Event 209 is generated when the Exchange Server X.400 Connector is connected to a foreign (159566)


The information in this article applies to:

  • Microsoft Exchange Server 4.0
  • Microsoft Exchange Server 5.0
  • Microsoft Exchange Server 5.5
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange Server 2003 Enterprise Edition
This article was previously published under Q159566

SYMPTOMS

When the Microsoft Exchange Server X.400 Connector is connected to a foreign X.400 message transfer agent (MTA), the incoming message may not be accepted by the Exchange Server MTA. The MTA may generate the following error message in the Windows NT Server event log and in the Microsoft Exchange Server Evx.log file (if the Evx.log file is enabled):
Event: 209
Source: MSExchangeMTA
Category: X400 Service

Unable to transfer in message C=xx;A=attmail; P=prmd;L=<m0vBOkQ-0000xxxxxxxxxxx> because the submitting domain identifier was inconsistent. A non-delivery report was generated with reason code unable-to-transfer and diagnostic code invalid-arguments. Contact Microsoft Product Support Services. [MTA XFER-IN 22 101] [14]

EVx.log

(MTA XFER-IN(22) Proc 101) 10-30-96 11:44:26am
Transfer-In failure, submitting domain inconsistent
X.400 reason code unable-to-transfer
X.400 diagnostic code invalid-arguments
MTS Identifier C=US;A=ATTMAIL;L=0045900001000181000002

Note In Exchange Server 2003, the MTA may generate event ID 209 with an event description that is similar to the following:Global domain identifier (Country, ADMD, PRMD) in first Trace Information of message message_ID does not match MTSID value. [MTA XFER-IN 13 40] (12)

CAUSE

The Microsoft Exchange Server MTA rejects the message whenever the global domain identifier on the first element of the trace information is different from the one specified in the MTSID. The global domain identifier information in the MTSID must be the same as the first element on the trace information. These values are generated by the submitting MTA.

Note In Exchange Server 2003, this event ID may be logged when an e-mail message has been redirected to an originator requested alternate recipient (ORAR). The event is logged on each Exchange Server 2003 computer where the message passes through the MTA. In Exchange Server 2003, you can ignore this event under these circumstances. You may first notice that event ID 209 is logged in the Exchange 2003 event log after you install the hotfix that is described in the following Microsoft Knowledge Base article:

883949 Message originator may receive an NDR when a message is forwarded to a valid alternate recipient in Exchange Server 2003

RESOLUTION

To resolve this problem in Microsoft Exchange Server 4.0, you must install Exchange Server 4.0 Service Pack 4 on all Exchange Server 4.0 computers in the site that may handle the message.

Note This is not considered a problem in Microsoft Exchange Server 5.0 and in later versions of Exchange. Although the event is logged in these versions of Exchange Server, the message is successfully delivered.

STATUS

This problem was resolved in Microsoft Exchange Server 4.0 Service Pack 4.

MORE INFORMATION

There are two reasons that Exchange Server may reject this message. Both reasons are by design.

The first reason pertains to the firewall function. The firewall is designed to prevent any message transfer if the message's true origin appears to have been changed. Because the MTSID cannot be changed across any relaying MTA, it reflects the true global domain identifier of the message. However, the global domain identifier on the trace information can be changed to reflect a different country, ADMD, or PRMD, creating contradictory information about the message's origin. The firewall does not allow this inconsistency.

The second reason pertains to conformance testing. This is required to pass NCC conformance tests. With Exchange Server 4.0, when the MTA receives this error, the message is not submitted for delivery to the recipient. The fix implemented in Service Pack 4 resolves the problem of message delivery but does not remove the event ID. Exchange Server version 5.0 and 5.5 still log the event and deliver the message. The reason to log the event is that according the X.400 specifications, when the information is not consistent, there is likely a security concern. In practice, however, it is typical for an X.400 service provider MTA to change the information. Therefore, Microsoft fixed the product to allow delivery but opted to still log the event.
Modification Type:MinorLast Reviewed:4/28/2005
Keywords:kbbug kbfix kbusage KB159566
©2004 Microsoft Corporation. All rights reserved.