Topic Last Modified: 2006-05-17
The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine whether the Exchange server is running Exchange Server 2003 Service Pack 2 (SP2) and is configured to expand distribution groups when it checks delivery restrictions:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeTransport\Parameters\RestrictionMethod
- A value of 1 for this entry means that the server is
configured to expand distribution groups when it checks delivery
restrictions.
- A value of 2 for this entry indicates that the server is
configured not to expand distribution groups when it checks
delivery restrictions.
If the Exchange Server Analyzer finds that the server is set up to expand distribution groups when it checks delivery restrictions, the Exchange Server Analyzer then checks the server event logs to see whether error events 6004, 6006, and 6008 have all occurred in the past 24 hours.
These events indicate that messages are being trapped in the message categorizer. The message categorizer is a component of the advanced queuing engine that sends Lightweight Directory Access Protocol (LDAP) queries to the global catalog server to perform directory lookups.
Finally, the Exchange Server Analyzer queries the Active Directory® directory service to determine the following:
- Whether there are more than 500 mailboxes in the forest
that have delivery restrictions set so that at least one
distribution group is used either to permit or prohibit
senders.
- Whether a Routing Group Connector has delivery restrictions
based on distribution group membership and the bridgehead server
has connector restriction checking enabled.
- Whether an SMTP connector has delivery restrictions based on
distribution groups membership and the bridgehead server has
connector restriction checking enabled.
The Exchange Server Analyzer displays an error if the following conditions are true:
- The Exchange Server 2003 SP2 server is configured to
expand distribution groups when it checks delivery
restrictions.
- The Exchange server has logged events 6004, 6006,
and 6008 in the past 24 hours.
- There are more than 500 mailboxes in the forest that have
delivery restrictions set so that at least one distribution group
is used either to permit or prohibit senders, or there is a
Routing Group Connector that has delivery restrictions based on
distribution groups membership and the bridgehead server has
connector restriction checking enabled, or an SMTP connector
has delivery restrictions based on distribution groups membership
and the bridgehead server has connector restriction checking
enabled.
The RestrictionMethod value determines how the categorizer will process restrictions. The default behavior for the categorizer is to recursively expand distribution groups and check restrictions for each message that passes through the system. When an e-mail message is sent to a recipient that is configured to have a restriction that rejects messages from members of a particular distribution group or security group, Exchange Server must expand that group to make sure that the sender is not a member of the restricted group. The results of this group expansion are not cached by Exchange Server and must be performed every time. This causes the messages to be held in the categorizer queues and may delay message processing.
If you set the value of RestrictionMethod to 2, the transport components on this Exchange server will not expand membership of distribution groups when the server checks restrictions. This configuration provides the best performance for restriction checks. Additionally, for the RestrictionMethod registry entry to take effect, all distribution groups that include users who have delivery restrictions must be flat. That is, the restricted distribution groups must not have nested distribution groups. The expansion logic will not work if the restricted distribution groups are nested.
For distribution groups that are used in connector restrictions, it is recommended that you set the RestrictionMethod registry entry value on a connector bridgehead server that has no mailboxes. For Active Directory user restrictions, if the restricted distribution groups have expansion servers, it is recommended that you create the RestrictionMethod registry entry on the expansion servers.
For more information about what occurs when delivery restrictions are configured, see Microsoft Knowledge Base article 812298, "Mail delivery is slow after you configure delivery restrictions that are based on a distribution list" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=812298).
For more information about the RestrictionMethod registry value, see Microsoft Knowledge Base article 895407, "In Exchange Server 2003, message delivery to local mailboxes and to external mailboxes is slower than you expect after you configure delivery restrictions based on distribution groups" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=895407).
For more information about Exchange Server 2003 events and errors, see the "Events and Errors Message Center" (http://go.microsoft.com/fwlink/?LinkId=34258).
For more information about Connector Restrictions, see Microsoft Knowledge Base article 277872, "XCON: Connector Delivery Restrictions May Not Work Correctly" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=277872).
For more information about the SMTP Queues, see Microsoft Knowledge Base article 884996,"Messages remain in the 'Messages awaiting directory lookup' SMTP queue in Exchange Server 2003 or in Exchange 2000 Server" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=884996).