Troubleshooting steps fall into the following categories:
- Checking for typically known issues
- Verifying the Recipient Update Service configuration
- Increasing diagnostics logging
- Checking Domain Name System configuration
- Additional techniques
Checking for Typically Known issues
The common Recipient Update Service issues that you need to look for are as follows
- Propagating permissions
- Hidden distribution list (DL) membership
- Cross-domain Recipient Update Service functionality
- A missing address generator
For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
286356
Recipient update service does not stamp proxy addresses
- Exchange Server 5.5 site addressing superceding other recipient policies
Verifying the Recipient Update Service Configuration
Make sure that you verify the Recipient Update Service configuration in the forest:
- In Exchange System Manager, click the Recipients container, and then click the Recipient Update Service container. Look for a Recipient Update Service for the domain that has users who are stamped with e-mail addresses. This can be Recipient Update Service (domain_name).
- In the properties of the Recipient Update Service, make sure that the domain controller and Exchange server that are entered are valid.
- In Exchange System Manager, click the Recipients container, and then click the Recipient Policies container. Make sure that the filter rules on the recipient policies are correct.
Increasing Diagnostics Logging
To increase diagnostics logging:
- Increase diagnostic logging to Maximum on the MSExchangeAL service for the following categories: LDAP Operations, Service Control and Address List Synchronization.
- Then, in Exchange Server 2003, increase diagnostic logging to Maximum on the MSExchangeSA service for the Proxy Generation category.
- Restart the System Attendant service and rebuild the Recipient Update Service.
- Examine Application Log for indications of problems.
Checking Domain Name System Configuration
A very common cause of Recipient Update Service issues is incorrect Domain Name System (DNS) configuration. Not only should you look for name resolution, you should also look for:
- A server short name that exists in more than one domain, for example, server.root.com and server.child.root.com. This incorrect configuration causes communication security problems.
- SRV records for all the servers that are involved.
- The Internet Protocol address. Make sure that each server resolves the other server's name to the correct IP address.
- The TCP/IP configuration. Make sure that the DNS servers in the Preferred DNS Server box in the TCP/IP properties are only SRV record-aware servers. Do not configure the Preferred DNS Server box to use an ISP DNS server.
Additional Techniques
These additional steps can sometimes reveal an underlying issue that is not discovered with the previous categories:
- View the matched objects in the Filter rule of the recipient policy by clicking Modify and then Find Now. The objects that meet the query are displayed in the list. Make sure that this information is correct.
- If some users are stamped but others are not, then obtain an LDP dump of the two objects, and then compare them attribute by attribute.
- Examine the msExchPoliciesIncluded attribute to see which policy the Recipient Update Service tried to stamp the object with.
- Verify permissions on directory objects that have Dsacls.exe from the Microsoft Windows 2000 support tools.
- Use Network Monitor to capture network traffic from the Exchange Server that is listed in the Recipient Update Service to ANY. Make sure that the DNS query is what is expected, that the DNS returns what is expected, that the LDAP modify is performed, and that no errors occur at the LDAP level.