Error Message “Secure Mail unable to fetch this message due to mail server error, Please contact your administrator.”
If you are a XenDesktop admin and trying to understand the usage of your XenDesktop deployment, you need to be alerted when the number of concurrent sessions crosses a threshold value. Before you even get to configuring alerts and notifications, you need to configure your notification subscription. With this, you can add an SMTP exchange server which can be later used to send emails from when there is an alert.
You need to navigate to the Email Server Configuration page. On the dashboard click on the Alerts tab at the top and then in the Alerts page click on the Email Server Configuration sub-tab to get there.
The Email Server Configuration Page – in this page, you need to enter all of the mandatory values like-
- Protocol: Choose which protocol your email server supports. Director supports multiple protocols to connect with your SMTP server. They include SMTP, SMTP-SSL and SMTP-TSL
- Host: The host name or the IP address of the SMTP server
- Port: The port with which you want to connect to with your SMTP server
- Sender Email: The email address from which you want to send email from incase of an alert. It’s best advised to create a separate email address on the email server and name it as CitrixDirectorAdmin@xyz.com and use it to send your alert emails.
- Does SMTP server require authentication: In case your SMTP server does not require authentication, you can set the value to NO and you would not need a username and password.
- Username and Password: Credentials required to authenticate the SMTP server connection
Before saving the settings it is advised to test it by sending out a test email. Click on the “Send Test Email” button and verify if you get a test email to the email address you provided in the Send Test Email wizard.
Send Test Email Wizard -In case you do not get an email, recheck the configuration parameters and use the “edit” button to modify any incorrect values.
Note: You cannot configure more than one SMTP server. If you want to remove an existing notification subscription, click on the Remove Settings button.
Configuring a policy
Navigate to the Create Policy Page. On the dashboard, click on the Alerts tab and then on the Create Policy sub tab. If you do not see this tab then you do not have sufficient privileges to create a new policy.
For example, you want to create a policy that has a condition that, if the number of “Peak Connected Sessions” goes above 10, a warning alert is generated and when the number of “Peak Connected Sessions” is above 15 a critical alert is generated. The instructions below state how to configure such a policy.
The main components of a policy are:
Name: The name of the policy that you want to create
Description: A brief description about the policy and its conditions. Limit your description to less than 50 words
Scope: The entity on which the policy will be applied on. For e.g.:- If my policy has a condition; “Alert me when the peak connected sessions hits 90 on all the machines in my delivery group xyz”, then here, the delivery group xyz is the scope.
In general, alert policies can be targeted at three different scopes:
- Site – Will apply to all the machines in the entire site and the alert threshold will be applied on the aggregate value of all the machines included.
- Delivery Group – Will apply to all the machines in the entire delivery group and the alert threshold will be applied on the aggregate value of all the machines included.
- Server OS – Will apply to all the machines in the delivery group but the alert threshold value will be applied to individual machines.
Notification Preference: Who should be notified with an email when there is an alert for this policy?
Conditions: A list of conditions that you can choose to create a policy. A policy can have multiple conditions or just one.
|Condition Type||Condition Checked|
|Peak Connected Sessions||Detected when an instantaneous (one minute samples) number of peak connected sessions for the entire site of a particular delivery group exceeds a configured count threshold.|
|Peak Disconnect Sessions||Detected when an instantaneous (one minute samples) number of peak disconnected sessions for the entire site of a particular delivery group exceeds a configured count threshold.|
|Peak Concurrent Sessions||Detected when an instantaneous (one minute samples) number of peak concurrent (total) sessions for the entire site of a particular delivery group exceeds a configured count threshold.|
|Connection Failure Count||Detected when the number of connections in a configurable time period fail across the entire site of a particular delivery group exceeds a configured count threshold.|
|Connection Failure Rate||Detected when the ratio of connection failures to connection attempts in a configurable time period across the entire site of a particular delivery group exceeds a configured percentage threshold.|
|Failed Desktop OS Machines||Detected when an instantaneous (one minute samples) number of desktop OS machines in a failure state for the entire site of a particular delivery group exceeds a configured count threshold.|
|Failed Server OS Machines||Detected when an instantaneous (one minute samples) number of Server OS machines in a failure state for the entire site of a particular delivery group exceeds a configured count threshold.|
|Average Logon Duration||Detected when the average session logon time in a configurable time period across the entire site or for a particular delivery group exceeds a configured duration threshold.|
|RDS Load Evaluator Index||Detected when the configured threshold of load index value is sustained consistently for 5 minutes. For e.g. If we configure a threshold of 68 % then an alert will be triggered only when the threshold is above or = 68% for 5 minutes without a dip in between.|
Go ahead and click on create policy and select a Site policy and give in the name, description, notification preference and the condition of your choice. The scope by default would be the name of the Site and hence it would be pre-selected for your ease.
Note: Alert polices are site specific! An alert policy cannot be applied across multiple XenDesktop sites
Note: While adding the notification preference you can choose the name of the user whom you want to send the email to and the email address would be automatically added. In case you want to add an email address of an user outside you domain simply type in the complete email address in the search box and click on the add button!
Note: You will not be able to add notification preference unless you have configured an Email SMTP server. When it comes to the conditions remember to follow these mandatory rules without which you will not be able to save your policy.
- The warning threshold should always be less than that of the critical threshold
- Both the warning and critical thresholds are mandatory
- Warning and critical thresholds cannot be zero or in negative.
- Certain conditions like “Peak Connected Session” do not accept fractions or decimal values
- The Alert re-notification and Alarm re-notification periods would be by default specified. In case you want to change them, go ahead.
- Alert Re-notification – Duration after which the warning notification will be re-triggered
- Alarm Re-notification – Duration after which the critical notification will be re-triggered6
Note: You can use the “Reset Value” link is to clear modifications done on an unsaved policy. Once it’s saved, it will reset to the last saved value and not default initial value. Hence, once the policy is saved, you can modify the threshold values but resetting brings it to the last saved value..
6. Once all of the mandatory rules are followed you will get a green tick next to your condition and if not you will get a red cross next to the conditions that are incorrect.
Note: In cases where there are multiple conditions in a policy, none of the conditions will be saved until all the errors are corrected.
Once you hit on save you have created your first policy.
Visualizing your alerts
If there is any issue you will be notified immediately on the Director web console and also receive an email.
The notification tip and slide bar
Once there is an alert, may it be warning or critical, an admin will be notified on the notification tip. The notification tip will be available on all the paged except on the user details page.
The notification tip gives you the number of active alerts. In case you have configured SCOM along with proactive alerts and notifications, you get a sum of both the active alerts on the notification bar.
When you click on the notification tip you get the notification slide. The notification slide gives you the option of classifying your alerts based on the source i.e. Director or SCOM and also based on the severity i.e. Critical or Warning.
The notification slide bar will give you a list of all the active alerts including details like the time when it occurred and the rule and condition that triggered it.
If you subscribe to the notification preference of a condition that triggered an alert, then you would receive an email. The email is localized and you will get it in the language you prefer.
Managing your policy
Once you are done creating policies you now need to know how to manage them. In case you need to modify a policy, navigate to the policy page, search for the name of the policy using the search box provided and click on the EDIT button.
When your XenDesktop site is in a maintenance period and you do not want any alerts, you can use the DISABLE button to disable the policy. This will prevent any new alerts from being created. Once you are done with the maintenance work, you can go ahead and ENABLE these policies.
If there are any old policies that you want to get rid of, choose the policy and click on the DELETE button.
Note: Deleting a policy will not delete the history of alerts that were triggered prior. You can still see them on the Alert Summary page
When there is an alert, you get notified on the notification tip. You can click on the notification tip to get a slide bar that will have brief details of the alert. You can also group them into warnings and critical alert.
If you want to know more about an alert, click on it and that would take you to the alert details page. The alert details page gives you a picture of the alert, its history and its present condition. You can edit the policy that created the alert from this page too.
If you do not want this alert to be shown as active, then you can go ahead and DISMISS it. Dismissing an alert is an irreversible action. Only when the condition becomes healthy and then breaches the warning or critical thresholds will you get an active alert. Till then you will not be notified.
Note: If you dismiss a critical alert, you will not receive warning alerts. But if you dismiss a warning alert, you will be notified when the condition breaches the critical threshold
If you want to view the history or the summary of all the alerts triggered, then you can use the alert summary page. The alert summary page lets you filter alerts based on the time period, the scope and the present condition of the alert. To navigate to the alert summary page, click on the Alert tab on the dashboard and then on the Citrix Alerts sub-tab.
Note: If a delivery group is deleted, you will still find it listed in the scope. This is to make sure history of alerts that were triggered with that particular delivery group as scope are not lost.
In the alert summary page, you can DISMISS an alert, navigate to the details of the alert (alert details page) and also export the data.
You can search for history of alerts by using the filters provided.
Source: You get to choose the scope on which the rule was applied. In case of delivery group or server OS you get to search for the particular scope and apply your condition on it.
Category: The category of policies for which you want to see the alerts
State: You get to choose between four different kinds of severity; Critical, Warning, Dismissed and Healthy. This will help you group your alerts, and action upon the required ones.
Time Period: You can choose a time frame from last 2 hours, last 24 hours, last 7 days and even last month. When you select the end date as now, you will be shown the active alerts exactly till the moment you hit on apply.
You can choose a custom end date and time too.
Now let us take a look at the grid shown in the alert summary page.
Time: Time and date when the alert was first triggered
Action: Any action that has to be performed. e.g.: Dismiss
Status: The current status of the alert. Is it healthy, critical, and warning or is it dismissed. If the policy that triggered the alert is deleted, then the history of the alerts will still be available but will be shown in the dismissed state.
Alert Policy Name: The name of the alert policy that was given when the policy was created
Scope: Where was the policy applied on? Was it on a delivery group level, was it on the site level or was it on a server OS level?
Source: The drilled down source that actually triggered the alert.
Category: What king of policy was it? It reflects the template that you took while creating the alert rule.
Description: Gives you a brief of what was the exact condition that triggered the alert.
Note: Proactive Notification and Alerting are Platinum features. More information about features and editions can be found in the links below. Please see Additional Resources.
We cancled our Symantec account a couple of years ago and sicne then quite a few institutuions/business have been unable to email us as emails addressed to our domain are retunred undeliverable. Recently we were advised that the issues appears to be that as a former Symantec customer that we did not terminate the service properly after we moved to Office 365. We were advised to contact Symantec to have the service compeletly terminated. Below is a sample of the error message inclusive of the Diagnostic Info, recieved by someone attemntting to email us. A Symantec message does appear in the diagnotic in the diagnostic information:
(using TLS with cipher AES128-SHA (128/128 bits))
(Client did not present a certificate)
by znpcpapbrg01i.bnymellon.com (Symantec Messaging Gateway) with SMTP id 18.7C.04270.F113C6C5;
Below is the full error message. Please advise if this can be reolved. Many many thanks.
Delivery has failed to these recipients or groups:
Your message wasn’t delivered because the recipient’s email provider rejected it.
Diagnostic information for administrators:
Generating server: server-2.bemta.az-d.us-east-1.aws.symcld.net
Remote Server returned ‘554 5.7.0 < #5.7.57 smtp; 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM [BN6PR12CA0048.namprd12.prod.outlook.com]>’
Original message headers:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bnymellon.com;
s=BNY071018; t=1550594340; email@example.com;
Received: from [188.8.131.52] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits))
by server-2.bemta.az-d.us-east-1.aws.symcld.net id 4B/16-27512-4213C6C5; Tue, 19 Feb 2019 16:39:00 +0000
Authentication-Results: mx.messagelabs.com; spf=pass
(server-29.tower-426.messagelabs.com: domain of bnymellon.com designates
184.108.40.206 as permitted sender) smtp.mailfrom=bnymellon.com;
dkim=none (message not signed); dmarc=none header.from=bnymellon.com
X-StarScan-Version: 9.31.5; banners=bnymellon.com,-,bradmer.com
Received: (qmail 8740 invoked from network); 19 Feb 2019 16:38:59 -0000
Received: from znpcpapbrg01o.bnymellon.com (HELO znpcpapbrg01i.bnymellon.com) (220.127.116.11)
by server-29.tower-426.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 19 Feb 2019 16:38:59 -0000
Received: from WTPCPHTMEM02.ams.bnymellon.net (wtpcphtmem02.ams.bnymellon.net [18.104.22.168])
(using TLS with cipher AES128-SHA (128/128 bits))
(Client did not present a certificate)
by znpcpapbrg01i.bnymellon.com (Symantec Messaging Gateway) with SMTP id 18.7C.04270.F113C6C5; Tue, 19 Feb 2019 11:38:55 -0500 (EST)
Received: from WTPCPEXMEM50.ams.bnymellon.net (10.88.250.171) by
WTPCPHTMEM02.ams.bnymellon.net (22.214.171.124) with Microsoft SMTP Server
(TLS) id 14.3.408.0; Tue, 19 Feb 2019 11:38:55 -0500
Received: from WTPCPEXMEM47.ams.bnymellon.net (10.88.250.168) by
WTPCPEXMEM50.ams.bnymellon.net (10.88.250.171) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.1531.3; Tue, 19 Feb 2019 11:38:54 -0500
Received: from WTPCPEXMEM47.ams.bnymellon.net ([10.88.250.168]) by
WTPCPEXMEM47.ams.bnymellon.net ([10.88.250.168]) with mapi id 15.01.1531.003;
Tue, 19 Feb 2019 11:38:54 -0500
From: “Gasson, George” <firstname.lastname@example.org>
Subject: Markets in review week ending 2/15/19
Thread-Topic: Markets in review week ending 2/15/19
Date: Tue, 19 Feb 2019 16:38:54 +0000
To: Undisclosed recipients:;
X-CFilter-Loop: Reflected NPC6
ShareFile SMTP IP Address Information
- An employee user with the Allow this user to modify account-wide policies permission
Microsoft Office 365 Users
If you are a Microsoft Office 365 user and would like to utilize Custom SMTP, view this set up guide from Microsoft.
Setting up Custom SMTP
- Navigate to Admin > Advanced Preferences > Email Settings > Configure SMTP Settings
- On the Custom SMTP Configuration page, enter the appropriate information to enable this feature.
- Ensure that the Enable checkbox is checked before saving.
Enable Custom SMTP – This must be selected if you wish to use these settings.
Email Address – This will be the “from” email address of sent emails.
Server – This is the host name of the email server that will be used to send emails.
Port – This is the port number to be used. Port 25 is the default. We allow the following ports: 26, 443, 465, 587, 2525.
Username – This should be the username needed to access the server.
Password – This should be the password needed to access the server.
Notify Email on Failure – This email address will be sent notices if ShareFile is unable to send an email with the given settings.
Use SSL – Choose between Implicit, Explicit, or Off.
Failback to ShareFile –If selected, messages that fail to send using the custom settings will prompt ShareFile to send future emails through standard ShareFile email settings
Authentication Method – Select an authentication method here if a particular one is required by your server
Troubleshooting Your SMTP Setup
“Email Notifications / Messages are Delayed”
This issue may occur when you are utilizing certain filter services or programs processing messages on your local mail servers. Before contacting ShareFile about delays in our system, please verify that your messages are not being delayed by local filter services. One means of verifying that information is to review the full header details of a message and reviewing the time messages send between services or filters.
“Email Notifications / Messages Do Not Arrive”
This issue may occur if you have IP restrictions or policies on your local mail servers. Please click here to make sure you have whitelisted the Custom SMTP IPs. Likewise, please review your mail server authentication methods to ensure that ShareFile can communicate with your servers.
“Too many connections from your host”
This issue may occur when you have exceeded the maximum allowed connections on your SMTP server. To resolve this, you must update or increase your max allowed connections in your SMTP configuration, or use Consolidated Notifications to limit the number of connections you receive on a typical basis.