SaaS Email Archive System Alert

Our company utilizes the McAfee email archiving system. The system works by haveing all mail we want archived journeled in exchange 2010 into a journal mailbox then have the SAAS solution pick up mail from that mailbox through IMAP.

The solution works and several thousand emails are picked up and archived every day through the solution. However every day or every other day at least one alert comes to us admins saying that there was an unrecognized message format and that there is something wrong with our exchange server... Where should i even start to look for this because i dont feel like there is something wrong with the exchange server..


Thisalert was generated by your SaaS Email Archiving service:

The mail source "mcarchive-external" is configured to ingest messagesin (unknown) format but encountered 1 message(s)
that are not a recognizable journal format and so were ingested as a genericemail message.
This usually occurs as a result of a misconfiguration of your Exchange Serverresulting in non-journal messages ending up in the journal mailbox.
Please review the SaaS Email Archiving setup documentation to make sure thatnon-journal messages cannot end up on the journal mailbox.

To help you troubleshoot, you can view some of the improperly formattedmessages by signing into
the SaaS Email Archiving Control Console and performing an "Archive IDSearch" for any of these Archive IDs:


Alert ID: 53179302


Greetings iknowgod,

Being that you're only receiving the occational messages, you shouldn't be too concerned. This alert is sent out any time the Archiving system encounteres an message that is not in the format it is designated to ingest. For example, if the Archive mail source is set to look for Exchange 2007 journaled mail, and a message is in the mailbox that is not in that journal-format, it will be ingested as Generic and an alert will be issued. Take a look at the message ID's it is alerting on to see if you notice any patterns, such as calendar invites or messages to a specific sender or user.

Generally though, this alert will trigger if the following settings are not properly configured (see your server documentation for details):

- The journal mailbox is not configured to not receive any email directly, i.e. messages are being delivered directly to the mailbox and are not being journaled by Exchange.

- A server administrator is manually moving messages into the Journal Mailbox, which prevents them from being journaled.

- Some message types, such as Outlook Calendar Invites or Invite Replies are being ingested. Although these are sent over email, they are not the same as an email message and are not formatted the same.

I'd recommend starting there, along with checking for patterns in the messages causing alerts.

I have seen messages before that where autoreplies or some sort that ended up in the mailbox that could have caused problems like you said. I’m going to need a bit of time to look through each of the errors I get back and determine the type of email it was that had problems being ingested and get back with you.

I will return and mark as answer when I am sure.

Thank you.

My archive ID for the email that came in was f00e1c2bbd76496b8dfd853ca0802c363fa3acac

however this ID was never searchable from within the archive even after everything has been ingested (states No messages matching the search criteria were found)

I also dont see anything sitting in the mailbox saying it cant be injested.

so again im not sure were that puts me. or how to troubleshoot. 

