Mail Flow Troubleshooter in Exchange Troubleshooting Assistant (ExTRA) - A closer look
Published Aug 07 2006 04:49 PM 42.8K Views

Have you tried the "Exchange Mail Flow Troubleshooter" in Exchange Troubleshooting Assistant v1.0 (ExTRA)? This is a new troubleshooter that you can use to troubleshoot common mail flow problems you see on Exchange servers. It is designed to identify the root cause of detected symptoms so that you can take a right course of corrective actions quickly.


For example, the mail flow troubleshooter can identify common root causes such as:

  1. Messages backing up in remote delivery queues due to bad DNS configuration or unintentional third party software settings

  2. Messages backing up in the Messages awaiting directory lookup queue due to heavy distribution group expansions or permissions inheritance blocks

  3. Messages can not be received from the Internet due to metabase corruption


For this blog post, I would like to introduce some of the features of this troubleshooter for Exchange 2000 Server and Exchange Server 2003.


When you select "Mail Flow Troubleshooter" at the Task Selection screen, you will be presented with the selections of symptoms you would like to troubleshoot.




1. Users are receiving unexpected non-delivery reports when sending messages


When you or your users receive a non-delivery report, this is the one you would like to select. The tool will further prompt you what DSN code the non-delivery report contains and provide you with guidance on what the DSN code generally means and what actions are suggested.


For example, for the DSN code 5.1.6, you will see the following message in the output report:


"The user directory attributes, such as homeMDB or msExchHomeServerName, may be missing or corrupted. Troubleshooting: Verify the integrity of the user directory attributes, and then run the Recipient Update Service again to make sure that the attributes that are required for transport are valid."


For some DSN codes, the tool checks whether the records in DNS are consistent. In this v1.0, not many troubleshooting functions for non-delivery reports have been automated but we expect that more will be in future releases.


2. Expected messages from senders are delayed or are not received by some recipients


You would like to select this when you or your users see symptoms like the following:


- Your organization is not receiving any messages from the Internet

- Some users can receive mails from the Internet but some users can not


The possible root causes of this kind of issues (or mail flow issues in general) can vary from a transient network condition to a suboptimal SMTP configuration. Thus the mail flow troubleshooter executes a wide variety of troubleshooting steps.



Troubleshooting Steps


- 'Ping' the designated gateway/bridgehead server to check general network health

- Test connectivity over port 25 and other designated SMTP ports to the designated gateway/bridgehead server

- Check SMTP service / SMTP virtual server status

- Check filtering configuration (Sender ID, IMF, Recipient, Connection, Sender)

Mail Acceptance

- Send a test mail from the designated gateway/bridgehead to the designated address

- Check for known SMTP proxies that may be blocking SMTP conversations

Message Tracking

- Scan message tracking logs beginning from the sending server to the destination server to see how far the test message has traveled (start the queue troubleshooter if a backup is detected)

Domain Routing

- Verify that local domains are correctly registered in the metabase (e.g. an error will be logged if a local domain is registered as an external domain in the metabase)


Here are a few examples of the result output for this symptom.



3. Messages destined to recipients are delayed or are not received by some recipients


This is the opposite direction of #2 in terms of the mail flow. You may want to select this when:


-      No messages are going out to the Internet

-      You can not send messages to a specific domain

-      You can not send messages to a specific external address


Here are the major steps the mail flow troubleshooter executes to troubleshoot this symptom.



Troubleshooting Steps

Message Tracking

- Locate the most recent message submitted by the specified sender to the specified recipient

- Scan message tracking logs beginning from the sending server to see how far the message traveled (start queue troubleshooting if a backup detected)

Exchange Gateway

- Check SMTP service / SMTP virtual server status

- Check SMTP connector configuration

Domain Routing

- Check address space (remote domain) settings in SMTP connector and metabase


4. Messages are backing up in one or more queues on a server


We call this the "Queue" troubleshooter. It can be launched directly from the Task selection screen as well as it may be triggered by selecting #2 and #3 above. In many cases when we troubleshoot issues like "mails are not coming from the Internet" or "mails are not going out to the Internet," we find out that messages are actually backing up in a queue on an internal Exchange server. In these cases, the mail flow troubleshooter triggers the "Queue" troubleshooter automatically.


For this first release, we mainly focused on developing the troubleshooting steps for the following SMTP queues.

-      Remote delivery

-      Messages awaiting directory lookup

-      Local delivery


That said, we have general troubleshooting steps for other queues such as "Messages pending submission" and "Messages waiting to be routed" and expect adding specific troubleshooting steps for those queues in future releases.



Troubleshooting Steps

Queue Status

- Detect any retry/frozen queues and also queues with a large number of messages

Remote Delivery

- Test whether DNS servers can be accessed from the "problem" server

- Check whether DNS returns valid records for the remote hosts

- Test connectivity to the remote hosts (ping, port 25)

- Check remote SMTP virtual server configuration/status

- Throw various SMTP commands (e.g. BDAT)

- Check metabase for event sink registrations

- SMTP Proxy existence

- Detect antivirus software blocking SMTP ports

- Link state check

Messages awaiting directory lookup

- Categorizer performance

- DL expansion checks

- Check for common destinations in messages

- Check file version for known bugs

- Check journaling configurations

- Check whether permissions inheritances are correct

- Investigate disk performance

- DC/GC availability

Local Delivery

- Check for any dismounted databases

- Check for missing SMTP system mailboxes

- Event 326/327 occurrence

- Common issues (PF hierarchy, Missing working directory, etc.)


Here are some examples of the result output for this symptom.



Thanks for your interest in the new tool. Please feel free to post comments to this blog post. Also visit newsgroup for more discussions.


- Haruya Shida

Version history
Last update:
‎Jul 01 2019 03:16 PM
Updated by: