Troubleshooting no incoming email from web

  • Article

This topic provides guidance for diagnosing and resolving issues you may encounter with no incoming email from the web and Forefront TMG.

Flowchart for troubleshooting no email from web

This flowchart guides you through the steps that are required for troubleshooting when no email is received from the web.

No email received from web troubleshooting flow

Procedures for troubleshooting no email from web

The following procedures describe the steps you might need to take when you use the flowchart to troubleshoot no email from the web:

  • How to check if Edge Subscription is configured

  • How to backup Exchange and FPE configuration

  • How to check entries in TMG log with any SMTP traffic

  • How to check that Exchange message tracking is enabled

  • How to check if there are messages from the specific user in tracking log incoming messages

  • How to disable/enable e-mail policy integration mode

  • How to investigate why messages are not delivered

  • How to configure Exchange routes

  • How to check rules

  • How to check system policy rules

  • How to check and configure the Internet (external) mail route listener settings according to MX record

How to check if Edge Subscription is configured

Check if Edge Subscription is configured on each array member.

To check if Edge Subscription is configured:

How to backup Exchange and FPE configuration

For each array member, backup the Forefront Protection 2010 for Exchange (FPE) configuration as well as the Exchange Edge configuration.

To backup Exchange and FPE configuration:

  1. On each array member, follow the recommended backup and restore procedures for Forefront Protection 2010 for Exchange Server (FPE). See Backing up and restoring.

  2. Backup the Exchange Edge configuration:

    1. Copy the ExportEdgeConfig.ps1 script to the root folder of your user profile on the server that you are backing up.The ExportEdgeConfig.ps1 script is located in the \Scripts folder in your Exchange installation folder. The default location for this folder is C:\Program Files\Microsoft\Exchange Server\Scripts.

    2. Capture the configuration with the ExportEdgeConfig.ps1 script by running the following command in the Exchange Management Shell:

      ./ExportEdgeConfig -cloneConfigData:"C:\CloneConfigData.xml"

      Note

      Replace C:\CloneConfigData.xml with the full path of the XML backup file to be created by the ExportEdgeConfig.ps1 script.

      The confirmation message, "Edge configuration data is exported successfully to: C:/CloneConfigData.xml," appears.

    3. Copy the output file to a secure location.

How to check entries in TMG log with any SMTP traffic

Check the TMG log for SMTP traffic.

To check entries in TMG log with any SMTP traffic:

  1. In the Forefront TMG Management console, in the tree, click Logs & Reports.

  2. In the details pane, click the Logging tab.

  3. On the Tasks tab, click Edit Filter.

  4. In Filter by, select Protocol.

  5. In Condition, select Contains and in Value, select SMTP, and then click Add To List.

  6. Click Start Query.

How to check that Exchange message tracking is enabled

Check if Exchange message tracking is enabled.

To check that Exchange message tracking is enabled:

  1. For Exchange 2000 and Exchange 2003, message tracking is enabled on a per-server basis:

    1. In Exchange System Manager, right-click on the server and select Properties.

    2. On the General tab, ensure that Enable message tracking is selected.

  2. For Exchange 2007, message tracking is enabled by default, however, in the event that it was disabled, it not possible to configure message tracking with the Exchange Management Console. Use the Exchange Management Shell (EMS) to enable message tracking (in the event that it was disabled) by entering the following:

    Set-TransportServer <SERVERNAME> –MessageTrackingLogEnabled $true

How to check if there are messages from the specific user in tracking log incoming messages

Check if there are messages from the specific user in the tracking log incoming messages. For more information, see Managing Message Tracking) and How to Search Message Tracking Logs.

To check if there are messages from the specific user in tracking log incoming messages:

  1. For Exchange 2000 and Exchange 2003, the message tracking logs are stored in the \Program Files\exchsrvr\{servername}.log folder.

  2. For Exchange 2007, the default folder is \Program Files\Microsoft\Exchange Server\TransportRoles\Logs\MessageTracking.

  3. Ensure that the Microsoft Exchange Transport Log Search service is started.

  4. Run the following command in Exchange Management Shell:

    Get-MessageTrackingLog <SearchFilters>

    For example, to search the message tracking log for all entries from 7/28/2006 8:00 AM to 7/28/2006 5:00 PM for all FAIL events sent to pat@contoso.com, run the following command:

    Get-MessageTrackingLog -ResultSize Unlimited -Start "7/28/2006 8:00AM" -End "7/28/2006 5:00PM" -EventId "Fail" -Recipient "pat@contoso.com"

  5. Open the Exchange Management Console:

    1. In the console tree, click Toolbox. In the result pane, click Message Tracking. In the action pane, click Open tool.

    2. In the Message Tracking Parameters dialog box, set the search criteria for your message tracking log search by selecting the check box next to the search criteria name and entering a value for the search criteria. To remove search criteria, clear the check box next to the search criteria name.

How to disable/enable e-mail policy integration mode

You may need to disable or enable e-mail policy integration mode depending on where you are in the troubleshooting flow.

To disable/enable e-mail policy integration mode:

  1. In the Forefront TMG Management console, in the tree, click Troubleshooting.

  2. In the Tasks pane, click Control E-Mail Policy Integration.

  3. From Status, select Disabled or Enabled.

  4. Click OK.

  5. Click Apply.

  6. Enter a change description and then click Apply.

  7. To check the status, in the Forefront TMG Management console, in the tree, click E-Mail Policy, and in the E-Mail Policy Settings area check the E-Mail Policy Integration mode status.

How to investigate why messages are not delivered

Use the Exchange Management Shell to investigate why messages are not delivered. See Exchange Management Shell and Get-AgentLog.

To investigate why messages are not delivered:

  1. Run Exchange Management Shell.

  2. Use get-agentlog to investigate why the messages are not delivered.

    Get-AgentLog [-EndDate <DateTime>] [-Location <LocalLongFullPath>] [-StartDate <DateTime>]

How to configure Exchange routes

You may need to modify the Exchange routes,

To configure Exchange routes:

  1. In the Forefront TMG Management console, in the tree, click E-Mail Policy.

  2. Select a route.

  3. In the Tasks tab, click Edit Selected Route.

  4. Modify the route according to the revised configuration.

  5. Click Apply.

  6. Enter a change description and then click Apply.

    Tip

    You can query a DNS domain nameserver to identify the IP address, for example, using NSLOOKUP.

How to check rules

Check that the rule does not block SMTP traffic or the internal SMTP server.

To check rules:

  1. In the Forefront TMG Management console, in the tree, click Firewall Policy.

  2. Select a rule and click Edit Selected Rule.

  3. Make sure that the rule does not block SMTP traffic or the internal SMTP server.

How to check system policy rules

Check whether the SMTP and EdgeSynch system policy rules are enabled.

To check system policy rules:

  1. In the Forefront TMG Management console, in the tree, click Firewall Policy.

  2. In the Tasks pane, click Show System Policy Rules.

  3. Double-click on the following rules and check if the following rules are enabled:

    • Allow SMTP traffic to the local host for mail protection and filtering

    • Allow SMTP traffic to the Internet for mail protection and filtering

    • For Edge Subscription: Allow LDAP\LDAPS traffic to the local host for the Exchange Server EdgeSync synchronization process

  4. If the rules are not enabled, in the Tasks tab, click Edit System Policy.

  5. Select Various > E-Mail Policy and select Enable this configuration group.

  6. Click OK.

  7. Click Apply.

  8. Enter a change description and then click Apply.

  9. For Edge Subscription:

    1. In the Forefront TMG Management console, in the tree, click E-Mail Policy.

    2. In the Tasks tab, click Enable Connectivity for EdgeSync Traffic.

    3. Click OK.

    4. Click Apply.

    5. Enter a change description and then click Apply.

How to check and configure the Internet (external) mail route listener settings according to MX record

Check that the mail exchanger (MX) resource record for your domain registered on Internet DNS servers, points to the external IP address of Forefront TMG.

To check and configure the Internet (external) mail route listener settings according to MX record:

  1. Check that the mail exchanger (MX) resource record for your domain registered on Internet DNS servers, points to the external IP address of Forefront TMG. Forefront TMG will respond to SMTP session initiation messages (HELO, EHLO) with this public domain name or IP address.

  2. Check that the Internet mail route listener is configured correctly on the external NIC according to the MX record settings:

    1. In the Forefront TMG Management console, in the tree, click E-Mail Policy node.

    2. Select External_Mail_Servers, and in the Tasks pane, click Edit Selected Route.

    3. On the Routing tab, check the Mail relay method.

    4. Click Advanced and then check the Authentication and Source Address for Routing.

    5. On the Listener tab, check the FQDN or IP address ….

  3. Telnet into the MX record IP from an external network. Check that the response receives the FQDN defined in the SMTP route.