A problem that I’ve run across during multiple SCOM and SCSM engagements is one having to do with email notifications. Specifically, SCOM and SCSM will register that emails have been sent and, if those emails are sent to specific users, they are received. However, distribution groups will fail to receive email notifications, leaving the local admins in charge of SCOM and SCSM baffled as everything appears to be configured correctly on their end.

 

Fortunately, this is a common problem with a very easy fix. The issue comes down to the mail configuration and the Exchange settings for those distribution groups. The problem arises when the following conditions align:

  1. The notification channels in SCOM or SCSM are set to use Anonymous authentication rather than Windows Integrated when communicating with the SMTP server
  2. The SMTP server is an Exchange server, version 2010 or later
  3. The distribution groups in Exchange are configured to require all senders be authenticated

 

The real kicker is that third bullet – the setting that requires all senders be authenticated. This setting is enabled by default in Exchange 2010 and later, so unless the Exchange admins have changed it, any emails sent from an anonymous source will be dropped by the Exchange server and as a result, the distribution groups fail to receive email notifications.

 

One way to get around the issue is to simply not use Anonymous authentication, but instead ensuring the SMTP server is configured to use Windows Integrated authentication and configuring SCOM and SCSM appropriately. Unfortunately, for many organizations, that is a change that cannot be made. In that case, the only solution is to ensure that those distribution groups are allowed to receive email from anonymous senders. This is the less secure option, but if emails need to be sent and Windows Integrated isn’t an option, here are the two ways to do it.

 

Option 1: Inside the Exchange GUI

 

This setting can be disabled on a DL-by-DL basis inside the Exchange Management Console. First, search for the distribution groups which needs to receive the emails. Once found, open up the message delivery restrictions window from the distribution group’s properties. There will be an checkbox in the middle of the window labeled, “Require that all senders are authenticated”. Uncheck that box, then save, to enable emails to reach that group. Here’s an image of the Message Delivery Restrictions window:

 

Exchange DL Settings

 

Option 2: PowerShell

 

This setting can also be disabled via PowerShell and the Exchange PowerShell module. As is the nature of PowerShell, this method can disable the setting for a single distribution group or for multiple distribution groups simultaneously. If you know the name of a specific distribution group you wish to update, use this method:

Set-DistributionGroup "<Distribution Group Name>" -RequireSenderAuthenticationEnabled $False

 

Alternatively, if you want to change this setting in bulk for multiple distribution groups, you can use this method:

$Groups = Get-DistributionGroup <#enter criteria here#>
$Groups | Set-DistributionGroup -RequireSenderAuthenticationEnabled $False

 

Refer to the Technet page for the Get-DistributionGroup cmdlet for reference on how to structure the criteria to select your groups: Technet

 

Once you’ve confirmed that the setting has been updated, attempt the email notification again. The distribution groups should no longer fail to receive email notifications.

 

Hopefully this will help if you ever run into this situation. If there are any questions, please feel free to post them below.

About the Author: Gabriel Taylor

With over 12 years of experience in the IT industry, Gabriel brings a focus on repeatable processes, solution design, and quality execution to Model’s Project Services practice. He believes the true value of technology is how it enables businesses to gain efficiencies, increase productivity, and achieve their goals. He is proud to work with Model’s team of experts to bring those benefits to Model’s clients.

Three Minutes For A More Secure & Efficient Infrastructure

Short and to the point, Steve’s Email Blasts give you endpoint management tips, tricks, and news in three minutes or less email read-time, guaranteed.

Model says no to spam. Privacy Policy

Model Technology Solutions

Model Technology Solutions is a small but mighty band of infrastructure experts. We’ve helped companies in diverse industries to modernize and automate their infrastructures through effectively managing their Microsoft endpoint suite.

With us on your team, you’ll watch your security and compliance go up and your IT team’s costs (and headaches) go down. You’ll relax in knowing that your endpoints will be secure and online when your users need them most. And you’ll finally get back to your most-important tasks.

Model Technology Solutions
12125 Woodcrest Executive Drive, Ste. 204 Creve Coeur, MO 63141

Phone: (314) 254-4138
General Inquiries: model@model-technology.com
Sales and Quotes: sales@model-technology.com