At a customer, we were troubleshooting a case of non delivery reports and came across this funny thing. They have restricted the delivery to all the distribution groups and the organization level maximum recipient setting to 25. Only one user who has permissions to send emails to some of the distribution groups and has already been allowed to send emails to more than 200 recipients was experiencing this issue.
Get-TransportConfig shows that the org level transport configuration restricts more than 25 recipients in any email
User mailbox settings are configured to allow sending to more than 25 recipients (200)
According to the way transport in Exchange should function, user level limit should override the limits set at org level. In this case, exchange somehow denied accepting it’s own way of working. The most weird thing was; it was happening with only a single user and not everyone. Rest of the senders with similar configuration were working absolutely fine.
When the user sent an email to a distribution group which has several other nested distribution groups as well, he received below NDR.
This message wasn’t delivered to anyone because there are too many recipients. The limit is 25. This message has 95 recipients.
Everyone in Company Ops (email@example.com)
This message has too many recipients. Please try to resend with fewer recipients.
After running out of all known ways of troubleshooting we decided to take some help from ExTRA for tracing the Transport components and getting the .etl file converted to readable language with the help of MS PSS. ExTRA returned below error in the entire log.
"163","00000000","Debug ","1601/01/03-08:58:04.588","24064","57828","Transport","Resolver","Lookup result for recipient IMCEAEX-_O=Exchange_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=E902df71-79d72599-65257491-2575b4@exchange.COM is Microsoft.Exchange.Data.Directory.Recipient.NonUniqueLegacyExchangeDNError"
"164","00000000","Error ","1601/01/03-08:58:04.588","24064","57828","Transport","Resolver","ambiguous address"
With reference to above findings we investigated further and found a member of the distribution group which did not have a mailbox associated with it. Now that we could understand what is happening,
1. Removed the member that did not have a mailbox associated.
2. Update the sender’s legacyExchangeDN attribute to end with his alias.
3. Deleted name cache of the user using Outlook 2010 Nickname Cache – An insider Story
4. Ensured the outlook profile is freshly configured
Bingo! the next attempt to send an email was successful.
Weird thing is, although the NDR message and the actual problem had no relevance to each other, it finally turned to be a misleading NDR. I do not know whether to call it a bug but it does seem like one.