Exchange – Forwarding And Redirecting

My colleague sent me email regarding to email forwarding and its configuration from Exchange point of view recently. I checked this topic little deeper and I would like to summarize my remarks.

We can set up forwarding or redirecting in Exchange environment for example by:

Outlook rule

Clients are able to create a rule which can examine each message that you receive for certain characteristics and then automatically forward or redirect any message to another email account. If clients want to use also external recipients, Exchange administrator has to allow it through RemoteDomain especially with AutoForwardEnabled paramater (The AutoForwardEnabled parameter specifies whether to allow messages that are auto-forwarded by client e-mail programs in your organization. Setting this parameter to $true enables auto-forwarded messages to be delivered to the remote domain. The default value is $false.) Message Tracking Log indicates related mailflow with Source: MAILBOXRULE, EventId: RECEIVE (Forwarding – from receiver side, Redirect – from sender side).

ForwardingAddress and ForwardingSmtpAddress

Both parameters can be used with cmdlet Set-Mailbox and ensure either forwarding or redirecting based on parameter DeliverToMailboxAndForward (DeliverToMailboxAndForward parameter specifies whether messages sent to this mailbox are forwarded to another address – $True / $False).

Forwarding Address – It is RecipientIdParameter value which give us power to specify address by name or alias. This parameter is accessible via mailbox properties (Mail Flow Settings → Delivery Options) in EMC. Forwarding Address has higher priority than Forwarding SMTP Address (This user has already set up the parameter ForwardingSmtpAddress. If you set the parameter ForwardingAddress, the user’s setting will be overridden.). The property does not require for external forwarding  AutoForwardEnabled / RemoteDomain, just a MailContact (with external email address) in Exchange organization is needed. Message Tracking Log indicates this type of forwarding with EventID: REDIRECT/TRANSFER, Source: ROUTING, SourceContext: Resolver.

ForwardingSmtpAddress – It is ProxyAddress value known as msExchGenericForwardingAddress in AD attributes. Forwarding SMTP Address has lower priority than Forwarding Address. This property is not accessible in GUI (EMC), you can use only PowerShell. For external forwarding has to set up the RemoteDomain. If a remote domain configuration blocks a specific message type from being sent to recipients in that domain, the message is deleted (classic black hole same like empty distribution list). Message Tracking Log indicates this type of forwarding with EventID: DEFER,
Source: AGENT, SourceContext: Redirection Agent.


The TargetAddress is basically used in co-existence scenarios (e.g. LotusNotes / Exchange). It can be used only for redirecting (messages are delivered only to the forwarding address) by specifying email address “”. External forwarding is supported without RemoteDomain control. The property can be accessible via ADSI Edit, PowerShell AD module and for Exchange objects MailContacts and MailUser as ExternalEmailAddress property in EMS (additionally Michel de Rooij and TargetAddress, ExternalEmailAddress and Set As External). Message Tracking Log indicates this type of redirect with EventID: REDIRECT/TRANSFER, Source: ROUTING, SourceContext: Resolver (same like for ForwardingAddress).

Example how to manage TargetAdress with PowerShell AD module:

PS C:\> Import-Module ActiveDirectory

PS C:\> Get-ADUser filip -Properties *| select targetAddress

PS C:\> $a = Get-ADUser filip -Properties *

PS C:\> $a.targetAddress

PS C:\> $a.targetAddress=""

PS C:\> Set-ADUser -instance $a

PS C:\> Get-ADUser filip -Properties *| select targetAddress

Exchange 2010 – AUTH PLAIN not supported

Exchange Server 2007/2010 does not support AUTH=PLAIN common method.

Exchange 2010 Support for RFC Standards

  • RFC: 3501
  • Title: Internet Message Access Protocol – Version 4rev1
  • Updated by: 4466, 4469, 4551, 5032, 5182
  • Obsoletes: 2060
  • Exchange 2010 specific: Implemented by Exchange 2010 (AUTH=PLAIN not supported)

AUTH=PLAIN common method description:

  • “The mechanism consists of a single message from the client to the server. The client sends the authorization identity (identity to login as), followed by a US-ASCII NULL character, followed by the authentication identity (identity whose password will be used), followed by a US-ASCII NULL character, followed by the clear-text password. The client may leave the authorization identity empty to indicate that it is the same as the authentication identity.”
  • In other words, the correct form of the AUTH PLAIN value is ‘authiduseridpasswd’ where ” is the null byte.
  • After the client has sent the AUTH PLAIN command to the server, the server responds with a 334 reply code. Then the username and password are sent from the client to the server. The username and password are combined to one string and BASE64 encoded. Although the keyword PLAIN is used, the username and password are not sent as plain text over the Internet they are always BASE64 encoded.

Backup Exec 2012 – Removing bkf files from failed jobs


I have created simple script which finds failed/error backup jobs (Backup Exec 2012) and removes related bkf files from disk (because the files are not valid for restore anymore). The scripts needs to be modified based on your environment. The script also creates basic log (list of failed jobs and removed files) in specified directory. Useful thing could be variable $TimeStamp which give us power to modify time how long we want to go back in BEJobHistory.

Note: The script can be scheduled in Task Scheduler with action Start a Program –  “Program/script:” PowerShell.exe and “Add arguments (optional):”  script file path (e.g. D:\RemovedFiles\RemovingFailedJobFiles.ps1) because of using Import-Module -Name BEMCLI inside.


Log example: 26-01-2013-0120-Log.txt

Backup Exec 2012 – Error – (0xE000FED1): A failure occurred querying the Writer status.


I solved an error and subsequently failed backup jobs in Backup Exec 2012. It occurred only sometimes and for few jobs at once.

Error from BE JobLog:

Job ended: Friday, January 25, 2013 at 4:49:06 PM
Completed status: Failed
Final error: 0xe000fed1 - A failure occurred querying the Writer status.
Final error category: Resource Errors
Snapshot technology error (0xE000FED1): A failure occurred querying the Writer status.

Errors in Windows AppLog:

Log Name: Application
Source: MSExchangeRepl
Date: 1/25/2013 5:29:24 PM
Event ID: 2024
Task Category: Exchange VSS Writer
Level: Error
Keywords: Classic
User: N/A
The Microsoft Exchange Replication service VSS Writer c59fb6d1-d04f-3c94c3e3fb87 failed with error 80070020 when preparing for a backup.

Log Name: Application
Source: MSExchangeRepl
Date: 1/25/2013 5:29:24 PM
Event ID: 2112
Task Category: Exchange VSS Writer
Level: Error
Keywords: Classic
User: N/A
The Microsoft Exchange Replication service VSS Writer instance c59fb6d1-d04f-3c94c3e3fb87 failed with error code 80070020 when preparing for a backup of database 'DB02'.

The error was caused by wrong Backup Selection. We had created new mailbox database and BE seemed to automatically added it into already configured selections. Well we took the backup of this database in all backup jobs. Some of those jobs was scheduled at the same time and due to this reason occurred long querying for VSS writer. When I removed the database from the selections the problem was solved.

Backup Exec 2012 – Get-BEJobLog and Get-BEJobLogFiles


I wanted to get names of bkf files (media) from Get-BEJobLog in Backup Exec 2012. Unfortunately Get-BEJobHistory | Get-BEJobLog outputs only log in string value. Due to this reason I created simple function for obtaining the names for particular media.

  • You cannot use the function for deduplication type of job because of image folder structure.
  • If you want to import  “Backup Exec Management Command Line Interface” into PowerShell session, you need to use  cmdlet Import-Module -Name BEMCLI.

Function Get-BEJobLogFiles

function Get-BEJobLogFiles{
 param ( 
 $Files = @()
 foreach($Str in $BEJobLog){
 $SplitString = ""
 $SplitString = $Str.Split("`n") | Select-String -Pattern "B2D" -SimpleMatch |sort -Unique
 foreach($Line in $SplitString){
 $StrFile = ""
 $StrFile = $Line.toString()
 $StrFile = $StrFile.Substring($StrFile.indexof(":")+2)
 if($StrFile -ne $null){
 $Files += $StrFile
 return $Files

Download: Get-BEJobLogFiles

If you expect more that one logs (i.e. caused by more Get-BEJobHistory)  you will need to use:

Get-BEJobHistory | Get-BEJobLog | %{ $_ | Get-BEJobLogFiles }


PS C:\> Get-BEJobHistory | Where-Object {(($ -like "*Monthly Full*") -and ($_.JobStatus -like "Succeeded") -and ($
_.StartTime -gt (get-date).adddays(-2)))} | Get-BEJobLog | %{ $_ | Get-BEJobLogFiles }

How to find related media on disk? Example below could help you. Please ignore related names for variables because it is used from different script:

# Retention period 
$Retention = -8

# Backup Exec Storages
$DiskE = "E:\BEData"
$DiskG = "G:\BEData"
$DiskH = "H:\BEData"

# Backup Selection (Error Job)
$ErrorJobsMedia = Get-BEJobHistory | Where-Object {(($ -like "*Monthly Full*") -and ($_.JobStatus -like "Succeeded") -and ($_.StartTime -gt (get-date).adddays(-2)))} | Get-BEJobLog | %{ $_ | Get-BEJobLogFiles }

# File Selection
$BackupStorages = @()
$BackupStorages += Get-ChildItem -path $DiskE | where-object {$_.Name -like "*.bkf"}
$BackupStorages += Get-ChildItem -path $DiskG | where-object {$_.Name -like "*.bkf"}
$BackupStorages += Get-ChildItem -path $DiskH | where-object {$_.Name -like "*.bkf"}

# Backup files determination
$BackupFiles = @()
foreach ($ErrorJobsMed in $ErrorJobsMedia){
 foreach ($BckFile in $BackupStorages){
 $BckFileTemp = ($
 $BckFileTemp = $BckFileTemp.substring(0,$BckFileTemp.indexof("."))
 if($ErrorJobsMed -match $BckFileTemp){
 $BackupFiles += $BckFile
PS C:\> $BackupFiles | select fullname


Exchange 2010 MSExchangetransport service crashed, Forefront Mail Pickup service error, Event ID:4999, Event ID:10003, Event ID:5167, Event ID:17007

Yesterday I have experienced problem in one of our customers Exchange 2010 SP2. We have 8 node DAG in 2 datacenters and 4 Win NLB balanced combined CAS /HUB servers there. In one of CH servers the transport service crashed with the following Event IDs in sequence:

  • Scan Error of the poison message Event ID: 10003

initial error

  • IO Exception on the disk Event ID:4999


  • ForeFront Scan Error due to EdgeTransport.exe shutdown Event ID:5167

initial 5167


  • Transport service crashed on the server NODE1
  • ForeFront Mail Pickup service crashed Messages were delayed
  • some of them lost due to content failure, but returned to sender with NDR so sender can send them again.


  • Mail submission queue has started to fill with messages before Transport service crashed
  • Microsoft ForeFront Server Protection Mail Pickup service crashed (This service is sending e-mail generated by ForeFront)
  • All users, who got connection load balanced to this server were not able to send e-mail messages immediately
  • Restart of MSExchangeTransport service or affected server didn´t help

Root cause:

  • IP Filter database was logically corrupted. Root cause of logical corruption cannot be determined. Possible reason is, that MDS disk could be unreacheable for short time or performance could be low.
  • Due to this fact Transport service could not be started / perform service generating the following Event ID sequence (from bottom to top):

IPFilter database problem log sequence

  • The root cause was detected later due to Event ID 17007



  • Server was removed from Windows load balancer and transport service is stopped, because event logs and types of errors are pointing to HW or logical failure on one of the disks or MDS (E:)
  • Crashing ForeFront has been disabled on affected server: From FF PowerShell console run
.FSCutility.exe /disable
  • All Exchange services has been stopped (This is very important task so Exchange Store.Exe cannot contact faulty server, MSExchangeADTopology service needs parameter -Force to have it stopped)
Get-Service MSE* | Stop-Service -Force
  • Transport database and IP Filter database has been moved to D drive temporarily. From Scripts direktory in Exchange install path run:
.Move-TransportDatabase.ps1 -IPFilterDatabasePath <IPDBPath> -IPFilterDatabaseLoggingPath <IPDBPath> -QueueDatabasePath <TransportDBPath> -QueueDatabaseLoggingPath <TransportDBPath>
  • Almost all messages were delivered with delay not more than few hours. 23 messages in poison queue are lost due to integrity failure
  • Server is designed as FSW for DAG. FSW has been temporarily moved to NODE2
Set-DatabaseAvailabilityGroup DAG1 -WitnessServer Node2 -WitnessDirectory D:FSW_DAG_TMP


  • Files from E: drive were copy to another server
  • All Exchange services and Patrol agent has been stopped
  • E: drive was formatted to prevent logical corruptions on MDS disk
  • Transport database and IP Filter database has been moved to E drive again
.Move-TransportDatabase.ps1 -IPFilterDatabasePath <IPDBPath> -IPFilterDatabaseLoggingPath <IPDBPath> -QueueDatabasePath <TransportDBPath> -QueueDatabaseLoggingPath <TransportDBPath>
  • Transport service has been started automatically
  • Transport Service has been tested by sending 250 messages with 350kB attachment within short time
$i= 0
Send-MailMessage -From testmail@domain-com -To testmail@domain-com -SmtpServer -Subject "Test $i" -Attachments "D:asdevicestats.csv" }
until($i -ge 250)
  • ForeFront protection agent has been integrated again
.FSCutility.exe /enable
  • Transport service has been started and tested by sending 250 messages with attachment within short time again
  • All other Exchange services have been started
Get-Service MSE* | Start-Service
  • Server has been added to LB again
  • Other services have been tested (OWA, EAS and so on, since this is combined server role)
  • FSW has been moved again to Node1
Set-DatabaseAvailabilityGroup DAG1 -WitnessServer Node1 -WitnessDirectory D:FSW_DAG

Hopefully this helps you to save some time.

Exchange 2010 SP2 – MailboxRestoreRequest – ROP Error: 0x80070057 – (hr=0x80070057, ec=-2147024809) – Rule: Condition: Restriction


I had a problem to do restore for a mailbox in recovery database. I used for restoring CMDLET:

[PS] C:\>New-MailboxRestoreRequest -name Restore123c -TargetMailbox kasajfil -SourceDatabase db01rd -SourceStoreMailbox "Bond James" -BadItemLimit 100 -AllowLegacyDNMismatch -AcceptLargeDataLoss -TargetRootFolder "RESTORE-123c" -AssociatedMessagesCopyOption DoNotCopy -ConflictResolutionOption KeepLatestItem -IncludeFolders "#Inbox#/*"

Related mailbox request always failed with ERROR:

QueuedTimestamp               : 25.1.2013 1:58:39StartTimestamp                : 25.1.2013 2:03:54
LastUpdateTimestamp           : 25.1.2013 2:04:04
OverallDuration               : 00:08:14
TotalFailedDuration           : 00:02:49
TotalQueuedDuration           : 00:05:14
TotalInProgressDuration       : 00:00:09
EstimatedTransferSize         : 39.48 MB (41,402,933 bytes)
EstimatedTransferItemCount    : 1712
BytesTransferred              : 27.85 MB (29,198,166 bytes)
ItemsTransferred              : 162
PercentComplete               : 69
FailureCode                   : -2147024809
FailureType                   : MapiExceptionInvalidParameter
FailureSide                   : Target
Message                       : Error: MapiExceptionInvalidParameter: Unable to modify table. (hr=0x80070057, ec=-2147024809)
                                Diagnostic context:
                                    Lid: 55847   EMSMDBPOOL.EcPoolSessionDoRpc called [length=228]
                                    Lid: 43559   EMSMDBPOOL.EcPoolSessionDoRpc returned [ec=0x0][length=324][latency=0]
                                    Lid: 23226   --- ROP Parse Start ---
                                    Lid: 27962   ROP: ropModifyRules [65]
                                    Lid: 17082   ROP Error: 0x80070057
                                    Lid: 27745
                                    Lid: 21921   StoreEc: 0x80070057
                                    Lid: 27962   ROP: ropExtendedError [250]
                                    Lid: 1494    ---- Remote Context Beg ----
                                    Lid: 26426   ROP: ropModifyRules [65]
                                    Lid: 23921   StoreEc: 0x3EC
                                    Lid: 21970   StoreEc: 0x8004010F PropTag: 0x668F0040
                                    Lid: 21970   StoreEc: 0x8004010F PropTag: 0x668F0040
                                    Lid: 21970   StoreEc: 0x8004010F PropTag: 0x67F60040
                                    Lid: 21970   StoreEc: 0x8004010F PropTag: 0x67F60040
                                    Lid: 21970   StoreEc: 0x8004010F PropTag: 0x67F60040
                                    Lid: 48851
                                    Lid: 21970   StoreEc: 0x8004010F PropTag: 0x67F60040
                                    Lid: 51077   dwParam: 0x80000000
                                    Lid: 65267
                                    Lid: 40691
                                    Lid: 5559    StoreEc: 0x80070057
                                    Lid: 65015
                                    Lid: 65439
                                    Lid: 4302    StoreEc: 0x80070057
                                    Lid: 1750    ---- Remote Context End ----
                                    Lid: 26849
                                    Lid: 21817   ROP Failure: 0x80070057
                                    Lid: 29150
                                    Lid: 20446   StoreEc: 0x80070057
FailureTimestamp              : 25.1.2013 2:04:04
FailureContext                : --------
                                Operation: IDestinationFolder.SetRules
                                OperationSide: Target
                                Primary (9e7c5f65-9cdd-44d9-af51-d2b16b786157)
                                Rules: [Rule: Condition: Restriction: AND[OR[OR[]; AND[OR[AND[EXIST[ptag:SpamConfidenceLevel]; PROPERTY[ptag:SpamConf
                                idenceLevel, GreaterThan, val:[Tag:SpamConfidenceLevel, Value:-1(int)]]]; OR[]]; NOT[OR[OR[]; RECIPIENT[OR[]]]]]]; NO
                                T[OR[OR[]; RECIPIENT[OR[]]; OR[]]]]; Actions: [RuleAction: MOVE FolderEID:[len=46, data=0000000014B0B2477F158446A958E
                                9C98E4EFFB4010011065C8A5B249A4B8CA3A8B46ACF4451004C73DF00040000], StoreEID:[len=163, data=0000000038A1BB1005E5101AA1B
                                632335350444C54292F636E3D526563697069656E74732F636E3D533533323200]; RuleAction: TAG [Tag:0x80850003(NamedProp), Value
                                :-1091397025(int)]]; Name 'Junk E-mail Rule'; Provider: 'JunkEmailRule'; ProviderData: 0100000000000000465E0C4E3C8DCD
                                01; ExecutionSequence: 0; Level: 0; StateFlags: 49; UserFlags: 0; IsExtended: True; Rule: Condition: none; Actions: [
                                RuleAction: OOFREPLY TemplateEID:null, TemplateGuid:78da9e7a-bd61-4fb8-8893-4a5dcc4f2cba, Flags:0]; Name 'MSFT:TDX OO
                                F Rules'; Provider: 'MSFT:TDX OOF Rules'; ProviderData: ; ExecutionSequence: 50; Level: 0; StateFlags: 141; UserFlags
                                : 2; IsExtended: False]
                                Folder: '/Top of Information Store/Saapuneet', entryId [len=46, data=0000000014B0B2477F158446A958E9C98E4EFFB40100C53A
                                9267D96ADA4BB55D2D35A37F7B15004C72E2E5C40000], parentId [len=46, data=0000000014B0B2477F158446A958E9C98E4EFFB40100C53

Just for information:

  •  The folder  ‘/Top of Information Store/Saapuneet’ is Inbox folder another words.
  • MailboxRestoreRequest with -ExcludeFolder “Saapuneet” passed ok.


I used Restore-Mailbox instead of New-MailboxRestoreRequest based on tip from Joey Dekker and fortunately it solved my problem (without time specification as Joey advised).

[PS] C:\>Restore-Mailbox -Identity kasajfil -RecoveryDatabase db01rd -BadItemLimit 100  -TargetFolder RESTORE_123f -RecoveryMailbox "Bond James"MailboxSize                      : 2.054 GB (2,205,975,899 bytes)IsResourceMailbox                : False
Options                          : Default
TargetFolder                     : \RESTOREc\Recovered Data - Bond James - 01/25/2013 02:49:09
MoveType                         : Restore
MoveStage                        : Completed
StartTime                        : 25.1.2013 2:49:11
EndTime                          : 25.1.2013 3:07:36
StatusCode                       : 0
StatusMessage                    : This mailbox in the recovery database has been restored to the target user mailbox.