Troubleshooting 5.1.1 NDRs
The following applies to Exchange 2007 - Exchange 2013
Most 5.1.1 Non-Delivery Reports (NDRs) are due to an email being sent to a non-existent mailbox in Exchange. It is worth noting that NDR codes are configurable on the server level so this doesn’t always apply, but 5.1.1 is a well-known NDR code and isn’t generally modified by administrators. The resolution is mostly self-explanatory except in a few specific scenarios. One of these scenarios is when the NDR includes a return address similar to the following example taken from 1stdetect.com:
IMCEAEX-_O=FIRST+20ORGANIZATION_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Jason+20Wolley6c7@1stdetect.com
What we see here is an example of how internal email routing works in Exchange. Unlike external email, the destination address isn’t the actual email address, it’s the legacyExchangeDn value for the recipient mailbox. Because the email this NDR example was taken from was sent from a 1stdetect.com mailbox to a 1stdetect.com mailbox, the recipient address resolved to the value above during transport. The reason it failed was due to either an Exchange migration or the Exchange object (mailbox, Distribution Group, MailContact, etc) was recreated. Consider the following scenario from Connectwise ticket 277208:
- Mailbox for Jason Wolley was deleted for whatever reason. The original legacyExchangeDN for this mailbox was /o=first?organization/ou=exchange?administrative?group?(fydibohf23spdlt)/cn=recipients/cn=jason?wolley0bc
- The mailbox was then recreated and assigned a new legacyExchangeDN of /o=first?organization/ou=exchange?administrative?group?(fydibohf23spdlt)/cn=recipients/cn=jason?wolley6c7
- Kelley Roper then tries to send an email to Jason Wolley and uses a cached AutoComplete entry in Outlook for Jason with the old legacyExchangeDN saved as the email address.
- The email bounces with the following NDR:
From: Microsoft Outlook
Sent: Monday, April 27, 2015 10:08 AM
To: Kelley Roper
Subject: Undeliverable: test
Delivery has failed to these recipients or groups:
Jason Wolley
The e-mail address you entered couldn't be found. Please check the recipient's e-mail address and try to resend the message. If the problem continues, please contact your helpdesk.
Diagnostic information for administrators:
Generating server: mail.spacetech.local
IMCEAEX-_O=FIRST+20ORGANIZATION_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Jason+20Wolley6c7@1stdetect.com
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##
Original message headers:
Received: from mail.spacetech.local ([fe80::6164:98fb:57b8:d436]) by
mail.spacetech.local ([fe80::6164:98fb:57b8:d436%10]) with mapi id
14.01.0438.000; Mon, 27 Apr 2015 10:07:39 -0500
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: Kelley Roper <KRoper@1stdetect.com>
To: Jason Wolley <JWolley@1stdetect.com>
Subject: test
Thread-Topic: test
Thread-Index: AdCA++Xa2L8Qyn5TQ/GZW49WBOQ+mg==
Date: Mon, 27 Apr 2015 10:07:38 -0500
Message-ID: <D5FD36DF7334944C9988BBD14DE367F9012B24614C@mail.spacetech.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator: <D5FD36DF7334944C9988BBD14DE367F9012B24614C@mail.spacetech.local>
MIME-Version: 1.0
X-Originating-IP: [50.200.173.214]
To resolve this issue we have to let Exchange know that the new, recreated mailbox for Jason Wolley should receive email sent to the old legacyExchangeDN. This is accomplished by adding an x500 address as an alias for Jason’s new mailbox. This could also be accomplished by simply instructing the sender to delete the AutoComplete entry for the recipient; however, because many users in the company most likely have this address cached in Outlook, a more elegant solution is to make the change on the server level.
We first have to convert the legacyExchangeDN shown in the NDR highlighted above to the legacyExchangeDN value recognized by Exchange.
https://support.microsoft.com/en-us/kb/2807779
Replace any underscore character (_) with a slash character (/).
Replace "+20" with a blank space.
Replace "+28" with an opening parenthesis character.
Replace "+29" with a closing parenthesis character.
Replace "+2E" with a period
Delete the "IMCEAEX-" string.
Delete the "@mgd.domain.com" string.
Add "X500:" at the beginning.
By using the steps above, the legacyExchangeDN shown in the NDR:
IMCEAEX-_O=FIRST+20ORGANIZATION_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Jason+20Wolley6c7@1stdetect.com
Is converted to:
x500:/o=first?organization/ou=exchange?administrative?group?(fydibohf23spdlt)/cn=recipients/cn=jason?wolley6c7
We now need to save this value as an alias to Jason’s new mailbox by running the following command in Exchange Management Shell:
Set-Mailbox jwolley@1stdetect.com –EmailAddresses @{add='x500:/o=first?organization/ou=exchange?administrative?group?(fydibohf23spdlt)/cn=recipients/cn=jason?wolley6c7'}
That’s it. The issue should now be resolved so instruct the sender to try sending another email to the recipient to test.
Alternately, you can use the Convert-LegacyExchangeDN.exe application I wrote to convert the legacyExchangeDN email address found in the 5.1.1 NDR to the alias you should add to the new object in Exchange. The .exe file and readme.txt file can be found here -.convert-legdn.zip