EDGE 550 5.1.1 User unknown SMTP session
Hello everybody.
I have a simple Exchange 2007 Sp2 updated topology. 1 MBX + 1HUB+CAS + 1EDGE in the perimeter.
I'm running Recipient Filter GAL protecction on the EDGE.
The supscription with the EDGE is working well aparently, no error in the Start-EdgeSynchronization process and the Test-EdgeSynchronization.
The problems is that not primary SMTP address from mailbox are not in the GAL from the eyes of EDGE Server (of course new SMTP address is working fine from HUB and Outlook CLients) and I recieve the error from Internet SMTP sessions.
I tryed to force sync, restart services in the HUB + EDGE etc NO errors NO fixes... Some address have more than 1 week inside de GAL and also still is not running, but if I put the newly address like primary SMTP address and sync EDGE the
email reach the user inbox without problem.
I invenstigated a lot, but I think this is a BUG. Anyone has some experience regarding this extrange issue?
Thanks a lot.
Carlos Mayol MAP 2010 MCP Windows 2000/ MCSA+M / MCSE+M Windows 2003
June 9th, 2010 8:39pm
Maybe this question must be inside "Transport" section. Can Somebody move it? Thanks.Carlos Mayol MAP 2010 MCP Windows 2000/ MCSA+M / MCSE+M Windows 2003
Free Windows Admin Tool Kit Click here and download it now
June 10th, 2010 7:21pm
So, the issue is, the inbound mail flow will fail if messages are sent to the mailboxes with the secondary e-mail address, instead of the primary ones, right?
How many domains are in the forest?
James Luo
TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
If you have any feedback on our support, please contact tngfb@microsoft.com
June 11th, 2010 11:27am
Hello. Yes this is the issue.
AD Level: One Domain in the forest
Exchange Org: 7 Auth Domains.
Thanks.Carlos Mayol MAP 2010 MCP Windows 2000/ MCSA+M / MCSE+M Windows 2003
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2010 10:36am
Resources:
“How to Verify EdgeSync Results for a Recipient” section in
Edge Subscription and SynchronizationJames Luo
TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
If you have any feedback on our support, please contact tngfb@microsoft.com
June 15th, 2010 4:37am
Hello James , I read this article before, but I passed this especific section. Thanks for the link.
I cheked the users mailbox sync with "test-edgesync.... -verifyrecipient" now I have the way to query the other side. But my question is, the proxyaddress are in (hex??) and I can only verify the corresponding number of proxyaddress. Do you know how
I can translate these addresses?
The issue apparently was solved after reassign the policy for a couple of days later.Carlos Mayol MAP 2010 MCP Windows 2000/ MCSA+M / MCSE+M Windows 2003
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2010 11:14am
Hi everyone, i have the same identical problem like Carlos. Recently i've added another authoritative domain on my organizzation but when send mail at the new user (with new domain) receive "550 5.1.1 User unknown ". I have disable recipient filtering agent
on my 2 Edge's and the mail flow work.
I'm really intrested that this discussion find a solution ......
Thanks to all and sorry for my poor english.
SergioSergio
June 22nd, 2010 8:32pm
Hello Sergio, About my experience, when you add a new domain, the next sync could be in the next four hours. But in my described environment, still I dont know what happened to start to work again. Maybe some services restarts can help en HUB`+ EDGE
TRansport and ADLDS Service in EDGE.
Unfortunadly I dont know how to convert ADLDS proxy address to real ones in order to check the "auth domains" are correct in the mailboxes at EDGE side, but with the above link, you can find the "number" of proxy addresses corresponding to a mailbox and
take a count.
Recently Rollup4 has been released to Exchange 2007 sp2, any related to this issue, but never knows...
Let me know any notice regarding this topic.
Carlos Mayol MAP 2010 MCP Windows 2000/ MCSA+M / MCSE+M Windows 2003
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2010 8:16pm
I had the same problem but after a while the secondary SMTP adresses are also recognised by EDGE. It seems to be an issue that some other component like the address lists need to be updated first before the SMTP-address will sync to the EDGE server.
The ADAM at the EDGE server seems not to contain a newly added SMTP address if you do a "start-edgesynchronization" immediately after adding the address to a user. I tried triggering it by
1. add SMTP address to user
2. wait a minute
3. updating the offline address books (don't know if this has actually been the trigger but the endresult was ok)
4. start-edgesynchronization; result should show 1 updated recipient.
5. wait a minute
6. telnet <edge ip> 25 => the "rcpt to" command accepted my newly added SMTP address.
FYI: if you receive a "550 recipient unknown" then this is due to the recipient filtering in your EDGE anti-malware configuration. This is good behaviour but if you would need a mail to pass through fast then you could disable recipient filtering for a few
minutes to allow the mail to pass through edge and go immediately to your exchange HUB. Please note that you use this at your own risk as I personally don't like to tamper with any security measures in place. Recipient filtering is essential in preventing
backscattering so use wisely ;)
Hope this helps and if anyone can explain the behaviour or any other method to update the edge faster then I'm certainly interested ;)
Regards,
Geert
July 16th, 2010 2:24pm
Geert - Your process worked entirely for me.
NOTE: Step #3 was critical for me... I tested the edge sync both before and after the OAB update and only saw success AFTER the OAB update.
THANKS!
Free Windows Admin Tool Kit Click here and download it now
March 25th, 2011 10:47pm