The mistery of the missing emails

Hello everybody!

This post was inspired by a gifted user (in this story I will call her Barbara Streisand), who opened a ticket asking about some missing email sent to him by a colleague (Park Jae-Sang) but that she has never seen in his mailbox. And the more PSY is sending her email, the less she can read them!! How crazy!!

You know, apart when you find a bug, email flow is the main business of Exchange, so it’s almost impossible that an email is not delivered without any notification to the sender…

So let’s start troubleshooting, a quick Get-MessageTrackingLog has a lot to say:

Get-TransportServer | Get-MessageTrackingLog -Start when_you_want -MessageID sucasuca@cucucu | sort timestamp | fl

The last object returned contains some useful informations:

RunspaceId              : bb3e88f0-3563-5e6f-8741-75c78a9f4a72
 Timestamp               : 21/12/2012 12:35:16
 ClientIp                :
 ClientHostname          : hubcas_server
 ServerIp                :
 ServerHostname          : backend_server
 SourceContext           : 08CF9D1BEF59FCD6;2012-12-21T11:35:16.229Z;0
 ConnectorId             :
 Source                  : STOREDRIVER
 EventId                 : DELIVER
 InternalMessageId       : 13303961
 MessageId               : <sucasuca@cucucu>
 Recipients              : {Barbara.Streisand@domain.com}
 RecipientStatus         : {Deleted Items}
 TotalBytes              : 12982
 RecipientCount          : 1
 RelatedRecipientAddress :
 Reference               :
 MessageSubject          : tuca tuca
 Sender                  : Park.Jae-Sang@domain.com
 ReturnPath              : Park.Jae-Sang@domain.com
 MessageInfo             : 2012-12-21T11:35:15.656Z;SRV=backend_server.fqdn:TOTAL=0;SRV=hubcas_server.fqdn:TOTAL=0
 MessageLatency          : 00:00:00.7450000
 MessageLatencyType      : EndToEnd
 EventData               : {[MailboxDatabaseName, dag00-db00], [DatabaseHealth, -1]}

First: the message has been delivered to themailbox server. (EventId: DELIVER)

Second: look at the “RecipientStatus: {Deleted Items}” section: this tells that there’s a rule that has automatically moved that particular message to a folder, in this case the “Deleted Items” folder, ever heard about it guys???

A quick look at the rules in Barbara’s mailbox with Get-InboxRule and here it is:

...
Description                           : If the message:
 the message was received from 'Park.Jae-Sang@domain.com'
 Take the following actions:
 move the message to folder 'Deleted Items'
 and stop processing more rules on this message
Enabled                               : True
 Identity                              : yourDistinguishedName
 Name                                  : 'test'
 Priority                              : 1
 RuleIdentity                          : 17620459049621389313
 SupportedByTask                       : True
...

A quick shot with Remove-InboxRule and the evil has gone.

NB: in this case the rule was NOT a “Client Only” rule, so it’s managed by the server without the need for an Outlook client up and running. Try for example with a “Client Only” rule that moves a message to another folder, you will see that RecipientStatus field will not cointains the folder name.

I leave to the willing student the task to understand the difference between “Client Only” and not “Client Only” rules.

Reference:

Get-MessageTrackingLog

Get-InboxRule

Understanding Message Tracking

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: