Exchange 2010 mailflow troubleshooting guide

I recently had a couple of cases where E-Mails were not being processed from the queues anymore causing mailflow issues and new e-mails were building up in the submission queue.

As a result of those cases I have created a guide for troubleshooting such issues and have documented the main steps:

 

  • First of all we check the queue, open it and check the last error in the messages.
  • If this is empty then it means that something is preventing messages from being delivered (either a stopped service, or a transport agent)
  • The first thing we should do is to increase the logging level for msexchangetransport in the EMS with the help of the command: Get-EventLogLevel MsExchangeTransport |Set-EventLoglevel -Level High.

HOWTO increase the Logging Levels in Exchange 2003,2007 and 2010

https://blogs.technet.com/b/ferris/archive/2010/05/03/howto-increase-the-logging-levels-in-exchange-2003-2007-and-2010.aspx   

  •  restart the transport service. Check if the issue still persists or if the e-mails are being delivered.
  • Should the issue persists you can start excluding different transport agent. Run get-transportagent to see what agents you have installed and afterwards start deactivating them one by one*

*by default we have the following transport agents running on the exchange Transport Server in Exchange 2007 and Exchange 2010

 

 

  • With disable-transportagent we disable each agent. After disabling them we need to restart the transport Service.

        

          Should this not help, we can also deactivate the antivirus software running on the HUB Servers.

  • In some conditions, it is also necessary to uninstall many of the Antivirus Programs, because for example they are installing a Kernel-Mode Driver in the system.
  • If the results are again negative we can create a new queue. For this we stop the transport service and move the queue folder completely from the default location to another location

  • When we restart the transport service another queue will be created and normally the mailflow should be restored.
  • What to do with the old queue if it contains to many mails/ in order to prevent data loss we can run eseutil/ mh against the old queue. If the queue is in clean shutdown we can procede with eseutil /d and eseuti /r against the queue file
  • We can then stop the transport service again, move the queue back to the original location, rename the new queue folder in queue new and restart the transport service -> the mails should start being processed and delivered
  • Worst case scenario the e-mails are not delivered. They remain in the queue. This means the old queue is beyond repair. In such a situation we can try to export as many messages as possible from the old queue and replay them in the new queue.

For this we should implement the following procedure:

Go to the queue in the Exchange Management Console and right click the queue and select suspend

 

 

  • We need to suspend the messages from the queue also> we run get-message –filter {FromAddress –like “*@contoso.com”} | Suspend-Message

  • We then have to run the command Get-Message –Queue “Server\Queue name” | Export-Message –Path “c:\contoso” to export the suspended Messages

  

  • After the messages are exported then we need again to stop the transport service, move the queue from where we have exported the messages to another location, rename the folder queue_new to queue and restart the transport service.
  • After the transport service is up and running we can copy the exported messages to the Replay folder under

 

Messages will now be delivered.

Hope the information provided was helpful for you and clarifies the process of mailflow troubleshooting.

 

If you have any questions, please send me an Email to ccorp@microsoft.com