Guy recommends free
Exchange monitor
Here is a free tool to monitor your Exchange Server.
Download and install the utility, then inspect your mail queues, monitor the Exchange server's memory, confirm there is enough disk space and check the CPU utilization.
Server
Backup Software
Manage your server backups without complex setups.
Download free trial
www.gfi.com/
server-backup
Guy recommends free
Exchange monitor
Here is a free tool to monitor your Exchange Server.
Download and install the utility, then inspect your mail queues, monitor the Exchange server's memory, confirm there is enough disk space and check the CPU utilization.
Free Download of Exchange Monitor
Guy's Review of
Computer Utilities
1) FreePing
2) LanSurveyor
3) Xobni
4) PuTTY (UNIX)
5) WMI Monitor
6) BgInfo
7) Net-SNMP
8) Engineer's Toolset
9) DNS Stuff
10) WinDiff
Exchange 2007 NDR - Non-delivery Reports
Microsoft Exchange 2007 NDRs (Non-delivery Reports)
Let us suppose that Outlook sends an email to recipient on an Exchange 2007 server, however, that server calculates that it cannot deliver the message - what happens next? The answer is the 'Generating Server' sends a NDR (Non-delivery Report) back to the sender's Outlook.
At first, it comes as a revelation when you discover that there is more than one type of Exchange 2007 NDR. Then you discover that NDRs have enhanced status codes. Furthermore, each code number gives you extra information about the cause of the email delivery problem. This page will help you troubleshoot these NDR codes.
Topics for Exchange 2007 NDRs (Non-delivery reports)
- Interpreting Your NDR in Exchange
- NDR (Non-delivery Report) Example
- List of Exchange 2007 NDR Codes and their Meanings
- Tools and Tips for Troubleshooting Exchange NDRs
- Settings to Enable or Disable NDR Exchange 2007
- Summary - Exchange 2007 NDRs
♠
Interpreting Your Exchange NDR
Diagnostic Information for Administrators
When you examine the diagnostic information in a NDR message, make a note of the three-digit code, for example, 5.3.1. In Exchange 2007, these are know as 'Common Enhanced Status Codes'.
If the first number begins with 5, then it means you are dealing with a permanent error; this message will never be delivered. Occasionally, you get an Exchange NDR beginning with 4, in which case there is hope that email will eventually get through. The place to look for this NDR status code is on the last line of the report.
NDR codes such as 5.5.0, or 4.3.1, may remind you of SMTP errors 550 and 431. Indeed, the 500 series in SMTP has a similar meaning to the 5.y.z codes in an NDR - failure. Perhaps you have worked out why there are no 2.y.z Exchange NDRs? The reason being the 2.y.z series mean success, whereas Non-delivery Reports, by definition, are all failures.
NDR Classification for Common Enhanced Status Codes
Clearly these status codes are not random
numbers, thus we can detect patterns. The first number 4.y.z, or 5.y.z refers to the class of code, for example, 5.y.z is permanent error. Incidentally, I have not seen any status codes beginning
with 1.y.z, 3.y.z, or have I seen any numbers greater than 5.7.z.
The second number x.1.z means subject. This second digit, 1 in the previous example, gives generic information, whereas the third digit (z) gives detail. Unfortunately, I have not cracked the complete code for the second digit. However, I have discovered a few useful patterns, for instance, 5.1.x indicates a problem with the email address, as apposed to server or connector problem. In addition, 5.2.x means that the email is too big, therefore I recommend checking the message limit setting on the Exchange 2007 server.
Conclusion, research the three-digit error in your enhanced status code, see Exchange NDR codes below.
NDR (Non-delivery Report) Example
Here below is an example of an email sent to a non-existent user. There is no jethro mailbox on the worcester server. In the body of the NDR, you can see the name of the domain (exchJethro.com), the server (worcester) and the NDR status code (5.1.1). In your examples, always seek out the servername in the Received: from server (IP Address) of your NDR.
Your message did not reach some or all of the intended recipients.
Subject: Undeliverable: Secret
Sent: 06/05/2008 10:23 PM
Delivery has failed to these recipients:
jethro@cp.com on 06/05/2008
10:23 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<worcester.exchJethro.com
#5.1.1>
Kiwi Syslog Server - Free Utility to Analyze Your Network Messages
Syslog messages are full of information for troubleshooting network problems. When something goes wrong then surely there will be an error message in the syslog datagram - if only we can find that record and interpret the event. What will help to capture and analyze such network messages is the Kiwi Syslog Server.
Free Download of Kiwi Syslog Server
List of Exchange 2007 NDR Codes and their Meanings
|
NDR |
Explanation of Enhanced Status Codes in Exchange 2007 NDRs |
| 4.2.2 |
The recipient has exceeded their mailbox limit. It could also be that the delivery directory on the Virtual server has exceeded its limit. |
| 4.3.1 |
Insufficient system resources. This normally means not enough disk space on the delivery server.
Microsoft say this Exchange NDR maybe reported as out-of-memory error. |
| 4.3.2 | A classic temporary problem. Most likely, the Administrator has frozen the queue. |
| 4.4.1 | Intermittent network connection. The server has not yet responded. Classic time-out problem. If it persists, you will also get a 5.4.x status code error. |
| 4.4.2 | The server started to deliver the message but then the connection was dropped. The sending server is configured to retry automatically. |
| 4.4.6 | Too many hops. Most likely, the message is looping. |
| 4.4.7 | Problem with a protocol timeout, for example a message header limit. Check receiving server connectors. |
| 4.4.9 | A DNS problem. Check your smart host setting on the SMTP connector. For example, check correct SMTP format. Also, use square brackets in the IP address [197.89.1.4] You can get this same NDR error if you have been deleting routing groups. |
| 4.6.5 | Multi-language situation. Your server does not have the correct language code page installed. |
| 5.0.0 |
SMTP 500 reply code means an unrecognised address. You get this NDR when you make a typing mistake when you manually try to send email via telnet. The most likely cause is a routing error. One solution maybe to add an * in the address space. A separate cause for NDR 5.0.0 is a DNS problem. |
Guy Recommends: SolarWinds Engineer's Toolset v10
|
|
| 5.1.x | Exchange 2007 NDR problems with email address. |
| 5.1.0 |
Sender denied.
Often seen with contacts. Verify the recipient address. Mismatched Network Card duplex setting. |
| 5.1.1 |
Bad destination mailbox address. 5.1.1 is the most
common Exchange 2007 NDR; there is a problem with the recipient address.
Maybe the recipient does not exist. Possibly the user was moved to another server in Active Directory. Check mailbox delegation. Maybe an Outlook client replied to a message while offline. Check connector configuration. |
| 5.1.2 |
SMTP; 550 Host unknown. An error is triggered when the host name cant be found. For example, when trying to send an email to bob@ nonexistantdomain.com. [Example kindly sent in by Paul T.] |
| 5.1.3 | Invalid recipient address. Another problem often seen with contacts. Address field maybe empty. Check the address information. Or there could be a syntax error. |
| 5.1.4 | Destination mailbox address ambiguous. Two objects have the same address, which confuses the Exchange 2007 Categorizer. |
| 5.1.5 | Destination mailbox address invalid. |
| 5.1.6 | Problem with homeMDB or msExchHomeServerName - check how many users are affected. Sometimes running RUS (Recipient Update Service) cures this problem. Mailbox may have moved. |
| 5.1.7 | Invalid address. Problem with senders mail attribute, check properties sheet in ADUC. |
| 5.1.8 | Something the matter with sender's address |
| 5.2.x | NDR caused by the large size of the email. |
| 5.2.1 |
Mailbox cannot be accessed. Perhaps the message is too large.
Alternatively, the mailbox has been disabled, or is offline.
Check the recipient's mailbox. Else it could be a permissions problem, particularly on a Public Folder. If so, try this PowerShell Command: get-PublicFolderClientPermission "\ProblemFolder" |
| 5.2.2 | Sadly, the recipient has exceeded their mailbox storage quota. |
| 5.2.3 | Recipient cannot receive messages this big. The server or connector limit exceeded. Try resending the message without the attachment. |
| 5.2.4 | Most likely, a distribution list or group is trying to send an email. Check where the expansion server is situated. The application event log may have an Event ID 6025 or 6026, which has more detailed information. |
| 5.3.0 | Problem with MTA, maybe someone has been editing the registry to disable the MTA / Store driver. |
| 5.3.1 | Mail system full. Disk full problem on the mailbox server? |
| 5.3.2 | System not accepting network messages. Look outside Exchange for a connectivity problem. |
| 5.3.3 | Remote server has insufficient disk space to hold email. Check SMTP log. This error often happens when the sending server is using an ESMTP BDAT command. |
| 5.3.4 | Message too big. Check the limits on both the sender and receiver side. There maybe a policy in operation. |
| 5.3.5 | System incorrectly configured. Multiple Virtual Servers are using the same IP address and port. See Microsoft TechNet article: 321721 Sharing SMTP. Email probably looping. |
| 5.4.0 | DNS Problem. Check the Smart host, or check your DNS. It means that there is no DNS server that can resolve this email address. Could be Virtual Server SMTP address. |
| 5.4.1 | No answer from host. Not Exchange's fault check connections. |
| 5.4.2 | Bad connection. |
| 5.4.3 | Routing server failure. No available route. |
| 5.4.4 | Cannot find the next hop, check the Routing Group Connector. Perhaps you have Exchange servers in different Routing Groups, but no connector. Configuring an MX record may help. |
| 5.4.6 |
Tricky looping problem, a contact has the same email address as an Active Directory user.
One user is probably using an Alternate Recipient with the same email address as a contact. Check recipient policy. |
| 5.4.7 | Delivery time-out. Message is taking too long to be delivered. |
| 5.4.8 |
Microsoft advise, check your recipient policy. SMTP address should be
yourdom.com. NOT server.yourdom.com. |
| 5.5.0 | Underlying SMTP 500 error. Our server tried ehlo, the recipient's server did not understand and returned a 550 or 500 error. Set up SMTP logging. |
| 5.5.1 | Invalid command. (Rare Exchange NDR) |
| 5.5.2 | Possibly the disk holding the operating system is full. Alternatively, it could be a syntax error if you are executing SMTP from telnet. |
| 5.5.3 | Too many recipients. More than 5,000 recipients. Check the Global Settings, Message Delivery properties. Try resending the same message to fewer recipients. |
| 5.5.4 | Invalid domain name. The true cause maybe an invalid character. |
| 5.5.5 | Wrong protocol version. |
| 5.5.6 | Invalid message content. This is a protocol error, thus you should get more information by looking in the application log. |
| 5.6.0 | Corrupt message content. Try sending without attachment. |
| 5.6.1 | Media not supported. |
| 5.6.3 | More than 250 attachments. |
| 5.7.1 |
A very common Exchange 2007 NDR, the cause is a permissions problem. For some reason the sender is not allowed to email this account.
Perhaps an anonymous user is trying to send mail to a distribution list. Alternatively, a user may have a manually created email address that does not match a System Policy. Check SMTP Virtual Server Access Tab. Try checking this box: Allow computers which successfully authenticate to relay. Check the outgoing SMTP logs. Check: Mailbox - <Mailboxname> - Properties - Mail Flow Settings - Message delivery restrictions. Try disabling Windows-Integrated-Security. Instead allow only standard authorization on the SMTP receiver on the Exchange 2007 server. Check Attachment filtering on the Edge server. |
| 5.7.2 | Distribution list cannot expand and so is unable to deliver its messages. |
| 5.7.3 |
Not Authorized, security problem. It could be that the sender cannot
send to the alternative address. On another tack, check external IP address of ISA server. Make sure it matches the SMTP publishing rule. |
| 5.7.4 | Extra security features not supported. Check delivery server settings |
| 5.7.5 | Cryptographic failure. Try a plain message with encryption. |
| 5.7.6 | Certificate problem, encryption level maybe to high. |
| 5.7.7 | Message integrity problem. |
Guy Recommends: SolarWinds LANSurveyor
LANSurveyor will produce a neat diagram of your network topology. But that's just the start; LANSurveyor can create an inventory of the hardware and software of your machines and network devices. Other neat features include dynamic update for when you add new devices to your network. I also love the ability to export the diagrams to Microsoft Visio.
Finally, Guy bets that if you take a free trial of LANSurveyor then you will find a device on your network that you had forgotten about, or someone else installed without you realizing!
Download a Free Trial of LANSurveyor
Tools
and Tips for Troubleshooting Exchange NDRs
Exchange Mail Flow Tools
1) Launch the Exchange Management Console
2) Click on the Toolbox
3) Examine the Mail flow Tools
Alternatively:
Download the Microsoft Exchange Troubleshooting Assistant v1.1, one of
its components is the Exchange Mail Flow Troubleshooter. Here are some
of the problems where it can help you:
- Emails are delayed, or are not received.
- Users receive NDRs which are difficult to interpret.
- Messages are accumulating in one of the queues on the Exchange 2007 server.
Mail Flow Troubleshooter will diagnoses the retrieved data, and even make suggestions for cures to your NDR problems. You enter the symptoms from a pick list, the Mail Flow Troubleshooter then employs built-in logic to suggestion solutions.
ExBPA (Exchange Best Practice Analyzer)
It may be a help, or the ExBPA may distract you from
troubleshooting NDRs. What the ExBPA
will do is provide a general health check for the Exchange 2007 server.
Check the Logs
Good technique is to begin by looking in the Application log for errors. A variation of this tip is to increase the
Diagnostic Logging.
Check the queue and SMTP logs on the Exchange 2007 server.
Firewalls and Anti-virus software
You may try turning off temporarily anti-virus software and even
the client-side firewall to see if that enables the email to get through.
PowerShell for Viewing Queues
It may speed up troubleshooting your Exchange NDR if you use the PowerShell cmdlets, for
example:
get-Queue <QueueId>
retry-Queue <xyz>
get-Message -queue <QueueID>
Note: Each cmdlet has switches or parameters, try: get-Help verb-noun to find out more about an interesting cmdlet.
Regtrace
You could also gather more clues about your Exchange NDR with Regtrace, which you find on the
Exchange 2003 CD in the support\utils\i386 folder. Regtrace gives you detailed information e.g. homeMDB =
CN=Mailbox Store (JethroMail-Managers),CN=First Storage
Group,CN=InformationStore,CN=JethroMail-Managers,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=JethroMail,DC=com
Telnet
Try telnet over port 25. Naturally, you need to substitute a
real Exchange 2007 server for 'YourServer'. Open a command prompt,
type:
Telnet YourServer 25
Success means that the SMTP mail server is available. See here for help with Telnet troubleshooting.
Guy Recommends: SolarWinds LANSurveyor
LANSurveyor will produce a neat diagram of your network topology. But that's just the start; LANSurveyor can create an inventory of the hardware and software of your machines and network devices. Other neat features include dynamic update for when you add new devices to your network. I also love the ability to export the diagrams to Microsoft Visio.
Finally, Guy bets that if you take a free trial of LANSurveyor then you will find a device on your network that you had forgotten about, or someone else installed without you realizing!
Download a Free Trial of LANSurveyor
General Troubleshooting Advice for Exchange NDRs
One of the best approaches to troubleshooting is to keep asking questions until you isolate the problem. In the case of an NDR, discover if the fault lies with the Exchange 2007 server itself, the sender, or the recipient. Here are ways of collecting more clues;
- Send another email to the same recipient but using a different sender.
- If it's attachment, then try with no attachment.
- If it's just one email address that produces the Non-delivery report, what happens if you type the SMTP address manually, compared with when you click the user account in the GAL?
- Alternatively, you could send emails to different recipients from the original sender.
- Is the the Exchange NDR random, or can you reproduce it easily?
- Do you have multiple sites? If so are they all affected, or just one?
- If all else fails try sending an email to oneself!
- Bear in mind that Microsoft Outlook has a 'Test Account Settings' button to collect information from the client side.
- Check the logs (mentioned in the tools section).
My favoured non-delivery troubleshooting technique is to narrow the search area to a particular server, mailstore or Routing Group Connector? However, if that fails then I would expand the search area by sending email to different sites, or to internet users.
I was initially annoyed because one particular ISP would only troubleshoot NDRs if I used the Outlook Express client. At first I was annoyed, but then I realized that you get different responses from different email clients. Therefore my tip is, try a different version of Microsoft Outlook.
Settings to Enable or Disable NDR Exchange 2007
It is possible to disable NDR in Exchange. However, there is more then one place to visit if you want to turn off NDRs in Exchange 2007 server. Log on as administrator, and navigate to the Exchange Management Console. It makes most sense to start with the Hub Transport node, remember this role is needed if you send emails to recipients on the same server.
Disable NDR Exchange 2007 Hub Server
- Launch the Exchange Management Console
- Expand the Organization Configuration folder
- Click on Hub Transport
- Select Remote Domains (Key point)
- Right-click Default (Tab)
- Click on the Message Format (Tab)
- To turn off NDR, remove the tick on Allow non-delivery reports. (See NDR screenshot to the right)
Note: You can also control 'Allow delivery reports' on this tab. These are the normal DSN delivery status notifications.
PowerShell commands to disable NDR in Exchange 2007
If you are experimenting with allowing, or disabling NDRs, then this PowerShell cmdlet will be quicker.
Launch the Exchange Management Shell type:
set-RemoteDomain "Default" -NdrEnabled $false
Note 1: "Default" is the name of the Remote Domain setting where you want to turn off NDR.
Note 2: To Allow non-delivery reports, change
set-RemoteDomain "Default" -NdrEnabled $false
to
set-RemoteDomain "Default" -NdrEnabled $true. This
places a tick in the checkbox. If you clear this option, NDRs aren't
sent to any email address in the remote domain.
Note 3: For more information about this, or any other PowerShell cmdlet, precede the command with get-Help. For example: get-Help set-RemoteDomain.
Turn off NDR Exchange 2007 for Unified Messaging Role
This ability to control NDRs is particularly useful on servers with the Unified Messaging Role.
- Launch the Exchange Management Console
- In the left tree, expand the Organization Configuration node
- Click the Unified Messaging folder.
- On the UM Dial Plans tab, select the UM dial plan that you want to manage, and then select Properties.
- From the General tab, check or clear the box next to 'Send a non-delivery report if message delivery fails'.
There several reasons to turn off NDR in Exchange 2007; for example, virus infections, spam infiltration or spoof attacks.
Note: there is no Badmail folder option in Exchange 2007, not even a registry hack. Instead badmail remains in the pickup folder, you will spit the badmail by the .bad file extension.
Exchange Server 2007 is a complex topic, do you need practical hands on training? As an MCT trainer, I can thoroughly recommend
TrainSignal. In particular, I like the way
that TrainSignal cover all learning methods, instructor lead, video and of course text
material. You can either take one module, for example Exchange 2007 or go for a combination of modules.
Learn more about Microsoft Exchange Server 2007 here
Summary - Microsoft Exchange Server 2007 NDRs
There are many reasons for an NDR in Exchange 2007. If you examine an NDR carefully you will find 'Diagnostic Information for Administrators'. Within this message box is a status code number, for example 5.1.1. Two points arise from this preliminary troubleshooting, firstly, there is more than one error code, and secondly, a wide variety of possible causes. My aim is drill down into the enhanced status code and discover the reason why Exchange 2007 sends a particular NDR.
See more Microsoft Exchange Server 2007 topics:
• Exchange 2007 Home • SP1 • Migration • Compatibility ExBPA Free Syslog Analyser
• Install • Server Roles • CAS Role • Hub Transport SMTP Connector NDRs Exchange CCR
• Mailbox Role • Create Mailbox • Mailbox Stores • Recipients • OWA GAL Eseutil • Edge
Please write in if you see errors of any kind. Please report any factual mistakes, grammatical errors or broken links, I will be happy to not only to correct the fault, but also to give you credit.
*
|
|
Guy Recommends: GFi EventsManagerLet GFI EventsManager do the dirty work! Have event logs monitored automatically and get warned about critical events! Download a copy here |
|
Home Copyright © 1999-2010 Computer Performance LTD All rights reserved Please report a broken link, or an error.
| |
