Delayed Messages to Message Labs

I need a solution

Over the last few days we have been getting a serious amount of message delaye responses after emailing clients who are behind the message labs email filter.

I have tried countless times to email support emails to investigate but no response. Our business is being severely imapcted due to this and I need someone to point me in the right direction or put me in touch with someone who can. 

Do not ask me to contact a client to contact messagelabs/symantec support on our behalf. It’s unfeasable and not going to happen.

Please please please can someone assist?




  • No Related Posts

Recovering ‘Deleted Mailbox’ with NMM

Recovering ‘Deleted Mailbox’ with NMM

This article covers the scenario of recovering a ‘deleted’ mailbox from NMM. The procedure documented in this article applies both to NMM 8 and NMM 9. Exchange server 2010 is used in this demo.

Before I cover this procedure in NMM, below is background on how the need for this restore may arise.

In Exchange 2010 a user mailbox can either be ‘Removed’ or ‘Disabled’.


Difference between ‘Remove’ and Disable’ mailbox choice in EMC:

Disable: Will remove the Exchange attributes from the user account but will leave the user account in Active Directory. The mailbox for the user will still exists on the mailbox database and it gets purged when the retention time elapses (default of 30 days)

Remove: Remove will remove both the user mailbox and user account from Active directory. The mailbox will still be there on the mailbox database till the retention time has elapses.

If the mailbox was either ‘deleted’ or ‘removed’ (for some reason, like employee leaving a company), there may be a need to restore this mailbox in future. If the deleted mailbox retention time has not expired, it could be recovered as below:

  1. If the mailbox was ‘Disabled’. This mailbox will show in the ‘Exchange Management Console’ under ‘Disconnected Mailbox’ as shown below:



b. To recover this mailbox, Right click the mailbox and select ‘Connect…’


c. Select ‘User Mailbox’ , then ‘Next’


d. Click ‘Browse’ Under ‘matching user’ and then select the user to connect this mailbox to


e. Provide the ‘Alias’, then select ‘next’


f. Review Summary and select ‘Connect’


g. Review and select ‘Finish’. This will ‘reconnect’ the disconnected mailbox to the user in Active directory.

2. If the mailbox was ‘removed’ and is still within the retention period, create a new ‘user’ in Active Directory with the same name as the original user and then follow the above steps to ‘connect’ the user to the mailbox on the database.

The following exchange shell command is useful to get a list of ‘Disabled’ or ‘Removed’ mailbox users that are still within the retention period:

Get-MailboxDatabase | Get-MailboxStatistics | where {$_.DisconnectReason -ne $null} | ft displayname,database,disconnectreason,*guid*,*server* -auto

DisplayName Database DisconnectReason MailboxGuid ServerName OriginatingServer

———– ——– —————- ———– ———- —————–

charlu carydb3 Disabled 3f91bda9-453c-4752-8b88-423d2f4ccc53 APPHOST1 apphost1.spring.local

Once the retention period expires and the mailbox is purged from the database, it will not show up in the above output.

Once the mailbox data is purged from the mailbox database, if a restore is required after the retention period, then you would need to depend on your backups for restore.

Restoring a deleted mailbox using NMM:

I have used NMM 8.2.4 to demo this procedure. It likely will work as is, with NMM 8.2.3 or NMM 8.2.2. Also the same procedure applies to NMM 9. The first step in performing mailbox restore of mailbox (deleted or otherwise) is to perform GLR or restore to RDB. Refer to the post

  1. Once the initial phase of GLR or RDB restore is complete, the mailboxes can be browsed from NMM GUI:


2. When you click the ‘deleted’ mailbox it generates this error message (shown below). Note, because there is no user associated with this mailbox or the associated user has its mailbox properties removed, MAPI is not able to show the contents of this mailbox. You can only recover the ‘Entire’ mailbox and not individual folders or mail items within it.


3. Acknowledge the message window by click ‘ok’. When you switch to the ‘Monitor’ tab, you will notice the same message there:

Selecting Exchange RDB view

Mailbox SystemMailbox{18d1f726-3cd7-48cd-8983-12ec40779e8b} is a ArbitrationMailbox and is not browsable nor can it be recovered.

Error getting item list: Error browsing folders — Failed to fetch mailbox items. Please see libmapibrowse.raw for more information. [exch_get_mbx_list].

Error browsing folders — Failed to fetch mailbox items. Please see libmapibrowse.raw for more information. [exch_get_mbx_list].

4. Select the mailbox for ‘restore’. Once you select the mailbox for restore, there are 2 types of restores that can be done:

  1. Restore the mailbox to itself

If you want to restore the mailbox to itself, create the mailbox with the same name (you would do this before you do the restore with NMM. You can do this with Exchange Management Console or Exchange powershell and then come back to the NMM GUI and select ‘Recover..’ as shown below:

(Note: If you have disabled the mailbox, connect the mailbox shown under ‘Disconnected Mailbox in EMC to the original user. If the mailbox was removed, then connect, under ‘Disconnected mailbox’ to a new mailbox and a new AD user with the same name. If the mailbox was deleted from the database, due expiry of retention time or the mailbox was manually deleted from the database, using the ‘remove-storemailbox’, then create a new user and new mailbox with the same name and proceed with the restore. In all variations of deletions, the mailbox can be restored to the original mailbox name)


b. Restore the mailbox to another mailbox. (Alternate mailbox)

To restore this mailbox to another mailbox, you would choose ‘Advance Recover..’. Then in the ‘Select Alternate Mailbox User’ box, specify the user to which you want to restore to and click ‘Search’ to locate the user. Then select this user and click ‘Next’


Here we are performing the restore to an alternate mailbox ‘Andy’ and ‘Start Restore’


5. When the restore is complete, switch to the ‘Monitor’ tab to check on the progress.


6. Verify the restore by logging into the mailbox of the target user, in our case ‘Andy’ :


Restore using Exchange PowerShell:

This mailbox restore can also be done using Exchange Powershell:

  1. First get the GLR database name:



b. Issue the new-mailboxrestorerequest command:

new-mailboxrestorerequest -sourcedatabase GLR20180516163434 -sourcestoremailbox “charlu” -targetmailbox “Andy” -TargetRootFolder Restore201805161717 –AllowLegacyDNMismatch



This article covered the procedure involved in restoring a deleted mailbox from NMM 8.2.4 backups. The procedure also applies to NMM 9. Key point to remember is that the deleted mailbox cannot be browsed for individual mail items recovery from the NMM GUI. The entire mailbox can be recovered from NMM GUI or using powershell. Powershell command can be further refined to recover individual folders within the mailbox if desired.


  • No Related Posts

.Cloud doesn’t try TLS encryption

I need a solution

I removed the certificate on my email server and turned off the TLS feature because of some cost issue.

Then .Cloud started to send outbound message without encryption.

.Cloud never tries TLS even if 3rd party mail servers (ex: explicitely allow TLS if you send outbound messages without TLS.

Here is a figure which explains the situation.

Here is some additional information:

20180502_FAILED.eml -> TLS test result after I turned off TLS on my server (TLS failed)

<– 220 ESMTP TestSender Wed, 02 May 2018 06:12:10 -0400
< — Hello  [], pleased to meet you
< — 250-8BITMIME
<– 250 HELP

20180502_SUCCESSFUL.eml -> TLS test result after I turned on TLS on my server (TLS succeeded)

<– 220 ESMTP TestSender Wed, 02 May 2018 06:24:45 -0400
< — Hello  [], pleased to meet you
< — 250-8BITMIME
< — 250 HELP
< — 220 Ready to start TLS
====tls negotiation successful (cypher: AES256-GCM-SHA384)
client cert:
Subject Name: undefined
Issuer  Name: undefined
~~> EHLO
< ~~ Hello  [], pleased to meet you
< ~~ 250-8BITMIME
< ~~ 250 HELP
~~> MAIL



  • No Related Posts

7022920: Inventory scheduled report can’t attach report when reportname contains invalid characters

This document (7022920) is provided subject to the disclaimer at the end of this document.


ZENworks Configuration Management 2017 Update 2


Scheduled inventory reports sending email with attachment fail to add the attachment when the report name contains characters invalid to the primary server file system. For example on Windows, “<“, “>”, “/”

ERROR (from inventory-servlet.log):
[Inventory Servlet] [] [QueryJob exception4: ] [ C:Program Files (x86)NovellZENworkssharetomcatwebappszenworksreport name / test.xls (The filename, directory name, or volume label syntax is incorrect)


Workaround: Don’t use characters in the custom report name that are invalid on the primary server file system as filename.


Reported to Engineering


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.


  • No Related Posts

Adding Exception for Content Filtering

I need a solution

Hello everyone,

I just have a small query and would appreciate if you can kindly comment on it. We have a content filtering policy in SMG that is basically blocking an inbound email sent from outside  using the internal domain ( preventing email spoofing).  However I want to exclude one specific external domain from this rule. If I add that domain or its IP address under local good sender domain or IP, would it bypass any content filtering processing for this particular sending domain or IP?



  • No Related Posts

What is “”

I need a solution


I received an email from a trusted email address asking me to login to my account to read some important messages. 

While Malwarebytes did flag this as known malware, I have yet to find anywhere on the web that explains exactly what this link does to a device. 

When I contacted the tech support for the web portal they were not able to tell me anything about the site and explained that it looks like phishing and that it was sent from a compromised account that they were currently working on. 

This email was sent at 10 am EST and the link was accessed at 7pm EST. 

How long does it normally take for a tech department to uncompromise one of their email accounts? Change the password right? 

According to malware bytes and webroot the Andriod Moto G does not show any issues. 

Is there any way to determine exactly who owns this link and what malicious code is running on it? 





  • No Related Posts

DLP how can I exclude domain from „policy“ -> „groups“.

I need a solution


I am beginner with Symantec DLP. I have DLP licences endpoint prevent a and endpoint discovery. DLP server has been connected to MS Active Directory. In the MS AD there are three user groups created: Ony, Oni, vsichni (all users which have on their PC installed DLP agent).

My question is: how can I exclude one email domain (internal domain „“) from „policy“ -> „groups“.

What I would to do:

  1. DLP agent recognize email with word/s from Detection (keyword match)  and set Severity to HIGH:
  2. Users (sender) from MS AD group  „Ony“ can send this email to recipients into the internal network and the Internet too. Set Severity to MEDIUM.
  3. Users (sender) from MS AD group „Oni“ can send this email to recipient into the internal network only (recipient is from domain Set Severity to MEDIUM.
  4. Users (sender) from MS AD group „Oni“ I want to block this email to the Internet (recipient are NOT Set Severity to HIGH.
  5. Response section: All these above events I would to send to SIEM system (high and medium)
  6. Response section: severity high is BLOCK by DLP agent.

I have created DLP policy with following rule:

In the „group“ I have following conditions:

 My question is: under first „OR“ (ostatní_do_internetu) there I would to set following condition:

When „sender User Group“ is match by group from MS AD „Oni“ …


„recipient“ is NOT from my internal  domain (for example „RCPT TO:[ANYTHING], I want to set Severity to: HIGH.

I set there somethink like:

-,,*;+,*, * … but I in my opinion it is wrong …

Than on Response section I want send all these incidents to  SIEM and – when Severity is HIGH – I want BLOCK this email on the client desktop computer too:

Can you please advise me how to set it up?

Regards, Tomas



  • No Related Posts

Medicalchain (MTN*) targets $0.13324273083 while having -7.31% decline during a day

April 26, 2018 – By Maria Brooks

It was bad day for Medicalchain (MTN*), as it declined by $-0.00955113029999999 or -7.31%, touching $0.1211297553. International Cryptocoin Analysts believe that Medicalchain (MTN*) is looking for the $0.13324273083 goal. According to 4 analysts could reach $0.278343365025928. The highest price was $0.13389435 and lowest of $0.1126497798 for April 25-26. The open was $0.1306808856. It last traded at HuobiPro exchange.

For a month, Medicalchain (MTN*) tokens went up 23.41% from $0.09815 for coin. For 100 days MTN* is up 0.00% from $0.00 (non existent). It traded at $0.00 (non existent) 200 days ago. Medicalchain (MTN*) has 500.00 million coins mined with the market cap $60.56M. It has 500.00M coins in circulation. It was founded on 15/12/2017. The Crypto MTN* has proof type and operates under algorithm.

MedicalChain will feature a dual blockchain structure, the first one allows to control access to health records using Hyperledger Fabric and the second one underlies all the platform applications and services. The MedicalChain platform will use the blockchain technology to allow health records registry in an auditable, transparent and secure way. Furthermore, the platform will use Civic identity management service to provide a easy and secure way to manage the identities of the platform users.

MedicalChian’s platform will be powered by MedTokens (MTN), working as the access token to the platform services.

Receive News & Ratings Via Email – Enter your email address below to receive a concise daily summary of the latest news and analysts’ ratings with our FREE daily email newsletter.


  • No Related Posts