As an Exchange expert, I have encountered a scenario where journaling is not working as expected in an Exchange 2016 hybrid environment. The issue at hand is that internal emails are being journaled properly, but external emails from services like Gmail and Hotmail are not being recorded in the journal. In this blog post, I will delve into the possible causes of this behavior and provide solutions to resolve the issue.

Background

———-

Journaling is a feature in Exchange that allows you to capture and store a copy of every email message sent or received by a user. This feature is useful for compliance, e-discovery, and auditing purposes. In an Exchange 2016 hybrid environment, journaling can be enabled at the database level, and it applies to all mailboxes on that database.

Symptoms

———

The symptoms of the issue are as follows:

* Internal emails are being journaled properly.

* External emails from services like Gmail and Hotmail are not being recorded in the journal.

Possible Causes

—————–

Based on my experience, there could be several reasons why external emails are not being journaled. Here are some possible causes:

1. Incorrect Journaling Settings: The journaling settings might not be configured correctly for the external domains. Make sure that the journaling settings are applied to all mailboxes on the affected databases.

2. Firewall Blocking Journaling Traffic: Firewalls can sometimes block the journaling traffic, causing issues with journaling. Ensure that the necessary firewall rules are in place to allow journaling traffic to and from the Exchange servers.

3. Incorrect Certificate Configuration: If the external domains do not have a valid certificate, journaling might not work correctly. Make sure that the certificates for the external domains are properly configured.

4. DNS Resolution Issues: DNS resolution issues can also cause journaling to fail. Ensure that the DNS records for the external domains are correct and resolved to the appropriate IP addresses.

5. Incorrect Mail Flow Configuration: If the mail flow is not configured correctly, journaling might not work as expected. Make sure that the mail flow settings are properly configured, especially for the external domains.

Solutions

———-

To resolve the issue, follow these steps:

1. Verify Journaling Settings: Verify that the journaling settings are applied to all mailboxes on the affected databases. Use the Exchange Management Shell to run the following command to verify the journaling settings:

“`

Get-Mailbox -database | Format-List Journaling

“`

Replace “ with the name of the database where the issue is occurring.

2. Check Firewall Settings: Check the firewall settings to ensure that they are not blocking journaling traffic. Allow inbound and outbound traffic on port 25 and port 465 (if using SSL/TLS) for the Exchange servers.

3. Validate Certificate Configuration: Verify that the certificates for the external domains are properly configured. Use the Exchange Management Shell to run the following command to validate the certificate configuration:

“`

Get-Mailbox -database | Format-List Certificate

“`

Replace “ with the name of the database where the issue is occurring.

4. Check DNS Resolution: Verify that the DNS records for the external domains are correct and resolved to the appropriate IP addresses. Use tools like `nslookup` or `ping` to verify the DNS resolution.

5. Correct Mail Flow Configuration: Ensure that the mail flow settings are properly configured, especially for the external domains. Use the Exchange Management Shell to run the following command to verify the mail flow settings:

“`

Get-Mailbox -database | Format-List MailFlow

“`

Replace “ with the name of the database where the issue is occurring.

6. Disable and Re-Enable Journaling: Sometimes, disabling and re-enabling journaling can resolve the issue. Use the Exchange Management Shell to run the following command to disable journaling:

“`

Disable-Journaling -Identity -Database

“`

Replace “ with the identity of the mailbox where the issue is occurring, and “ with the name of the database where the issue is occurring. Then, enable journaling again using the following command:

“`

Enable-Journaling -Identity -Database

“`

Replace “ with the identity of the mailbox where the issue is occurring, and “ with the name of the database where the issue is occurring.

Conclusion

———-

In conclusion, journaling is an essential feature in Exchange that allows you to capture and store a copy of every email message sent or received by a user. In an Exchange 2016 hybrid environment, journaling can be enabled at the database level, and it applies to all mailboxes on that database. However, if external emails from services like Gmail and Hotmail are not being recorded in the journal, there could be several reasons why. By understanding the possible causes and solutions, you can resolve the issue and ensure that journaling is working correctly in your Exchange environment.