Thursday, September 8, 2011

Distribution and mail-enabled security group members no longer receive e-mails after transitioning / upgrading from Exchange 2003 to 2010

Ran into an interesting problem last month when I noticed that members belonging to distribution and mail-enabled security group no longer receive e-mails after transitioning their Exchange server from 2003 to 2010.


You’ve noticed that users who belong to distribution groups no longer receive emails sent to those groups so you open up the Message Tracking tool in the Exchange Management Console:


The delivery report shows the following:

Delivery Report for Group - Help Desk ‎(‎
8/25/2011 2:51 PM
The message was submitted to
8/25/2011 2:51 PM
The message has been queued on server '' since 8/25/2011 2:51:25 PM (UTC-04:00) Atlantic Time (Canada). The last attempt to send the message was at 8/25/2011 3:28:12 PM (UTC-04:00) Atlantic Time (Canada) and generated the error '451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.'.

8/25/2011 3:36 PM
Message delivery is taking longer than expected. There may be system delays. For more information, contact your helpdesk.


A quick look in the Queue Viewer shows the following details for the message that is stuck in the queue:


The last error reported for the message reads:

400 4.4.7 Message delayed


You open up the problematic distribution group’s properties, navigate to the Membership Approval tab and see that all of the radio button options are grayed out:



Andy Olson actually blogged about this strange behavior in one of his posts: and because he mentioned that some of his customers had issues if they didn’t upgrade the groups, I thought maybe the issue I was experiencing was related to these Exchange 2003 migrated groups as well.

Since the environment I was working on had quite a few distribution groups, I went ahead and used the cmdlet in PowerShell to upgrade them all at once:

[PS] C:\Windows\system32>Get-DistributionGroup -ResultSize Unlimited | Set-DistributionGroup –ForceUpGrade


You’ll notice that the screenshot above throws quite a few errors and warnings and the reason why is because the environment I was working on had distribution groups with alias’ that had spaces in them.

Notice in the screenshot below that the Exchange 2003 migrated distribution group on the right still referenced the old Exchange 2003 mailbox server:


Go ahead and remove it as shown below:


Once you’ve completed this for the problematic distribution groups, the members belonging to them should start receiving the queued up mail.  The following is the tracking I immediately performed after upgrading the distribution lists:


There is no harm to execute the cmdlet to upgrade the distribution groups again because you will be warned that no changes were made.  I recommend running it again just as a sanity check:


Hope this helps anyone out there who may experience this issue.

1 comment:

Unknown said...


I have a issue it is possible to send a mail to the security group "without" enable Email.It is possible ?
if it is possible please share me any information regards this issue.