Local router blocking incoming remote assistance request

Similar Messages

• British Telecom BT 220v router blocking incoming http access ?

  (Partly in response to Neil's suggested solution to my incoming traffic problem, in thread 'Wake when the modem detects a ring ...' )
  I am assured by my ISP (BT or British Telecom: previously able to give good advice on my non-Windoze, non-Explorer, non-USB configuration, so stuck with them) that there is no firewall on my BT 220V router and that there is no blocking or filtering of incoming traffic by BT for domestic (or business) customers.
  However, inspection of the router configuration and BT's own Quick Start guide reveals that IP filtering can indeed be set up, the default appearing to be that filtering is Enabled for inbound traffic.
  The latest BT tech-help person ensured me that these are 'factory settings' which cannot be changed (and indeed I can't and don't want to), but did not know what they do. No doubt they are for security & firewall purposes: anyone know what kind of traffic they filter, and has anyone had this problem (no external access to shared folders or personal web site folders, timeouts rather than 404 errors) with a 220v ?
  I've been round every other possible explanation and this is all that is left. Completely stuck otherwise.
  iBook G4, 256MB ram, Aiport Extreme, built-in ethernet, 133MHz   Mac OS X (10.3.9)  

  I'll shed some light -- if you try this in a forum OTHER than an iPhone forum, perhaps you may get more responses.

• Block incoming calendar / meeting requests to a specific mailbox / user using transport rules or an Outlook rule?

  I have a weird request I have never thought I would get. I have a VIP user that wants to receive no calendar invites / meeting invites from:
  - anyone outside of our organization (ie: from the internet)
  - only certain users from INSIDE our organization
  Can I accomplish this either though a transport rule and/or an Outlook rule? I am on Exchange 2007 currently, and Outlook 2007 currently. Soon to have both on 2013 versions, migrating soon, but if possible, I need to implement this in our current environment.
  Thanks in advance

  Hello,
  Based on your description, I understand that the VIP user don't want to receive meeting requests from anyone outside of your organization and certain users from inside your organization. If so, we can't create transport rule in exchange 2007.
  I recommend you upgrade your exchange server 2007 to exchange 2013. If you use exchange 2013, you can create this transport rule like : under condition, the sender is this person (distribution
  group, you can add certain users from inside your organization to a distribution group) ; the recipient is this person (the VIP user);
  the message properties include the message type(Calendaring); under actions, block the message reject the message and include an explanation/ reject the message with the enhanced status code of /delete the message without notifying anyone.
  You need to create the second transport rule: you only need to change the first condition: the sender is located outside the organization, and other conditions and actions are the same as the first transport rule.
  If you have any feedback on our support, please click
  here
  Cara Chen
  TechNet Community Support

• FQDN behind NAT'd router and OD Master assistance request

  I have a static IP (1) from my ISP that is assigned via PPPoE.
  Because of the PPPoE, I use a SOHO router as a my gateway, and NAT the necessary ports to 192.168.1.10
  I would like to setup a FQDN and OD Master (with Kerberos) at 192.168.1.10, but am unsure how to do this. I've setup FQDN with a global IP before, but never one with NAT'd to a private IP. I think I can get DNS "working", but not in a good enough state for OD Master with Kerberos.
  Does someone have a setup guide for this situation?

  ... unanswered. withdraw question

• Request Remote Assistance Shortcut

  I am trying to create a shortcut, script, or batch file that will allow users to create a remote assistance request and email it to a specific email address.  It sounds easy enough, but I cannot get it to work.
  I used msra /email but I can't pipe an email address into the command.  I tried a batch file that ran msra /saveasfile then ran "C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE" /c ipm.note /m emailaddress /a incident.msrcincident, but that gave me other issues.
  I am actually trying to do this as a simple integration with BMC Remedy since I already customized it to create tickets via incoming email.
  Anyone have anything in place that does this?  Or possibly a better solution?
  - Bob

  Here is a script I have developed that addresses the email problems.  I use a ping to get a minor pause in the script.
  This script is designed to be placed in the folder 'c:\Scripts'.  I have used the computer name as the filename to allow the recipient to distinguish which machine support is being requested for.
  Once I created this in a cmd file.  I placed a shortcut on the public desktop to launch it.
  The user does not need to relay the password, as it is always the same (in this example 'PASSWORDTEXT'). 
  BTW, this was performed on the original Surface RT, with the 8.1 upgrade
  if exist c:\Scripts\%COMPUTERNAME%.msrcincident del c:\Scripts\%COMPUTERNAME%.msrcincident
  start "Remote Assistance" msra /saveasfile c:\Scripts\%COMPUTERNAME% PASSWORDTEXT
  ping 4.2.2.1
  "C:\Program FIles\Microsoft Office\Office15\Outlook.exe" /c ipm.note /m
  [email protected] /a c:\Scripts\%COMPUTERNAME%.msrcincident

• Remote Assistance & UAC

  Hi All,
  I would like to use remote assistance to help my staff - after all that's what it's designed for
  The problem I am having is that general users are not machine / domain admins.
  When they send a remote assistance request to me, for me to do anything more than open notepad or the like the user is prompted to enter admin account creditials - which they don't have - so I have to go find them and type it in directly, hence making remote assistance nothing more than a convoluted support request email system
  Is there a way a user can send a request, and the remote helper (that's me) enter the UAC admin credentials instead of the local user? Group policy or something...???
  Thanks guys!
  Russell.

  I found a solution & want to share with you. Please follow the below steps to configure UAC by using group policy so that it can apply to all machine.
  Steps 1:Create
  an OU (Organizational Unit) on your AD (active directory) & move the machine which you want to apply the GP (Group Policy) for UAC access on remote assistance.
  Steps 2:Open
  Group Policy Management Console on your AD machine and create a GP & link it to OU which you have created. Give a name to that GP & select edit.
  Steps3:
  Now go to this location
  Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
  And make the changes as mentioned below
  Group Policy setting
  Registry key
  Default
  Changes Required
  User Account Control: Admin Approval Mode for the built-in Administrator account
  FilterAdministratorToken
  Disabled
  User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop
  EnableUIADesktopToggle
  Disabled
  Enabled
  User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
  ConsentPromptBehaviorAdmin
  Prompt for consent for non-Windows binaries
  Prompt for credentials
  User Account Control: Behavior of the elevation prompt for standard users
  ConsentPromptBehaviorUser
  Prompt for credentials on the secure desktop
  Prompt for credentials
  User Account Control: Detect application installations and prompt for elevation
  EnableInstallerDetection
  Disabled (default for enterprise)
  User Account Control: Only elevate executables that are signed and validated
  ValidateAdminCodeSignatures
  Disabled
  User Account Control: Only elevate UIAccess applications that are installed in secure locations
  EnableSecureUIAPaths
  Enabled
  User Account Control: Run all administrators in Admin Approval Mode
  EnableLUA
  Enabled
  User Account Control: Switch to the secure desktop when prompting for elevation
  PromptOnSecureDesktop
  Enabled
  Disabled
  User Account Control: Virtualize file and registry write failures to per-user locations
  EnableVirtualization
  Enabled
  Now run ‘’gpupdate’’ on server & client side to verify.  Enjoy
  J

• WRT54G and Remote assistance

  I have a WRT54G ver 6 and firmware 1.01.0 with port 3389 opened for my IP address, enabled and with no other firewalls. I can not initiate nor accept a Remote Assistance request from another city with either of my laptops. Any ideas?
  It seems to me that getting this device to work properly should not be so difficult.

  Do you think a static IP is necessary? As long as the private IP address has not changed and both ends know what the private IP is there should be no need for a static IP address assigned to the remote host.

• Do you have an option for block all incoming message and request EXCEPTED messages from my contacts?

  Please help!!To whom it may concernDear Madam/Sir who works for Skype & Microsoft  Dear all who can really help,  Do you have an option for block all incoming message and request EXCEPTED messages from my contacts? or Do you have any solution to solve my problem from begin to now in present time?  Even though, I set the Privacy settings: - Allow calls from... "people in my Contact list only"- Automatically received video and share screens with "people in my Contact list only"- Allow IMs from "people in my Contact list only"  I still received unknow users sent me messages in every day, contact requests etc. And they're all clearly spammings and identity thefts.  I only wanna contact with my family and my freinds here with Skype via my Windows device and my mobile phone (w/Android OS).  And this is the only way to contact with them, because they could use Skype only in overseas.  BUT I don't need new friend from other unknow Skype member.   I keep blocked all unknow spammers in every day.  However in this morning, I feel so scared with Skype on my mobile, I looked at my mobile Skype, I saw it automatically showed me the list of all blocked members. BUT they were all unblocked (contact unblocked) by my mobile (Android version) Skype itself automatically, and listed them one by one on the screen, and about 30 seconds later, they all were disappeared suddenly.  I don't know what do to now, is it indicating my account was hacked?And how could I found out all those members again and block them again and delete all of them for ever?  I appreciate if you would improve the privacy protection. Thank you very very very much. 

  Hrm... that may be true and this may be a function of the phone email client that Apple just doesn't do.
  No, I can easily MANUALLY delete the messages. I would prefer if I didn't have to do it twice, tho. Once on the mail server and once on the phone.
  What I think the phone needs to do is, when it checks the POP, anything NOT there should be removed locally. I think you are correct on POP; the phone will poll the mx (mail exchanger) and the mx will pass off the messages to the phone. The phone then keeps ALL of that unitl you manually delete it.
  If, say, I remove a message from the mx, I would like the phone, when next polls, to see that that particular message isn't on the server anymore and remove it locally.
  Perhaps it's just me but if I delete the message on the mx itself, via my ISP's webmail interface, I really don't want to have to remove it again from my phone.
  thxs!
  cheers
  rOot

• How to use a fixed port for remote assistance in windows 8.1 behind a nat router freebox?

  Hello,
  Before to use remote assistance in windows 8.1, i need to configure my nat router freebox.
  But remote assistance ( msra.exe ) use a dynamique port and never the same.
  How to use a fixed port for remote assistance ini windows 8.1 ?
  And why i can't use easy connect ?
  i read that the router must implement the PNRP protocol. I think it's a propriatary microsoft's protocol unknow on my router.
  Thanks

  Hello,
  Very good. It's a big range ( 255 mini from 49152 )  for a single port but if it's the only one possibility...
  You are very helpfull ( i don't know if it's a good english but you make me very happy )
  Merci beaucoup

• Application object for users to request remote assistance

  Hi
  I want to lock down my users' desktops by changing the Windows shell to Application Explorer but still want my users to be able to request a Remote Assistance session with the list of pre-defined operators.
  I have my policy setup and my users' can go to the Remote Management section of the Adaptive Agent and from there, request a remote assistance session.
  How can I do this without my users' having to go to the properties of the Adaptive Agent?
  Thanks
  rdc

  rgdacosta,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Exchange 2007 Block incoming meeting requests?

  Hello,
     Is there any way to block incoming meeting requests on an Exchange 2007 server and have it send a message back saying the server doesn't accept said requests?  I know it can be done in Outlook with a rule but we would like to block them
  at the server for any requests, not just a couple of users.
  Thanks

  You could look at hub transport rules. I cant remember if 2007 allowed a rule based on a message class.
  I would also disable the processing of external meeting requests for mailboxes:
  http://technet.microsoft.com/en-us/library/aa996340(v=exchg.80).aspx
  Use the ProcessExternalMeetingMessages parameter to specify whether to process meeting requests originating outside the Exchange organization
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Huge volume of records are routing to the remote user other than his position and organization records. Synchronization and DB initialization taking more time around 36 hours.

  Huge volume of records are routing to the remote user other than his position and organization records. Synchronization and DB initialization taking more time around 36 hours.
  Actual accounts & contacts need to be route around 2000 & 3000 but we have observed lakhs of records routing into local DB.
  We have verified all the Assignment Rules, Views.
  We ran docking object visibility rules and we have observed that some other accounts are routing due to Organization rule passing. (these records are not supposed to route).
  Version Siebel 7.7.2.12,
  OS Solaris.

  let me know what would be the reason that 1st million takes only 15 minuts and the time goes on increasing gradually with the increase of dataYes that's a little strange. I only can guess:
  1. You are in archivelog mode and the Archiver is not able to archive the redo logs fast enough
  2. You don't use Direct Load and DBWR ist not able to write the direty block to disk fast enough. You could create more DBWR processes in that case.
  3. Make a snapshot of v$system_event:
  create table begin as select * from v$system_event;After the import run
  create table end as select * from v$system_event;Now compare the values:
  select * from begin order by TIME_WAITED_MICRO descwith the values given you by
  select * from end order by TIME_WAITED_MICRO descSo you can look where your DB spent so much time waiting for something.
  Alternativly, you could start a 10046 trace on the loading session and use tkprof.
  Dim

• What means about Non-local Process blocks cleaned out in RACalert log

  Hi Experts,
  We have 4 nodes oracle 11.1 RAC in redhat5.1.
  I saw lots of message about Non-local Process blocks cleaned out in alert log files today.
  such as
  Tue Sep 8 16:31:04 2009
  Reconfiguration started (old inc 18, new inc 20)
  List of nodes:
  0 1 2 3
  Global Resource Directory frozen
  Communication channels reestablished
  * domain 0 valid = 1 according to instance 0
  Tue Sep 8 16:31:04 2009
  Master broadcasted resource hash value bitmaps
  Non-local Process blocks cleaned out
  Tue Sep 8 16:43:46 2009
  LMS 0: 0 GCS shadows cancelled, 0 closed
  Tue Sep 8 16:43:46 2009
  LMS 1: 0 GCS shadows cancelled, 0 closed
  Set master node info
  Submitted all remote-enqueue requests
  Dwn-cvts replayed, VALBLKs dubious
  All grantable enqueues granted
  Does some expert above message for me?
  Thanks
  Jim

  Thanks- good observation.
  Unusual, perhaps, but it is what we need in our setting. And- allegedly this is supported / encouraged based on my understanding of the OS X Server docs. I don't have any control over the AD server (since it's in the university-level IT management's hands) but I -do-, of course, have control over my own server. So I just want to use their authentication (and save my students / lab folk the trouble of having multiple logins, etc).
  You make a good point / observation / point-of-debuggery. Indeed, if I set the client machines to use -only- the main campus AD server (and thus allow logins from everyone on campus) it works first time. So it is some interesting interaction betwixt the Mac OS Server and the client methinks. In fact, across campus, all the 'public' machines are simply bound to the AD server and you can just log in that way.

• I need helping!!! configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.

  I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
  I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
  I need to allow the following IP addresses to have RDP access to my server:
  66.237.238.193-66.237.238.222
  69.195.249.177-69.195.249.190
  69.65.80.240-69.65.80.249
  My external WAN server info is - 99.89.69.333
  The internal IP address of my server is - 192.168.6.2
  The other server shows up as 99.89.69.334 but is working fine.
  I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
  THE FOLLOWING IS MY CONFIGURATION FILE
  Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
  Also the bolded lines are the modifications I made but that arent working.
  ASA Version 7.2(4)
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password DowJbZ7jrm5Nkm5B encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.6.254 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 99.89.69.233 255.255.255.248
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object-group network EMRMC
  network-object 10.1.2.0 255.255.255.0
  network-object 192.168.10.0 255.255.255.0
  network-object 192.168.11.0 255.255.255.0
  network-object 172.16.0.0 255.255.0.0
  network-object 192.168.9.0 255.255.255.0
  object-group service RDP tcp
  description RDP
  port-object eq 3389
  object-group service GMED tcp
  description GMED
  port-object eq 3390
  object-group service MarsAccess tcp
  description MarsAccess
  port-object range pcanywhere-data 5632
  object-group service MarsFTP tcp
  description MarsFTP
  port-object range ftp-data ftp
  object-group service MarsSupportAppls tcp
  description MarsSupportAppls
  port-object eq 1972
  object-group service MarsUpdatePort tcp
  description MarsUpdatePort
  port-object eq 7835
  object-group service NM1503 tcp
  description NM1503
  port-object eq 1503
  object-group service NM1720 tcp
  description NM1720
  port-object eq h323
  object-group service NM1731 tcp
  description NM1731
  port-object eq 1731
  object-group service NM389 tcp
  description NM389
  port-object eq ldap
  object-group service NM522 tcp
  description NM522
  port-object eq 522
  object-group service SSL tcp
  description SSL
  port-object eq https
  object-group service rdp tcp
  port-object eq 3389
  access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
  access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
  access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
  access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
  access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
  access-list outside_access_in extended permit tcp any interface outside eq 3389
  access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
  access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
  access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
  access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
  static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  http server enable
  http 192.168.6.0 255.255.255.0 inside
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set peer 68.156.148.5
  crypto map outside_map 1 set transform-set ESP-3DES-MD5
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 1
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  tunnel-group 68.156.148.5 type ipsec-l2l
  tunnel-group 68.156.148.5 ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
  : end
  ciscoasa(config-network)#

  Unclear what did not work.  In your original post you include said some commands were added but don't work:
  static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
  and later you state you add another command that gets an error:
  static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
  You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
  The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface.  Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
  Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive?  Static PAT usually makes sense when you need to change the TCP port number.  In your example, you are not changing the TCP port 3389.

• Custom DSN message nor custom rejection message is appearing when Transport Rule Blocks incoming e-mail.

  Good Afternoon,
        My Customer is running Exchange 2013 CU5 that has a transport rule that is supposed to reject any email from a particular user as that user is no longer with the company. The transport rule rejects the message, BUT, it does
  not show the Custom DSN. It shows the default message:
  Delivery has failed to these recipients or groups:
  [email protected] Your message wasn't delivered because the recipient's email provider rejected it.
  Diagnostic information for administrators:
  Generating server: EXMBX01.DOMAIN.LOCAL
  [email protected] Remote Server returned '< #5.7.169 smtp;550 5.7.169 TRANSPORT.RULES.RejectMessage; the message was rejected by organization policy>'
  I have looked up the transport rule in Exchange:
  Get-TransportRule "User Reject" | fl *Reject*,Description
  RejectMessageEnhancedStatusCode   : 5.7.169
  RejectMessageReasonText           : This E-MAIL Address is no longer in service. Please Contact
                                      [email protected] for assistance
  SmtpRejectMessageRejectText       :
  SmtpRejectMessageRejectStatusCode :
  Description                                  : If the message:
  Is sent to '[email protected]'
  and Is received from 'Outside the organization'
  Take the following actions:
  Set audit severity level to 'High'
  and reject the message and include the explanation 'This E-MAIL
  Address is no longer in service. Please Contact
  [email protected] for assistance' with the status code: '5.7.169'
  I tried setting up to separate external DSN messages and tried both with the same results:
  Get-SystemMessage | ft -a -wr
  Identity            Text
  en\External\5.7.69  This E-MAIL Address is no longer in service. Please Contact [email protected] for assistance.
  en\External\5.7.169 This E-MAIL Address is no longer in service. Please Contact [email protected] for assistance.
  I tried to change the SmtpRejectMessageRejectText on both Exchange servers and got the following error:
  Set-TransportRule -Identity "User Reject" -SMTPRejectMessageRejectText "This E-MAIL Addre
  ss is no longer in service. Please Contact [email protected] for assistance"
  A specified parameter isn't valid on a server with the Hub Transport role installed.
      + CategoryInfo          : InvalidArgument: (SmtpRejectMessageRejectText:String) [Set-TransportRule], ArgumentExcep
     tion
      + FullyQualifiedErrorId : [Server=EXMBX01,RequestId=b2a61aba-179b-4867-85b8-cc47eba62701,TimeStamp=6/27/2014
      7:19:32 PM] [FailureCategory=Cmdlet-ArgumentException] 8BBE1900,Microsoft.Exchange.MessagingPolicies.Rules.Tasks.
    SetTransportRule
      + PSComputerName        : exmbx01.domain.local
  I really am having issues finding and answer. Any assistance would be greatful!
  Thanks,
  Lance Lingerfelt

  Hi Lance,
  Thanks for your update.
  According to the error that you pasted, "A specified parameter isn't valid on a server with the Hub Transport role installed.", it seems you have no proper permission to use some specific parameters.
  Even if there are many parameters in the Technet article
  http://technet.microsoft.com/en-us/library/bb125138(v=exchg.150).aspx , you may not have access to some parameters if they're not included in the permissions assigned to you. You need Organization Management and Records Management permissions, see
  the following links:
  http://technet.microsoft.com/en-us/library/dd633492(v=exchg.150).aspx
  http://technet.microsoft.com/en-us/library/dd335087(v=exchg.150).aspx
  http://technet.microsoft.com/en-us/library/dd638205(v=exchg.150).aspx
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support