Exchange 2007 Out of Office Adventures

Further to my recent article about OOF (or OOO) functionality not working in Exchange 2007 – I have found out another little nugget of truth which might be of use to you all. As my previous article explains I had a problem with Exchange 2007 OOO messages being synchronised and indeed not being sent within my organisation, which after a lot of research I managed to track down the problem to a specific service – however I then further found out that even though I had managed to fix the problem detailed in my first article – Exchange 2007 OOO replies were not sending to internet based recipients – to make matters more complicated – Exchange 2003 based users in the Interop environment COULD send OOF to internet based recipients . The diagram below depicts the issue that I was now having: OOFArtEX1 The best way to troubleshoot this was to use the message tracking features within Exchange to see exactly where the OOF message was get lost within my organisation – now at this stage we should bear in mind that my Exchange Organisation is in Interop mode with Exchange 2003 – where the Exchange 2003 part of the configuration is still setup to relay mail to the Internet – so any message tracking to the web is a two stage process.

Step 1 – Track the OOF message from the 2007 based sender via the Exchange Management Shell

In order to do accomplish this I opened up a new Exchange Management Shell command window and entered in the following command: get-messagetrackinglog –Sender –Server –EventID –Start –End – Therefore – get-messagetrackinglog -Sender [email protected] -Server "CRP-HUB-01" -EventID "SEND" -Start "23/11/2008 00:08:00" -End "23/11/2008 23:18:00" The above command gave me a list of mails sent within the time period that I required – see below: OOFArtEX2 From the list above I identified the e-mail that I was interested in and then modified my command to look like the following: get-messagetrackinglog -Sender ">">">[email protected] –Server "CRP-exht-01" -EventID "SEND" -Start "23/11/2008 00:08:00" -End "23/11/2008 23:1 8:00" -Recipients [email protected] | fl Which produced the following output (key information about my setup has been removed): OOFArtEX3 The information that I was interested in from the above output was as follows:

  • ServerHostName – this is the next hop server that I would expect the OOF to take – this should be the Exchange 2003 bridge head
  • ConnectorID – This should tell me that the transport was an Intra-Organisational Send Connector

This with the above information being correct I knew that to all intents and purposes the OOF was getting out of the Exchange 2007 side of my organisation and was being passed to the Exchange 2003 side.

Step 2 – track the OOF message from the Exchange 2003 organisation to the end recipient:

As Exchange 2007 cannot track Exchange 2003 messages I had to jump onto one of my Exchange 2003 servers and fire up the message tracking from the Exchange 2003 Management Console. The results of which are displayed below: OOFArtEX4 Now the interesting part of the above is that I would normally expect to see a final entry just under the “SMTP: Message Routed and Queued for Remote Delivery” telling me that the OOF had been passed out to our External messaging suppliers (for example Message Labs) – however it was missing. I found this strange so I decided to turn on SMTP logging on the Virtual SMTP server on my mail relay – which produced the following output – this example will look different as I had to send a new mail item to ensure that it was added to the SMTP logs and I have replaced the IP addresses with bogus entries):

#Software:  Microsoft Internet Information Services 6.0 
#Version: 1.0 
#Date:  2008-11-23 19:11:15 
#Fields: c-ip cs-username s-sitename s-computername s-ip  s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status cs-host  
10.1.1.2 crp-exht-01.mydomain.comSMTPSVC3 CRP-RELAY-01 10.1.1.3 0 EHLO -  +crp-exht-01.mydomain.com 250 0 - 
10.1.1.2 crp-exht-01.mydomain.comSMTPSVC3  CRP-RELAY-01 10.1.1.3 0 MAIL - +FROM: 250 0 - 
10.1.1.2  crp-exht-01.mydomain.comSMTPSVC3 CRP-RELAY-01 10.1.1.3 0 RCPT - +TO: 250 0 -  
10.1.1.2 crp-exht-01.mydomain.com SMTPSVC3 CRP-RELAY-01 10.1.1.3 0 BDAT -  +<[email protected]ydomain> 250 0 -  
10.1.1.2 crp-exht-01.mydomain.com SMTPSVC3 CRP-RELAY-01 10.1.1.3 0 QUIT -  crp-exht-01.mydomain.com240 328 - 
194.116.199.78 OutboundConnectionResponse  SMTPSVC3 CRP-RELAY-01 - 25 - - 220+gse-mta-08.emailfiltering.com+emfmtad+182 0 0  - 
194.116.199.78 OutboundConnectionCommand SMTPSVC3 CRP-RELAY-01 - 25 EHLO -  crp-relay-01.mydomain.com 0 0 - 
194.116.199.78 OutboundConnectionResponse  SMTPSVC3 CRP-RELAY-01 - 25 - -  250-gse-mta-08.emailfiltering.com+Salutations+214.56.211.0+[214.56.211.0]. 0 0 -  
194.116.199.78 OutboundConnectionCommand SMTPSVC3 CRP-RELAY-01 - 25 MAIL -  FROM: 0 0 - 
194.116.199.78 OutboundConnectionResponse SMTPSVC3 CRP-RELAY-01  - 25 - - 250++accepted 0 0 - 
194.116.199.78 OutboundConnectionCommand  SMTPSVC3 CRP-RELAY-01 - 25 RCPT - TO: 0 0 - 
194.116.199.78  OutboundConnectionResponse SMTPSVC3 CRP-RELAY-01 - 25 - -  550+Relaying+not+permitted+(3.7):[email protected] 0 0 -  
194.116.199.78 OutboundConnectionCommand SMTPSVC3 CRP-RELAY-01 - 25 RSET - -  0 0 - 
194.116.199.78 OutboundConnectionResponse SMTPSVC3 CRP-RELAY-01 - 25 -  - 250+OK 0 0 - 
194.116.199.78 OutboundConnectionCommand SMTPSVC3  CRP-RELAY-01 - 25 QUIT - - 0 0 - 
194.116.199.78 OutboundConnectionResponse  SMTPSVC3 CRP-RELAY-01 - 25 - - 221+Bye+for+now 0 0 -

The key point of interest in the log above was the following line:

194.116.199.78  OutboundConnectionResponse SMTPSVC3 CRP-RELAY-01 - 25 - -  550+Relaying+not+permitted+(3.7):[email protected] 0 0 -

This suggested to me that our e-mail filtering service was blocking the OOF messages from Exchange 2007 based recipients but not Exchange 2003 based ones for some reason. I decided to do a little more research which opened up the following article on TechNet: http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3370071&SiteID=17 – Hmmmm. I fired an e-mail off to our Messaging Scanning company whom made a change to the way in which outbound relay is handled – and low and behold it now works! So the moral to this story – (if there is one) is that if you use a third party e-mail scanning company – or indeed appliance and your Exchange 2007 OOF messages seem to be going no where – then have a look at the tracking logs to see if the new way in which OOF messages are handled in Exchange 2007 is causing you issues.

Sharing is caring!:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.