SCOM/SCSM: Distribution Groups Fail to Receive Email Notifications

A problem that I’ve run across during multiple SCOM and SCSM engagements is one having to do with email notifications. Specifically, SCOM and SCSM will register that emails have been sent and, if those emails are sent to specific users, they are received. However, distribution groups will fail to receive email notifications, leaving the local admins in charge of SCOM and SCSM baffled as everything appears to be configured correctly on their end.

 

Fortunately, this is a common problem with a very easy fix. The issue comes down to the mail configuration and the Exchange settings for those distribution groups. The problem arises when the following conditions align:

  1. The notification channels in SCOM or SCSM are set to use Anonymous authentication rather than Windows Integrated when communicating with the SMTP server
  2. The SMTP server is an Exchange server, version 2010 or later
  3. The distribution groups in Exchange are configured to require all senders be authenticated

 

The real kicker is that third bullet – the setting that requires all senders be authenticated. This setting is enabled by default in Exchange 2010 and later, so unless the Exchange admins have changed it, any emails sent from an anonymous source will be dropped by the Exchange server and as a result, the distribution groups fail to receive email notifications.

 

One way to get around the issue is to simply not use Anonymous authentication, but instead ensuring the SMTP server is configured to use Windows Integrated authentication and configuring SCOM and SCSM appropriately. Unfortunately, for many organizations, that is a change that cannot be made. In that case, the only solution is to ensure that those distribution groups are allowed to receive email from anonymous senders. This is the less secure option, but if emails need to be sent and Windows Integrated isn’t an option, here are the two ways to do it.

 

Option 1: Inside the Exchange GUI

 

This setting can be disabled on a DL-by-DL basis inside the Exchange Management Console. First, search for the distribution groups which needs to receive the emails. Once found, open up the message delivery restrictions window from the distribution group’s properties. There will be an checkbox in the middle of the window labeled, “Require that all senders are authenticated”. Uncheck that box, then save, to enable emails to reach that group. Here’s an image of the Message Delivery Restrictions window:

 

Exchange DL Settings

 

Option 2: PowerShell

 

This setting can also be disabled via PowerShell and the Exchange PowerShell module. As is the nature of PowerShell, this method can disable the setting for a single distribution group or for multiple distribution groups simultaneously. If you know the name of a specific distribution group you wish to update, use this method:

 

Alternatively, if you want to change this setting in bulk for multiple distribution groups, you can use this method:

 

Refer to the Technet page for the Get-DistributionGroup cmdlet for reference on how to structure the criteria to select your groups: Technet

 

Once you’ve confirmed that the setting has been updated, attempt the email notification again. The distribution groups should no longer fail to receive email notifications.

 

Hopefully this will help if you ever run into this situation. If there are any questions, please feel free to post them below.

By |2016-06-09T08:14:44+00:00July 8th, 2015|SCOM, SCSM|0 Comments

About the Author:

Solutions Architect / Team Lead – Model Technology Solutions Gabriel specializes in SCOM, SCSM, Orchestrator, and PowerShell, along with experience in several Azure technologies and other server roles. Gabriel has spoken at several regional conferences and user group meetings about leveraging Microsoft’s datacenter and automation technologies to solve specific problems. Gabriel’s attention to detail and relentless pursuit of perfection may one day make his brain explode from information overload. Hopefully they will have a cure before then.

Model Technology

Let us help you get your end point and data center strategy on cruise control!  Ask about our Calibration Assessment.

CONTACT US

  • 12125 Woodcrest Executive Drive, Ste. 204 Creve Coeur, MO 63141
  • (314) 254-4138
  • sales@model-technology.com

RECENT TWEETS