Symantec Mail Security for Microsoft Exchange (SMSMSE) reports event log error message "Failed to get LegacyExchangeDN to build User Address Cache" when internal domains is mis-configured

book

Article ID: 156155

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

The following events appear in the Windows Application Event log:

 

Log Name:      Application
Source:        Symantec Mail Security for Microsoft Exchange
Date:          3/27/2012 12:26:46 PM
Event ID:      403
Task Category: ADQuery
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      WIN-P5723T9FPJQ.benexchange2010.internal
Description:
Failed to get LegacyExchangeDN to build User Address Cache for the following SMTP addresses:@foo.com; @benexchange2010.internal; .

SMSMSE will retry building this cache after 60 minutes

 

When the cache is unable to be built after all attempts the following event is reported in the Windows Application Event log:

Log Name:      Application
Source:        Symantec Mail Security for Microsoft Exchange
Date:          3/27/2012 12:29:58 PM
Event ID:      402
Task Category: ADQuery
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      WIN-P5723T9FPJQ.benexchange2010.internal
Description:
Failed to get LegacyExchangeDN to build User Address Cache for the following SMTP addresses:@foo.com; @benexchange2010.internal;

Conditions

  • List of domains entered into SMSMSE contains external domains.

1. Open the SMSMSE console.
2. Click on the Admin tab.
3. Click the Views|System Settings item.
4. The textbox List of internal domains contains domain names that are not internal.

  • There are content filtering rules configured with user conditions.

A content filtering rule is configured with a user SMTP address condition.  See the following article on how to set and check this: Specifying the users and groups to which the rule applies.

 

 

Cause

When a content filtering rule has a user condition with an SMTP address SMSMSE attempts to map that SMTP address to any legacy X.400 addresses configured for the user in Exchange (see the following article for details: Details About the user address caching feature of Symantec Mail Security for Microsoft Exchange (SMSMSE)).

SMSMSE issues LDAP calls to the domain controller for this information.  If the LDAP call fails then these events are reported.

 

Resolution

Remove any external domains from the list configured in SMSMSE.