Announcement

Collapse
No announcement yet.

Restarting Domain Controllers causing NDR's from Exchange servers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restarting Domain Controllers causing NDR's from Exchange servers

    When I restart any of Domain controllers in my site, Exchange server is generating NDR's with "smtp;550 5.7.1". AFAIK, exchange 2003 should be intelligent enough to wait for a failed DC for sometime and switch over to another DC. But it is not happening in my case, when ever I reboot one DC, exchange is throwing NDR's for mails which came for processing at that time. And after few mins it is not generating NDR's for further mails. All the DCs in my site are GCs.

    Any one have idea why it is happening this way?

  • #2
    Re: Restarting Domain Controllers causing NDR's from Exchange servers

    oh ! 22g

    Can you upload a pic of your adtopology and exchange topology

    and paste the complete ndr that you receive along with descriptions.

    and are you getting ndr for messages that your sending or you are receiving ndr for messages that you never sent.
    Thanks & Regards
    v-2nas

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect
    Blog: http://www.exchadtech.blogspot.com

    Show your appreciation for my help by giving reputation points

    Comment


    • #3
      Re: Restarting Domain Controllers causing NDR's from Exchange servers

      Exchange doesn't fail over to another DC for about 30 minutes. However I reboot DCs all the time with Exchange running and it doesn't throw NDRs.

      Have you got the timeouts changed on the SMTP virtual server or anything like that?
      Do you have multiple DNS servers and they are set correctly?

      Have you run the Exchange best practises tool to see if that flags anything?

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: Restarting Domain Controllers causing NDR's from Exchange servers

        >Have you got the timeouts changed on the SMTP virtual server or anything like
        >that?

        No changes were made to SMTP configuration. One more thing is that, we introduced another exchange server recently and that is also behaving the same way. I would like to make one more note here. NDR's are not getting generated for internal mails(means..for internal to exchange). NDR's are getting generated only for external incoming mails. I have few applications those are configured to send mails to exchange servers. These mails are getting bounced. Internal mailflow is not having a problem.

        >Do you have multiple DNS servers and they are set correctly?
        Yes, Multiple DNS servers are configured and everything is perfect.

        >Have you run the Exchange best practises tool to see if that flags anything?
        EXBPA reported nothing related to this.

        Thanks,
        Sitaram

        Comment


        • #5
          Re: Restarting Domain Controllers causing NDR's from Exchange servers

          Something has been changed, as even if the domain controller isn't available, the messages should still queue.
          What is the full text of the NDR?
          Do you have any third party tools that could be using the domain - recipient validation for example?

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Restarting Domain Controllers causing NDR's from Exchange servers

            Simon, I need to restart the domain controller to get the full NDR message for you I don't have it handy.

            Do you think of any caching at DSACCESS which attempts to contact unavailable DC and refreshes it's cache after certain interval or on some condition?

            Any other data points will be appreciated.

            Comment


            • #7
              Re: Restarting Domain Controllers causing NDR's from Exchange servers

              As others have stated, something has been changed.
              This simply isnt the way exchange works.

              Worse case your messages should queue not create an NDR, typically for at least 3 days.

              To keep things simple, just delete the existing SMTP virtual server (or take offline and create a second). Once removed, recreate and keep settings as default.

              Comment


              • #8
                Re: Restarting Domain Controllers causing NDR's from Exchange servers

                I am planning to restart the DC over this weekend to reproduce the issue and to collect some data points which can help to identify the cause.

                I am planning to enable exchange debug logging for MSExchangeDSaccess which may give some reason for NDR's. Please let me know if you people suggest for enabling any other logging or any thing which can I help me to collect the data.

                Also, please let me know if you want me to test any things before/after reboot.

                Thanks,

                Comment


                • #9
                  Re: Restarting Domain Controllers causing NDR's from Exchange servers

                  Any comments from experts on my previous post?

                  Comment


                  • #10
                    Re: Restarting Domain Controllers causing NDR's from Exchange servers

                    I think if anyone wanted to make a comment they would have done.

                    Simon.
                    --
                    Simon Butler
                    Exchange MVP

                    Blog: http://blog.sembee.co.uk/
                    More Exchange Content: http://exchange.sembee.info/
                    Exchange Resources List: http://exbpa.com/
                    In the UK? Hire me: http://www.sembee.co.uk/

                    Sembee is a registered trademark, used here with permission.

                    Comment


                    • #11
                      Re: Restarting Domain Controllers causing NDR's from Exchange servers

                      I think we are waiting for the information you were going to provide. The NDR will probably be key here.
                      cheers
                      Andy

                      Please read this before you post:


                      Quis custodiet ipsos custodes?

                      Comment


                      • #12
                        Re: Restarting Domain Controllers causing NDR's from Exchange servers

                        I collected NDR details during my last DC reboot. Appending the same here.

                        Your message did not reach some or all of the intended recipients.

                        Subject: <<Subject line>>
                        Sent: 2/7/3610 7:29 PM

                        The following recipient(s) could not be reached:

                        <<User Display Name>> on 2/7/2009 7:30 PM
                        You do not have permission to send to this recipient. For assistance, contact your system administrator.
                        <<<Exchange Server>>#5.7.1 smtp;550 5.7.1 Unable to relay for <<UsermailID>>>


                        I got below sequence of events on exchange servers which generated NDRs due to DC reboot.

                        Event Type: Information
                        Event Source: MSExchangeDSAccess
                        Event Category: Topology
                        Event ID: 2070
                        Date: 2/7/2009
                        Time: 7:29:37 PM
                        User: N/A
                        Computer: EXCHSRVR1
                        Description:
                        Process INETINFO.EXE (PID=1492). DSAccess lost contact with domain controller DC1.MYDOMAIN.COM. Error was 80040934 (). DSAccess will attempt to reconnect with this domain controller when it is reachable.

                        For more information, click http://www.microsoft.com/contentredirect.asp.


                        Event Type: Information
                        Event Source: MSExchangeDSAccess
                        Event Category: Topology
                        Event ID: 2070
                        Date: 2/7/2009
                        Time: 7:29:38 PM
                        User: N/A
                        Computer: EXCHSRVR1
                        Description:
                        Process WMIPRVSE.EXE -EMBEDDING (PID=2464). DSAccess lost contact with domain controller DC1.MYDOMAIN.COM. Error was 80040934 (). DSAccess will attempt to reconnect with this domain controller when it is reachable.

                        For more information, click http://www.microsoft.com/contentredirect.asp.


                        Event Type: Information
                        Event Source: MSExchangeDSAccess
                        Event Category: Topology
                        Event ID: 2070
                        Date: 2/7/2009
                        Time: 7:29:38 PM
                        User: N/A
                        Computer: EXCHSRVR1
                        Description:
                        Process EMSMTA.EXE (PID=3564). DSAccess lost contact with domain controller DC1.MYDOMAIN.COM. Error was 80040934 (). DSAccess will attempt to reconnect with this domain controller when it is reachable.

                        For more information, click http://www.microsoft.com/contentredirect.asp.

                        Event Type: Information
                        Event Source: MSExchangeDSAccess
                        Event Category: Topology
                        Event ID: 2070
                        Date: 2/7/2009
                        Time: 7:29:42 PM
                        User: N/A
                        Computer: EXCHSRVR1
                        Description:
                        Process STORE.EXE (PID=352. DSAccess lost contact with domain controller DC1.MYDOMAIN.COM. Error was 80040934 (). DSAccess will attempt to reconnect with this domain controller when it is reachable.

                        For more information, click http://www.microsoft.com/contentredirect.asp.

                        Event Type: Information
                        Event Source: MSExchangeDSAccess
                        Event Category: Topology
                        Event ID: 2080
                        Date: 2/7/2009
                        Time: 7:32:21 PM
                        User: N/A
                        Computer: EXCHSRVR1
                        Description:
                        Process WMIPRVSE.EXE -EMBEDDING (PID=2464). DSAccess has discovered the following servers with the following characteristics:
                        (Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
                        In-site:
                        DC2.MYDOMAIN.COM CDG 7 7 1 0 1 1 7 1
                        DC1.MYDOMAIN.COM CDG 6 0 1 0 1 1 0 1
                        Out-of-site:
                        dc4.MYDOMAIN.COM CD- 6 6 0 0 1 1 6 1
                        dc6.MYDOMAIN.COM CDG 7 7 1 0 1 1 7 1
                        dc5.MYDOMAIN.COM CDG 7 7 1 0 1 1 7 1


                        For more information, click http://www.microsoft.com/contentredirect.asp.

                        Comment


                        • #13
                          Re: Restarting Domain Controllers causing NDR's from Exchange servers

                          I am also doing to see if I can get any info on internet with these errors.

                          NDR code 5.7.1 indicates below causes but none of them are true in my case.

                          <<Snip from http://support.microsoft.com/kb/284204>>

                          Possible Causes:
                          • General access denied, sender access denied - the sender of the message does not have the privileges required to complete delivery.
                          • You are trying to relay your mail through another SMTP server and it does not permit you to relay.
                          • The recipient might have mailbox delivery restrictions enabled. For example, a recipient's mailbox delivery restriction was set to receive from a Distribution List only and non-members' email will be rejected with this error.
                          • For Exchange Server 2003, a distribution list can be configured to restrict mail delivery from unauthenticated users. Mail that is sent by using an unauthenticated SMTP session are rejected.

                          Troubleshooting: Check system privileges and attributes for the contact and retry the message. Also, make sure you are running Exchange 2000 Service Pack 1 or later for other potential known issues.

                          <</snip>>

                          Thanks,

                          Comment


                          • #14
                            Re: Restarting Domain Controllers causing NDR's from Exchange servers

                            Sorry to join so late and i just skimmed over your dialouge but i ran into this a while beck and there is a patch for this problem. I will see if i can relocate it. It has to do with greylisting if i remember correctly.

                            Comment


                            • #15
                              Re: Restarting Domain Controllers causing NDR's from Exchange servers

                              Ahhh! here it is only took an hour to find - anyway check this out and see if this helps. It is a known bug in SP2 - install at your own risk.
                              http://support.microsoft.com/kb/950757/en-us

                              Comment

                              Working...
                              X