MS-203 Microsoft 365 Messaging – Troubleshoot Mail Flow Problem Part 2

3. Configuring Message Tracking

Okay. And we’re going to be using a command called get Message Tracking log. Now if I type that command, let in right now, get message tracking log, hit Enter, it’s just going to show me everything, okay, everything that’s been happening and I’m going to hit control C to break out of that because I don’t want to sit here and wait forever for it. But you can see the different messages that are flowing through here. Okay, now notice that it does kind of summarize some of the information that you’re seeing here. So you don’t actually get to see it all written out easily to view. And maybe I want to see all the details. So I can actually do that by running this command here.

I can say hit the up arrow and I’m going to pipe that to formatlist. When I pipe that to formatlist, that’s going to actually show me this in a list format as opposed to the table format that it defaults to. And if you do that, it draws it all out for you like so I can actually see everything in this list. Of course, again, I’m going to control C because it’s going to plow through that. Now if I want, I can also tell it to show me individual pieces of information.

Okay, so if you notice when you hit enter on message tracking, you’ll notice these individual timestamp, event ID source sender recipient, okay, so check this out, I want it to show me. I’m going to go with format dash list and I’m going to say show me the sender. All right? And then I’m going to put comma and then show me the message subject. So message subject and we’re going to hit enter on that. And now notice it’s going to show me just that piece of information. So this is a great way for you to kind of reformat what it’s showing you so that maybe you can filter down what you’re actually looking for here. Okay, now another thing I can do is I can see specific ranges of information if I want as well. So for example, perhaps, maybe I only want to see from a specific server from a specific date and time and a certain user. So I’m going to type get message Tracking blog server name and we’ll do NYC ex one, alright. And then start, and then I’m going to do this date range 60, 120, 20 at we’ll say nine, all right.

And that’s the format end. And we’ll do six, let’s four, 2020. And let’s see, we’ll close out that or I didn’t actually put the time, so let me put the time in there, do nine again, close that out and then I’m going to do sender. And this time we’re going to look at Jan Williams. This is going to be our user that we’re wanting to look at flow from this message traffic tracking. So Jan Williams@examlabracks. com, we’re going to go ahead now and hit enter on that. And it’s going to show me just information from Jan Williams. Okay? And notice that she had a message subject called budget. And that gives us some information. Maybe I’m trying to narrow down, hey, somebody’s leaked out our budget to somebody and we could figure out who it is by doing this particular task here.

Now then if I want, I can format this again, format as a list, and this time I’m also going to dump this to a file. So I’m going to pipe it and say out file and we’ll say Cmessagetracking text. That’s going to dump this to a text file on my C drive called Messagetracking Text. I’m going to hit File Explorer and then I’m going to go to my C drive, we’re going to open this up and we’re going to take a look and see what’s in it. All right, and so here we go. And as you can see, it’s got all of this email information for Jan Williams and those budget subjects inside that email.

And now if I needed to take this to somebody maybe for evidence or whatever, I could. All right, but as you can see, working with message tracking log, that commandment is pretty easy to use. It’s a great little command line and it’s very quick way for us to get a lot of information out of our mail flow in our organization to see who’s sending email to who and how much email they’re sending. And you can further filter that command. And I encourage you to look up the get message tracking log inside Microsoft’s knowledge base because they’ve got a lot of little switches there you can tweak and play around with as well. So hopefully that does give you a good understanding now of using the get message tracking log and how to see the message tracking in our exchange environment.

4. Analyzing Non-Deliverable Reports

I know I want to take some time and talk about analyzing NDRs. Okay, so this is going to get into the concepts of nondeliver reports and some of the help that Microsoft provides for us. So we’re looking here at our Microsoft 365 services and just kind of looking at some of the things here we can do. We’re going to go down here to show all this is in the portal Microsoft. com, also known as Admin Microsoft. com. We’re going to go down to the Admin Center called Security. We’re going to look at message tracing here. So we’re going to look at mail flow. All right, drop that down and from mail flow we can do message trace from there. We’re going to do a start a trace and we can see from and to people. But I’m just going to look over the last, let’s do the last four days or seven days click search and this is going to show you all the messages that have happened last seven days.

Okay, so what I really wanted to kind of hone in on is we’ve got an NDR that occurred at this time. It was an email coming from Jc@examlabpractice. com and it was going to test user@examlabpractice. com. So we’re going to click on that NDR and it’s going to give us some information. Okay, so I want to look at and analyze this. This is what an NDR looks like and you can see NDR Information Exchange online. You can see NDR Information Exchange onprem, but when you look at it you get the status. Okay, so Office 365 received the message and then hone in on this error code here. So it tells you error 55. 1 point ten, resolver ADR recipient not failed.

So it gives you some information, tells you that an NDR message was sent to this email. So this means this user received an NDR and they tell you that the NDR might provide more information as well. So you could actually view the NDR message for that particular user if you wanted to. So again, if we jump over to let’s go to portal Office. com and we’ll open up our Outlook, you’re going to be able to see that user received an NDR report from Office 365. Now of course this was exchanged online. It would be outlook. It’s kind of the same thing.

But you can see right here it says this is an NDR coming from Microsoft Outlook here and it’s telling me that I’ve got some information about why this problem occurred. And again the key thing here, notice this little status code and it tells you this error occurred because the sender sent a message to an email address hosted by 365 but the address is incorrect. It gives you some information on how to fix it. So one thing about analyzing NDRs is to read the messages but also analyze the status codes.

Down here you’ve got an error code that you can look at that tells you what the problem was. Okay? And you can see the message headers as well and analyze what the message headers, the message headers are just the pure raw text of what was happening on the email, what was going through in regards to that email. So you can see the from and the to. In some cases you may get an NDR because it appears as though the user might have been trying to reply to somebody that had spoofed somebody else’s email address. And Exchange Online protection is catching it, or whatever your email filtering system is, is catching it and you’re seeing this message here. Now I’d also like to point out that Microsoft has got some great articles in their knowledge base on all these different error codes. So it’s a great place for you to start when looking at these different status codes for errors is to check their knowledge base. Okay? So here’s an example.

This is the article in their knowledge base called Email Non Delivery Reports. In Exchange Online, they list out all these different NDR messages, NDR codes that we’ve got and we can go through and we can see each and every one of these messages, okay, these different status codes and the messages that go with them. And the great thing about it too is a lot of times when you read through it, it provides you with some information on how to fix this particular problem. Like, for example, it says, Relay access denied. If you look over to the right, you could, if you wanted to open up this article and read about what happened and how to fix it.

So this is an invaluable place to go in the real world too, if you are analyzing NDRs and trying to discover why you’re getting these NDRs and of course how I’m going to fix the NDRs. Now I will also say that this is Exchange Online we’re looking at here. But even with Exchange on Prem, microsoft has information about fixing Exchange on Prem as well. So here’s an article, this is their knowledge based article involving NDRs for Exchange on premise. And really you’re going to find it’s pretty much the same idea. They list out the different status codes and you can see information about fixing those status, the problems, they give you links to fixing it. They tell you the description of what’s causing it and then how you could potentially fix that for your users.

So you definitely want to use these to your advantage when dealing with NDRs. But the key here as far as like analyzing NDRs is to. First, when you find out there’s NDRs that have occurred, you want to make sure you message trace, track the message, look at your logs, find out what the message involves. If it’s a user who’s complaining that something’s not going through, or you’ve done a test and so of things not going through, then you can come in here, you can look these codes up and then you can troubleshoot based upon what their knowledge base is telling you. Okay, so that’s going to be the steps for going through and analyzing and of course, trying to troubleshoot those NDRs.

• Category: Uncategorized