Understanding DSNs and NDRs

Common Enhanced Status Codes

  • 4.3.1 – Insufficient system resources
  • 4.3.2 – System not accepting network messages
  • 4.4.1 – Connection timed out
  • 4.4.2 – Connection dropped
  • 4.4.7 – Message expired
  • 5.0.0 – HELO / EHLO requires domain address
  • 5.1.0 – Sender denied
  • 5.1.1 – Bad destination mailbox address
  • 5.1.2 – Invalid X.400 address
  • 5.1.3 – Invalid recipient address
  • 5.1.4 – Destination mailbox address ambiguous
  • 5.1.7 – Invalid address
  • 5.2.1 – Mailbox cannot be accessed
  • 5.2.2 – Mailbox full
  • 5.2.3 – Message too large
  • 5.2.4 – Mailing list expansion problem
  • 5.3.3 – Unrecognized command
  • 5.3.4 – Message too big for system
  • 5.3.5 – System incorrectly configured
  • 5.4.4 – Invalid arguments
  • 5.4.6 – Routing loop detected
  • 5.5.2 – Send hello first
  • 5.5.3 – Too many recipients
  • 5.5.4 – Invalid domain name
  • 5.5.6 – Invalid message content
  • 5.7.1 – Delivery not authorized
  • 5.7.1 – Unable to relay
  • 5.7.1 – Client was not authenticated
  • 5.7.3 – Not Authorized

More about understanding DSNs and NDRs

Enhanced Status Codes for Delivery
Request for Comments (RFC) 1893 provides an enhanced set of status codes for Delivery Status Notification (DSN) messages. This is an extension of the coding defined in RFC 821. The error codes in RFC 821 are designed to deal with messaging, and are not as useful for DSN messages. The code specified in the “More Information” section provides a more specific, flexible system of coding for DSN messages (non-delivery reports, read and delivery receipts, and so on). The Enhanced Status Codes provide a standard mechanism for reporting mail system errors, and provide more meaningful information than the standard error codes defined in the SMTP RFC (821).

2.X.X Success
4.X.X Persistent Transient Failure
5.X.X Permanent Failure

X.1.0 Other address status
X.1.1 Bad destination mailbox address
X.1.2 Bad destination system address
X.1.3 Bad destination mailbox address syntax
X.1.4 Destination mailbox address ambiguous
X.1.5 Destination mailbox address valid
X.1.6 Mailbox has moved
X.1.7 Bad sender’s mailbox address syntax
X.1.8 Bad sender’s system address

X.2.0 Other or undefined mailbox status
X.2.1 Mailbox disabled, not accepting messages
X.2.2 Mailbox full
X.2.3 Message length exceeds administrative limit
X.2.4 Mailing list expansion problem

X.3.0 Other or undefined mail system status
X.3.1 Mail system full
X.3.2 System not accepting network messages
X.3.3 System not capable of selected features
X.3.4 Message too big for system

X.4.0 Other or undefined network or routing status
X.4.1 No answer from host
X.4.2 Bad connection
X.4.3 Routing server failure
X.4.4 Unable to route
X.4.5 Network congestion
X.4.6 Routing loop detected
X.4.7 Delivery time expired

X.5.0 Other or undefined protocol status
X.5.1 Invalid command
X.5.2 Syntax error
X.5.3 Too many recipients
X.5.4 Invalid command arguments
X.5.5 Wrong protocol version

X.6.0 Other or undefined media error
X.6.1 Media not supported
X.6.2 Conversion required and prohibited
X.6.3 Conversion required but not supported
X.6.4 Conversion with loss performed
X.6.5 Conversion failed

X.7.0 Other or undefined security status
X.7.1 Delivery not authorized, message refused
X.7.2 Mailing list expansion prohibited
X.7.3 Security conversion required but not possible
X.7.4 Security features not supported
X.7.5 Cryptographic failure
X.7.6 Cryptographic algorithm not supported
X.7.7 Message integrity failure

More about enhanced Status Codes for Delivery – RFC 1893

Exchnage 2010 – OAB reported error (0x801901B8)

I noticed OAB related issue after migration from Ex2007 to EX2010 in one AD site. Migrated users were not able to download Offline Address Book. Downloading process failed with error:

Task ‘test@ficility.net’ reported error (0x801901B8) : ‘The operation failed.’

Exchange related cmdlets:







Outlook check (check from end-user point of view):

When I tried to open OAB xml (https://mail.ficility.net/OAB/f050e98b-46d4-46d5-a094-3d7b4f001b8f/oab.xml) in web browser by test account, the owa was opened instead of xml file. Due to this reason IIS configuration needed to be checked.

Problem was caused by enabled http redirect on the OAB virtual directory in IIS configuration.

Related article: Troubleshooting Offline Address Book Issues in Exchange 2010

Solution: To solve this problem simply clear the http redirect on CAS servers + iisreset /noforce (Use the /noforce parameter to help prevent data loss in case the IIS services cannot be stopped within the one minute time-out period. If you are certain that it is safe to force IIS to restart, you can omit the /noforce parameter. However, be aware that you could lose data if you do not include this parameter.).

Other useful links:

Exchange 2010 – Get-ExchangeDatabaseInfo

The fuction Get-ExchangeDatabaseInfo has been created due to missing cmdlet like MailboxDatabaseStatistics that could be useful for report or statisticspurpose. The fuction is aimed to get more database information from disk/statistic point of view. If you are interested just copy/import the function to PS session and create (use help Get-ExchangeDatabaseInfo) a report for your organization.

– Report purpose ONLY (only “get” cmdlets).
– It supports only MS Exchange 2010 environment (AdminDisplayVersion 14*) and its Exchange Management Shell runspace.
– Processing time depends on Exchnage organization size (could spend couple of minutes). Procesing time is INCREASED by using parametr “Properties”.

Example – How to use the function:

Get-MailboxDatabaseInfo -LocalHost -Properties

Get-MailboxDatabaseInfo -AllMailboxServers -Properties | Export-Csv -path C:\DbReport.csv

$a = Get-MailboxDatabaseInfo -LocalHost -MailboxServer ExTest01 
$a | ft reportedserver,dbname,*free* -autosize
$a | ft reportedserver,log* -autosize

Example – Output for an one database:

Example – Tips for output:

More datails soon… sorry

Download: Get-ExchangeDatabaseInfo.ps1

Please use right-click and “Save as” for downloading ps1 file otherwise the link shows source code in the same window.

Exchange 2013 configuration part 1. – DAG

DAG description

  • DAG is a forming block for site resilience and data loss prevention as it was in Exchange 2010
  • DAG can consist of 16 nodes forming a group, which protects data from DB, Server and site failures
  • Data protection is on database level (Multiple copies of the same database, where only one copy is active at the same time)
  • Database copy activation is maintained by “Active Manager” which runs on every Exchange server within DAG
  • Active Manager is a part of MS Exchange Replication service (MSExchangeRepl.exe)
  • Active Manager is repsonsible for switchover (moving active copy to another node hosting passive copy of DB) and failover (automatic move of all active DBs to another nodes in case of server failure)

How to manage DAG in Exchange 2013

We can use 2 ways of DAG management in Exchange 2013. Powershell and Exchange Administration Center (Exchange Management Console is not present anymore in Exchange 2013

DAG prerequisites

DAG is simple to be configured, however there are several things to consider before actual configuration:

  • Static IP addresses (If we are going to use static IP addresses, we should register DNS A record prior DAG configuration
  • File Share Witness location – FSW can be automatically configured (usually will be placed on HUB server if it doesnt have Mailbox role on it) or you can configure FSW on other domain server specified by you. FSW can be either placed on DC, which is not supported but possible configuration and it will be also my case, because on my LAB I have only 2xDC, 2x Exchange 2013 multirole server and 1x Exchange 2010 multirole server.
  • At least one replication network should be reserverd and it is recommended to have separate backup segment for mailbox database and system backup (in my case I will only have separate replication network and nodedicated backup network)

Creating DAG

  • DNS A record has been created witg E13DAG and pointing to DAG IP address
  • Replication network has been added to virtual machines and basic configuration was made (no default GW is needed)
  • Networks priority has been changed to order Production -> Replication -> Backup (if applicable) Open the Network and Sharing center ->Change adapter settings ->  Hold Alt key  and select advanced settings:

  • Witness Directory has been created on DC1 and DC2 servers c:FSWEX13DAG
  • DAG has been created by issuing the following command
New-DatabaseAvailabilityGroup -Name E13DAG -WitnessServer DC1 -WitnessDirectory C:FSWE13DAG1 -DatabaseAvailabilityGroupIPAddress
  • Adding nodes to DAG (this task will automatically install Failover clistering to Windows server hodting mailbox role for DAG. Failover Clustering is essential component for creating Active Manager and “Quorum” for DAG)
Add-DatabaseAvailabilityGroupServer -Identity E13DAG -MailboxServer FrontEnd1
  • After second node is added, go to your witness server and check if data has been written to WitnessDirectory. If yes, your FSW is configured correctly. If you have ODD (1,3,5,7..) number of nodes in the DAG, FSW will not be used (will stay empty or with the directory with the last timestapm, when DAG had EVEN number of nodes).

DAG Network configuration

DAG is set to automatic network configuration as default option. This means that we are not able to change any network settings for the DAG. To set DAG to manual mode we will use the following command:

Set-DatabaseAvailabilityGroup E13DAG -ManualDAGNetworkConfiguration $true

After DAG Network configuration is set to manual mode, we can create new DAG networks, assign subnets to them and then remove automatically configured networks from DAG assignment. We can specify which network to use efor clients and which for replication or keep it as default (both enabled for clients and replication)

  • Adding production (client or “MAPI” network with disabled replication)
New-DatabaseAvailabilityGroupNetwork E13DAG -Name Production
Set-DatabaseAvailabilityGroupNetwork E13DAGProd -Name Production -Description Production -ReplicationEnabled $false -Subnets
  • Adding replication network with disabled client access
New-DatabaseAvailabilityGroupNetwork E13DAG -Name Replication

Set-DatabaseAvailabilityGroupNetwork E13DAGRepl -Name Replication -Description Replication -ReplicationEnabled $true -Subnets
  • checking network configuration
Get-DatabaseAvailabilityGroupNetwork E13DAG* | fl

DAC mode setting, alternate FSW

This also stays the same as it was in Exchange 2010.  To activate DAC mode DAG must have more than 2 nodes! Note: The directories on WitnessServer and AlternateWitnessServer must be the same (Path, name, share)

Get-DatabaseAvailabilityGroup E13DAG | Set-DatabaseAvailabilityGroup -DatacenterActivationMode DAGOnly -AlternateWitnessDirectory c:FSWE13DAG -AlternateWitnessServer DC2

Gathering Active Manager status

Gathering Active Manager status works as same way as in Exchange 2010: Article is https://exkb.wordpress.com/2012/09/02/exchange-2010-dag-active-manager-determinemove/

Gathering DAG status

This is regular command but it is very important. There are a list of active nodes, nodes under maintenance etc. To gather this info we need to use parameter -Status.

Get-DatabaseAvailabilityGroup E13DAG -Status | fl

In next article I will describe Store differences btween Exchange 2010 and Exchange 2013

Exchange 2010 – How to move edb file (Move-DatabasePath)


I had to change storage for one database in DAG (two nodes). I wanted to also keep the path for database file and log folder same like before.

I got a new storage available as mounted point F:\DB1 on both nodes (it needs to be on both nodes because of DAG) and had following configuration:

Get-MailboxDatabase | ft Name,LogFolderPath, EdbFilePath
Name    LogFolderPath EdbFilePath
----    ------------- -----------
DB01    F:\DB01       F:\DB01\DB01.edb

We can change/move database quite simple via EMC or EMS. I like PowerShell so I used Exchange Management Shell and build-in cmdlet Move-DatabasePath:

  • This cmdlet fails if it’s run while the database is being backed up.
  • If the specified database is mounted when this cmdlet is run, the database is automatically dismounted and then remounted, and is unavailable to users while it’s dismounted.
  • This cmdlet normally can be run on the affected Mailbox server only. An exception is that this cmdlet can be run on an administrator’s workstation when using the ConfigurationOnly parameter with a value of $true.
  • This cmdlet can’t be run against replicated mailbox databases. To move the path of a replicated database, you must first remove all replicated copies, and then you can perform the move operation. After the move operation is complete, you can add copies of the mailbox database.

Well, I performed following steps:

  • Move active mailbox database on server with ActivationPreference number 1. It prevents to lose information about the preference because of two nodes (If you have more nodes, you should save original declaration of ActivationPreference).
Get-MailboxDatabase DB01 | fl name, ActivationPreference 
Name : DB01
ActivationPreference : {[ServerA, 1], [ServerB, 2]}

Move-ActiveMailboxDatabase DB01 -ActivateOnServer ServerA –MountDialOverride lossless
  • Remove mailbox database copy
Remove-MailboxDatabaseCopy -Identity DB01\ServerB
  • Move database file and log folder (database will be dismounted, moved and mounted itself). I also manually copied database file (DB01.edb) from F:\DB01 to F:\DB1 on ServerB (passive node) because it prevents to do the seeding (the process in which a copy of a mailbox database is added to another Mailbox server in a database availability group (DAG)).
Move-DatabasePath -Identity DB01 -EdbFilePath F:\DB1\DB01.edb -LogFolderPath F:\DB1
  • After the moving (Move-DatabasePath passed ok/ the database was mounted + copy process was also done on passive node). I dismounted the database manually (Dismount-Database DB01) and renamed mounted points on both nodes (F:\DB01 → F:\DB01OLD, F:\DB1 → F:\DB01) and used cmdlet Move-DatabasePath with parameter ConfigurationOnly (The ConfigurationOnly switch specifies whether the configuration of the database changes without moving any files. A value of $true changes the configuration. A value of $false changes the configuration and moves the files. The default value is $false.).
Move-DatabasePath -Identity DB01 -EdbFilePath F:\DB01\DB01.edb -LogFolderPath F:\DB01 -ConfigurationOnly:$true
  • After that, I mounted the database manually (Mount-Database DB01) and create database copy on ServerB (parameter ActivationPreference was not needed at this point, but could be useful for you and more copies)
Add-MailboxDatabaseCopy -Identity DB01 -MailboxServer ServerB -ActivationPreference 2
  • Index Catalog rebuilding for the database was needed (old index related folder can be removed new one is consequently created)
Get-Service MSExchangeSearch | Stop-Service
Get-Service MSExchangeSearch | Start-Service
  • Check
get-mailboxserver|Get-MailboxDatabaseCopyStatus| ft -a
Name Status CopyQueueLength ReplayQueueLength LastInspectedLogTime ContentIndexState
---- ------ --------------- ----------------- -------------------- -----------------
DB01\ServerA Mounted 0 0 Crawling
DB03\ServerB Mounted 0 0 Crawling
  • The database had about 200 GB so the ContentIndexState was in “Crawling” state many hours but it was changed to “Healthy” state itself. Good to know that: If we do not have “Healthy” ContentIndexState, we cannot do failover process (Move-ActiveMailboxDatabase) and end-users are not able to search mailbox content.

Technet.microsoft.com: Move the Database Path

Social.technet.microsoft.com: Edb.irs.raw file

Cannot Activate Database Copy: Content Index Catalog Files in Failed State

ContentIndexState STILL CRAWLING?