Monday, September 20, 2010

What to do When the Postman Doesn’t Knock

No matter how much we try, there will inevitably be messages that the system gives up on and are unable to be delivered. Luckily Microsoft Exchange, as our postman, does a pretty good job of giving us the clues as to why the message was not delivered.

Exchange does this in the form of a Non-Deliverable Report or NDR similar to the one below that is sent to the originator of the message.

All NDRs that originate within Exchange include a NDR code that is in X.X.X format, where X is in numeric format. The table below lists the Exchange 2007 NDR codes and their typical meaning.

Explanation of Enhanced Status Codes in Exchange 2007 NDRs
4.2.2The recipient has exceeded their mailbox limit. 
It could also be that the delivery directory on the Virtual server has exceeded its limit.
4.3.1Insufficient system resources.  This normally means not enough disk space on the delivery server. 
Microsoft says this Exchange NDR may be reported as out-of-memory error.
4.3.2A classic temporary problem.  Most likely, the Administrator has frozen the queue.
4.4.1Intermittent network connection.  The server has not yet responded.  Classic time-out problem.  If it persists, you will also get a 5.4.x status code error.
4.4.2The server started to deliver the message but then the connection was dropped.  The sending server is configured to retry automatically.
4.4.6Too many hops.  Most likely, the message is looping.
4.4.7Problem with a protocol timeout, for example a message header limit.  Check receiving server connectors.
4.4.9A DNS problem.  Check your smart host setting on the SMTP connector.  For example, check correct SMTP format. Also, use square brackets in the IP address [] 
You can get this same NDR error if you have been deleting routing groups.
4.6.5Multi-language situation.  Your server does not have the correct language code page installed.
5.0.0SMTP 500 reply code means an unrecognized address.  You get this NDR when you make a typing mistake when you manually try to send email via telnet.
The most likely cause is a routing error.  One solution maybe to add an * in the address space.
A separate cause for NDR 5.0.0 is a DNS problem.
5.1.0Sender denied.  Often seen with contacts. Verify the recipient address.
Mismatched Network Card duplex setting.
5.1.1Bad destination mailbox address.  5.1.1 is the most common Exchange 2007 NDR; there is a problem with the recipient address. 
Maybe the recipient does not exist. 
Possibly the user was moved to another server in Active Directory. 
Check mailbox delegation.
Maybe an Outlook client replied to a message while offline.
Check connector configuration.
5.1.2SMTP; 550 Host unknown.  An error is triggered when the host name can't be found.  For example, when trying to send an email to
5.1.3Invalid recipient address.  Another problem often seen with contacts or cached address entries.  Address field maybe empty.  Check the address information.  Or there could be a syntax error.
5.1.4Destination mailbox address ambiguous.  Two objects have the same address, which confuses the Exchange 2007 Categorizer (Not to mention the mail administrator).
5.1.5Destination mailbox address invalid.
5.1.6Problem with homeMDB or msExchHomeServerName - check how many users are affected.  Sometimes running RUS (Recipient Update Service) cures this problem.  Mailbox may have moved.
5.1.7Invalid address.  Problem with senders mail attribute, check properties sheet in AD Users and Computers.
5.1.8Something wrong with sender's address
5.2.1Mailbox cannot be accessed.  Perhaps the message is too large.  Alternatively, the mailbox has been disabled, or is offline. Check the recipient's mailbox.
Else it could be a permissions problem, particularly on a Public Folder.  If so, try this PowerShell Command:
get-PublicFolderClientPermission "\ProblemFolder"
5.2.2Sadly, the recipient has exceeded their mailbox storage quota.
5.2.3Recipient cannot receive messages this big.  The server or connector limit exceeded.  Try resending the message without the attachment.
5.2.4Most likely, a distribution list or group is trying to send an email.  Check where the expansion server is situated.  The application event log may have an Event ID 6025 or 6026, which has more detailed information.
5.3.0Problem with MTA, maybe someone has been editing the registry to disable the MTA / Store driver.
5.3.1Mail system full.  Disk full problem on the mailbox server?
5.3.2System not accepting network messages.  Look outside Exchange for a connectivity problem.
5.3.3Remote server has insufficient disk space to hold email.  Check SMTP log.  This error often happens when the sending server is using an ESMTP BDAT command.
5.3.4Message too big.  Check the limits on both the sender and receiver side.  There maybe a policy in operation.
5.3.5System incorrectly configured.  Multiple Virtual Servers are using the same IP address and port. See Microsoft TechNet article: 321721 Sharing SMTP.  Email probably looping.
5.4.0DNS Problem.  Check the Smart host, or check your DNS. It means that there is no DNS server that can resolve this email address.  Could be Virtual Server SMTP address.
5.4.1No answer from host.  Not Exchange's fault, check connections.
5.4.2Bad connection.
5.4.3Routing server failure.  No available route.
5.4.4Cannot find the next hop, check the Routing Group Connector.  Perhaps you have Exchange servers in different Routing Groups, but no connector.  Configuring an MX record may help.
5.4.6Tricky looping problem, a contact has the same email address as an Active Directory user. 
One user is probably using an Alternate Recipient with the same email address as a contact.
Check recipient policy.
5.4.7Delivery time-out.  Message is taking too long to be delivered.
5.4.8Microsoft advises checking your recipient policy when receiving this error. SMTP address should be 
5.5.0Underlying SMTP 500 error.  Our server tried ehlo, the recipient's server did not understand and returned a 550 or 500 error.  Set up SMTP logging. You will likely end up setting up a separate send connector to send mail to this domain to use HELO rather than EHLO formatted SMTP mail.
5.5.1Invalid command.  (Rare Exchange NDR)
5.5.2Possibly the disk holding the operating system is full.  Alternatively, it could be a syntax error if you are executing SMTP from telnet.
5.5.3Too many recipients.  More than 5,000 recipients.  Check the Global Settings, Message Delivery properties.  Try resending the same message to fewer recipients.
5.5.4Invalid domain name.  The true cause maybe an invalid character.
5.5.5Wrong protocol version.
5.5.6Invalid message content.  This is a protocol error, thus you should get more information by looking in the application log.
5.6.0Corrupt message content.  Try sending without attachment.
5.6.1Media not supported.
5.6.3More than 250 attachments.
5.7.1A very common Exchange 2007 NDR, the cause is a permissions problem.  For some reason the sender is not allowed to email this account. 
Perhaps an anonymous user is trying to send mail to a distribution list. 
Alternatively, a user may have a manually created email address that does not match a System Policy.
Check SMTP Virtual Server Access Tab.  Try checking this box: Allow computers which successfully authenticate to relay. 
Check the outgoing SMTP logs.
Check: Mailbox - <Mailboxname> - Properties - Mail Flow Settings - Message delivery restrictions.
Try disabling Windows-Integrated-Security.  Instead allow only standard authorization on the SMTP receiver on the Exchange 2007 server.
Check Attachment filtering on the Edge server.
5.7.2Distribution list cannot be expanded and so is unable to deliver its messages. May be a Global Catalog problem or a DL that has been deleted.
5.7.3Not Authorized, security problem.  It could be that the sender cannot send to the alternative address.  
On another tack, check external IP address of ISA server. Make sure it matches the SMTP publishing rule.
5.7.4Extra security features not supported.  Check delivery server settings
5.7.5Cryptographic failure.  Try a plain message without encryption.
5.7.6Certificate problem, encryption level maybe too high.
5.7.7Message integrity problem.

If your NDR code is not in X.X.X format, it did not originate within Exchange and likely originated with the client. This is especially true if it is either in hex format like 0x800CCC09 or a long numeric code that includes dashes.

No comments:

Post a Comment