Email being block by 88.blackzap.net – Frontbridge

Description:

Users are having problem sending email to some domain. From the error message you could see “smtp; 550 Service unavailable; Client host [xxx.xxx.xxx.xxx] blocked using 88.blacklist.zap; Mail From IP Banned To request removal from this list please forward this message to delist@frontbridge.com>”. You’ve check with known blacklist provider and none of them have your public IP listed.

Resolution:

The only way to get your public IP remove from their blacklist is through email. The list is proprietary and not open for public. You need to send them email asking for delisting and they will reply back to you in one business day. This is the case if you get listed the first time. But if you IP get listed again, the process would be more difficult and take much longer time.

Frontbridge is owned by Microsoft and its part of their Exchange Hosted Services. However the support seems only available on US working hour’s time. Other than that, there’re some false positive that could make good legitimate email being blocked.

Cannot start IPSEC service error. The system cannot find the file specified.

Description:
Suddenly you cannot logon to the domain from a server. You cannot ping it, even though the network card is connected to the network and functioning normally. You can ping to self from the server. No firewall blocks the connection. When looking through event viewer, you notice 2 errors were log; Event ID 7023 and Event ID 4292 (IPSec driver has entered Block mode). Both are related to IPSEC. You check the IPSEC services and found that you cannot start it. There’s “The system cannot find the file specified” error.

Resolution:
The problem occurs when there’s corrupted file in the policy store. The file may become corrupted if an interruption occurs when the policy being written to the disk. To solve it, please go to HKEY_LOKAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local. Delete this subkey (if exist). After that, rebuild the new local policies store. To do that, click Start > Run > type regsvr32 polstore.dll. Try starting the IPSEC services again. All issue should work well now.

Event ID 9325 logged when running Exchange Offline Address Book (OAB) generator

Description:
You notice that there are a couple of event ids 9325 being logged at your exchange server. All function seems to run normally. The error message shown something like “OALGen will skip user entry person name in address list '\Global Address List' because the SMTP address is invalid”.

Resolution:
Using Adsiedit.msc console, go to the SMTP proxy address attribute and proxyaddresses attribute. Check the value and correct or remove any invalid SMTP address. You can refer to the Microsoft KB 926206 (http://support.microsoft.com/?id=926206) for detail info for how to resolve these errors.

Event ID 9321 logged when running Exchange Offline Address Book (OAB) generator

Description:
You notice that there are a couple of event ids 9321 being logged at your exchange server. All function seems to run normally. The error message shown something likes “OALGen could not generate full details for entry person name in address list '\Global Address List' because the total size of the details information is greater than 64 kilobytes.”

Resolution:
The most common cause for this is a large number of certificates published for the user, causing their details to be over the 64kb limitation for the details in the OAB. There is no way to increase this limit, so the solution is to remove any unneeded certificates from the users so that we get the details under 64kb.
To clean out the certificates:
- In ADUC, make sure View, Advanced Features is checked.
- Go to the properties of the user.
- Published Certificates tab.
- Remove any unneeded/expire certificates.

Exchange Server - Cannot Generate Offline Address Book (OAB) error 8004010e

Description:
Exchange server cannot generate offline address book. Newly created email address doesn’t appear at the Global Address List. At the event viewer you see error logged with event id 9338, 9330, and 9126. You’ve try changing the server generating OAB to other, but the same error occurs.

Resolution:
The most common reason for failure to generate the OAB with error 8004010e is a mangled attribute in Active Directory.
Use Nspitool.exe to identify which user has the mangled attribute.
1. Save and unzip the attachment to your Exchange server.
2. Click Start, click Run, type in cmd and click Ok.
3. Navigate the directory which you save the nspitool.exe in and run the following command: nspitool -WalkAddressList >c:\nspioutput.txt
You should see something like “QueryRows failed 0x8004010e on entry personname, WalkAddressList ended with 0x8004010e” on the output text.
Next step is to use adsiedit.msc to connect to GC partition to check the attribute value. Go to the user properties and check the manager attribute value. Is it the same with the Active Directory User and Computer (ADUC) version? If not, change the value at ADUC to something else, wait for the replication to occur, and change it back to the correct value.
The attribute value shown through ADUC and through adsiedit.msc should have the same result.
Run the nspitool.exe again and do the necessary fix until there’s no “queryrows” error anymore.