none
03I: 04I: 00A: In the message-info field of message tracking logs. what do they mean? RRS feed

  • Question

  •  

    HI,

            In the MS exchange 2007 msg tracking logs, under the message-info field iam getting the following values:

     

    03I:

    04I:

    00A:

    etc.

     

    what do these values represent?

    Wednesday, July 30, 2008 6:28 AM

All replies

  • keeping it up the thread..

     

    Wednesday, July 30, 2008 12:38 PM
  •  

     

     

    Hi,

     

    Here is a brief introduction about message-info field of message tracking log:

     

    This field contains the message origination date-time for DELIVER and SEND events. The origination date-time is the time that the message first enters the Exchange organization. The value is formatted as yyyy-mm-ddThh:mmTongue Tieds.fffZ, where yyyy = year, mm = month, dd = day, hh = hour, mm = minute, ss = second, fff = fractions of a second, and Z signifies Zulu, which is another way to denote UTC.

     

    When the event type is “receive”, the message-info field will display the values you mentioned.

     

    For more information:

     

    Managing Message Tracking

    http://technet.microsoft.com/en-us/library/bb124375(EXCHG.80).aspx

     

    Hope this helps. Thanks,

     

    Elvis

     

     

    Thursday, July 31, 2008 9:59 AM
  • Hi,

         Thanks a lot for that input but wat exactly do these values represent? Also, can you provide me with some sample message tracking logs if you have them? It'l be very helpful to me, specialy the one's with FAIL and SSEND events in them.

     

    Yuvika

    Thursday, July 31, 2008 10:54 AM
  • I'm having the same issue, I have one user that cannot send to one other use in my exchange 2007 environment. The only thing I can find is a 03I: in the message info field on these emails.
    Thursday, August 14, 2008 12:51 PM
  •  

    Has there been a find to this issue yet? I have created a Dynamic Distribution Group for all employees and set it where just a couple of people can send to it. Upon them sending the message, there is no NDR, the message doesnt get delivered and when I do a message tracking on it the message info is "04l:". Now if anyone has an idea as to what this means, I am sure that there are a few people that would really like to know what these Codes mean!
    Thursday, August 21, 2008 2:27 PM
  • keeping this query up in the thread....can anybody help us out regarding this?
    Monday, January 5, 2009 5:57 AM
  • Elvis Wei -MSFT said:

    When the event type is “receive”, the message-info field will display the values you mentioned.



    And our question is - what do the values mean? Are they just placed in the log to fill up space or act as a placeholder for some reason? Or do they actually relate to some aspect of the RECEIVE event?

    For more information:

     

    Managing Message Tracking

    http://technet.microsoft.com/en-us/library/bb124375(EXCHG.80).aspx

     

    Hope this helps. Thanks,

     

    Elvis

     

     


    Thanks for the link, but it does not really answer the question.
    Wednesday, February 18, 2009 4:12 PM
  • WTF is up with the above. It's a simple questions.

    exchange 2007 message-info 00a:

    The correct information in this field should be a date not an error code, what does the error code stand for.

    I'm worried it's the IMF blocked the email.

    Someone from MS get it together. There's alot of questions about this in the real world.
    Vote for Freedom - Vote to Protect our Country
    Tuesday, August 4, 2009 6:25 PM
  • I do beleive that 00a: error code instead of a time stamped date is a IMF blocked/refused email.

    In my case it was the IMF word filter had blocked a listed word.
    Vote for Freedom - Vote to Protect our Country
    Thursday, September 10, 2009 6:20 PM
  • Just to add to this thread, have just seen the 00A: message-info on some messages I was troubleshooting. In my case the issue turned out to be that the connection between CAS and Mailstore was down, and therefore the messages couldn't be delivered and were sat in the mail queue.
    Wednesday, September 14, 2011 11:55 AM
  • On Wed, 14 Sep 2011 11:55:31 +0000, Keith Langmead wrote:
     
    >Just to add to this thread, have just seen the 00A: error on some messages I was troubleshooting.
     
    That's not an error, it's just the authentication type. In this case,
    it's "None" and it was an anonymous connection.
     
    >In my case the issue turned out to be that the connection between CAS and Mailstore was down, and therefore the messages couldn't be delivered and were sat in the mail queue.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Wednesday, September 14, 2011 6:04 PM
  • On Wed, 14 Sep 2011 11:55:31 +0000, Keith Langmead wrote:
     
    That's not an error, it's just the authentication type. In this case,
    it's "None" and it was an anonymous connection.

    Fair enough about "error", updated accordingly. However, can you clarify what you mean about it being an anonymous connection, since most messages coming into that server are anonymous anyway? http://technet.microsoft.com/en-us/library/bb124375%28EXCHG.80%29.aspx states that the meaning of message-info is :

    "This field contains the message origination date-time for DELIVER and SEND events. The origination date-time is the time that the message first enters the Exchange organization. The value is formatted as yyyy-mm-ddThh:mm:ss.fffZ, where yyyy = year, mm = month, dd = day, hh = hour, mm = minute, ss = second, fff = fractions of a second, and Z signifies Zulu, which is another way to denote UTC."

    Other entries in the log come up with a date time entry, so I'm unsure how the 00A: status connects with that and your assertion that it relates to an anonymous connection.

    There does seem to be a lot of confusion on this topic not only here but elsewhere on the net, so if you know the details of what this is and how it all fits together it would be great to get to the bottom of it.

     

    Wednesday, September 14, 2011 6:31 PM
  • On Wed, 14 Sep 2011 18:31:34 +0000, Keith Langmead wrote:
     
    >On Wed, 14 Sep 2011 11:55:31 +0000, Keith Langmead wrote: That's not an error, it's just the authentication type. In this case, it's "None" and it was an anonymous connection.
    >
    >Fair enough about "error", updated accordingly. However, can you clarify what you mean about it being an anonymous connection, since most messages coming into that server are anonymous anyway? http://technet.microsoft.com/en-us/library/bb124375%28EXCHG.80%29.aspx states that the meaning of message-info is :
    >
    >"This field contains the message origination date-time for DELIVER and SEND events. The origination date-time is the time that the message first enters the Exchange organization. The value is formatted as yyyy-mm-ddThh:mm:ss.fffZ, where yyyy = year, mm = month, dd = day, hh = hour, mm = minute, ss = second, fff = fractions of a second, and Z signifies Zulu, which is another way to denote UTC."
    >
    >Other entries in the log come up with a date time entry, so I'm unsure how the 00A: status connects with that and your assertion that it relates to an anonymous connection.
     
    Well, it's not _my_ assertation, it's Microsoft's. Unfortunately, the
    source of that information (at least what I have) is under NDA so I
    can't tell you what all the values are. What I can tell you is that
    they aren't error codes, just the type of authentication. If the
    message came from a SMTP client it's most likely an anonymous
    connection ("00A:")
     
    >There does seem to be a lot of confusion on this topic not only here but elsewhere on the net, so if you know the details of what this is and how it all fits together it would be great to get to the bottom of it.
     
    To bottom of what? What those codes mean? I'm sorry, but you'll have
    to ask Microsoft. They're serious about NDAs.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Wednesday, September 14, 2011 9:32 PM
  • Just wanted to keep this thread alive. There are many of us out here that look at the logs and need information on what happened to the e-mail.

    My manager asked me what hapened with an incomming e-mail I told him OOA: NTS:. He wasn't satisified.

    Someone has to have a legend for these obscure responses...

     

    Thanks,

    Robert 

    Wednesday, December 14, 2011 5:12 PM
  • From http://www.mail-archive.com/exchangelist@lyris.sunbelt-software.com/msg45705.html

    03I:Mapi submit w/o rpc encryption
    04I:Mapi submit with rpc encryption (outlook 2k7)
    00A: No auth

    Essentially on recieve events the message-info field maps to the auth type that
    was used to submit the message.
    For Deliver and Send events it shows the origination date.


    Seems to be that you get these on the RECEIVE EventID and then a time stamp on the DELIVER EventID...
    • Edited by SinkingDuck Friday, February 10, 2012 1:37 PM
    • Proposed as answer by Nicolas Riegel Wednesday, April 18, 2012 12:30 PM
    Friday, February 10, 2012 1:34 PM
  • more:

    CAT: Categorizer (A core hub transport component)

    QD: time spent in a delivery queue

    SDDAD: Store Driver Delivery time spent querying AD

    SDDR: Store Driver Delivery time spent performing RPCs to Store




    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    Thursday, April 23, 2015 5:48 PM