Hi, 

I am in the process of implementing Cross-Forest routing between two Exchange Organizations (Exchange 2010 and Exchange 2013). 

When I configure the send connector on either side to authentication only after establishing TLS I am getting errors in the SMTP logs stating "cannot validate certificate". I am assuming that this is because it is making the connection on my Default Receive Connector and it cannot validate the certificate because Exchange is configure to use a self signed certificate for TLS (SMTP) by default. 

My questions are: 

• Is there any way to get Exchange to bypass the validation and establish TLS without verifying the cert? (I believe with opportunistic TLS this occurs and the self signed certificate is used to encrypt the channel).
• A)If I cannot use the self signed certificate for Basic Authentication over TLS, can I create another receive connector that will allow basic authentication over TLS? If so, I assume I will assign an FQDN to the connector and match the subject name on the TLS Cert to the FQDN property? 
• B) If I opt to go with a new receive connector and a CA signed certificate for TLS, how do I assign that particular certificate to the new receive connector. As far as I can tell Exchange 2010 does not have this property that can be set on the receive connector to use a specific TLS certificate. One newer versions of Exchange there is a -TlsCertificateName parameter on the Set-ReceiveConnector cmdlet, however this is not available on Exchange 2010.

Thanks in advance. 

Mike.

I have an edge transport server and the exchange serve setup in my lab.

I have configured a subscription OK and its synching fine.

I can send mail out OK, but get therror when I try to send from extenal to internal.

I used to have this working and have no idea whats happened.

The send connectors are the 2 created when you run the command to cerate subscription. they look fine.

Any help appreciated.

Joe.

Thanks - Joe.

"Externals email(Yahoo mail) are not going from my company email( Exchange Server 2016) but email is going to gmail and outlook live" please advice me.

Hi,

I recently implemented a rule to add a disclaimer to emails that are received from outside of our network.  The rule is fairly simple, in it's current state it basically says If an email is sent to either of these 2 users and it came from outside of the network, prepend this disclaimer to it.  The rule works, but, I've noticed that it's adding the disclaimer to email messages from application servers within the network that are using the SMTP relay service on the exchange servers.  My guess is that this is happening because the SMTP relay is set for Anonymous and therefore exchange thinks these messages are originating from outside of the network and therefore applying the disclaimer rule.  In an attempt to get around this, I created an exclusion that says "Except if the message sender ip addresses belong to one of these ranges" and then I've added our network ranges (I've tried adding them in CIDR format as well as listing the starting ip address and the last ip address in the subnet) but it's still applying the rule to these messages.  Any suggestions?  Here is the exchange powershell output of the rule I have created.

I'm not even supposed to be here today.

"Externals email(Yahoo mail) are not going from my company email( Exchange Server 2016) but email is going to gmail and outlook live" please advice me.

I have a problem with my exchange server, because one e-mail does not enter the mailbox, even though the Comodo antispam e-mail log has entered our server, after I investigated, there were some irregularities when I used the tracking message there was a HAREDIRECTFAIL status, then under it was a log RECEIVE but with an empty recipient, I think that's the root of the problem, this is different from the next image where after HAREDIRECTFAIL then RECEIVE appears with the same recipient name.

Hi,

We use Exchange Server 2010 standard version. We have one mailbox and one hubcas server.

We frequently have email queue issue from the gateway to hubcas server. The mails used to get held in gateway and not reaching hubcas server. Journaling is enabled for all the messages in each database properties.

Jornaling is done to a mailbox in a database.

Below are the events:

A message with the Internal Message ID 14077388 was rejected by the remote server.  This message will be deferred and retried because it was marked for retry if rejected.  Other messages may also have encountered this error.

Also from queue viewer

Identity: hubserver1\166519\14700652
Subject: subject1
Internet Message ID: <079800ee-617d-409f-bb0a-c944732023b7@journal.report.generator>
From Address: <>
Status: Ready
Size (KB): 533
Message Source Name: Journaling
Source IP: 255.255.255.255
SCL: 0
Date Received: 10/31/2018 9:44:06 PM
Expiration Time:
Last Error: 421 4.4.2 Connection dropped due to ConnectionReset
Queue ID: hubserver1\166519
Recipients:  journaling@journal.domain.com;2;2;421 4.4.2 Connection dropped due to ConnectionReset;0;CN=Outbound to gateway,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=SS,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=group

Identity: hubserver1\166519\14700652
Subject: subject2
Internet Message ID: <079800ee-617d-409f-bb0a-c944732023b7@journal.report.generator>
From Address: <>
Status: Retry
Size (KB): 533
Message Source Name: Journaling
Source IP: 255.255.255.255
SCL: 0
Date Received: 10/31/2018 9:44:06 PM
Expiration Time:
Last Error: 400 4.4.7 The server responded with: 550 5.6.2 SMTPSEND.BareLinefeedsAreIllegal; message contains bare linefeeds, which cannot be sent via DATA. The failure was replaced by a retry response because the message was marked for retry if rejected.
Queue ID: hubserver1\166519
Recipients:  journaling@journal.domain.com;3;2;400 4.4.7 The server responded with: 550 5.6.2 SMTPSEND.BareLinefeedsAreIllegal; message contains bare linefeeds, which cannot be sent via DATA. The failure was replaced by a retry response because the message was marked for retry if rejected.;0;CN=Outbound to gateway,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=SS,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domains,DC=group

Please also find the output of below command.

Please let me know how do I resolve this issue.

This issue gets resolved automatically but it happens again after some months.

Hello,

I have an Exchange Server 2013 and i want to configure it to send mail through my antispam.I have configured a custom send connector and then returns the error that i have mentioned in the title.I'll try to explain how i have the system:

All correct. Now i want to send mail through the antispam:

have set a custom send connector redirecting mail to my antispam and the antispam relay outside.In receive connector i have not set anything because mail is already receiving through the antispam.With this setup i get the error: 554 5.4.6 Hop count exceeded - possible mail loop

If i connect directly to the antispam and do a send test, it sends correctly. I think that the problem is in the connectors.

Someone can help me?

Thanks and regards.<span title="Para recibir correo tengo lo siguiente: internet > firewall > antispam en dmz > servidor exchange ">

Hi Everyone,

I have exchange 2010 at the moment (migrating to online next year) and i have task re GDPR purposes to set a 3 to 5 minutes delay across the board to all outgoing emails.

I know how to do this on the outlook level using message rules, but as you know you cant control this using GPO.

So i'm wondering if there's anyway to do this from the server side through the transport rules or something? i have tried and i was searching the internet but cant find any solid answers.

Please let me know your thoughts and if you have a solution.

Thank you,

Kind regards,

Karim,

The organization is constantly getting the following error message on Exchange Server 2013 

We are constantly getting this error, kindly let us know how to fix the issue permanently 

==================================================================================================

MSExchangeTransport has detected a storage error on database(Transport Mail Database), DB action (DeemTransient), Process action (Stop) [Microsoft.Isam.Esent.Interop.EsentAttachedDatabaseMismatchException: An outstanding database attachment has been detected at the start or end of recovery, but database is missing or does not match attachment info

at Microsoft.Isam.Esent.Interop.Api.JetInit(JET_INSTANCE& instance)
at Microsoft.Exchange.Transport.Storage.DataSource.InitInstance()].

==========================================================================

Transport Mail Database: The database could not be opened because the database file does not match the log files. The Microsoft Exchange Transport service is shutting down. The exception is Microsoft.Isam.Esent.Interop.EsentAttachedDatabaseMismatchException: An outstanding database attachment has been detected at the start or end of recovery, but database is missing or does not match attachment info

at Microsoft.Isam.Esent.Interop.Api.JetInit(JET_INSTANCE& instance)
at Microsoft.Exchange.Transport.Storage.DataSource.InitInstance()

Hello,

We deployed a Exchange Hybrid with O365 and an on-prem Ex2013 Server. We use the option "Centralized mail flow" as configured in the HCW.

Goal is that messages sent from o365 mailbox are routed through the on-prem ex2013 server and then to the external recipient.

When we test this mailflow, we get an error from the Ex2013 server, that the relay is not permitted. error 550 5.7.1

The HCW did not change anything on the Ex2013 receive connector.

I expected that the HCW would make all required modifications needed to allow the Ex2013 to "relay" mails from o365 to external recipients. IS this assumption correct?

Do I need to configure a new receive connector on Exchange to allow this mailflow? If yes, how would the connector be configured?

please any advice on this issue. Thanks

HOD receive OutOfOffice (OOF) from OOF user when he send’s bulk email using Distribution Group.

When assistance send bulk email with "send as" permission Department head receive the email that by design of Exchange.

HOD doesn't want delegate to "send on behalf ", it has to be "send as"

End goal is to stop the OOF message for the email which is send by delegate.

We can’t use transport rule as it stop all the OOF message for Department head email.

Any advice? 

Hi,
We've got unwanted experience with Exchange 2013 mailbox junk e-mail configuration. We've setup an account junk filter settings, that accept e-mails only from senders from safe senders list, with command: 

Set-MailboxJunkEmailConfiguration -Identity "Our Mailbox" -TrustedListsOnly $True -TrustedSendersAndDomains $ListOfEmails

Generally it works fine - if e-mail is sent by sender who is not on the list, that e-mail goes directly to junk e-mails folder. But there is one strange exception - if sender who is not on the list add e-mail address that is on the safe senders list as CC, that e-mail will be accepted and placed in Inbox folder. 

Is there any option or fix to change that behaviour?

Thanks fof help.

We have Exchange 2013. Below are the versions.

Version 15.0 ‎(Build 847.32)‎
Version 15.0 ‎(Build 775.38)‎

Both are mailbox,cas servers

We face outlook disconnection issues.

below are some event IDs

2200

2136

15021

1021

106

We see CPU use high, so increased the processor and also memory and now that is normal. Still we have the issue.

Outlook shows status as disconnected. Somtimes it get connected but still goes disconnected. restarted the servers multiple times.

OWA is working fine.

Below are some screenshots.

The above when tried to modify the front end connector max input value. AD is reachable, restarted also. Same issue exists.

This issue is with one of the outlook clients. Restarted the client multiple times.

The above when trying to open EMS on one of the servers. Restarted, same issue.

Kindly let me know how to resolve this. Please move to necessary forum if this is not the correct forum.

I have two servers with both the mailbox and client access role installed. I have come to realize that Content Filter Agent runs before Transport Rule Agent runs. This affected me because I was using Transport Rules to set an SCL so that when ti went though the Content Filter Agent, the proper requirements would apply. But even though I was setting SCL to 6 when SPF Failed, mail was still going to my users mailbox even thought I have SCL 6 to go to my spam qurantine mailbox. The reason for that was because the Content Filter Agent is running on the OnEndOfData event and the Transport Rule was running on OnResolvedmessage event which occurs after the OnEndOfData event. When I ran Get-TransportPipeline |fl event,transportagents on both my servers to confirm that was the case, not all agents are running on each server. For server 1, I got:

Event           : OnConnectEvent
TransportAgents : {}

Event           : OnHeloCommand
TransportAgents : {}

Event           : OnEhloCommand
TransportAgents : {}

Event           : OnStartTlsCommand
TransportAgents : {}

Event           : OnAuthCommand
TransportAgents : {}

Event           : OnProcessAuthentication
TransportAgents : {}

Event           : OnEndOfAuthentication
TransportAgents : {}

Event           : OnXSessionParamsCommand
TransportAgents : {}

Event           : OnMailCommand
TransportAgents : {Inbound Trust Agent}

Event           : OnRcptCommand
TransportAgents : {}

Event           : OnDataCommand
TransportAgents : {}

Event           : OnEndOfHeaders
TransportAgents : {Inbound Trust Agent}

Event           : OnProxyInboundMessage
TransportAgents : {FrontendProxyAgent}

Event           : OnEndOfData
TransportAgents : {}

Event           : OnHelpCommand
TransportAgents : {}

Event           : OnNoopCommand
TransportAgents : {}

Event           : OnReject
TransportAgents : {}

Event           : OnRsetCommand
TransportAgents : {}

Event           : OnDisconnectEvent
TransportAgents : {}

Event           : OnSubmittedMessage
TransportAgents : {RMS Decryption Agent, Malware Agent, Text Messaging Routing Agent, RMS Encryption Agent, Journal
                  Agent}

Event           : OnResolvedMessage
TransportAgents : {Prioritization Agent, Transport Rule Agent, Index Routing Agent}

Event           : OnRoutedMessage
TransportAgents : {RMS Encryption Agent, Prelicense Agent, Journal Agent, Redirection Agent}

Event           : OnCategorizedMessage
TransportAgents : {Journal Report Decryption Agent, Outbound Trust Agent}

and for server 2 i got: 

Why would they be different if both servers have the same roles? One thing I thought was that I had not enabled antispam on server 1 but I know I did. I ran the powershell command on both servers. 

On a second note, does anyone know how I can get the Transport Agent to run before the Content Filter Agent?

I have a single multi-role Exchange 2013 server and it would appear that it's not properly maintaining the temp files for the transport service.  I still have all those folder locations at their default and the problem folder is c:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp

I never had a problem with this in Exchange 2007 but I am used to running a PowerShell script nightly to clean up the IIS log files.  Do I need to do something similar for this temp folder?  Is there a setting I can adjust so that Exchange will limit the size of this folder itself?  If I stop the transport service and delete the files here will I lose anything?

Any suggestions or insight would be greatly appreciated.

Good day.

I have Exchange 2016 CU8 installed. Two nodes setup with DAG. It works fine until I tried to enable the Malware Agent. Once it is enabled and Exchange transport service is restarted, all emails are stucked in submission queue with "Last Error: Message deferred by categorizer agent.".

I tried to use Set-MalwareFilteringServer to bypass the scanning but mail flow still not working.

However as soon as I disabled Malware agent, the mailflow is back working right away. 

Any suggestion? Why malware agent doesn't work well?

Thanks!

I have Exchange Server 2013 with CU 21 and added TLS 1.2 registries on my Exchange Servers. Recently ran Exchange HCW, I am unable to receive mails from office 365 mailboxes using TLS 1.2. I have third party certificate while validating out bound connector on office 365 it shows following error " The validation is failed with error "450 4.4.317 Cannot connect to remote server [Message=451 4.4.0 Socket error SocketError]" when i am enabling TLS on connector settings".

Hi.

Whenever a user sends an e-mail from a mail-enabled public folder, we get event ID 2009 in the eventlog on the server.

Here is an example:

[Process:Microsoft.Exchange.RpcClientAccess.Service PID:8508 Thread:21] Error occurred while resolving the Active Directory object for from email address field: '/CN=Mail Public Folder/CN=Version_1_0/CN=e8220731-f0fa-4ddc-8468-b4c0b03fd014/CN=00000000F9EEE5CC0E1CEA4399F554BE45C282950100553B1102F06969459294143534D98B4D0001030A79E30000'. Audit log will not be generated for this case. Exception details:
Microsoft.Exchange.Data.Storage.ObjectNotFoundException: The Active Directory user wasn't found.
   at Microsoft.Exchange.Data.Storage.ExchangePrincipalFactory.FromProxyAddress(IRecipientSession session, String proxyAddress, RemotingOptions remotingOptions)
   at Microsoft.Exchange.Data.Storage.ExchangePrincipalFactory.FromProxyAddress(ADSessionSettings adSettings, String proxyAddress, RemotingOptions remotingOptions)
   at Microsoft.Exchange.Data.Storage.ExchangePrincipal.FromProxyAddress(ADSessionSettings adSettings, String proxyAddress)
   at Microsoft.Exchange.Data.Storage.COWAudit.GetSubmitEffectiveMailboxOwner(MailboxSession session, CallbackContext callbackContext)

The mails are sent correctly, but transport rules are not applied to them. So as we have some transport rules that copy mails with specific recipients, this is a problem.

The only references I can find to this error are related to not being able to send to the folder, and does not seem to apply to my situation.