Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
A non-delivery report with a status code of 5.4.6 was generated for recipient <recipient> (Message-ID
<<ID>>). Cause: A forward loop was detected by the categorizer. This is a common hosting configuration problem caused when someone uses the provisioning tool to create a contact in one organization unit and creates a user in a different organization user that share the same e-mail address. Solution: Verify that you do not have a user in organizational unit and a contact in a different organizational unit that have the same e-mail address.
|English: Request a translation of the event description in plain English.|
I generated this error by switching a user in another network and creating a contact to forward emails with the old address. The account and postbox were deleted before creating the contact, but Exchange was configured to save deleted objects for 30 days. I set it back to 0 days, restarted the server, and the problem was gone.
As per Microsoft: "This Error event is logged when a non-delivery report (NDR) is generated because of a detected message loop. This event can also be logged if a contact object exists in one organizational unit (OU) that has the same e-mail address as a user in another OU". See MSEX2K3DB for more details.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (1) - More links...|
Send comments or solutions
- Notify me when updated