While working on an Exchange 2010 – Exchange Online hybrid environment, few users encountered an error where after migrating email moderators to the Exchange Online, moderators receiving an NDR when they take an action for a moderated email. Below is an excerpt of the NDR.
From: Microsoft Outlook
Sent: Thursday, January 14, 2016 10:30 AM
Image removed by sender.
Your message to MSExchApproval1f05a927email@example.com couldn’t be delivered.
MSExchApproval1f05a927-xxxx-xxxx-xxxx-b59fe3b56f4c wasn’t found at domain.tld.
Now, if you are an experienced Exchange administrator, by the looks of this you know what has gone wrong here. Unfortunately for me, it took a couple of days before understanding what was the cause of this. If you are here reading this just like how I was, trying to figure out what’s the issue here, keep reading.Let’s first see how a moderated mail approval work in Microsoft Exchange. Microsoft Exchange server handles the workflow of special kinds of emails such as moderated emails with intermediate system mailboxes (a.k.a Arbitration Mailboxes). Below is a diagram of how an arbitration mailbox works when an moderated email has been sent.
- A mail user sends an email to a moderated group.
- The categorizer at hub transport server intercepts the email, marks for moderation and then re-routes it to the arbitration mailbox.
- The store driver component stores the message in the arbitration mailbox and sends an approval request to the moderator.
- The moderator takes an action.
- The store driver marks the moderator’s decision on the original message stored in the arbitration mailbox.
- The Information Assistant reads the approval status on the message stored in the arbitration mailbox, and then process the message depending on the moderator’s decision.
- If the moderator has approved the message, the Information Assistant resubmits the message to the submission queue, and the message is delivered to the recipient(s).
- If the moderator has rejected the message, the Information Assistant deletes the message from the arbitration mailbox and notifies the sender that the message was rejected.
Are you with me so far? Yes? Good! Let’s see what has happened in this case.
Now that you have an idea how a moderated email approval process works, let’s see what has happened here. The moderated distribution group is an on premises dynamic distribution group. On premises’ dynamic distribution group objects aren’t synced to the Exchange Online. Since the moderator is homed in Exchange Online and the dynamic distribution group is home on premises Exchange Server, his moderated action does not find an arbitration mailbox responsible for the distribution group on the Exchange Online. Therefore it sends an NDR to the moderator. There are two workarounds for this issue.
- Configure your dynamic distribution group on the Exchange Online
- From the Exchange Online Admin Center, create a contact for the email address you received in the NDR.
In this case I’ll be creating a mail contact for the email address “MSExchApproval1f05a927firstname.lastname@example.org” in the Exchange Online Admin Center. This will trick the Exchange Online to re route the email to your on premises Exchange 2010 server, where on premise hub transport server will process the approval accordingly.