Local router blocking incoming remote assistance request
I have a user who recently moved. they received new equipment from their ISP. I use to be able to make remote assistance connections to their computer using a popular system center configuration manager remote tool. Now i can't get past the handshake when i try to connect. If he has split tunneling enabled would the new router block incoming traffic? I know by default most of the router's firewall will block all incoming traffic (if enabled). does this apply to VPN traffic?
Hi, if the VPN terminates on an IOS router, then the split tunneling does not "block" anything. It simply decides which traffic is sent through the tunnel and which traffic is sent in clear text (as in Internet traffic).
If the router has ACLs on the outside interface, that could be blocking the traffic (even VPN traffic).
Make sure the desired traffic is part of the split tunneling rule and that if there's an ACL, it allows the traffic to pass.
Similar Messages
-
British Telecom BT 220v router blocking incoming http access ?
(Partly in response to Neil's suggested solution to my incoming traffic problem, in thread 'Wake when the modem detects a ring ...' )
I am assured by my ISP (BT or British Telecom: previously able to give good advice on my non-Windoze, non-Explorer, non-USB configuration, so stuck with them) that there is no firewall on my BT 220V router and that there is no blocking or filtering of incoming traffic by BT for domestic (or business) customers.
However, inspection of the router configuration and BT's own Quick Start guide reveals that IP filtering can indeed be set up, the default appearing to be that filtering is Enabled for inbound traffic.
The latest BT tech-help person ensured me that these are 'factory settings' which cannot be changed (and indeed I can't and don't want to), but did not know what they do. No doubt they are for security & firewall purposes: anyone know what kind of traffic they filter, and has anyone had this problem (no external access to shared folders or personal web site folders, timeouts rather than 404 errors) with a 220v ?
I've been round every other possible explanation and this is all that is left. Completely stuck otherwise.
iBook G4, 256MB ram, Aiport Extreme, built-in ethernet, 133MHz Mac OS X (10.3.9)I'll shed some light -- if you try this in a forum OTHER than an iPhone forum, perhaps you may get more responses.
-
I have a weird request I have never thought I would get. I have a VIP user that wants to receive no calendar invites / meeting invites from:
- anyone outside of our organization (ie: from the internet)
- only certain users from INSIDE our organization
Can I accomplish this either though a transport rule and/or an Outlook rule? I am on Exchange 2007 currently, and Outlook 2007 currently. Soon to have both on 2013 versions, migrating soon, but if possible, I need to implement this in our current environment.
Thanks in advanceHello,
Based on your description, I understand that the VIP user don't want to receive meeting requests from anyone outside of your organization and certain users from inside your organization. If so, we can't create transport rule in exchange 2007.
I recommend you upgrade your exchange server 2007 to exchange 2013. If you use exchange 2013, you can create this transport rule like : under condition, the sender is this person (distribution
group, you can add certain users from inside your organization to a distribution group) ; the recipient is this person (the VIP user);
the message properties include the message type(Calendaring); under actions, block the message reject the message and include an explanation/ reject the message with the enhanced status code of /delete the message without notifying anyone.
You need to create the second transport rule: you only need to change the first condition: the sender is located outside the organization, and other conditions and actions are the same as the first transport rule.
If you have any feedback on our support, please click
here
Cara Chen
TechNet Community Support -
FQDN behind NAT'd router and OD Master assistance request
I have a static IP (1) from my ISP that is assigned via PPPoE.
Because of the PPPoE, I use a SOHO router as a my gateway, and NAT the necessary ports to 192.168.1.10
I would like to setup a FQDN and OD Master (with Kerberos) at 192.168.1.10, but am unsure how to do this. I've setup FQDN with a global IP before, but never one with NAT'd to a private IP. I think I can get DNS "working", but not in a good enough state for OD Master with Kerberos.
Does someone have a setup guide for this situation?... unanswered. withdraw question
-
Request Remote Assistance Shortcut
I am trying to create a shortcut, script, or batch file that will allow users to create a remote assistance request and email it to a specific email address. It sounds easy enough, but I cannot get it to work.
I used msra /email but I can't pipe an email address into the command. I tried a batch file that ran msra /saveasfile then ran "C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE" /c ipm.note /m emailaddress /a incident.msrcincident, but that gave me other issues.
I am actually trying to do this as a simple integration with BMC Remedy since I already customized it to create tickets via incoming email.
Anyone have anything in place that does this? Or possibly a better solution?
- BobHere is a script I have developed that addresses the email problems. I use a ping to get a minor pause in the script.
This script is designed to be placed in the folder 'c:\Scripts'. I have used the computer name as the filename to allow the recipient to distinguish which machine support is being requested for.
Once I created this in a cmd file. I placed a shortcut on the public desktop to launch it.
The user does not need to relay the password, as it is always the same (in this example 'PASSWORDTEXT').
BTW, this was performed on the original Surface RT, with the 8.1 upgrade
if exist c:\Scripts\%COMPUTERNAME%.msrcincident del c:\Scripts\%COMPUTERNAME%.msrcincident
start "Remote Assistance" msra /saveasfile c:\Scripts\%COMPUTERNAME% PASSWORDTEXT
ping 4.2.2.1
"C:\Program FIles\Microsoft Office\Office15\Outlook.exe" /c ipm.note /m
[email protected] /a c:\Scripts\%COMPUTERNAME%.msrcincident -
Hi All,
I would like to use remote assistance to help my staff - after all that's what it's designed for
The problem I am having is that general users are not machine / domain admins.
When they send a remote assistance request to me, for me to do anything more than open notepad or the like the user is prompted to enter admin account creditials - which they don't have - so I have to go find them and type it in directly, hence making remote assistance nothing more than a convoluted support request email system
Is there a way a user can send a request, and the remote helper (that's me) enter the UAC admin credentials instead of the local user? Group policy or something...???
Thanks guys!
Russell.I found a solution & want to share with you. Please follow the below steps to configure UAC by using group policy so that it can apply to all machine.
Steps 1:Create
an OU (Organizational Unit) on your AD (active directory) & move the machine which you want to apply the GP (Group Policy) for UAC access on remote assistance.
Steps 2:Open
Group Policy Management Console on your AD machine and create a GP & link it to OU which you have created. Give a name to that GP & select edit.
Steps3:
Now go to this location
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
And make the changes as mentioned below
Group Policy setting
Registry key
Default
Changes Required
User Account Control: Admin Approval Mode for the built-in Administrator account
FilterAdministratorToken
Disabled
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop
EnableUIADesktopToggle
Disabled
Enabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
ConsentPromptBehaviorAdmin
Prompt for consent for non-Windows binaries
Prompt for credentials
User Account Control: Behavior of the elevation prompt for standard users
ConsentPromptBehaviorUser
Prompt for credentials on the secure desktop
Prompt for credentials
User Account Control: Detect application installations and prompt for elevation
EnableInstallerDetection
Disabled (default for enterprise)
User Account Control: Only elevate executables that are signed and validated
ValidateAdminCodeSignatures
Disabled
User Account Control: Only elevate UIAccess applications that are installed in secure locations
EnableSecureUIAPaths
Enabled
User Account Control: Run all administrators in Admin Approval Mode
EnableLUA
Enabled
User Account Control: Switch to the secure desktop when prompting for elevation
PromptOnSecureDesktop
Enabled
Disabled
User Account Control: Virtualize file and registry write failures to per-user locations
EnableVirtualization
Enabled
Now run ‘’gpupdate’’ on server & client side to verify. Enjoy
J -
I have a WRT54G ver 6 and firmware 1.01.0 with port 3389 opened for my IP address, enabled and with no other firewalls. I can not initiate nor accept a Remote Assistance request from another city with either of my laptops. Any ideas?
It seems to me that getting this device to work properly should not be so difficult.Do you think a static IP is necessary? As long as the private IP address has not changed and both ends know what the private IP is there should be no need for a static IP address assigned to the remote host.
-
Please help!!To whom it may concernDear Madam/Sir who works for Skype & Microsoft Dear all who can really help, Do you have an option for block all incoming message and request EXCEPTED messages from my contacts? or Do you have any solution to solve my problem from begin to now in present time? Even though, I set the Privacy settings: - Allow calls from... "people in my Contact list only"- Automatically received video and share screens with "people in my Contact list only"- Allow IMs from "people in my Contact list only" I still received unknow users sent me messages in every day, contact requests etc. And they're all clearly spammings and identity thefts. I only wanna contact with my family and my freinds here with Skype via my Windows device and my mobile phone (w/Android OS). And this is the only way to contact with them, because they could use Skype only in overseas. BUT I don't need new friend from other unknow Skype member. I keep blocked all unknow spammers in every day. However in this morning, I feel so scared with Skype on my mobile, I looked at my mobile Skype, I saw it automatically showed me the list of all blocked members. BUT they were all unblocked (contact unblocked) by my mobile (Android version) Skype itself automatically, and listed them one by one on the screen, and about 30 seconds later, they all were disappeared suddenly. I don't know what do to now, is it indicating my account was hacked?And how could I found out all those members again and block them again and delete all of them for ever? I appreciate if you would improve the privacy protection. Thank you very very very much.
Hrm... that may be true and this may be a function of the phone email client that Apple just doesn't do.
No, I can easily MANUALLY delete the messages. I would prefer if I didn't have to do it twice, tho. Once on the mail server and once on the phone.
What I think the phone needs to do is, when it checks the POP, anything NOT there should be removed locally. I think you are correct on POP; the phone will poll the mx (mail exchanger) and the mx will pass off the messages to the phone. The phone then keeps ALL of that unitl you manually delete it.
If, say, I remove a message from the mx, I would like the phone, when next polls, to see that that particular message isn't on the server anymore and remove it locally.
Perhaps it's just me but if I delete the message on the mx itself, via my ISP's webmail interface, I really don't want to have to remove it again from my phone.
thxs!
cheers
rOot -
Hello,
Before to use remote assistance in windows 8.1, i need to configure my nat router freebox.
But remote assistance ( msra.exe ) use a dynamique port and never the same.
How to use a fixed port for remote assistance ini windows 8.1 ?
And why i can't use easy connect ?
i read that the router must implement the PNRP protocol. I think it's a propriatary microsoft's protocol unknow on my router.
ThanksHello,
Very good. It's a big range ( 255 mini from 49152 ) for a single port but if it's the only one possibility...
You are very helpfull ( i don't know if it's a good english but you make me very happy )
Merci beaucoup -
Application object for users to request remote assistance
Hi
I want to lock down my users' desktops by changing the Windows shell to Application Explorer but still want my users to be able to request a Remote Assistance session with the list of pre-defined operators.
I have my policy setup and my users' can go to the Remote Management section of the Adaptive Agent and from there, request a remote assistance session.
How can I do this without my users' having to go to the properties of the Adaptive Agent?
Thanks
rdcrgdacosta,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Exchange 2007 Block incoming meeting requests?
Hello,
Is there any way to block incoming meeting requests on an Exchange 2007 server and have it send a message back saying the server doesn't accept said requests? I know it can be done in Outlook with a rule but we would like to block them
at the server for any requests, not just a couple of users.
ThanksYou could look at hub transport rules. I cant remember if 2007 allowed a rule based on a message class.
I would also disable the processing of external meeting requests for mailboxes:
http://technet.microsoft.com/en-us/library/aa996340(v=exchg.80).aspx
Use the ProcessExternalMeetingMessages parameter to specify whether to process meeting requests originating outside the Exchange organization
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied. -
Huge volume of records are routing to the remote user other than his position and organization records. Synchronization and DB initialization taking more time around 36 hours.
Actual accounts & contacts need to be route around 2000 & 3000 but we have observed lakhs of records routing into local DB.
We have verified all the Assignment Rules, Views.
We ran docking object visibility rules and we have observed that some other accounts are routing due to Organization rule passing. (these records are not supposed to route).
Version Siebel 7.7.2.12,
OS Solaris.let me know what would be the reason that 1st million takes only 15 minuts and the time goes on increasing gradually with the increase of dataYes that's a little strange. I only can guess:
1. You are in archivelog mode and the Archiver is not able to archive the redo logs fast enough
2. You don't use Direct Load and DBWR ist not able to write the direty block to disk fast enough. You could create more DBWR processes in that case.
3. Make a snapshot of v$system_event:
create table begin as select * from v$system_event;After the import run
create table end as select * from v$system_event;Now compare the values:
select * from begin order by TIME_WAITED_MICRO descwith the values given you by
select * from end order by TIME_WAITED_MICRO descSo you can look where your DB spent so much time waiting for something.
Alternativly, you could start a 10046 trace on the loading session and use tkprof.
Dim -
What means about Non-local Process blocks cleaned out in RACalert log
Hi Experts,
We have 4 nodes oracle 11.1 RAC in redhat5.1.
I saw lots of message about Non-local Process blocks cleaned out in alert log files today.
such as
Tue Sep 8 16:31:04 2009
Reconfiguration started (old inc 18, new inc 20)
List of nodes:
0 1 2 3
Global Resource Directory frozen
Communication channels reestablished
* domain 0 valid = 1 according to instance 0
Tue Sep 8 16:31:04 2009
Master broadcasted resource hash value bitmaps
Non-local Process blocks cleaned out
Tue Sep 8 16:43:46 2009
LMS 0: 0 GCS shadows cancelled, 0 closed
Tue Sep 8 16:43:46 2009
LMS 1: 0 GCS shadows cancelled, 0 closed
Set master node info
Submitted all remote-enqueue requests
Dwn-cvts replayed, VALBLKs dubious
All grantable enqueues granted
Does some expert above message for me?
Thanks
JimThanks- good observation.
Unusual, perhaps, but it is what we need in our setting. And- allegedly this is supported / encouraged based on my understanding of the OS X Server docs. I don't have any control over the AD server (since it's in the university-level IT management's hands) but I -do-, of course, have control over my own server. So I just want to use their authentication (and save my students / lab folk the trouble of having multiple logins, etc).
You make a good point / observation / point-of-debuggery. Indeed, if I set the client machines to use -only- the main campus AD server (and thus allow logins from everyone on campus) it works first time. So it is some interesting interaction betwixt the Mac OS Server and the client methinks. In fact, across campus, all the 'public' machines are simply bound to the AD server and you can just log in that way. -
I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
I need to allow the following IP addresses to have RDP access to my server:
66.237.238.193-66.237.238.222
69.195.249.177-69.195.249.190
69.65.80.240-69.65.80.249
My external WAN server info is - 99.89.69.333
The internal IP address of my server is - 192.168.6.2
The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
THE FOLLOWING IS MY CONFIGURATION FILE
Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
Also the bolded lines are the modifications I made but that arent working.
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password DowJbZ7jrm5Nkm5B encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 99.89.69.233 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network EMRMC
network-object 10.1.2.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 172.16.0.0 255.255.0.0
network-object 192.168.9.0 255.255.255.0
object-group service RDP tcp
description RDP
port-object eq 3389
object-group service GMED tcp
description GMED
port-object eq 3390
object-group service MarsAccess tcp
description MarsAccess
port-object range pcanywhere-data 5632
object-group service MarsFTP tcp
description MarsFTP
port-object range ftp-data ftp
object-group service MarsSupportAppls tcp
description MarsSupportAppls
port-object eq 1972
object-group service MarsUpdatePort tcp
description MarsUpdatePort
port-object eq 7835
object-group service NM1503 tcp
description NM1503
port-object eq 1503
object-group service NM1720 tcp
description NM1720
port-object eq h323
object-group service NM1731 tcp
description NM1731
port-object eq 1731
object-group service NM389 tcp
description NM389
port-object eq ldap
object-group service NM522 tcp
description NM522
port-object eq 522
object-group service SSL tcp
description SSL
port-object eq https
object-group service rdp tcp
port-object eq 3389
access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.6.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 68.156.148.5
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
tunnel-group 68.156.148.5 type ipsec-l2l
tunnel-group 68.156.148.5 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
: end
ciscoasa(config-network)#Unclear what did not work. In your original post you include said some commands were added but don't work:
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
and later you state you add another command that gets an error:
static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface. Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive? Static PAT usually makes sense when you need to change the TCP port number. In your example, you are not changing the TCP port 3389. -
Good Afternoon,
My Customer is running Exchange 2013 CU5 that has a transport rule that is supposed to reject any email from a particular user as that user is no longer with the company. The transport rule rejects the message, BUT, it does
not show the Custom DSN. It shows the default message:
Delivery has failed to these recipients or groups:
[email protected] Your message wasn't delivered because the recipient's email provider rejected it.
Diagnostic information for administrators:
Generating server: EXMBX01.DOMAIN.LOCAL
[email protected] Remote Server returned '< #5.7.169 smtp;550 5.7.169 TRANSPORT.RULES.RejectMessage; the message was rejected by organization policy>'
I have looked up the transport rule in Exchange:
Get-TransportRule "User Reject" | fl *Reject*,Description
RejectMessageEnhancedStatusCode : 5.7.169
RejectMessageReasonText : This E-MAIL Address is no longer in service. Please Contact
[email protected] for assistance
SmtpRejectMessageRejectText :
SmtpRejectMessageRejectStatusCode :
Description : If the message:
Is sent to '[email protected]'
and Is received from 'Outside the organization'
Take the following actions:
Set audit severity level to 'High'
and reject the message and include the explanation 'This E-MAIL
Address is no longer in service. Please Contact
[email protected] for assistance' with the status code: '5.7.169'
I tried setting up to separate external DSN messages and tried both with the same results:
Get-SystemMessage | ft -a -wr
Identity Text
en\External\5.7.69 This E-MAIL Address is no longer in service. Please Contact [email protected] for assistance.
en\External\5.7.169 This E-MAIL Address is no longer in service. Please Contact [email protected] for assistance.
I tried to change the SmtpRejectMessageRejectText on both Exchange servers and got the following error:
Set-TransportRule -Identity "User Reject" -SMTPRejectMessageRejectText "This E-MAIL Addre
ss is no longer in service. Please Contact [email protected] for assistance"
A specified parameter isn't valid on a server with the Hub Transport role installed.
+ CategoryInfo : InvalidArgument: (SmtpRejectMessageRejectText:String) [Set-TransportRule], ArgumentExcep
tion
+ FullyQualifiedErrorId : [Server=EXMBX01,RequestId=b2a61aba-179b-4867-85b8-cc47eba62701,TimeStamp=6/27/2014
7:19:32 PM] [FailureCategory=Cmdlet-ArgumentException] 8BBE1900,Microsoft.Exchange.MessagingPolicies.Rules.Tasks.
SetTransportRule
+ PSComputerName : exmbx01.domain.local
I really am having issues finding and answer. Any assistance would be greatful!
Thanks,
Lance LingerfeltHi Lance,
Thanks for your update.
According to the error that you pasted, "A specified parameter isn't valid on a server with the Hub Transport role installed.", it seems you have no proper permission to use some specific parameters.
Even if there are many parameters in the Technet article
http://technet.microsoft.com/en-us/library/bb125138(v=exchg.150).aspx , you may not have access to some parameters if they're not included in the permissions assigned to you. You need Organization Management and Records Management permissions, see
the following links:
http://technet.microsoft.com/en-us/library/dd633492(v=exchg.150).aspx
http://technet.microsoft.com/en-us/library/dd335087(v=exchg.150).aspx
http://technet.microsoft.com/en-us/library/dd638205(v=exchg.150).aspx
Thanks
Mavis
Mavis Huang
TechNet Community Support
Maybe you are looking for
-
Failure to build LabVIEW applicatio​n on Linux using "Shared library"
In order to create a LabVIEW application on linux without an X display, I complied the LabVIEW VI using the Linux Shared Library. I did this by right clicking on Build Specification and selecting New >> Shared Library, and in the Advanced section, ch
-
Does the power mac G4 meet the requirements to play the sims 3 smoothly? Specs: 1. 450mhz processor 2. 2gig of ram 3. 2 hard drives 1 @ 20 gig and the other @ 80gig 4. Mac OSX 10.4.11 operating system
-
Why doesnt my mobile me gallery work
My mobile me account wont reconize my apple id and password to use mobile me gallery
-
Hi We're doing some performance testing on our database. The SGA is set to 1.5GB and PGA set to 0.5GB. At some point we are runnning out of memory as we ramp up the number of users and transactions . What I'm looking for is to graph the PGA and SGA u
-
Preserve the layer order imported from photoshop
Is there a way to import photoshop files to after effects and keep the layer order from photoshop? I don't want to have to go back to all of my photoshop files and rename them. And I'd like to use the folders instead of compositions (the ones that ar