Configure Message Size Limits in Exchange 2010

If you’re running Exchange 2010 at your office, you may have noticed that the default incoming and outgoing message size limit  is 10,240 KB or 10 MB. These days, however, there are many attachments that far exceed this size.

If you want to increase the maximum receive size and the maximum send size for emails, it’s not as simple as you might think. But then again, when is anything easy to figure out in Exchange!

In order to change the size limits, you have to make the change in several locations within the Exchange Management Console.

hub transport exchange

First, you need to modify the global settings at this location:

Organization Configuration – Hub Transport – Global Settings – Properties of Transport Settings

Here you will be able to edit the transport send and receive limits. Once you have done that, you need to modify the send and receive connectors.

global transport settngs

You can change the Send Connector by going to the following location:

Organization Configuration – Hub Transport – Global Settings – Properties of Default Send

And you can do the same thing for the Receive Connector here:

Server Configuration – Hub Transport – Receive Connectors Pane – Properties of Default <host>

That is all there is to it! Note that the largest value you can enter into the maximum receive size and maximum send size in KB is 2097151, which is basically 2 GB! Hopefully, no one in your organization needs to attach a file that is 2 GB in size.

Finally, you need to make sure you restart your Exchange server for the new size limits to take effect. If you can’t reboot, you can try to restart the Exchange services and see if that works.

Also, you can change the max number of recipients in the Global Transport settings dialog. The range is from 0 to a whopping 2147483647.

Microsoft Exchange Server 2007 Shapes and Icons for Visio

I was just diagramming an Exchange 2007 deployment and came across the Microsoft Office Visio Stencil Containing Shapes for Microsoft Exchange Server 2007, a free download from Microsoft.

This stencil and template provided enable you to create Visio drawings that contain Exchange Server 2007 objects. These shapes include icons for Exchange 2007 server roles, networking, telephony and Unified Messaging objects, Active Directory and directory service objects, client computers and devices, and other Exchange organization elements. 

To use this stencil, place these 2 files (MicrosoftExchangeServer2007_Icons.vst and MicrosoftExchangeServer2007_Icons.vss) in your local C:\Documents and Settings\yourname\My Documents\My Shapes folder.

In Visio, click File, click Open, and then go to your My Shapes folder. Open the MicrosoftExchangeServer2007_Icons.vst file. The shapes will appear in the Microsoft Exchange Server 2007 stencil in the Shapes pane.

This download requires Microsoft Office Visio 2003 or later.


Troubleshooting Exchange 2007 ESE Event 491

My Exchange 2007 SP1 server started reporting Event 491 in the Application Log.

Source: ESE Event ID: 491

edgetransport (3488) Transport Mail Database: An attempt to determine the minimum I/O block size for the volume “D:\” containing “D:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue\” failed with system error 5 (0x00000005): “Access is denied. “. The operation will fail with error -1032 (0xfffffbf8).

The Microsoft Exchange Transport service was not automatically starting as well. A few posts I found mentioned excluding the Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue directory from anti-virus scanning. I played around with all sorts of exceptions, but that didn’t resolve my problem. I even disabled the real-time A-V scanner and rebooted the server, but the problems persisted.

After hours of searching I came across this post, which pointed at permissions as the root of the problem. I had removed the default permissions on the Exchange installation drive, and Network Service was missing on the list of permissions. I tried to assign the fewest permissions as possible, but in the end here is what I assigned.

  • NETWORK SERVICE has all rights *except* Full Control and Modify on the TransportRoles folder, and inheritance is turned on. This full path is D:\Program Files\Microsoft\Exchange Server\TransportRoles\ on my server, yours may vary.
  • NETWORK SERVICE has Full Control on the D:\Program Files\Microsoft\Exchange Server\TransportRoles\data\ folder, and inheritance is turned on.
  • NETWORK SERVICE has Read & Execute, List Folder Contents, and Read on the D:\Program Files\Microsoft\Exchange Server\ folder.
  • NETWORK SERVICE has Read & Execute, List Folder Contents, and Read on the root installation folder, which is D:\ for me. I did everything I could to avoid this, but couldn’t make it work without assigning this permission.

After making these changes, reboot your server and you should find Event 491 gone and your Microsoft Exchange Transport service automatically starting once again.

Troubleshooting Exchange Error 4.4.7 Delivery Delay and Failures


One of our partners keeps receiving the following messages when trying to email certain domains:

This is an automatically generated Delivery Status Notification.



Delivery to the following recipients has been delayed.

Where is the address he’s trying to send the message to.

Eventually he receives the following message

Your message did not reach some or all of the intended recipients.

The following recipient(s) could not be reached: on 3/27/2008 9:11 AM

Could not deliver the message in the time limit specified. Please retry or contact your administrator.

<originating.mailserver.hostname #4.4.7>

He’s sending to addresses he’s previously sent to with no problems.

KB 284204 notes the following about the 4.4.7 error message:

Possible Cause: The message in the queue has expired. The sending server tried to relay or deliver the message, but the action was not completed before the message expiration time occurred. This NDR may also indicate that a message header limit has been reached on a remote server or that some other protocol timeout occurred during communication with the remote server.

Troubleshooting: This code typically indicates an issue on the receiving server. Verify the validity of the recipient address, and verify that the receiving server is configured to receive messages correctly. You may have to reduce the number of recipients in the header of the message for the host that you are receiving this NDR from. If you resend the message, it is placed in the queue again. If the receiving server is on line, the message is delivered.

You can see the problem is usually on the recipient’s server. Common causes are the recipients mail server is offline or otherwise unreachable, possibly due to DNS problems.

One thing you can try on the originator’s mail server is to increase the SMTP Virtual Server’s Delay Notification and Expiration Timeout settings.

To access these settings in Exchange 2003, open System Manager and navigate to Servers – Your Mail Server’s Name – Protocols – SMTP. Right click on your SMTP Virtual Server – Properties – Delivery tab.

SMTP Virtual Server Delivery Settings

I changed my Delay notification from 12 hours to 18 hours, and the Expiration timeout from 2 days to 4 days. You will need to tweak these settings to what is appropriate for your particular environment.

Another reason you may have these errors, especially with AOL email recipient may be you don’t have a DNS PTR record (Reverse DNS Record) for your mail server. AOL explains:

“AOL does require that all connecting Mail Transfer Agents have established reverse DNS, regardless of whether it matches the domain.”

This means if your mail server doesn’t have a Reverse DNS record, your messages sent to AOL will fail.

AOL has a page where you can enter your mail server’s IP address to determine if AOL can find it’s corresponding Reverse DNS record. If you’re not sure what the IP address of your mail server is, you can look it up based on your domain name.

Also note that setting up a Reverse DNS record is not the same process you would perform while creating a host name or other record. With forward (regular) DNS you setup your name servers with your domain registrar, like Network Solutions. With reverse DNS you must contact your ISP to have them create and host the record. The reason why is because the ISP is who is ultimately responsible for your IP address, and only they can verify that your mail server does indeed reside at that particular IP address.







Howto: Force Outlook to Download Updated Exchange Offline Address Books

I just created a new user on my Exchange 2003 server, and wanted to verify the new account was shown in the Global Address List (GAL). I’m using the Outlook 2007 client in cached mode, and I wanted to download the updated offline address book immediately, rather than waiting for it to perform it’s scheduled download.

KB 841273 explains that:

  1. Outlook in cached mode automatically updates the offline address book on the client every 24 hours. The 24-hour time period is measured from the time that the offline address book was last downloaded successfully. For example, if you complete an offline address book download at 09:00 today, Outlook will start the offline address book download the next day at approximately 09:00. Therefore, different people will receive updates at different, random times.
  2. Each day, the Exchange computer generates a full offline address book and a differential file from the previous day. The Exchange computer stores the differential file and the full file for the current day and stores only the differential files for the previous days.
  3. The default setting on the Exchange computer is to generate an offline address book differential file every morning at 04:00.
  4. By default, the Exchange computer generates the offline address book files every morning at 05:00.
  5. Unless you notice the last time that Outlook downloaded the offline address book, you may not know when Outlook is scheduled to try the next offline address book download. No indicator in the Outlook user interface advises you of the offline address book download schedule.

You can now see it’s virtually impossible to determine when my Outlook client would automatically receive the updated address list.

The steps I performed to force Exchange and Outlook to immediately synchronize the offline address books:

  1. One the server – Start Exchange System Manager, expand RecipientsOffline Address Lists. Right click on your address list and select Rebuild. You will be warned that it potentially could take a long time. Click Yes to proceed with the rebuild. Wait a few minutes, but if you have a small Exchange deployment this could finish in seconds.
  2. On the client – In Outlook click on the down arrow next to Send/Receive to open the menu. Click Download Address BookOK. Make sure that the Download changes since last Send/Receive check box is selected.

The correct order to stop and start BES services

KB 13718 explains the correct order to stop and start Blackberry Enterprise Server (BES) services for Microsoft Exchange:

1. BlackBerry Router.
2. BlackBerry Dispatcher.
3. BlackBerry Controller.
4. All remaining BlackBerry services.

The BlackBerry Enterprise Server for Microsoft Exchange Disaster Recovery Guide explains the correct order is:

1. BlackBerry Controller
2. BlackBerry Router
3. BlackBerry Dispatcher
4. all remaining BlackBerry services

KB04293 explains the correct order for BES 4.0 or later with Exchange is:

1. BlackBerry Router
2. BlackBerry Dispatcher
3. BlackBerry Controller
4. all other BlackBerry Enterprise Server services

The BlackBerry Enterprise Server for IBM Lotus Domino Version 4.1.3 Upgrade Guide explains the correct order is:

1. BlackBerry Controller
2. BlackBerry Router
3. BlackBerry Dispatcher
4. all remaining services

I was unable to find any official Blackberry documentation regarding the proper order to stop and start the BES services for Groupwise, but this document on the Vodaphone support web site suggests the following order:

Start the Blackberry services in the following order:

1. Blackberry Dispatcher
2. Blackberry Router
3. Blackberry Controller
4. Blackberry Alert
5. Blackberry Attachment Service
6. Blackberry Mobile Data Service
7. Blackberry Policy Service
8. Blackberry Synchronization Service

Reverse the order of the services when you stop the services.

As you can see, the documentation does not consistently explain the order the BES services should be stopped and started.

Clearing out Exchange SMTP queues using AQADMCLI

I recently had to help a customer clean up their SBS 2003 server which had been used to send out spam. It seems that one of their user accounts had been compromised, and we were able to stop the spam by changing the user’s password. The server’s performance was horrible, even after a reboot, and we found messages stuck in over 500 SMTP queues. Rather than clear the queues one at a time, I used the Aqadmcli tool to delete all the stuck messages at once.

To clear all the SMTP queues at once, run the following from a command prompt on the Exchange server:


setserver [servername]

delmsg flags=all


where [servername] is the name of the Exchange server containing the queues you want to clear.

You can also delete messages from a particular sender using the syntax

delmsg flags=SENDER,

You can read more about this tool here [via the Wayback Machine]

KB 324958 describes an alternate way of cleaning up the SMTP queues. There is also a webcast that shows how to accomplish SMTP queue cleanup.