Hi, I've some problems with the exchange server 2007. We are losing some mails and it looks like they getting lost between the Edge and the Hub role. All roles are installed on one physical device (no vms). I searched the one of the lost mails with the trouble shooting tool and found it after that i check the details with get-messagetrackinglog -internalmessageid "XXXX". The result was that this "lost message" has just one entry with the eventID RECEIVE. Then I checked an email for the same sender which arrived the mailbox. This mail has two entries, one with eventID RECEIVE and another with the eventID DELIVER. My question is how can I find and resend this lost emails. They can not be in the queue anymore bnecause they are deleted after the categorizer categorizes them. Is there a shell command to resend them? Where can I find the e-mails, are tehy still cached on the system? Thanks for your Help BR MessageTrackingLog one Good and one BAd (from same Sender outside our oraginization) BAD: Timestamp : 2011-07-19 10:21:30 ClientIp : XXX.XXX.XXX.XXX ClientHostname : ServerIp : YYY.YYY.YYY.YYY ServerHostname : MX01 SourceContext : 08CE0319BEFF6A57;2011-07-19T08:21:26.747Z;0 ConnectorId : MX01\Default MX01 Source : SMTP EventId : RECEIVE InternalMessageId : 30960401 MessageId : <4E253E62.5040401@sender.com> Recipients : {john.dough@intern.com} RecipientStatus : {} TotalBytes : 3639154 RecipientCount : 1 RelatedRecipientAddress : Reference : MessageSubject : Lost Mail Sender : office@sender.com ReturnPath : office@sender.com MessageInfo : 00A: good: Timestamp : 2011-07-20 12:18:06 ClientIp : XXX.XXX.XXX.XXX ClientHostname : ServerIp : YYY.YYY.YYY.YYY ServerHostname : MX01 SourceContext : 08CE0319BEFFA713;2011-07-20T10:18:00.120Z;0 ConnectorId : MX01\Default MX01 Source : SMTP EventId : RECEIVE InternalMessageId : 32070502 MessageId : <4E26AB56.3040007@sender.com> Recipients : {john.dough@intern.com} RecipientStatus : {} TotalBytes : 7731 RecipientCount : 1 RelatedRecipientAddress : Reference : MessageSubject : Mail Sender : office@sender.com ReturnPath : office@sender.com MessageInfo : 00A: Timestamp : 2011-07-20 12:18:06 ClientIp : ClientHostname : MX01 ServerIp : ServerHostname : MX01 SourceContext : ConnectorId : Source : STOREDRIVER EventId : DELIVER InternalMessageId : 32070502 MessageId : <4E26AB56.3040007@sender.com> Recipients : {john.dough@intern.com} RecipientStatus : {} TotalBytes : 7926 RecipientCount : 1 RelatedRecipientAddress : Reference : MessageSubject : Mail Sender : office@sender.com ReturnPath : office@sender.com MessageInfo : 2011-07-20 12:18:00

Do you see those emails in the queue?Gulab | MCITP: Exchange 2010-2007 | Skype: Gulab.Mallah | Blog: www.ExchangeRanger.Blogspot.com

eventID Receive indicate that your server has received the mail, we need to check what happends after that, i suspect some filtering software installed on server. Have you enabled, content filtering/spam/malware/antivirus filtering on EDG or HUB server. if yes, check the that logs. Check if the sender receive any NDR/Delayed response. eventID DELIVER - willl generate when to delver to mbx server.>>:::.... if you find it useful, mark this as answer ...:::<< Thanks & Regards, Sandheep [...:::""I can't do it" never yet accomplished anything; "I will try" has performed wonders ":::...]

The mail is not in the queue, I think that it already was there Timestamp : 2011-07-19 10:21:30 ClientIp : XXX.XXX.XXX.XXX ClientHostname : ServerIp : YYY.YYY.YYY.YYY ServerHostname : MX01 SourceContext : 08CE0319BEFF6A57;2011-07-19T08:21:26.747Z;0 ConnectorId : MX01\Default MX01 Source : SMTP EventId : RECEIVE (received by edge and filled into the queue) and the failure is somewhere between edge and hub. The mail comes in ->edge puts it into the queue->categorizier checks it (smtp adr..) ->transferstarts + queue entry is removed I think thats how it should work (in a very simple way), please correct me if i'm wrong. To the other comment its not in quarantine, I checked it. I'm still searching for where it can be and a way to resend it. BR THANKS FOR TEH QUICK REPLY..next time we eat bacon

On Thu, 21 Jul 2011 09:08:49 +0000, exit1337 wrote: > > >Hi, > > > >I've some problems with the exchange server 2007. We are losing some mails and it looks like they getting lost between the Edge and the Hub role. All roles are installed on one physical device (no vms). I searched the one of the lost mails with the trouble shooting tool and found it after that i check the details with get-messagetrackinglog -internalmessageid "XXXX". > >The result was that this "lost message" has just one entry with the eventID RECEIVE. Check the agent logs and see if one of them did something with the message. >Then I checked an email for the same sender which arrived the mailbox. This mail has two entries, one with eventID RECEIVE and another with the eventID DELIVER. If there's a DELIVER event then the messages were, well, delivered to the mailbox. >My question is how can I find and resend this lost emails. They can not be in the queue anymore bnecause they are deleted after the categorizer categorizes them. That depends on what happened to the message. If, say, your AV deleted it, well, then, it's gone. If it was quarantined, release it (it may not be delivered if you rescan the message). --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi, as you can see in my earlier post I checked two messages of the same sender, one good and one bad message. Both were received from the system and one was acctually delivered. I just called the one mail "Badmail" because it didn't went trough to the mailbox but it was recived and it still think it got lost on the way from teh queue to the mbx. Trackinglog Bad mail (check out the full log in my first post) >Timestamp : 2011-07-19 10:21:30 >ClientIp : XXX.XXX.XXX.XXX >ClientHostname : >ServerIp : YYY.YYY.YYY.YYY >ServerHostname : MX01 >SourceContext : 08CE0319BEFF6A57;2011-07-19T08:21:26.747Z;0 >ConnectorId : MX01\Default MX01 >Source : SMTP >EventId : RECEIVE (received by edge and filled into the queue) >and the failure is somewhere between edge and hub. >The mail comes in ->edge puts it into the queue->categorizier checks it (smtp adr..) ->transferstarts + queue entry is removed Here is the Agentlog and as I've written the logs look fine. Timestamp : 2011-07-19 10:21:29 SessionId : 08CE0319BEFF6A57 IPAddress : XXX.XXX.XXX.XXX MessageId : <4E253E62.5040401@sender.com> P1FromAddress : office@sender.com P2FromAddresses : {office@sender.com} Recipients : {john.dough@intern.com} Agent : Content Filter Agent Event : OnEndOfData Action : AcceptMessage SmtpResponse : Reason : SCL ReasonData : 0 Diagnostics : Any solutions? BR ..next time we eat bacon

Hi, Please check if the badmails are existing in the pickup folder under c\program files\exchange server\trasportroles\. The messages that are determined to be badmail are left in the pickup folder and are renamed from “.eml” to “.bad”, and if “.bad” message already there, it’ll rename to MessageName.Date.bad.

Hi, thanks for this hint but the folder C:\Program Files\Microsoft\Exchange Server\TransportRoles\Pickup is empty. BR..next time we eat bacon

On Fri, 22 Jul 2011 07:43:47 +0000, exit1337 wrote: > > >Hi, > > > >as you can see in my earlier post I checked two messages of the same sender, one good and one bad message. > >Both were received from the system and one was acctually delivered. > >I just called the one mail "Badmail" because it didn't went trough to the mailbox but it was recived and it still think it got lost on the way from teh queue to the mbx. > >Trackinglog Bad mail (check out the full log in my first post) > >>Timestamp : 2011-07-19 10:21:30 >ClientIp : XXX.XXX.XXX.XXX >ClientHostname : >ServerIp : YYY.YYY.YYY.YYY >ServerHostname : MX01 >SourceContext : 08CE0319BEFF6A57;2011-07-19T08:21:26.747Z;0 >ConnectorId : MX01\Default MX01 >Source : SMTP >EventId : RECEIVE (received by edge and filled into the queue) > >>and the failure is somewhere between edge and hub. > >>The mail comes in ->edge puts it into the queue->categorizier checks it (smtp adr..) ->transferstarts + queue entry is removed Does that message ever show up in the SMTP send protocol log on the edge, or the SMTP receive protocol log on the Hub Transport? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi, thanks for this hint but the folder C:\Program Files\Microsoft\Exchange Server\TransportRoles\Pickup is empty. It's weird I can not explain what happend to this e mail. Have you seen the South Park Episode when they're opening a bank account to save some money? They were asking the clerk if its possible to get back the money they gave him, and his answer was "Poof it's gone". (http://www.youtube.com/watch?v=RAKsMnAM8vk) Its really unsatisfying to deal with such problems. BR ..next time we eat bacon

Hi, thanks but this log can not help because its disabled by default. :( Is there still a way to check out what happend? What could be the problem for the lost e-mail(s)? Or is this a known issue of exchange 07? Fact is that this server is active since 3 years and it was the first time somebody reported a lost mail that was not captured by the Content/Spam Filter. So its was received by the edge and got lost somewhere between queue and transport. xD BR ..next time we eat bacon

On Mon, 25 Jul 2011 08:58:20 +0000, exit1337 wrote: >thanks but this log can not help because its disabled by default. :( So enable it! And enable the logging on the recieve connector, too! >Is there still a way to check out what happend? You're already tried and said that you can't figure it out. I'm just asking if the message the edge accepted was ever sent to (or tried to be sent to) the HT server. If the answer is "no" then the problem is isolated to the edge server. If, OTOH, you see an attempt to send the message you'd have some idea of why it failed. >What could be the problem for the lost e-mail(s)? That's what you're trying to discover. >Or is this a known issue of exchange 07? Not that I know of. >Fact is that this server is active since 3 years and it was the first time somebody reported a lost mail that was not captured by the Content/Spam Filter. So its was received by the edge and got lost somewhere between queue and transport. xD If this is something that's reproducible, you might try using pipeline tracing to capture the message that fails. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi, thanks for your great help. I will enable the SMTP logs and see what happens/fails in the future. xD The reason why the smtp logs where disable was that the former IT responsible for the mx structure has not configured smtp logging. If someone still can give me an answere why this could have happened it would be great. BR Exit1337 /closed ..next time we eat bacon

Hi, thanks for your great help. I will enable the SMTP logs and see what happens/fails in the future. xD The reason why the smtp logs were disable was that the former IT responsible for the mx structure has not configured smtp logging. If someone still can give me an answere why this could have happened it would be great. BR Exit1337 /closed ..next time we eat bacon