Only seeing first receive event when doing message tracking against a public folder that was migrated to O365 from Legacy Exchange


In Exchange 2010 and older (legacy exchange), when you migrate a public folder to O365, it makes a change that causes message tracking to only show the initial receive event when running message tracking against the legacy namespace.

Scenario

A Public Folder with a Primary SMTP email address of PF1@contoso.com gets migrated to O365. You are testing mail flow from an application that sends through your On-Premises environment. When you kick off message tracking and list PF1@contoso.com as the recipient, the logs will return the first receive event, but you do not see any sends or any other events.

Why is this happening?

First of all, when you send a message to a migrated public folder from on-premise Exchange, the first thing it does when received by the Exchange server is to kick off a process called the PFResolver. This process locates the O365 address, something like PF1@contoso.mail.onmicrosoft.com, and then reroutes the message to that address, stamping it as the recipient. It then adds an ORCPT attribute to the RCPT TO: entry and populates that with the legacy address. So in the protocol logs it would look as such:

2016-08-07T23:59:55.790Z,Outbound to Office 365,08D14E32D1DC272C,42,10.0.0.1:57888,207.46.163.138:25,>RCPT TO:<PF1@contoso.mail.onmicrosoft.com> ORCPT=rfc822;PF1@contoso.com

Message tracking only uses the RCPT TO: address. It does not look for the ORCPT address. So when you search on the Legacy address, the only message that has that is the initially sent message when it is first received by Exchange before the PFResolver is run.

So what do I do to see the whole message trace?

In a nutshell, you have to run two separate message traces. First, one with the Legacy email address, and second, on with the O365 address.

I.E.:

Get-MessageTrackingLog -Recipients "PF1@contoso.com"

Get-MessageTrackingLog -Recipients "PF1@contoso.mail.onmicrosoft.com"

This will give you the initial receive and then all other events where the message had been resolved to the O365 address.

Comments (1)

Skip to main content