Jan 15 2022 02:41 PM - edited Jan 18 2022 09:38 AM
Hi All,
My first post here, and a bit intimidated as my Exchange skills are mediocre to OK on a good day.
I have the following problem.:
My Exchange keeps queuing all messages sent only to MS owned domains (outlook.com, hotmail, live.com), and to other domains if they are using Office365. So the FQDN will be shown as, for example, outlook-com.olc.protection.outlook.com when the actual mail domain is xyz.com.
Messages are kept in the transport queue for anywhere between and hour and 12 hours. Attachments appear to make it worse. Receiving is a bit on a slow side, but acceptable.
The problem started on Monday last week. No changes were done to the server or the network, except for the Y2K22 issue, that I resolved temporarily by disabling anti-malware scanning.
There are no issues sending email to any other domains - messages are pushed right away, and they are received on the other end equally fast.
The messages that fail are flagged with the following:
Sometimes, the same mail message may flag a different error code upon consecutive retries, so sending to Email address removed may come back with 421 4.4.2 and then with 450 4.4.318. The latter is by far more frequent.
I have since applied the Y2K22 fix from Microsoft last night, as well as the latest CU for Exchange.
The messages flow a bit better, but there are still delays of about 30 minutes based on about a dozen test messages I sent. Transmissions error out flagging one of the above listed error codes, before eventually being delivered.
What throws me off is that this happens only when mail is sent to any domain owned by Microsoft. Absolutely no issues with any other domains.
This is what the message tracking log shows (actual test run with a 7MB attachment) :
[PS] C:>Get-TransportService | Get-MessageTrackingLog -MessageSubject "test sat aft" -Recipients Email address removed
Timestamp EventId Source Sender Recipients MessageSubject
1/15/2022 4:59:39 PM HAREDIRECTFAIL SMTP Email address removed {xyz@outlook.... test sat aft
1/15/2022 4:59:39 PM RECEIVE SMTP Email address removed {xyz@outlook.... test sat aft
1/15/2022 4:59:40 PM AGENTINFO AGENT Email address removed {xyz@outlook.... test sat aft
1/15/2022 4:59:41 PM TRANSFER ROUTING Email address removed {xyz@outlook.... test sat aft
1/15/2022 5:01:49 PM DEFER SMTP Email address removed {xyz@outlook.... test sat aft
1/15/2022 4:59:39 PM RECEIVE STOREDRIVER Email address removed {xyz@outlook.... test sat aft
1/15/2022 4:59:39 PM SUBMIT STOREDRIVER Email address removed {xyz@outlook.... test sat aft
I ran the test a few minutes ago. Surprisingly, it was out of the queue, and delivered, in under 10 minutes, but only after 2 retries and erroring out with 450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError).
As for the basics:
The server is a standalone on premises and well resourced on the hardware end. The backpressure is shown as "low" on all counts, and the WAN connection is a pure fiber 100/100. The number of mailboxes is 60 and the traffic today is between nothing happening and low. There is a Barracuda spam protection box between the Exchange and WAN, bit it's been there for the last 10+ years. Not on any blocklist sites, and the IP reputation score is 100%.
Until just about a week ago, the server has been running flawlessly since August 2021 after I moved to 2019 from 2010. Never had this problem before on EX2003 or EX2010, even when I still ran the EV2003 on DSL.
UPDATE: I got a reply to this issue from someone on reddit. Reporting the same problem for multiple clients of his. For some weird reason, my emails are now going through, which makes absolutely no sense as I made no changes to the system since I did a battery of test over the weekend. Tested with messages to hotmail and outlook.com with and without attachments.
UPDATE 2: Emails continue flowing yesterday and without any issues. I'm happy, but this makes absolutely no sense.
Any thoughts?