Which w3wp.exe PID corresponds to which application pool
Thursday, January 29, 2015
Wednesday, January 21, 2015
datacenter-activation-coordination-mode
datacenter-activation-coordination-mode
http://exchangeserverpro.com/datacenter-activation-coordination-mode/
Unable to Expand Distribution Groups
Unable to Expand Distribution Groups
I've had this issue a couple time but for different reasons. The most simple thing to try if there are no errors on the server is to go to the local box running communicator and go to c:\docs and settings\username\local settings\application data\microsoft\communicator\ and delete the galcontacts.db then go into the sip_user@domain.com and delete everything in there. Make sure communicator is closed. After that try logging in again and see if that fixes it.If not go to the server and open the OCS console. Expand standard Edition Servers and right click the server. Go to properties then web component properties. Click on group expansion and see if the check box is enabled. If it is, highlight and copy the internal URL and paste it into a web browser. Click on expanddistribution lists. Type the email address of a mail enabled distro and click invoke. If group expansion is truly working, then it should return some output on your screen with members and email addresses.
If you are still having issues, check simple things like service accounts for the Application pool LSGroupExpAppPool in IIS. The default install of OCS creates an account called RTCComponentService. Make sure that account is in the identity tab of the pool and with the correct password. Anyway, hope this helps.
Generating Delivery Reports and Tracking Messages from PowerShell
Generating Delivery Reports and Tracking Messages from PowerShell
Reference :
How to export single message or queue
How to export single message or queue
Export-Message ExchSrv1\contoso.com\1234 | AssembleMessage -Path "c:\exportfolder\filename.eml"
This example exports a single message to the specified file path. Because the Export-Message cmdlet returns a binary object, you must use the AssembleMessage filter to be able to save the message content into a specified location.
Get-Message -Queue "Server1\contoso.com" -ResultSize Unlimited | ForEach-Object {Suspend-Message $_.Identity -Confirm:$False; $Temp="C:\ExportFolder\"+$_.InternetMessageID+".eml"; $Temp=$Temp.Replace("<","_"); $Temp=$Temp.Replace(">","_"); Export-Message $_.Identity | AssembleMessage -Path $Temp}
This example retrieves all messages from the specified queue. The query results are then piped to the Export-Message command, and all the messages are copied to individual .eml files. The Internet Message IDs of each message are used as the file names. To accomplish this, the command does the following:
- Retrieves all messages in a specific queue using the Get-Message cmdlet.
- The result is pipelined into the ForEach-Object cmdlet, which prepares a file name including full path using the temporary variable
$Tempthat consists of the Internet Message ID with .eml extension. The Internet Message ID field contains angled brackets (">" and "<") which need to be removed as they are invalid file names. This is done using the Replace method of the temporary variable. - The ForEach-Object cmdlet also exports the message using the file name prepared.
Tuesday, January 20, 2015
How to remove message header while sending mail from your organization
How to remove message header while sending mail from your organization
https://www.linkedin.com/pulse/20140322074337-86053522-do-your-emails-reveal-where-you-are
How to Send Email Using Telnet
How to Send Email Using Telnet
Start-> Run
type "cmd," and click OK.
Type "telnet mail.server.com 25" where "mail.server.com" is the name of the smtp server of your email provider (such as smtp-server.austin.rr.com) and 25 is the port number used by the SMTP service.
HELO local.domain.com
Enter your email address. Enter a space after the colon (:), and enter your email address as follows:
- MAIL FROM: yourname@domin.com
Enter the email address of the recipient. Type in the below command:
- RCPT TO: friend@otherdomain.com
- Note that you can enter more addresses if you intend to email more than one person.
Compose your message. To start writing, type DATA and press Enter.
- On the next line, type "SUBJECT: [your subject here]" and press Enter twice.
- Continue typing your message.
- To end your message, put a single period (.) on a line by itself, and press Enter.
- You should see something saying "Message accepted for delivery."
Exit telnet. Type QUIT to exit.
Troubleshooting internal/external mail flow issues
Troubleshooting internal/external mail flow issues
http://msexchangeguru.com/2013/07/29/troubleshooting-mail-flow-issues/
how to disable NDR
How to disable NDR
Set-RemoteDomain "Default" -NdrEnabled $false
Note 1: "Default" is the name of the Remote Domain setting where you want to turn off NDR.
Note 2: To Allow non-delivery reports, change
Set-RemoteDomain "Default" -NdrEnabled $false
to
Set-RemoteDomain "Default" -NdrEnabled $true. This places a tick in the checkbox. If you clear this option, NDRs aren't sent to any email address in the remote domain.
NDR status codes and corresponding error conditions
NDR status codes and corresponding error conditions
NDR status codes and corresponding error conditions
| NDR status code | Event log message ID | Event log message severity | Event log message text | Possible cause | Troubleshooting | ||
|---|---|---|---|---|---|---|---|
4.3.1
|
3001
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
An out-of-memory error occurred. A resource problem, such as a full disk, can cause this problem.
Another possible cause of this error is that your Transport queue is on a FAT partition and the service has reached a Windows-imposed limit on the number of concurrent file handles opened by IIS.
Instead of getting a disk full error, you might be getting an out-of- memory error.
|
Ensure that your Exchange server has enough disk storage. If possible, move your mail queues to an NTFS disk partition.
| ||
4.3.2
|
3002
|
Informational
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
Available in Exchange 2000 Service Pack (SP) 1 and later. This NDR is generated when a queue has been frozen.
|
Unfreeze the queue.
| ||
4.4.1
|
3003
|
Warning
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
The destination server is not responding. Transient network conditions can cause this error. The Exchange server automatically tries to connect to the server again and deliver the mail. If delivery fails after multiple attempts, an NDR with a permanent failure code is generated.
|
Monitor the situation. This may be a transient problem that may correct itself.
| ||
4.4.2
|
3304
|
Warning
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
A connection dropped between the servers. Transient network conditions or a server that is experiencing problems can cause this error. The sending server will retry delivery of the message for a specific time period, and then generate further status reports.
|
Monitor the situation as the server retries delivery. This may be a transient problem that may correct itself.
| ||
4.4.6
|
3005
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
The maximum hop count was exceeded for the message.
This non-delivery report can also be caused if a looping condition exists between sending and receiving servers that are not in the same Exchange organization. In this situation, the message bounces back and forth until the maximum hop count is exceeded.
A configuration error in the e-mail system can also cause the message to bounce between two servers or to be forwarded between two recipients.
|
The maximum hop count is a property set on each virtual server and you can manually override it.
The default maximum hop count is 15.
You should also check for situations that might cause looping between servers.
| ||
4.4.7
|
3006
|
Warning
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
The message in the queue has expired. The sending server tried to relay or deliver the message, but the action was not completed before the message expiration time occurred. This message can also indicate that a message header limit has been reached on a remote server, or some other protocol time-out occurred while communicating with the remote server.
|
This message usually indicates an issue on the receiving server. Check the validity of the recipient address and determine if the receiving server is configured correctly to receive messages.
You may have to reduce the number of recipients in the message header for the host about which you are receiving this error. If you resend the message, it is placed in the queue again. If the receiving server is available, the message is delivered.
| ||
4.4.9
|
3007
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
This indicates a temporary routing error or bad routing configuration. Possible causes are:
|
Routing detects these situations, and Exchange returns DSNs.
| ||
5.0.0
|
3008
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
Note Prior to Exchange 2000 SP1, the following codes appeared under the 5.0.0. code:
The categorizer failed; this is a permanent failure. Possible causes include:
|
On one or more SMTP connectors, add an asterisk (*) value as the SMTP address space; verify that DNS is working; ensure that routing groups have connectors connecting them.
| ||
5.1.0
|
3009
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
This NDR is caused by a general categorizer-based failure (bad address failure). An e-mail address or another attribute could not be found in Active Directory. Contact entries without thetargetAddress attribute set can cause this problem. Another possible cause could be that the categorizer is unable to determine the homeMDB attribute of a user. ThehomeMDB attribute corresponds to the Exchange server on which the user's mailbox resides.
Another common cause of this NDR is if you used Outlook to save your e-mail message as a file, and then someone opened the message offline and replied to the message. The message property only preserves the legacyExchangeDN attribute when Outlook delivers the message, and therefore the lookup could fail.
|
Either the recipient address is incorrectly formatted, or the categorizer was not able to resolve the recipient properly. The first step in resolving this error is to check the recipient address and resend the message.
| ||
5.1.1
|
3028
|
Informational
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
The e-mail account does not exist in the organization where the message was sent. This can occur when users move to new locations within a site. For instance, if a former Administrative_Group_1 user moves to Administrative_Group_2 and then replies to an old message or does not re-create an Outlook profile, an old Administrative Group style LegacyDN address will be used, and this NDR is issued. Likewise, sending mail to obsolete personal address book entries results in this error.
Also, if you configured your SMTP contact with invalid SMTP characters (as per RFC 821), the categorizer rejects the delivery with this diagnostic code.
|
Either the recipient address is formatted incorrectly, or the categorizer was not able to resolve the recipient properly. The first step in resolving this error is to check the recipient address, and resend the message.
| ||
5.1.2
|
3031
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
The recipient has a non-SMTP address that can't be matched to a destination. The address does not appear to be local, and there are no connectors configured with address spaces that contain the recipient's address.
|
Verify that the recipient's address was entered correctly. If the recipient's address is in a non-SMTP e-mail system that you specifically want to provide mail delivery to, you will need to add the appropriate type of connector to your topology and configure it to provide service to the recipient's e-mail system.
| ||
5.1.3
|
3010
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
This message indicates a problem with the address syntax; this means that the recipient address appears incorrectly on the message. Possible causes are
1) You configured a contact with atargetAddress attribute with no address type.
2) Exchange 5.5 allows an SMTP recipient policy which violates RFC821 (SMTP standards) For example, an Exchange 5.5 site and organization contain an invalid RFC821 domain name.
Having a mixed mode environment (Exchange 5.5 and Exchange 2000 servers) can cause invalid target addresses.
|
Either the recipient address is formatted incorrectly, or the categorizer was not able to resolve the recipient properly. The first step in resolving this error is to check the recipient address and resend the message.
Also, examine the SMTP recipient policy and ensure that each mail domain for which you want to accept mail appears correctly.
| ||
5.1.4
|
3029
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
Two objects have the same (proxy) address, and mail is sent to that address. This issue can also occur if the recipient does not exist on the remote server.
|
Check the recipient address to ensure that two objects do not share the address. Attempt to resend the message.
| ||
5.1.6
|
3011
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
One possible cause of this NDR is that the user directory attributes such ashomeMDB (the user's home mailbox store) or msExchHomeServerName (the server on which the user's mailbox resides) are missing or corrupted.
|
Check the user directory attribute's integrity, and rerun the Recipient Update Service to ensure the validity of the attributes that are required for transport have been updated in Active Directory (and the metabase).
| ||
5.1.7
|
3012
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
The sender has a malformed or missing SMTP address, the mail attribute in the directory service. The categorizer cannot deliver the mail item without a valid mailattribute.
|
Check the sender directory structure, and determine if themail attribute exists.
| ||
5.2.1
|
3013
|
Warning
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
Local mail is refused because the message is too large or the recipient’s mailbox is not mail-enabled. A missing Master Account Security ID (SID) number on the recipient can also cause this error.
|
Check access permissions as well as the message size. Check if the recipient has a SID in Active Directory. Check to ensure that the recipient mailbox is mail-enabled.
| ||
5.2.2
|
3000
|
Informational
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
This NDR is generated when the recipient's mailbox exceeds its storage limit.
In Windows 2000 or Windows 2003, the DSN is generated when the storage size of drop directory exceeds the SMTP virtual server disk quota.
The quota size is 11 times the maximum messages size or 22 MB if there is no max message size.
If the available storage size of the drop directory is within one maximum size message of the quota, or 2MB if no maximum message size is defined, the system assumes that this message causes the storage size to exceed the quota, so this DSN is generated.
|
Check the mailbox storage or the queue storage quota limit.
| ||
5.2.3
|
3014
|
Warning
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
The message is too large, and the local quota is exceeded. For example, a remote Exchange user might have a restriction on the maximum size of an incoming message.
|
Resend the message without attachments, or set the server or the client-side limit to allow a larger message size limit.
| ||
5.2.4
|
3032
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
The recipient is a misconfigured dynamic distribution list. Either the filter string or the base DN of the dynamic distribution list is invalid.
|
Set the categorizer event logging level to at least the minimum level, and send another message to the dynamic distribution list. Check the application event log for a 6025 event or a 6026 event detailing which attribute is misconfigured on the dynamic distribution list object.
| ||
5.3.0
|
3015
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
Exchange mistakenly attempted mail delivery to an incorrect MTA route.
Exchange 2003 can operate without the message transfer agent (MTA). If mail was mistakenly sent to the MTA, Exchange returns this DSN to the sender. This condition is enforced only if you have disabled the MTA service and used specific registry settings to disable the MTA/StoreDriver. A default configuration strands the misrouted mail on the MTA queues.
|
Check your routing topology. Use the WinRoute tool to ensure that the routes are properly replicated between servers and routing groups.
| ||
5.3.3
|
3016
|
Warning
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
When the Exchange remote server reaches capacity of its disk storage to hold mail, it could respond with this NDR. This error usually occurs when the sending server is sending mail with an ESMTP BDAT command. This error also indicates a possible SMTP protocol error.
|
Ensure that the remote server has enough storage capacity to hold mail. Check the SMTP log.
| ||
5.3.5
|
3017
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
A mail-looping situation was detected. This means that the server is configured to loop mail back to itself. If you have multiple SMTP virtual servers configured on your Exchange server, ensure that they are serving unique incoming ports. Also, to avoid looping between local SMTP virtual servers, ensure that the outgoing SMTP port configuration is valid.
|
Check the configuration of the virtual server's connectors for loops and ensure that each virtual server is defined by a unique incoming port. If there are multiple virtual servers, ensure that none are set to "All Unassigned."
| ||
5.4.0
|
3018
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
Possible causes include:
|
Use the DNS Resolver tool (Dnsdiag.exe) or Nslookup to check the DNS configuration. Verify that the IP address is in IPv4 literal format. Verify the valid DNS entry for the server/computer name in question. If you rely on an FQDN in a HOSTS file, update the entry in Exchange System Manager with a valid IP address or correct name.
| ||
5.4.4
|
3019
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
Available in Exchange 2000 SP1 and later versions.
This NDR occurs if no route exists for message delivery, or if the categorizer could not determine the next-hop destination.
You set up a routing group topology, but no routing group connector exists between the routing groups.
|
Add or configure your routing group connector between routing groups.
| ||
5.4.6
|
3020
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
A categorizer forward loop was detected. The targetAddress attribute is set on a mailbox-enabled user.
This common hosting configuration problem occurs when someone creates a contact in one organizational unit, and then uses the provisioning tool to create a user in another organizational unit with the same e-mail address.
|
This happens when contact A has an alternate recipient that points to contact B, which then has an alternate recipient that points back to contact A. Check the contact's alternate recipient. Check and remove the targetAddress attribute from mailbox-enabled users. For hosting, that is, sending mail from one user in one company in an organizational unit to a user in another company in a separate organizational unit, you should configure the following two related objects: User: SMTP proxy: user@contoso.com Contact: targetAddress: user@contoso.com; SMTP proxy: contact@fourthcoffee.com, where fourthcoffee.com is the name of the second company.
| ||
5.4.8
|
3021
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
Available in Exchange 2000 SP1 and later versions.
This message warns of a looping condition, which may occur because one of the recipient policies includes a local domain that matches the FQDN of an Exchange server in the organization. When the categorizer is processing mail that is destined for a domain matching an Exchange server's FQDN, it returns this NDR.
|
Check your recipient policies. If a recipient policy contains an Exchange server's FQDN, you must remove that entry. Your recipient policy should not contain the FQDN of your server; instead, it should contain the mail domain only—for example, instead of server1.contoso.com, you enter contoso.com.
| ||
5.5.0
|
3022
|
Warning
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
A generic protocol error or an SMTP error causes this NDR. The remote SMTP server responds to a sending server's identifying EHLO with a 500-level error. The sending system will then terminate the connection and deliver an NDR indicating that the remote SMTP server cannot handle the protocol. For example, if a Microsoft Hotmail® e-mail account is no longer active, a 550 SMTP error will occur.
|
View the SMTP Log or a Netmon trace to see why the remote SMTP server rejects the protocol request.
| ||
5.5.2
|
3023
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
A generic SMTP error occurs when SMTP commands are sent out of sequence. For example, a server attempts to send an AUTH (authorization) command before identifying itself with an EHLO command.
It is possible that this error can also occur when the system disk is full.
|
View the SMTP Log or a Netmon trace, and ensure there is enough disk storage and virtual memory for SMTP to operate.
| ||
5.5.3
|
3024
|
Informational
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
Too many recipients on a message can cause this NDR.
|
The recipient limit is a configurable setting. To resolve this issue, either increase the recipient limit or revise the message into multiple messages to fit the server limit.
| ||
5.5.4
|
3025
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
The message contains either an invalid sender or an incorrect recipient address format.
One possible cause is that the recipient address format might contain characters that are not conforming to Internet standards.
|
Check the recipient address for nonstandard characters.
| ||
5.5.6
|
3026
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
This message indicates a possible protocol error.
|
Check the X-LINK2STATE protocol and Event Log for possible failures.
| ||
5.7.1
|
3027
|
Informational
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
Possible causes include:
|
Check system privileges and attributes for the contact, and try sending the message again. Also, to resolve other potential issues, ensure that you are running Exchange 2000 SP1 or later.
| ||
5.7.3
|
3033
|
Error
|
A non-delivery report with a status code of %1 was generated for recipient %2 (Message-ID %3).
|
The sender prohibited reassignment to the alternate recipient.
|
Note:Message Tracking
How to group message tracking logs by Sender
Get-MessageTrackingLog -start “10/22/2011 00:00:00” -end “11/21/2011 11:59:00” | group-object -Property Sender
Get-MessageTrackingLog -Server EXCHANGE01 -EventID SEND -Sender john@example.com -Recipients bill@example.net -Start 12/3/2009 -End 13/3/2009 | SelectTimestamp, ClientIp, ClientHostname, ServerIp, ServerHostname, SourceContext,ConnectorId, Source, EventId, InternalMessageId, MessageId, {$_.Recipients}, {$_.RecipientStatus}, TotalBytes, RecipientCount, RelatedRecipientAddress, {$_.Reference}, MessageSubject, Sender, ReturnPath, MessageInfo | Export-CSVC:\Temp\SearchResults.csv
Reporting on e-mail messages sent and received yesterday
Using PowerShell scripts it’s possible to use the message tracking logs to create reports. This example will get the messages sent and received on the previous day for a group of mailboxes in a specific database.
# Get the start date for the tracking log search
$Start = (Get-Date -Hour 00 -Minute 00 -Second 00).AddDays(-1)
# Get the end date for the tracking log search
$End = (Get-Date -Hour 23 -Minute 59 -Second 59).AddDays(-1)
# Declare an array to store the results
$Results = @()
# Get the SEND events from the message tracking logs
$Sent = Get-MessageTrackingLog -Server EXCHANGE01 -EventID SEND -Start $Start -End $End-resultsize unlimited
# Get the RECEIVE events the message tracking logs
$Received = Get-MessageTrackingLog -Server EXCHANGE01 -EventID RECEIVE -Start $Start -End $End -resultsize unlimited
# Get the mailboxes we want to report on
$Mailboxes = Get-Mailbox -Database "EXCHANGE01\SG1\DB1"
# Set up the counters for the progress bar
$Total = $Mailboxes.Count
$Count = 1
# Sort the mailboxes and pipe them to a For-Each loop
$Mailboxes | Sort-Object -Property DisplayName | ForEach-Object {
# Update the progress bar
$PercentComplete = $Count / $Total * 100
Write-Progress -Activity "Message Tracking Log Search" -Status "Processing mailboxes" -percentComplete $PercentComplete
# Declare a custom object to store the data
$Stats = "" | Select-Object Name,Sent,Received
# Get the email address for the mailbox
$Email = $_.WindowsEmailAddress.ToString()
# Set the Name property of our object to the mailbox's display name
$Stats.Name = $_.DisplayName
# Set the Sent property to the number of messages sent
$Stats.Sent = ($Sent | Where-Object { ($_.EventId -eq "SEND") -and ($_.Sender -eq$email) }).Count
# Set the Received property to the number of messages received
$Stats.Received = ($Received | Where-Object { ($_.EventId -eq "RECEIVE") -and($_.Recipients -match $email) }).Count
# Add the statistics for this mailbox to our results array
$Results += $Stats
# Increment the progress bar counter
$Count += 1
}
# Output the results
$ResultsMessage tracking events
| Event name | Description |
|---|---|
AGENTINFO
|
This event is used by transport agents to log custom data.
|
BADMAIL
|
A message submitted by the Pickup directory or the Replay directory that can't be delivered or returned.
|
DEFER
|
Message delivery was delayed.
|
DELIVER
|
A message was delivered to a local mailbox.
|
DSN
|
A delivery status notification (DSN) was generated.
|
DUPLICATEDELIVER
|
A duplicate message was delivered to the recipient. Duplication may occur if a recipient is a member of multiple nested distribution groups. Duplicate messages are detected and removed by the information store.
|
DUPLICATEEXPAND
|
During the expansion of the distribution group, a duplicate recipient was detected.
|
DUPLICATEREDIRECT
|
An alternate recipient for the message was already a recipient.
|
EXPAND
|
A distribution group was expanded.
|
FAIL
|
Message delivery failed. Sources include SMTP, DNS, QUEUE, and ROUTING.
|
HADISCARD
|
A shadow message was discarded after the primary copy was delivered to the next hop. For more information, see Shadow redundancy.
|
HARECEIVE
|
A shadow message was received by the server in the local database availability group (DAG) or Active Directory site.
|
HAREDIRECT
|
A shadow message was created.
|
HAREDIRECTFAIL
|
A shadow message failed to be created. The details are stored in the source-context field.
|
INITMESSAGECREATED
|
A message was sent to a moderated recipient, so the message was sent to the arbitration mailbox for approval. For more information, see Managing message approval.
|
LOAD
|
A message was successfully loaded at boot.
|
MODERATOREXPIRE
|
A moderator for a moderated recipient never approved or rejected the message, so the message expired. For more information about moderated recipients, see Managing message approval.
|
MODERATORAPPROVE
|
A moderator for a moderated recipient approved the message, so the message was delivered to the moderated recipient.
|
MODERATORREJECT
|
A moderator for a moderated recipient rejected the message, so the message wasn't delivered to the moderated recipient.
|
MODERATORSALLNDR
|
All approval requests sent to all moderators of a moderated recipient were undeliverable, and resulted in non-delivery reports (NDRs).
|
NOTIFYMAPI
|
A message was detected in the Outbox of a mailbox on the local server.
|
NOTIFYSHADOW
|
A message was detected in the Outbox of a mailbox on the local server, and a shadow copy of the message needs to be created.
|
POISONMESSAGE
|
A message was put in the poison message queue or removed from the poison message queue.
|
PROCESS
|
The message was successfully processed.
|
RECEIVE
|
A message was received by the SMTP receive component of the transport service or from the Pickup or Replay directories (source:
SMTP), or a message was submitted from a mailbox to the Mailbox Transport Submission service (source: STOREDRIVER). |
REDIRECT
|
A message was redirected to an alternative recipient after an Active Directory lookup.
|
RESOLVE
|
A message's recipients were resolved to a different email address after an Active Directory lookup.
|
RESUBMIT
|
A message was automatically resubmitted from Safety Net. For more information, see Safety Net.
|
RESUBMITDEFER
|
A message resubmitted from Safety Net was deferred.
|
RESUBMITFAIL
|
A message resubmitted from Safety Net failed.
|
SEND
|
A message was sent by SMTP between transport services.
|
SUBMIT
|
The Mailbox Transport Submission service successfully transmitted the message to the Transport service. For SUBMIT events, thesource-context property contains the following details:
|
SUBMITDEFER
|
The message transmission from the Mailbox Transport Submission service to the Transport service was deferred.
|
SUBMITFAIL
|
The message transmission from the Mailbox Transport Submission service to the Transport service failed.
|
SUPPRESSED
|
The message transmission was suppressed.
|
THROTTLE
|
The message was throttled.
|
TRANSFER
|
Recipients were moved to a forked message because of content conversion, message recipient limits, or agents. Sources includeROUTING or QUEUE.
|
Fields in Message Tracking
| Field name | Description |
|---|---|
date-time
|
The UTC date-time of the message tracking event. The UTC date-time is represented in the ISO 8601 date-time format: yyyy-mm-ddThh:mm:ss.fffZ, where yyyy = year, mm = month, dd = day, T indicates the beginning of the time component, hh = hour, mm = minute, ss= second, fff = fractions of a second, and Z signifies Zulu, which is another way to denote UTC.
|
client-ip
|
The IPv4 or IPv6 address of the messaging server or messaging client that submitted the message.
|
client-hostname
|
The host name or FQDN of the messaging server or messaging client that submitted the message.
|
server-ip
|
The IPv4 or IPv6 address of the source or destination Exchange server.
|
server-hostname
|
The host name or FQDN of the destination server.
|
source-context
|
Extra information associated with the source field. For example, transport agent information.
|
connector-id
|
The name of the source or destination Send connector or Receive connector. For example, ServerName\ConnectorName or ConnectorName.
|
source
|
The Exchange transport component responsible for the message tracking event. The values found in this field are described in the Source values in the message tracking log section later in this topic.
|
event-id
|
The message event type. The event types are described in the Event types in the message tracking log section later in this topic.
|
internal-message-id
|
A message identifier assigned by the Exchange server currently processing the message.
A specific message's value of internal-message-id is different in the message tracking log of every Exchange server that's involved in the transmission of the message. An example value is
73014444033. |
message-id
|
The value of the Message-Id: header field found in the message header. If the Message-Id: header field does not exist or is blank, an arbitrary value is assigned. This value is constant for the lifetime of the message. For messages created in Exchange, the value is in the format
<GUID@ServerFQDN>, including the angle brackets (< >). For example,<4867a3d78a50438bad95c0f6d072fca5@mailbox01.contoso.com>. Other messaging systems may use different syntax or values. |
network-message-id
|
A unique message ID value that persists across copies of the message that may be created due to bifurcation or distribution group expansion. An example value is
1341ac7b13fb42ab4d4408cf7f55890f. |
recipient-address
|
The email addresses of the message's recipients. Multiple email addresses are separated by the semicolon character (;).
|
recipient-status
|
This field contains the recipient status for each recipient separated by the semicolon character (;). The status values are presented for the recipients in the same order as the values in the recipient-address field. Example status values include
250 2.1.5 Recipient OK or550 4.4.7 QUEUE.Expired;<ErrorText>. |
total-bytes
|
The size of the message that includes attachments, in bytes.
|
recipient-count
|
The number of recipients in the message.
|
related-recipient-address
|
This field is used with EXPAND, REDIRECT, and RESOLVE events to display other recipient email addresses associated with the message.
|
reference
|
This field contains additional information for specific types of events. For example:
DSN Contains the report link, which is the Message-Id value of the associated delivery status notification (DSN) if a DSN is generated subsequent to this event. If this is a DSN message, the Reference field contains the Message-Id value of the original message for which this DNS was generated.
EXPAND The Reference field contains the related-recipient-address value of the related messages.
RECEIVE The Reference field may contain the Message-Id value of the related message if the message was generated by other processes, for example, journaling or Inbox rules.
SEND The Reference field contains the Internal-Message-Id value of any DSN messages.
THROTTLE The Reference field contains the reason why the message was throttled.
TRANSFER The Reference field contains the Internal-Message-Id of the message that is being forked.
For messages generated by inbox rules, the Reference field contains the Internal-Message-Id value of the inbound message that caused the inbox rule to generate the outbound message.
For other types of events, the Reference field may contain the Internal-Message-Id value for forked messages.
For other types of events, the Reference field is usually blank.
|
message-subject
|
The message's subject found in the
Subject: header field. The tracking of message subjects is controlled by theMessageTrackingLogSubjectLoggingEnabled parameter in the Set-TransportService or Set-MailboxServer cmdlets. By default, message subject tracking is enabled. |
sender-address
|
The email address specified in the
Sender: header field, or the From: header field if Sender: is not present. |
return-path
|
The return email address specified by
MAIL FROM: in the message envelope. Although this field is never empty, it can have the null sender address value represented as <>. |
message-info
|
Additional information about the message. For example:
|
directionality
|
The direction of the message. Example values include
Incoming, Undefined, and Originating. |
tenant-id
|
This field isn't used in on-premises Exchange 2013 organizations.
|
original-client-ip
|
The IPv4 or IPv6 address of the original client.
|
original-server-ip
|
The IPv4 or IPv6 address of the original server.
|
custom-data
|
This field contains data related to a specific event types. For example, the Transport Rule agent uses this field to record the GUID of the transport rule or DLP policy that acted on the message. For more information about these Transport Rule agent values, see the "Data logging" section in the DLP policy detection reports topic,
|
Subscribe to:
Posts (Atom)