Troubleshoot email delivery using the Exchange Online message trace tool

Office 365 Small Business admins can troubleshoot mail flow problems by using the Exchange Online message trace tool in the Exchange admin center. The tool helps admins track specific messages sent in the past seven days.

After you run a message trace, if you can’t diagnose the problem yourself, you can use the detailed information from the tool to post a question to the Office 365 Community or to submit a service request.

 Note    Everyone in your organization can use delivery reports in Outlook Web App to check the delivery status of messages they’ve sent or received. For example, if someone has sent a message to five people, they can check the status of the delivery of that message to each person. If people need more help, they can send the delivery report to their admin to troubleshoot using the message trace tool. Admins should also educate people in their organization about spam and virus protection in Office 365 Small Business. Having trouble getting email set up after adding your custom domain? See Troubleshoot email issues after you add your custom domain in Office 365.

What do you want to do?

Run a message trace

The message trace tool is located in the Exchange admin center (EAC), which is connected to the Office 365 portal.

Access the EAC

  1. In the Office 365 portal, at the top of the page, select Outlook.
  2. In Outlook Web App, go to the address bar in your browser and replace the URL to the right of https://outlook.office365.com/ with ECP. For example, if your Outlook Web App URL is https://podxxx.outlook.com/owa/..., change it to https://podxxx.outlook.com/ECP, and hit ENTER. That will take you to the Exchange admin center.
  3. Bookmark the EAC in your browser for future access.

Set up the message trace

  1. In the EAC, go to Mail flow > Message trace.

Exchange Online message trace tool in the Exchange admin center

  1. Fill out the following fields, as needed. None of these fields is required. If you click Search without entering anything, you’ll get all message trace data for the default time period, which is the last 48 hours.
  • Sender   Narrow the search to specific senders by adding users to the Sender field.
    • Click Add users, select one or more senders from your organization, and then click Add. To add external users who aren’t on the list, in the Check names box, type their email addresses and click Check names. When you are done, click OK.
  • Recipient   Narrow the search to specific recipients by adding users to the Recipient field.
    • Click Add users, select one or more recipients from your organization, and then click Add. To add external users who aren’t on the list, in the Check names box, type their email addresses and click Check names. When you are done, click OK.
  • Message was sent or received   Select the time interval during which a message was sent or received. Choose among:
    • Last 24 hours
    • Last 48 hours   This is the default value.
    • Last 7 days   For messages sent or received within the last seven days, starting at 12:00 A.M. on the day you run the message trace.
    • Custom   Select the time zone and the time interval you want.

 Note    Data is retained by the service for seven days.

  • Delivery status   You can search by the specific status of a message or messages. Leave this field blank to cover all statuses. Otherwise, choose among:
  • Delivered   The message or messages were successfully delivered to the intended destination.
  • Failed   The message or messages weren’t delivered. Either delivery was attempted and failed, or delivery was prevented by the filtering service. For example, the filtering service may have determined that a message contained malware.
  • Pending   Delivery of the message or messages is still being attempted or re-attempted.
  • Expanded   The message or messages were sent to a distribution group and was expanded so the members of the group can be viewed individually.
  • Unknown   Delivery status is unknown and no details are available.
  • Message ID   The Internet message ID (also known as the client ID) found in the header of the message with the Message-ID: token. Its format varies depending on the sending mail system. The following is an example: <[email protected]>. If you know the message ID, it may help in troubleshooting.
  1. Click Search to run the message trace.

To change your search criteria, click Clear.

Top of Page Top of Page

View the results of the message trace

After you’ve run the message trace, the results appear in a list, sorted by date, with the most recent message on top. To sort the results, click the top of any column. Click it again to reverse the order.

The following information is provided for each message:

  • Date   The date and time the message was received by the service, using the Coordinated Universal Time (UTC) time standard
  • Sender   The email address of the sender
  • Recipient   The email address of the recipient or recipients. For messages sent to more than one recipient, there is one line per recipient.

If a recipient is a distribution group, the distribution group will be the first recipient, and then each member of the distribution group will be included on a separate line so you can check status for all recipients.

  • Subject   The subject line of the message. This field is limited to 256 characters, so the end of the subject line may be truncated.
  • Status   This field shows delivery status.

 Note    The results are displayed in a scrollable list that can display up to 500 entries per page. You can scroll to additional pages if there are more than 500 entries.

Top of Page Top of Page

View details about a specific message

To view details about a specific message, double-click the message in the list to view the following details:

  • Sender   The email address of the sender
  • Recipient   The email address of the recipient.
  • Message size   The size of the message, including attachments, in kilobytes (KB), or, if the message is bigger than 999 KB, in megabytes (MB).
  • Message ID   The Internet message ID. This ID should be unique, but its uniqueness isn’t guaranteed.
  • To IP   The IP address or addresses to which the service attempted to deliver the message. If there is more than one recipient, all the IP addresses are displayed. For inbound messages, this value is blank.
  • From IP   The IP address of the computer that sent the message. For outbound messages, this value is blank.
  • Delivery status   This field shows delivery status.

In the table under Delivery status, you’ll find information about what’s happened to the message as it passed through the messaging pipeline. We recommend you read these events from the most recent event on the bottom to the top:

  • Date   The date and time that an event occurred. The Date column helps you follow the message through the messaging pipeline and indicates how long the service takes to process each event.
  • Event   This field briefly tells you what happened, for example, if the message was received by the service, if it was delivered or failed to be delivered to the intended recipient, and so on. The following are examples of events:
    • RECEIVE   The message was received by Exchange Online.
    • SEND   The message was sent by Exchange Online.
    • FAIL   The message wasn’t delivered.
    • DELIVER   The message was delivered to a mailbox.
    • EXPAND   The message was sent to a distribution group that was expanded.
    • DEFER   Delivery was postponed and may be re-attempted later.
  • Action   This field shows what action was performed if the message was filtered. For example, it may say a message was detected as spam and deleted.
  • Detail   This field provides more details about what happened. For example, it may tell you which specific malware was detected in which specific attachment, why a message was detected as spam, or that a message is extremely large. If the message was successfully delivered, it can tell you the IP address to which it was delivered.

Top of Page Top of Page

Troubleshoot the problem using the results

So why didn’t someone receive a message they were expecting? Why did someone get a non-delivery report (NDR) for a message they sent?

Here’s where the troubleshooting comes in!

Use the various fields in the message trace tool to hone in on the cause of a delivery failure. For example, you probably know who sent the message to whom, and the general time the message was sent, so that’s a good place to start:

  1. Select a sender, a recipient or recipients, and the time interval.
  2. Click Search to run the message trace.
  3. In the list of results, look for messages with a delivery status of Failed or Pending.
  4. Double-click the message you are interested in to view the details:
  • The Events section explains why a message hasn’t been delivered.
  • The Detail column for a specific event may explain why the message wasn’t received. Check to see if the message was sent, if it was successfully received by Exchange Online, if it was filtered or redirected by the filtering service, or if it was subject to any delivery failures or delays.
  • The Date column helps you follow the message through the messaging pipeline and indicates how long the service takes to process each event.
  • The Detail column also tells you if the message is extremely large or the destination isn’t responsive.

Top of Page Top of Page

Still can’t figure out what went wrong?

Post a question to the Office 365 Community, or ask for customer support by filling a service request, as follows:

  1. Go to Admin > Support > New service request.
  2. On the Identify issue page, enter the following information, and then click Next:
  • Issue type: Technical Support
  • Service: Exchange Online for Office 365 for Small Businesses
  • Service area: Mail Flow
  • Problem description: Message trace
  • Domain: As appropriate
  • Operating system: As appropriate
  • Microsoft Office version: As appropriate
  • Browser: As appropriate
  1. On the Add details page, describe your issue, using the information you’ve collected from the message trace, and then click Next.
  2. On the Attach file page, you can attach up to five screen shots or other documents. Then click Submit.
  3. You’ll get confirmation of the request and a link on the Service requests page to follow the status of the request.

Top of Page Top of Page

Message trace FAQ

ShowAfter a message is sent, how long before a message trace can pick it up?

Message trace data can appear as soon as 10 minutes after a message is sent, or it can take up to one hour.

ShowWhy am I getting a timeout error when I run a message trace?

The search is probably taking too long. Try simplifying your search criteria.

ShowWhy is my message taking so long to arrive to its destination?

Possible causes include the following:

  • The intended destination isn’t responsive. This is the most likely scenario.
  • A large message takes a long time to process.
  • Latency in the service is causing delays.
  • The message was blocked by the filtering service.

Follow the instructions in the View details about a specific message section to understand the possible causes.

Top of Page Top of Page

 
 
Applies to:
Office 365 operated by 21Vianet - Small Business admin, Office 365 Small Business admin