Group on Exchange 2016):

https://community.spiceworks.com/topic/1777632-troubleshooting-exchange-2016-expanding-distribution-groups

Firstly:

Can you verify that the security group is "Universal" ?

Then:

Try to change the service account for the service "Microsoft Exchange Transport service". (using LocalSystem in place of "NetworkService logon").
SIMON FANNING

ASKER
Hi & many thanks for your comment,
Yes, the mail-enabled security group is a Universal group.
Unfortunately, I cannot change the service account to "LocalSystem" at this time.

Cheers
SIMON FANNING

ASKER
Also, I just ran an extended message trace - it took almost 2 hours...

"The query submitted did not produce any matches."

No luck here...
Your help has saved me hundreds of hours of internet surfing.
fblack61
DEMAN-BARCELO (MVP) Thierry

So, I suppose that all members can receive direct messages.

When you are in Outlook, have you tried to develop the group?
It should replace the Group by the separate members.

=> It can be a temporary work around, and also a mean to verify that each user can receive emails.

If you don't see all the users in the development, it could also mean that the Global Address List and/or the OfflineAddressBook in not up to date.
SIMON FANNING

ASKER
Interesting update:

When the on premise SMTP server is used, the user is not picked up at all.
When the Exchange online SMTP server is used, all users in the mail enabled security group receive their mail perfectly.

Simon
DEMAN-BARCELO (MVP) Thierry

So, the user that does not receive email on local Exchange has not been updated correctly in AD.

I suppose that his mailbox is on Exchange Online and the user has not been declared as remote mailbox user in Exchange.

https://docs.microsoft.com/en-us/system-center/orchestrator/enable-remote-mailbox-hybrid?view=sc-orch-2019

Verify that this user has an email with "@.... onMicrosoft.com" in its proxyaddresses, and a "TargetAddress" containing this address.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
SIMON FANNING

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
DEMAN-BARCELO (MVP) Thierry

So, after create of a local user, you should need to use "enable-remotemailbox" on the Hybrid Exchange server.

=> This will update the correct attributes on Exchange and AD, then these attributes will be synchronized to Azure AD.