Thursday, September 8, 2011

Distribution and mail-enabled security group members no longer receive e-mails after transitioning / upgrading from Exchange 2003 to 2010

Ran into an interesting problem last month when I noticed that members belonging to distribution and mail-enabled security group no longer receive e-mails after transitioning their Exchange server from 2003 to 2010.

Problem

You’ve noticed that users who belong to distribution groups no longer receive emails sent to those groups so you open up the Message Tracking tool in the Exchange Management Console:

image

The delivery report shows the following:

Delivery Report for Group - Help Desk ‎(HelpDesk@contoso.bm)‎
Submitted
8/25/2011 2:51 PM contMBX01.contosonet.com
The message was submitted to contcas01.contosonet.com.
Pending
8/25/2011 2:51 PM contcas01.contosonet.com
The message has been queued on server 'contcas01.contosonet.com' since 8/25/2011 2:51:25 PM (UTC-04:00) Atlantic Time (Canada). The last attempt to send the message was at 8/25/2011 3:28:12 PM (UTC-04:00) Atlantic Time (Canada) and generated the error '451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.'.

8/25/2011 3:36 PM contcas01.contosonet.com
Message delivery is taking longer than expected. There may be system delays. For more information, contact your helpdesk.

image

A quick look in the Queue Viewer shows the following details for the message that is stuck in the queue:

image

The last error reported for the message reads:

400 4.4.7 Message delayed

image

You open up the problematic distribution group’s properties, navigate to the Membership Approval tab and see that all of the radio button options are grayed out:

image

Solution

Andy Olson actually blogged about this strange behavior in one of his posts: http://blogs.pointbridge.com/Blogs/olson_andy/Pages/Post.aspx?_ID=13 and because he mentioned that some of his customers had issues if they didn’t upgrade the groups, I thought maybe the issue I was experiencing was related to these Exchange 2003 migrated groups as well.

Since the environment I was working on had quite a few distribution groups, I went ahead and used the cmdlet in PowerShell to upgrade them all at once:

[PS] C:\Windows\system32>Get-DistributionGroup -ResultSize Unlimited | Set-DistributionGroup –ForceUpGrade

image

You’ll notice that the screenshot above throws quite a few errors and warnings and the reason why is because the environment I was working on had distribution groups with alias’ that had spaces in them.

Notice in the screenshot below that the Exchange 2003 migrated distribution group on the right still referenced the old Exchange 2003 mailbox server:

image

Go ahead and remove it as shown below:

image

Once you’ve completed this for the problematic distribution groups, the members belonging to them should start receiving the queued up mail.  The following is the tracking I immediately performed after upgrading the distribution lists:

image

There is no harm to execute the cmdlet to upgrade the distribution groups again because you will be warned that no changes were made.  I recommend running it again just as a sanity check:

image

Hope this helps anyone out there who may experience this issue.

1 comment:

rao Kamesh said...

Hai,

I have a issue it is possible to send a mail to the security group "without" enable Email.It is possible ?
if it is possible please share me any information regards this issue.

thanks,

suresh