none
Members of distribution groups receive a duplicate email when they are also a recipient

    Question

  • Hello,

    As of a couple of weeks ago when a member of a distribution group receives an email and is also a recipient of this email they get two copies of the email. Prior to this everything was working normally and they only received one copy of this email. Nothing had changed when this stopped working.

    We were on Exchange 2013 CU12 when this started and have now updated to CU14 to see if this is resolved but the issue remains.

    I have tried to check the duplicate email detection settings which were in Exchange 2010 but I can't seem to find these in 2013 which is the same as another 2013 server which is working fine.

    When we do a message tracking I can see that this email listed twice with the same MessageId, once listed to the recipient and once listed to the individual members of the distribution group.

    Has anyone experienced the same issue? Are there any settings I can check with Exchange 2013 to see why this has stopped working? I think I've exhausted browsing Google for the problem.

    Thursday, October 6, 2016 2:24 PM

Answers

  • To clarify, the tracking logs I have posted are from one message that was sent to the mailbox with the distribution group CC'd.

    Whenever I do the same process for any distribution group I am seeing the same tracking logs where it looks like two individual emails rather than an email + duplicate. I can compare this to a working server (which isn't part of the same company) where I see what you are describing, one message ID and a DUPLICATE event.

    The system has been rebooted since the issue began to apply to updates to CU14.

    I believe the issue is occurring before the email is getting to Outlook as it is occurring for a number of users, including our admin account which has no rules at all.

    Any journaling / archiving/3rd party transport agents / anti-malware etc..installed on the Exch servers?

    Blog:    Twitter:   


    • Edited by Andy DavidMVP Friday, October 7, 2016 1:16 PM
    • Marked as answer by SteveBCTec Friday, October 7, 2016 3:12 PM
    Friday, October 7, 2016 1:16 PM
  • Thanks everyone. You all pointed me towards that this wasn't an Exchange issue, rather it was a setting / 3rd party application interfering.

    This turned out to be a GFI Mail Essentials service which needed a restart, not exactly sure why rebooting the server didn't fix this. For anyone with a similar issue the service in question was "GFI MailEssentials Enterprise Transfer". As soon as this was restarted the issue went away.

    Friday, October 7, 2016 3:12 PM

All replies

  • Is this happening with all groups or just some? Any transport rules that may be setup to do this? 

    Does this happen if you create a new group?


    Blog:    Twitter:   

    Thursday, October 6, 2016 6:38 PM
  • Steve, in your message tracking logs, what Event ID do you see with the two message events?  One should be Duplicate - if you aren't seeing this, this is why the user is getting duplicate messages. Note that you may need to collect this info from all of your servers to be sure you have all of the pertinent events.

    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    Thursday, October 6, 2016 8:44 PM
  • Hi,

    Great advice from above, please collect the answers for further assistance.

    Exchange server will not deliver a duplicate message at same time. By default, the message will be delivered only once even if it has the same mailbox as a recipient twice (such as individually and as a member of a distribution group as you mentioned).

    Therefore, please double check the message header for those duplicate message, ensure it has same message id and date.

    Also, run message tracking log to get the whole message deliver process for this message.
    For example:

    Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-MessageTrackingLog -MessageId <MessageID> | Select-Object Timestamp,ServerHostname,ClientHostname,Source,EventId,Recipients | Sort-Object -Property Timestamp

    Allen Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 7, 2016 5:56 AM
    Moderator
  • Thanks everyone for getting back to me so quickly.

    This is currently happening for all groups, if I create a new group it also happens. I created a Test@ group with one user in it, when I email the group + user I receive two emails.

    There are no transport rules in place that could be causing this.

    The EventId on both messages is SEND, these have different MessageId's and are 1 second apart. If these are both appearing as SEND rather than DUPLICATE what would this indicate?

    These are the transport logs I am getting for both emails which are appearing as separate things. (I have replaced the emails / domains). This was sent to the user with the distribution list CC'd.

    MessageID: 06c2463ed95744838db22ce462eda825

    Timestamp      : 07/10/2016 09:16:44
    ServerHostname : SVR02
    ClientHostname :
    Source         : SMTP
    EventId        : HAREDIRECTFAIL
    Recipients     : {email@domain.com}

    Timestamp      : 07/10/2016 09:16:44
    ServerHostname : SVR02
    ClientHostname : SVR02.domain.local
    Source         : SMTP
    EventId        : RECEIVE
    Recipients     : {email@domain.com}

    Timestamp      : 07/10/2016 09:16:44
    ServerHostname :
    ClientHostname : SVR02
    Source         : AGENT
    EventId        : AGENTINFO
    Recipients     : {email@domain.com}

    Timestamp      : 07/10/2016 09:16:44
    ServerHostname : SVR02.domain.local
    ClientHostname : SVR02
    Source         : SMTP
    EventId        : SEND
    Recipients     : {email@domain.com}

    Timestamp      : 07/10/2016 09:16:44
    ServerHostname : SVR02
    ClientHostname : SVR02.domain.local
    Source         : STOREDRIVER
    EventId        : DELIVER
    Recipients     : {email@domain.com}

    MessageID: 8eb0883836bb4d72a800fe3ba9584339

    Timestamp      : 07/10/2016 09:16:44
    ServerHostname : SVR02
    ClientHostname :
    Source         : SMTP
    EventId        : HAREDIRECTFAIL
    Recipients     : {email@domain.com}

    Timestamp      : 07/10/2016 09:16:44
    ServerHostname : SVR02
    ClientHostname : SVR02.domain.local
    Source         : SMTP
    EventId        : RECEIVE
    Recipients     : {email@domain.com}

    Timestamp      : 07/10/2016 09:16:44
    ServerHostname :
    ClientHostname : SVR02
    Source         : AGENT
    EventId        : AGENTINFO
    Recipients     : {email@domain.com}

    Timestamp      : 07/10/2016 09:16:45
    ServerHostname : SVR02.domain.local
    ClientHostname : SVR02
    Source         : SMTP
    EventId        : SEND
    Recipients     : {email@domain.com}

    Timestamp      : 07/10/2016 09:16:45
    ServerHostname : SVR02
    ClientHostname : SVR02.domain.local
    Source         : STOREDRIVER
    EventId        : DELIVER
    Recipients     : {email@domain.com}

    I hope this is enough information, if you need to know anything else please let me know.

    Thanks again.

    Friday, October 7, 2016 8:51 AM
  • Are you saying these are the two emails - the duplicates?  (I have to assume so, since there is only one Deliver event for each.)  If so, there are unique message IDs, so the system sees them as different messages.  Are you seeing this for every message sent through this system?  And when was the last time the system was restarted?  I'll add that there is no Expand event in either of these traces, showing that neither was due to a distribution list being used.  In the cases where I've seen a DL as well as a name on the email recipients list, I see a Receive, an Expand, a Deliver, and a Duplicate.

    If these represent two separate messages that were each delivered twice, as I stated above, there is only one Deliver event, so if there are two messages for each of these in the mailbox, it is because of something done once the message got to Outlook.  Possibly an Inbox rule?


    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })


    Friday, October 7, 2016 11:52 AM
  • To clarify, the tracking logs I have posted are from one message that was sent to the mailbox with the distribution group CC'd.

    Whenever I do the same process for any distribution group I am seeing the same tracking logs where it looks like two individual emails rather than an email + duplicate. I can compare this to a working server (which isn't part of the same company) where I see what you are describing, one message ID and a DUPLICATE event.

    The system has been rebooted since the issue began to apply to updates to CU14.

    I believe the issue is occurring before the email is getting to Outlook as it is occurring for a number of users, including our admin account which has no rules at all.

    Friday, October 7, 2016 1:08 PM
  • To clarify, the tracking logs I have posted are from one message that was sent to the mailbox with the distribution group CC'd.

    Whenever I do the same process for any distribution group I am seeing the same tracking logs where it looks like two individual emails rather than an email + duplicate. I can compare this to a working server (which isn't part of the same company) where I see what you are describing, one message ID and a DUPLICATE event.

    The system has been rebooted since the issue began to apply to updates to CU14.

    I believe the issue is occurring before the email is getting to Outlook as it is occurring for a number of users, including our admin account which has no rules at all.

    Any journaling / archiving/3rd party transport agents / anti-malware etc..installed on the Exch servers?

    Blog:    Twitter:   


    • Edited by Andy DavidMVP Friday, October 7, 2016 1:16 PM
    • Marked as answer by SteveBCTec Friday, October 7, 2016 3:12 PM
    Friday, October 7, 2016 1:16 PM
  • Thanks everyone. You all pointed me towards that this wasn't an Exchange issue, rather it was a setting / 3rd party application interfering.

    This turned out to be a GFI Mail Essentials service which needed a restart, not exactly sure why rebooting the server didn't fix this. For anyone with a similar issue the service in question was "GFI MailEssentials Enterprise Transfer". As soon as this was restarted the issue went away.

    Friday, October 7, 2016 3:12 PM
  • Hi Steve,

    Glad it solved, and thank you for your sharing.


    Allen Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Saturday, October 8, 2016 3:05 AM
    Moderator