• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Receive mail successfully but failed to deliver into user mailbox - Exchange 2007

J

Joe Tam

#1
Dear Sir,
We have receive a problem report from the user. I found that message is successfully received from SMTP receiving connector, but failed to deliver into user mailbox, do anyone has suggestion how to evaluate this issue?

Below is the receive log of the message from SMTP receiving connector: (It shows successful receive - queued mail)

Server Exchange 2007 with SP2:

Problem Message: OF36D539A6.65A9BF92-ON482577EC.00226FEF-482577EC.002297C5@lenovo.com

SMTP receiving log:

============================================================================

<OF36D539A6.65A9BF92-ON482577EC.00226FEF-482577EC.002297C5@lenovo.com>

10-12-01T06:17:54.433Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,0,192.168.1.200:25,200.23.1.35:43827,+,,
2010-12-01T06:17:54.433Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,1,192.168.1.200:25,200.23.1.35:43827,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2010-12-01T06:17:54.449Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,2,192.168.1.200:25,200.23.1.35:43827,>," 220 mail.domain1.net Microsoft ESMTP MAIL Service ready at Wed, 1 Dec 2010 14:17:53 +0800" ,
2010-12-01T06:17:54.620Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,3,192.168.1.200:25,200.23.1.35:43827,<,EHLO mail138.messagelabs.com,
2010-12-01T06:17:54.620Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,4,192.168.1.200:25,200.23.1.35:43827,>,250-mail.domain1.net Hello [200.23.1.35],
2010-12-01T06:17:54.620Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,5,192.168.1.200:25,200.23.1.35:43827,>,250-SIZE 15728640,
2010-12-01T06:17:54.620Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,6,192.168.1.200:25,200.23.1.35:43827,>,250-PIPELINING,
2010-12-01T06:17:54.620Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,7,192.168.1.200:25,200.23.1.35:43827,>,250-DSN,
2010-12-01T06:17:54.620Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,8,192.168.1.200:25,200.23.1.35:43827,>,250-ENHANCEDSTATUSCODES,
2010-12-01T06:17:54.620Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,9,192.168.1.200:25,200.23.1.35:43827,>,250-STARTTLS,
2010-12-01T06:17:54.620Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,10,192.168.1.200:25,200.23.1.35:43827,>,250-AUTH GSSAPI NTLM,
2010-12-01T06:17:54.620Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,11,192.168.1.200:25,200.23.1.35:43827,>,250-8BITMIME,
2010-12-01T06:17:54.620Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,12,192.168.1.200:25,200.23.1.35:43827,>,250-BINARYMIME,
2010-12-01T06:17:54.620Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,13,192.168.1.200:25,200.23.1.35:43827,>,250 CHUNKING,
2010-12-01T06:17:54.808Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,14,192.168.1.200:25,200.23.1.35:43827,<,MAIL FROM:<user1@lenovo.com>,
2010-12-01T06:17:54.808Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,15,192.168.1.200:25,200.23.1.35:43827,*,08CD5C3BBD5DBA20;2010-12-01T06:17:54.433Z;1,receiving message
2010-12-01T06:17:54.808Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,16,192.168.1.200:25,200.23.1.35:43827,>,250 2.1.0 Sender OK,
2010-12-01T06:17:54.995Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,17,192.168.1.200:25,200.23.1.35:43827,<,RCPT TO:<arthurch@domain1.net>,
2010-12-01T06:17:54.995Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,18,192.168.1.200:25,200.23.1.35:43827,>,250 2.1.5 Recipient OK,
2010-12-01T06:17:55.183Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,19,192.168.1.200:25,200.23.1.35:43827,<,DATA,
2010-12-01T06:17:55.183Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,20,192.168.1.200:25,200.23.1.35:43827,>,354 Start mail input; end with <CRLF>.<CRLF>,
2010-12-01T06:18:09.368Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,21,192.168.1.200:25,200.23.1.35:43827,>,250 2.6.0 <OF36D539A6.65A9BF92-ON482577EC.00226FEF-482577EC.002297C5@lenovo.com> Queued mail for delivery,
2010-12-01T06:18:09.618Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,22,192.168.1.200:25,200.23.1.35:43827,<,QUIT,
2010-12-01T06:18:09.618Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,23,192.168.1.200:25,200.23.1.35:43827,>,221 2.0.0 Service closing transmission channel,
2010-12-01T06:18:09.618Z,ServerE2K7\Anonymous Receive Mail ServerE2K7,08CD5C3BBD5DBA20,24,192.168.1.200:25,200.23.1.35:43827,-,,Local

============================================================================

In the troubleshoot of " Message Tracking Log" , it mentions that it is failed:
Timestamp EventId Source SourceConte MessageId Message Subject Sender receipent InternalMessageId ClientIP ClientHostname ServerIp TotalBytes RecipientCount Reference 12/1/2010 FAIL AGENT Agent OF36D539A6.65A9BF92-ON482577EC.00226F Re:Fw: Notebook & Netbook user1@lenovo.com arthurch 0 ServerE2K7 275190 1 (null)
What is the meaning of Source=Agent and EventId = Fail ?

Any suggestion to further trace why it is failed?

Joe
 
C

Christian Weihs

#2
Hi Joe,

Server Exchange 2007 with SP2:

Please first upgrade to SP3 - perhaps your issues is a bug and solved...

============================================================================
In the troubleshoot of " Message Tracking Log" , it mentions that it is failed:
 TimestampEventIdSourceSourceConteMessageIdMessage

SubjectSenderreceipentInternalMessageIdClientIPClientHostnameServerIpTotalBytesRecipientCountReference12/1/2010FAILAGENTAgentOF36D539A6.65A9BF92-ON482577EC.00226FRe:Fw:

Notebook & Netbookuser1@lenovo.com <mailto:user1@lenovo.com>arthurch0 
ServerE2K7 2751901(null)

There are a problem at the local transport. Which third party tools are
installed? Please post get-transportagent from your server.
http://www.msexchange.org/articles_...ure/understanding-transport-agents-part2.html

Set the diagnostic logging to an higher level and check the event log for
errors:
http://exchangeserverpro.com/managing-diagnostic-logging-with-exchange-server-2007

Best regards
Christian
 
J

Joe Tam

#3
Dear Christian,

After run get-transportagent, it shows:
Identity Enabled Priority
-------- ------- --------
SMSMSERoutingAgent True 1
SMSMSESMTPAgent True 2
Connection Filtering Agent True 3
Content Filter Agent True 4
Sender Id Agent True 5
Sender Filter Agent True 6
Recipient Filter Agent True 7
Protocol Analysis Agent True 8
Transport Rule Agent True 9
Journaling Agent True 10
AD RMS Prelicensing Agent False 11

Do you think it is blocked by 3rd pary application?
For the diagnostic logging, what kind of logging should be turned on?

Joe
 
C

Christian Weihs

#4
Hi Joe,

Identity                                           Enabled         Priority 
  
--------                                           -------         -------- 
  
SMSMSERoutingAgent                            True            1          
SMSMSESMTPAgent                               True            2          

I believe this is your Symantec AV engine - please disable them.

And upgrade your environment - perhaps this bug will be solved like this:
http://support.microsoft.com/kb/956624/en-us

    For the diagnostic logging, what kind of logging should be turned on?

Extend the MSExchangeTransport logging...

Best regards
Christian
 
J

Joe Tam

#5
Dear Christian,
How to disable Symantec AV enginee in the Exchagne transport ? Do it has any powershell command to do it ?

Joe
 
J

Joe Tam

#7
Dear Novak,
Thank you of the symantec information, I found that it is related to Symantec spam filtering issue. It has been fixed by reviewing your document.

Thanks.

Joe