locked
Exchange 2016 CU9 DAG 2 Node internal Email Issues RRS feed

  • Question

  • Exchange 2016 CU9 DAG 2 Node

    Windows 2016 Datacenter Servers 

    VMware Esxi Hosts 6.5

    I have many internal servers that run PowerShell scripts to give me status reports.

    I setup and Internal receive connector with anonymous on both DAG's

    The scripts are all the same on each server example

    $Server = hostname
    $Subject = "$Server Daily Event Report"
    $Body = "Open attachment for Todays Events Report"
    $From = "no-reply@mysnet.com"
    $To = "systems-alert@mynet.com"
    $LogFolder = "c:\util\logs"
    $LogFile = "appevents.txt"
    $LogFile2 = "serevents.txt"

    some code here then the email

    $PSEmailServer = "SERV021-N1.MYNET.COM"
    Send-MailMessage -From $From -To $To -Subject $Subject -Body $Body -smtpserver $PSEmailServer -attachment "$LogFolder\$LogFile", "$LogFolder\$LogFile2"

    It is random that the email are delivered to my outlook client.

    What can I check or run to see if the emails are getting to the server?

    The scripts are all run via task scheduler 

    If I go on to the server and run the script from within PowerShell this is what I get 

    Send-MailMessage : Mailbox unavailable. The server response was: 5.7.1 Message rejected as spam by Content Filtering.
    At C:\util\events.ps1:45 char:1
    + Send-MailMessage -From $From -To $To -Subject $Subject -Body $Body -s ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpExcept
       ion
        + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage

    Any ideas

    Thank you

    Tom

    Sunday, July 22, 2018 2:00 AM

All replies

  • Hi Insearchof55

    From the error it looks like its is the content filtering rules. You could try disable the internal content rule to test if this is the issue.

    To disable Internal Content 

    Set-ContentFilterConfig -InternalMailEnabled $false

    To renable just run 

    Set-ContentFilterConfig -InternalMailEnabled $true

    Or you could try excluding the recipients / sender if they are always the same addresses. 

    Set-ContentFilterConfig -BypassedRecipients no-reply@mysnet.com -BypassedSenders systems-alert@mynet.com


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

    Sunday, July 22, 2018 12:01 PM
  • Geoff

    Thanks I will add them .

    Question

    I was able to add  Set-ContentFilterConfig -BypassedRecipients no-reply@mysnet.com it had no entries

    My BypassedSenders does.

    I tried this but it does not work

    $list = (Get-ContentFilterConfig).BypassedSenders

    $list

    Length         : 17
    Local          : support
    Domain         : veeam.com
    Address        : support@veeam.com
    IsUTF8         : False
    IsValidAddress : True
    Length         : 17
    Local          : vpcmail
    Domain         : veeam.com
    Address        : vpcmail@veeam.com
    IsUTF8         : False
    IsValidAddress : True
    Length         : 28
    Local          : noreply
    Domain         : experts-exchange.com
    Address        : noreply@experts-exchange.com
    IsUTF8         : False
    IsValidAddress : True
    Length         : 37
    Local          : webbillpay
    Domain         : pncbank.customercenter.net
    Address        : webbillpay@abcbank.customercenter.net
    IsUTF8         : False
    IsValidAddress : True
    Length         : 21
    Local          : noreply
    Domain         : mxtoolbox.com
    Address        : noreply@mxtoolbox.com
    IsUTF8         : False
    IsValidAddress : True

    Then I try this command

    $list.add("no-reply@tgcsnet.com")

    How can I add with pre-existing entries without reentering them all

    Thanks

    Tom

    Sunday, July 22, 2018 1:19 PM
  • Hi Tom

    I think the above command's should work but your are just missing the set command. I would export the current list before running the command just in case. The below should be the full set of command's. 

    $list = (Get-ContentFilterConfig).BypassedSenders
    $list.add("no-reply@domain.com")
    Set-ContentFilterConfig -BypassedSenders:$list


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.


    Sunday, July 22, 2018 2:41 PM
  • Geoff

    Thanks

    I m now able to add to the list 

    another guy asked me to run this

    [PS] C:\Windows\system32>get-transportagent

    Identity                                           Enabled         Priority
    --------                                           -------         --------
    Transport Rule Agent                               True            1
    DLP Policy Agent                                   True            2
    Retention Policy Agent                             True            3
    Supervisory Review Agent                           True            4
    Malware Agent                                      False           5
    Text Messaging Routing Agent                       True            6
    Text Messaging Delivery Agent                      True            7
    System Probe Drop Smtp Agent                       True            8
    System Probe Drop Routing Agent                    True            9
    Content Filter Agent                               True            10
    Sender Id Agent                                    True            11
    Sender Filter Agent                                True            12
    Recipient Filter Agent                             True            13
    Protocol Analysis Agent                            True            14

    Going to see if the internal email flows better now

    Sunday, July 22, 2018 11:48 PM
  • Geoff

    till getting this error when running script from power shell console

    PS C:\util> .\guestbook.ps1
    Send-MailMessage : Mailbox unavailable. The server response was: 5.7.1 Message rejected as spam by Content Filtering.
    At C:\util\guestbook.ps1:25 char:1
    + Send-MailMessage -From $From -To $To -Subject $Subject -Body $Body -s ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpExcept
       ion
        + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage

    I ran this command 

    Set-ContentFilterConfig -InternalMailEnabled $false

    What am I missing here?

    Monday, July 23, 2018 1:51 AM
  • Geoff

    As A test I changed the script to a valid email account on my exchange system

    That works.

    So how can I setup no-reply@mynet.com to work all the time.

    Tom

    Monday, July 23, 2018 2:21 AM
  • Hi Tom 

    Not sure why it would still be rejecting the mail. I did a quick test on my Exchange and I can send mail's once i added to the bypass list. You could try add in your domain to the bypass list and see if that helps.  

    Set-ContentFilterConfig -BypassedSenderDomains yourdomain


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

    Monday, July 23, 2018 10:30 AM
  • Any update now?

    If the above suggestion helps, please be free to mark it as answer for helping more people.

    Regards,

    Gavin Gao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, July 25, 2018 7:30 AM
  • Gavin

    Made the change and still emails from no-reply@ mydom.net still are random when I get them

    Any ideas

    Thank you

    Thursday, July 26, 2018 12:56 AM
  • Hi Tom,

    You may set the safe sender on all of the Exchange servers.

    Thursday, July 26, 2018 1:07 AM
  • Thanks

    How do I do that?

    Thursday, July 26, 2018 1:12 AM
  • Paul

    I tried this

    PS] C:\Windows\system32>Set-MailboxJunkEmailConfiguration -identity  trgrassijr@tgcsnet.com -TrustedSendersAndDomains @
    {Add="tgcsnet.com"}
    Property validation failed. Property = TrustedSendersAndDomains (System.String)
    Error = "@tgcsnet.com" is your email address or domain and can't be added to your Safe Senders and Recipients list..
        + CategoryInfo          : NotSpecified: (:) [Set-MailboxJunkEmailConfiguration], PropertyValidationException
        + FullyQualifiedErrorId : [Server=TGCS021-N1,RequestId=77599646-cf2e-4f2a-80a1-165ced5a2e10,TimeStamp=7/27/2018 1:
       27:52 AM] [FailureCategory=Cmdlet-PropertyValidationException] 6FD87CFA,Microsoft.Exchange.Management.StoreTasks.S
      etMailboxJunkEmailConfiguration
        + PSComputerName        : tgcs021-n1.our.network.tgcsnet.com

    Looks like you do not require to add your own domain to the trusteddoman list

    Friday, July 27, 2018 1:30 AM
  • Geoff

    In the agentslog I see the problem but do not know how to fix

    Here is  a sample of the agentlog

                                        2018-07-27T10:08:01.418Z,08D5F34ED12F774D,10.2.8.17:2525,10.2.8.18:49380,10.2.8.49,<fa2a70e9-82d8-4c23-a3cc-cf4b3b9d5e13@TGCS021-N1.our.network.tgcsnet.com>,no-reply@tgcsnet.com,no-reply@tgcsnet.com;,systems-alert@tgcsnet.com,1,Content Filter Agent,OnEndOfData,AcceptMessage,,SCL,not available: policy is disabled.,,42bb3f10-15a4-466b-ca5c-08d5f3a8d601,,Incoming
                                        2018-07-27T10:08:01.469Z,08D5F34ED12F774E,10.2.8.17:2525,10.2.8.18:49381,10.2.8.57,<efa67bc6-e167-4708-ac91-68ddd8b61eeb@TGCS021-N1.our.network.tgcsnet.com>,no-reply@tgcsnet.com,no-reply@tgcsnet.com;,systems-alert@tgcsnet.com,1,Content Filter Agent,OnEndOfData,AcceptMessage,,SCL,not available: policy is disabled.,,a4f0acfc-3107-4427-b0d0-08d5f3a8d604,,Incoming
                                        2018-07-27T10:08:02.435Z,08D5F34ED12F7750,10.2.8.17:2525,10.2.8.32:50992,10.2.8.32,<b7999610-b37a-4712-a708-20a0189e4237@TGCS021-N1.our.network.tgcsnet.com>,no-reply@tgcsnet.com,no-reply@tgcsnet.com;,systems-alert@tgcsnet.com,1,Content Filter Agent,OnEndOfData,QuarantineMessage,550 5.2.1 Content Filter agent quarantined this message,SclAtOrAboveQuarantineThreshold,7,DV:3.3.5705.600;SID:SenderIDStatusNone,b7f5ff77-4f32-4eff-ef22-08d5f3a8d690,,Incoming
                                        2018-07-27T10:08:02.658Z,08D5F34ED12F774F,10.2.8.17:2525,10.2.8.18:49384,10.2.8.31,<0042cd31-81c3-4c27-86cb-b44c80aaa693@TGCS021-N1.our.network.tgcsnet.com>,no-reply@tgcsnet.com,no-reply@tgcsnet.com;,systems-alert@tgcsnet.com,1,Content Filter Agent,OnEndOfData,AcceptMessage,,SCL,not available: policy is disabled.,,aa58067b-6e6a-4da3-7faf-08d5f3a8d64b,,Incoming
                                        2018-07-27T10:08:02.751Z,08D5F34ED12F7752,10.2.8.17:2525,10.2.8.18:49386,10.2.8.35,<4e915b34-471f-4c7d-9ab4-1dade7480880@TGCS021-N1.our.network.tgcsnet.com>,no-reply@tgcsnet.com,no-reply@tgcsnet.com;,systems-alert@tgcsnet.com,1,Content Filter Agent,OnEndOfData,AcceptMessage,,SCL,not available: policy is disabled.,,4d5f2cf1-e44a-469d-0336-08d5f3a8d67e,,Incoming
                                        2018-07-27T10:08:02.842Z,08D5F34ED12F7753,10.2.8.17:2525,10.2.8.85:58465,10.2.8.85,<71bcfcc6-7c60-4259-adcd-ee4c39b7f7e7@TGCS021-N1.our.network.tgcsnet.com>,no-reply@tgcsnet.com,no-reply@tgcsnet.com;,systems-alert@tgcsnet.com,1,Content Filter Agent,OnEndOfData,QuarantineMessage,550 5.2.1 Content Filter agent quarantined this message,SclAtOrAboveQuarantineThreshold,7,DV:3.3.5705.600;SID:SenderIDStatusNone,d2e5743c-b04c-4393-5048-08d5f3a8d6ca,,Incoming
                                        2018-07-27T10:08:03.249Z,08D5F34ED12F7753,10.2.8.17:2525,10.2.8.56:58020,10.2.8.56,<f3a3f482-9452-4a2a-8f68-57101d9518bc@TGCS021-N1.our.network.tgcsnet.com>,no-reply@tgcsnet.com,no-reply@tgcsnet.com;,systems-alert@tgcsnet.com,1,Content Filter Agent,OnEndOfData,QuarantineMessage,550 5.2.1 Content Filter agent quarantined this message,SclAtOrAboveQuarantineThreshold,7,DV:3.3.5705.600;SID:SenderIDStatusNone,7fe3facb-3e14-4652-4b3a-08d5f3a8d718,,Incoming
                                        2018-07-27T10:08:13.772Z,08D5F34ED12F7753,10.2.8.17:2525,10.2.8.58:53794,10.2.8.58,<5d310b21-7dcf-4adf-83b7-3dffc2a53964@TGCS021-N1.our.network.tgcsnet.com>,no-reply@tgcsnet.com,no-reply@tgcsnet.com;,systems-alert@tgcsnet.com,1,Content Filter Agent,OnEndOfData,QuarantineMessage,550 5.2.1 Content Filter agent quarantined this message,SclAtOrAboveQuarantineThreshold,7,DV:3.3.5705.600;SID:SenderIDStatusNone,f58076c7-d778-4287-cc20-08d5f3a8dd63,,Incoming
                                        2018-07-27T10:10:01.523Z,08D5F34ED12F7753,10.2.8.17:2525,10.2.8.27:53865,10.2.8.27,<a712e825-a6c7-4db0-8c3e-8c8a71a4987b@TGCS021-N1.our.network.tgcsnet.com>,no-reply@tgcsnet.com,no-reply@tgcsnet.com;,systems-alert@tgcsnet.com,1,Content Filter Agent,OnEndOfData,QuarantineMessage,550 5.2.1 Content Filter agent quarantined this message,SclAtOrAboveQuarantineThreshold,7,DV:3.3.5705.600;SID:SenderIDStatusNone,d7e475a2-a120-409a-bbfc-08d5f3a91d7e,,Incoming
                                        2018-07-27T10


                                        It is guaranteeing the mails and others it is not and the scripts all do a similar thing. Some days it does this and then the next it will not It is very random

    Saturday, July 28, 2018 2:50 PM
  • Hi Insearchof55 

    To test if its specific servers that are having the issue can you try run the script from one of the servers above that failed and one that succeded. If it keeps failing from the same set of servers it could be something to do with server IP not being allowed to relay. If the conent filter rule works one day and no changes are made then it shouldn't be blocking the mails randomly. 


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

    Saturday, July 28, 2018 4:57 PM
  • Geoff,

    No changes have been made yet. Still waiting for something to fix this issue. Making changes does not help troubleshooting.

    All Servers are on the same subnet 10.2.8.0/22

     On my relay receive connector I have 10.2.8.0/22 specified I do not list each server individually

    The scripts are the same on each server

    Is there any reason why the emails are getting sent to quarantine? as in my log above?

    Also if I go to the server where the script did not send the email and run it manually 9 out of 10 times it sends the emails I have 22 servers running and they process the script from 5:45 AM to 7:00 AM It can not be flooding the inbound email

    Something is not correct and can not pin point it.


    • Edited by Insearchof55 Saturday, July 28, 2018 5:32 PM update
    Saturday, July 28, 2018 5:26 PM
  • The above logs don't really give the reason for the mails getting stopped just that there flagged by the content filter rules. 

    Below is the what the 5.2.1 code equals in the lookup. 

    5.2.1 - Mailbox cannot be accessed. The mailbox may be offline, disabled, or the message has been quarantined by a rule.

    If you run a message trace is there any reasons for the mails being blocked in the recipient status. 

    Get-MessageTrackingLog -Recipients user@domain.com -Sender no-reply@domain.com |
    FL –Property Sender, Recipients, MessageSubject, RecipientStatus


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

    Saturday, July 28, 2018 6:12 PM
  • Geoff

    The command shows all the messages for the mailbox you specify

    The problem is why not receiving all emails  

    5.2.1 - Mailbox cannot be accessed. The mailbox may be offline, disabled, or the message has been quarantined by a rule.

    1. mailbox may be offline  (all mailboxes are online)

    2. disabled (I have no disabled mailboxes)

    3. or the message has been quarantined by the rule

    It is number 3 that is the issue.

    What command can I run to check quarantined?

    The next question is why they are.

    Saturday, July 28, 2018 7:29 PM
  • Geoff.

    I may not be clear on my problem here.

    Sometimes I go off on the wrong path.

    Here is example

    Server 1   no emails in 2 days

    Server  2 no AM email but PM email worked

    Server 3 AM and PM worked

    Server 4 no emails unless run manually

    Server 5 N1  no Am  PM OK

    See the pattern.

    Some servers send most emails but not all

    Some server no email yet. on those the same scripts get 5.7.1 error

    I just did a test in the script I changed

    $PSEmailserver = NODE 2 and that worked.

    Other worked pointing to Node 1

    Hope this helps us figure this out

    Saturday, July 28, 2018 11:46 PM
  • Gavin,

    Still struggling with this one it is so random.  One day I get the emails from the powershell script and then another it does not end them

    The logs shows the email going to quarantine but I can not trace the email sent from the server to my Distribution List.

    From the server it say the email was sent but I never receive it.

    None of the users in the DL get it.  So where is it going?

    Some times the servers get the 5.7.2  

    Puzzled why I am having such problems with internal email

    Thanks for any help

    Sunday, July 29, 2018 9:52 PM
  • Geoff

    The above changes made  and still emails are failing with same error as in the post.

    Also on many of the servers they send email no problem but then the next time they don't

    I run a pwershell script and the email shows being sent but is not received

    what can I do to resolve this?

    Tuesday, July 31, 2018 2:47 AM
  • Hi,

     

    The error "5.7.1 Message rejected as spam by Content Filtering" shows us that this issue caused by the content filtering, to narrow down the scope of this issue, try to use the following cmdlet to disable both of the Content Filter agent for internal and external messages:

     

    Set-ContentFilterConfig -ExternalMailEnabled $false

    Set-ContentFilterConfig -InternalMailEnabled $false

    Regards,

    Gavin Gao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, July 31, 2018 7:20 AM
  • Gavin

    I made the change tonight

    Set-ContentFilterConfig -ExternalMailEnabled $false

    Set-ContentFilterConfig -InternalMailEnabled $false     this one was already set to false

    I also made a change to the powershell script to use credential and UseSSL and specify port 25

    That worked for one server that was never sending email

    Working on modifying the scripts on all servers after I test the changes in this one.

    Will post results soon

    Wednesday, August 1, 2018 3:00 AM
  • Thanks for your reply, if there is any update, feel free to let me know.

    Regards,

    Gavin Gao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, August 1, 2018 6:47 AM
  • Gavin

    Now the internal emails are flowing all are coming in

    So now the question is why disabling the external effect the internal email?

    Will I now get flooded now with external spam?

    What are the effects of leaving them this way

    Set-ContentFilterConfig -ExternalMailEnabled $false

    Set-ContentFilterConfig -InternalMailEnabled $false    

    Thank you,

    Wednesday, August 1, 2018 4:30 PM
  • Hi Tom,

     

    For the sender and recipient you specified, it seems that they are different domains?

     

    $From = "no-reply@mysnet.com"

    $To = "systems-alert@mynet.com"

     

    This maybe the cause that we still need to set the ExternalMailEnabled to false

    Regards,

    Gavin Gao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, August 6, 2018 8:34 AM
  • Gavin

    Sorry was a mistype

    Both accounts are on the same domain

    $From = "no-reply@mynet.com"

    $To = "systems-alert@mynet.com"

    That's what happens when you do not proof read LOL

    Thanks any thoughts

    Tuesday, August 7, 2018 12:50 AM
  • Gavin

    I am now getting flooded with spam mail from the outside.

    How can we get this to work ?

    Friday, August 10, 2018 1:49 AM