SMTP message failure warning - Categorizer address lookups not found
[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]
Topic Last Modified: 2007-09-25
The Microsoft Exchange Server Analyzer Tool queries the Win32_PerfRawData_SMTPSVC_SMTPServer Microsoft Windows® Management Instrumentation (WMI) class to determine the value for the CatAddresslookupsnotfound key. The value of this key represents the number of address lookups performed by the message categorizer that did not find a directory service object. The Exchange Server Analyzer also queries the Win32_PerfRawData_PerfOS_System WMI key to determine the value for SystemUpTime.
If the Exchange Server Analyzer determines the value for the SystemUpTime key is more than 0 and that the result of the value for CatAddresslookupsnotfound divided by the value for SystemUpTime is more than 5000, a warning is displayed.
The message categorizer examines messages that come to an SMTP server and determines what to do with the messages. The messages may be destined for the local information store, a remote host by using the message transfer agent (MTA), or the messages may be destined for a remote host by using SMTP. The categorizer also handles distribution list expansion. The categorizer is a plug-in to the advanced queuing engine that performs Lightweight Directory Access Protocol (LDAP) queries against global catalog servers on TCP port 3268. The categorizer is essentially a collection of event sinks that perform advanced address resolution on every message that travels through the advanced queuing engine. It performs address resolution, mail forwarding, sets content conversion flags, expands distribution lists, enforces global settings, generates delivery status notifications, and it performs alternate recipient route detection, bifurcation, journaling, and many other functions.
When a message enters the message categorizer, the categorizer resolves the envelope sender by searching for the address in the proxy address attributes in the Active Directory® directory service. The categorizer also resolves the envelope recipient by searching for each address in the proxy addresses attribute in Active Directory. For example, if the list includes a distribution list, it expands the list to include those members if distribution list expansion is allowed on the server.
This warning indicates that an average of 5,000 or more categorizer address lookups are failing each day. There are several causes for this, including problems with directory service access (DSAccess), directory replication latency or failures, dictionary attacks against directories, problems with DNS, or using bad addresses.
This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore the registry if a problem occurs. For information about how to restore the registry, view the "Restore the Registry" Help topic in Regedit.exe or Regedt32.exe.
To correct this warning
Examine the event logs on the Exchange Server computer for errors.
If you do not find any events that let you resolve the problem, consider turning up diagnostic logging on the MSExchangeTransport Categorizer to Maximum. When diagnostic logging is enabled, re-check the event log for errors. If configuring diagnostic logging to maximum does not produce any event log entries, configure diagnostic logging to level 7 using the registry. When set to level 7, Event ID 9000 generated by the Message Categorizer will be logged, which details the function, the reason for failure, the name of the recipient that failed, and the type of recipient. To set diagnostic logging to level 7:
Open a registry editor, such as Regedit.exe or Regedt32.exe
In the right pane, double-click 2 Categorizer, set the value data to 7, and then click OK.
Close the registry editor.
When you have completed troubleshooting, reset the value data for 2 Categorizer back to 0.
Verify that the Exchange Server has connectivity to one or more global catalog servers. The Network Monitor tool in Windows is very useful for this.
Examine any delivery status notification (DSN) messages that are being generated. DSNs, which can include non-delivery reports (NDRs), describe permanent failure messages and transient failure messages that frequently end as permanent delivery errors.
Use Message Tracking to troubleshoot messages that are stuck in the categorizer.
Use the Archive Sink tool to archive and analyze messages coming into and moving out of Exchange Server.
Monitor the categorizer performance counters using System Monitor.
For a listing of the DSNs and NDRs generated by Exchange Server and Microsoft Windows Small Business Server, see Microsoft Knowledge Base article 284204, "Delivery status notifications in Exchange Server and in Small Business Server" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=284204).
For information about using the Message Tracking Center in Exchange Server, see the following Microsoft Knowledge Base articles:
262162, "XADM: Using the Message Tracking Center to Track a Message" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=262162)
246856, "How to Enable Message Tracking in Exchange 2000 Server and in Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=246856)
821905, "Message Tracking Event IDs in Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=821905)
823864, "Improved Message Tracking Features in Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823864)
For more information about troubleshooting message categorizer issues, see the Microsoft Support webcast, "Exchange 2000 Server: Message Categorizer and NDR Troubleshooting" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=329137).
For more information about the Archive Sink tool, see Microsoft Knowledge Base article 307798, "The Archive Sink utility is available in Service Pack 2" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=307798).
For general information about troubleshooting transport-related problems, see the following Microsoft Knowledge Base articles:
821910, "How To Troubleshoot for Exchange Server 2003 Transport Issues" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=821910)
257265, " General troubleshooting for transport issues in Exchange 2000 Server and in Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=257265)
The message categorizer performance counters are published separately for each SMTP virtual server instance. For a list of the available performance counters related to the Message Categorizer, see Microsoft Knowledge Base article 231734, "XCON: Performance Monitor Counters for Message Categorizer" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=231734).
For information about some of the other Categorizer WMI counters, see the following Exchange Server Analyzer articles: