none
Clients not receiving e-mail due to 169 address in e-mail header

    Question

  • We are getting undeliverable messages when attempting to send e-mail to some clients.  The undeliverable indicates the following message (generalized):

    #550 5.7.1
    RESOLVER.RST.NotAuthorized; not authorized ##

    Received: from EXC01.companyname.com ([169.254.1.141]) by

    EXC01.companyname.com
    ([169.254.1.141]) with mapi id 14.01.0339.001;

    Our Exchange 2010 with SP1 environment has a two-node DAG cluster.  The 169 IP comes from "Ethernet Adapter Local Area Connection* 9".  See below:

    Connection-specific DNS Suffix  . :
    Description . . . .. . . . . . . : Microsoft Failover Cluster Virtual Adapter
    Physical Address. . . . . . . . . : 02-26-B9-5A-2A-95
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 169.254.1.33(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    NetBIOS over Tcpip. . . . . . . . : Enabled

    The DAG is using an internal addressing scheme and is not using the 169 address.  We've already tried lowering the priority of the cluster adapter binding order per Henrik's article here but still aren't having luck fixing. 

    How do you prevent Exchange from using the 169 address?


    MCITP Windows 7 MCTS Windows Server 2008

    vendredi 30 mars 2012 19:15

Réponses

  • We do have IPv6 disabled, and hence the reason you don't see the IPv6 address in the headers :)

    IPv6 should not be disabled, even if your network is not routing it. Windows Server considers it a core part of the OS and does not test with it disabled.

    http://technet.microsoft.com/en-us/library/gg144561.aspx#DisEna

    http://technet.microsoft.com/en-us/network/bb530961


    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003
    MCTS: Win Server 2008 AD, Configuration MCTS: Win Server 2008 Network Infrastructure, Configuration
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server

    NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    lundi 2 avril 2012 13:21

Toutes les réponses

  • The step you have shown in the header is very early in the process - it is the initial MAPI transfer and therefore shouldn't be the cause of the email being rejected. It isn't seen by the clients until after connection. How did you come to the conclusion that was the cause of the problem?

    What server is generating the NDR? If it is your server then that is not the cause of the problem because the server that is rejecting it hasn't even seen the headers.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    vendredi 30 mars 2012 19:19
  • Hey Simon,

    Thanks for the speedy response.  Some organizations reject our messages because of the 169 in the header.  So the workaround for now is to include the 169 address in our SPF record.  But since that's not ideal, we're looking for a fix.  Here's an example of what we're targeting:

    Delivered-To: gregt8@gmail.com Received: by 10.42.131.135 with SMTP id z7csp77132ics; Fri, 30 Mar 2012 12:23:37 -0700 (PDT) Received: by 10.182.85.39 with SMTP id e7mr4416883obz.51.1333135416921; Fri, 30 Mar 2012 12:23:36 -0700 (PDT) Return-Path: <Greg.Tate@catapultsystems.com> Received: from mail.catapultsystems.com (mail.catapultsystems.com. [65.44.71.72]) by mx.google.com with ESMTP id sc9si4150085obb.111.2012.03.30.12.23.36; Fri, 30 Mar 2012 12:23:36 -0700 (PDT) Received-SPF: pass (google.com: domain of Greg.Tate@catapultsystems.com designates 65.44.71.72 as permitted sender) client-ip=65.44.71.72; Authentication-Results: mx.google.com; spf=pass (google.com: domain of Greg.Tate@catapultsystems.com designates 65.44.71.72 as permitted sender) smtp.mail=Greg.Tate@catapultsystems.com Received: from CATEXCH01.catapultsystems.com ([169.254.1.33]) by CATEXCH01.catapultsystems.com ([x.x.x.x]) with mapi id 14.01.0339.001; Fri, 30 Mar 2012 14:23:35 -0500 From: Greg Tate <Greg.Tate@catapultsystems.com> To: "gregt8@gmail.com" <gregt8@gmail.com> Subject: test Thread-Topic: test Thread-Index: Ac0OqppxtDcA1pAXQamteSBTlTkCWw== Date: Fri, 30 Mar 2012 19:23:35 +0000 Message-ID: <84CABA03CED04B44A50479B62740C99CCC7ACE59@CATINEXC04.catapultsystems.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [x.x.x.x] Content-Type: multipart/alternative; boundary="_000_84CABA03CED04B44A50479B62740C99CCC7ACE59CATINEXC04catap_" MIME-Version: 1.0


    MCITP Windows 7 MCTS Windows Server 2008

    vendredi 30 mars 2012 20:38
  • See NDR below. Note: the customer's spam filter is Microsoft FOPE.  FOPE Support recommended creating the SPF record but we are looking for a better solution.

    This issue appears to be a known issue because Henrik posted about this in the Technet Magazine

    http://technet.microsoft.com/en-us/magazine/gg314976.aspx

    However, when we used nvspbind.exe as Henrik described, it had no effect on the message header (even after a reboot).

    _____________________________________________
    From: Microsoft Outlook
    Sent: Tuesday, March 06, 2012 5:50 PM
    To: John Doe
    Subject: Undeliverable: [Subject of Message]


    mail.ourcustomer.com rejected your message to the following e-mail addresses:

    jane@ourcustomer.com (jane@ourcustomer.com)


    mail.ourcustomer.com gave this error:
    mail.ourcustomer.com: domain of catapultsystems.com does not designate 169.254.1.141 as permitted sender


    A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.

     

    Diagnostic information for administrators:

    Generating server: CATINEX.catapultsystems.com

    jane@ourcustomer.com
    mail.ourcustomer.com #550 mail.ourcustomer.com: domain of catapultsystems.com does not designate 169.254.1.141 as permitted sender ##


    Original message headers:

    Received: from CATINEXC.catapultsystems.com ([169.254.1.141]) by
     CATINEXC.catapultsystems.com ([169.254.1.141]) with mapi id 14.01.0339.001;
     Tue, 6 Mar 2012 17:50:02 -0600
    From: John Doe <John.Doe@catapultsystems.com>
    To: "jane@ourcustomer.com" <jane@ourcustomer.com>,
    Subject: [Subject of Message]
    Thread-Topic: [Subject of Message]
    Thread-Index: Acz783L9ovhjaAqPTYCCqL+Hi1oyCwAACAzw
    Date: Tue, 6 Mar 2012 23:50:02 +0000
    Message-ID: <584FB0E7ACDBC54AB6B38C5D36C273691AFC497A@CATINEXC.catapultsystems.com>
    Accept-Language: en-US
    Content-Language: en-US
    X-MS-Has-Attach:
    X-MS-TNEF-Correlator:
    x-originating-ip: [50.84.xx.xxx]
    Content-Type: multipart/alternative;
     boundary="_000_584FB0E7ACDBC54AB6B38C5D36C273691AFC497ACATINEXC04catap_"
    MIME-Version: 1.0

     

    samedi 31 mars 2012 02:18
  • Have you disabled IPv6? I would expect an IPv6 address in the headers.

    While there is an article on resolving the display issue, it isn't something I have seen as a problem. Any reason you aren't sending email out through Frontbridge?

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    samedi 31 mars 2012 13:48
  • hi,

    How about your issue now, any update?

    Please remember to mark as answer.

    thanks,


    CastinLu

    TechNet Community Support

    lundi 2 avril 2012 06:36
  • Hey Simon,

    We do have IPv6 disabled, and hence the reason you don't see the IPv6 address in the headers :)

    We're not quite sure if it's a display issue, though, because FOPE rejects the message if the 169 is not in the SPF. 

    We appreciate your help on this! 


    MCITP Windows 7 MCTS Windows Server 2008

    lundi 2 avril 2012 13:12
  • We do have IPv6 disabled, and hence the reason you don't see the IPv6 address in the headers :)

    IPv6 should not be disabled, even if your network is not routing it. Windows Server considers it a core part of the OS and does not test with it disabled.

    http://technet.microsoft.com/en-us/library/gg144561.aspx#DisEna

    http://technet.microsoft.com/en-us/network/bb530961


    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003
    MCTS: Win Server 2008 AD, Configuration MCTS: Win Server 2008 Network Infrastructure, Configuration
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server

    NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    lundi 2 avril 2012 13:21