December 11, 2012

Litigation Hold in Exchange 2010

In Exchange Server 2010, you can use litigation hold to accomplish the following goals:
  • Enable users to be placed on hold and keep mailbox items in an unaltered state
  • Preserve mailbox items that may have been deleted or edited by users
  • Preserve mailbox items automatically deleted by MRM
  • Keep the litigation hold transparent from the user by not having to suspend MRM
  • Enable discovery searches of items placed on hold

When a reasonable expectation of litigation exists, organizations are required to preserve electronically stored information (including e-mail) that's relevant to the case. This expectation can occur before the specifics of the case are known, and preservation is often broad. Organizations may preserve all e-mail related to a specific topic, or all e-mail for certain individuals. Depending on the organization's electronic discovery (eDiscovery) practices, some of the measures adopted by organizations to preserve e-mail include the following:
  • End users may be asked to preserve e-mail by not deleting any messages. However, users may still delete e-mail knowingly or inadvertently.
  • Automated deletion mechanisms such as messaging records management (MRM) may be suspended. This could result in large volumes of e-mail cluttering the user mailbox, and thus impacting user productivity. Suspending automated deletion also doesn't prevent users from manually deleting e-mail.
  • Some organizations copy or move e-mail to an archive to make sure it isn't deleted, altered, or tampered with. This increases costs due to manual efforts required to copy or move messages to an archive, or third-party products used to collect and store e-mail outside Microsoft Exchange.


To place a mailbox on litigation hold in Exchange powershell

Set-Mailbox user@domain.com -LitigationHoldEnabled $true
 
To remove a mailbox from litigation hold
 
Set-Mailbox user@domain.com -LitigationHoldEnabled $false 
 




400 4.4.7 The server responded with: 550 5.7.1 Message rejected due to unacceptable attachments. The failure was replaced by a retry response because the message was marked for retry if rejected

Error:

400 4.4.7 The server responded with: 550 5.7.1 Message rejected due to unacceptable attachments. The failure was replaced by a retry response because the message was marked for retry if rejected.


Identity: <servername>\3340\174867

Subject: CRITICAL : mwnysc02 /rmds/log/rvrdmw/rvrdmw.log.status = FAIL: 2012-11-21 17:20:10 rvrdmw: TIB/Rendezvous Error: {ADV_CLASS="ERROR" ADV_SOURCE="SYSTEM" ADV_NAME="DATALOSS.OUTBOUND.PTP" ADV_DESC="dataloss: remote daemon did not acknowledge our transmission" host="10.111.150.210" lost=1 scid=7268}
From Address: <>
Status: Ready
Size (KB): 5
Message Source Name: Journal
Source IP: 255.255.255.255
SCL: 0
Date Received:
Expiration Time:
Last Error: 400 4.4.7 The server responded with: 550 5.7.1 Message rejected due to unacceptable attachments. The failure was replaced by a retry response because the message was marked for retry if rejected.
Queue ID: <servername>\3340
Recipients:  user@domain.com 


Problem:

Your Edge server is blocking messages from your Hub server with the following error:

400 4.4.7 The server responded with: 550 5.7.1 Message rejected due to unacceptable attachments. The failure was replaced by a retry response because the message was marked for retry if rejected.

In this issue it was certain messages to the Edge that were being blocked.


Solution:
Find out the attachment list via the following cmdlet

Get-AttachmentFilterEntry |F

Then run the following cmdlet to disable the Attachment Filter agent

Disable-TransportAgent -Identity "Attachment Filter agent"





Ref: http://social.technet.microsoft.com/Forums/en-US/exchangesvrsecuremessaginglegacy/thread/a979279c-17a0-4414-9862-4f8b37a061f6