Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 9026 Source: MSExchangeTransport

Level
Description
A forward loop has been detected. Mail could not be delivered to contact "<address>" because the target address <address> of the contact points to a local domain <domain>. This is causing 5.4.6 NDRs for the contact.
Comments
 
Our new user provisioning system had been adding the "targetaddress" attribute to people who had mailboxes. This caused the Categorizer to think that they are both Contacts and Mailbox-enabled Users, and bounced mail thinking that two objects have the same address. We used ADSI Edit with the LDAP query string: (&(objectCategory=user)(samAccountName=*)(mail=*)(targetaddress=*)) to find them all and reset the attribute to null.
This event occurs in the following situation. When two organizations share the same SMTP domain space and in the organization that receives inbound for the domain:
1. You have a recipient policy for domain.com.
2. You have the primary SMTP address of mailbox enabled user objects of domain.com.
3. You have contacts or mail enabled user objects that have a target address attribute value that has the domain.com relay address.
This event is generated when sending to all contacts or mail enabled user objects that have a @domain.com target address value.
Please see the following articles to resolve this problem: ME321721, ME319759, and ME315591.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...