A reader pointed out a problem where an Exchange server was no longer sending OOF mails (out-of-office messages) after a migration. Kindly, the solution to the problem was also sent along, hence this short article. I think the problem should not occur too often and the error can no longer be fully reconstructed, but maybe it will help someone else.
The situation was as follows: After completing an Exchange migration and uninstalling the old server, OOF mails were no longer sent for any users. Although the Out of Office Assistant could be activated without any problems, internal and external users were not receiving any OOF mails.
The cause of the error was an incorrect group membership of the new Exchange Server. The new Exchange Server was a member of the "ExchangeLegacyInterop" group:
As the description of the group suggests, only computer accounts from Exchange 2003 servers should actually be included here:
This group is for interoperability with Exchange 2003 servers within the same forest. This group should not be deleted.
I could imagine that this problem occurred because old computer accounts were reused. As already mentioned, the case can no longer be reconstructed exactly, but the following is conceivable:
- There used to be an Exchange 2003 server with the host name "Exchange"
- The Exchange 2003 server was migrated to Exchange 2010 with the host name "Mailserver"
- After the migration, Exchange 2003 was uninstalled or manually deleted from the AD, but the computer account was not deleted but remained in the AD
- When migrating from Exchange 2010 to Exchange 2016, the host name "Exchange" was used again, reactivating the old Exchange 2003 Server computer account and making it a member of the "ExchangeLegacyInterop" group.
Whether this was the case or whether the computer account was added to the group manually can no longer be clarified.
After the Exchange 2016 server computer account was removed from the "ExchangeLegacyInterop" group and the "MSExchangeTransport" service was restarted, the OOF mails also worked again without any problems. To be on the safe side, however, a restart of the server would not hurt. The "ExchangeLegacyInterop" group should therefore be empty and have no members if older Exchange servers are no longer in use.
Incidentally, the new Exchange Server cannot send OOF mails because the "ExchangeLegacyInterop" group is denied two authorizations on the receive connectors "Default" and "Default Frontend":
However, I would not adjust the permissions of the connectors here, but rather remove the computer account from the group.
Oof funktioniert, nur die gesendete Mail (egal ob Intern oder extern) landet machmal nicht im Postfach sondern in der Poison Queue obwohl die Postfachregel nur besagt das die Mail weitergeleitet werden sollte.
Und was tun wenn externe Domains interne Abwesenheitsnotizen bekommen :-)?
Hast du hierfür evtl auch einen Ansatz?
Danke & LG