How to fix "550 5.1.1 User unknown" Error when Sending to a Distribution Group

Thursday, April 14, 2011
You may find that after you create a new distribution group in Exchange 2010, you cannot send SMTP email to it from the Internet or internal relay hosts.  When you do, you receive a "550 5.1.1 User unknown" error .  If you send email to the distribution group internally using Outlook or OWA, it works just fine.

This happens because Exchange 2010 automatically sets the attribute Require that all senders are authenticated to enabled by default. 

To clear this setting, view the properties of the distribution group and double-click Message Delivery Restrictions on the Mail Flow Settings tab:


Then clear the checkbox for Require that all senders are authenticated and click OK.



At first I thought this might be due to the fact that my client is using Edge Transport servers and that the Block messages sent to recipients that do not exist in the directory setting was enabled.  This is shown below from the Edge server's Recipient Filtering properties:


I tested this by running the following cmdlet:
Test-EdgeSynchronization -VerifyRecipient zzz.domain.com
Sure enough, the result shows, NotSynchronized - Recipient doesn't exist in source Active Directory, as shown below:


Somewhat surprisingly, this result does not change when Require that all senders are authenticated is disabled.

I can't believe I've never run into this until now. 

Before you ask, there is no way to change the default behavior of Exchange 2010 to create all distribution groups with the authentication setting set to disabled (unchecked).

3 comments:

  1. We have been running EXCH2010 SP1 for almost a year now and I have about 20 distribution groups that were all receiving and distributing messages without any issues untill I installed EXCH2010 SP2.

    After installing EXCH2010 SP2 one of the distribuiton groups stopped receiving messages with the "550 5.1.1 User unknown" error. We did not realize this for almost a week because the address is not heavily used. Internally it continued to work without any errors.

    I tried many things and have been searching the Internet for anyone that may have come across this issue. Your solution fixed my problem. I thank you for posting your findings and saving me from a lot of extra and unecessary work.

    What I cannot figure out is why would only this one distribution group have the "Require that all senders are authenticated" all of a sudden be enabled? All of these accounts where migrated from EXCH2003 at the same time.

    ReplyDelete
  2. Same issue as anonymous immedietely after 2010 SP2. After removing the authentication requirement (which didn't exist before) I was prompted to update the group to match the Exchange version.

    I suspect I'll see more of this issue on objects created prior to 2010.

    ReplyDelete
  3. I wanted to certify this issue exists in Exchange 2010 SP1 UR3 v3 which is what i'm running now.
    Every DG we create, we have to manually uncheck the "require all senders to be authenticated".
    Not a big deal, i just informed my desktop support people, that whenever a new DG is created, they have to uncheck the option. i beleieve it was like this in Exchange 2003 as well, and i'm just about to retire my last 3 Exchange 2003 servers.

    Don't know how it worked for you anonymous#1, we have 2000 DG's, and i can assure you i have to uncheck the option everytime i create a new DG.

    ReplyDelete

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.