Exchange Size Limits

Exchange Size Limits KB ID 0001368

Problem

When attempting to send an email from Outlook via Exchange,  you see a message like the one below.

The following files weren’t attached because adding them would cause the message to exceed the maximum size limit of {Size} MB: {File-Name}

Or, when someone attempts to send a message to one of your mailbox users they get an NDR that looks like this.

Remote Server returned ‘550 5.2.3 RESOLVER.RST.RecipSizeLimit; message too large for this recipient’

Solution: Exchange Size Limits

There are a few places this can be set, (three main places and few obscure ones!), Let’s deal with the most common one first.

Transport ‘System Wide Settings’: Exchange Size Limits

TransportConfig: This has a maximum send and a maximum receive size, to view yours use the following command.

[box]

Get-TransportConfig | format-list MaxSendSize, MaxReceiveSize

[/box]

If one of them is tripping you up, you can change the sizes with the following command.

[box]

Set-TransportConfig -MaxSendSize 100MB -MaxReceiveSize 100MB

[/box]

Send & Receive Connectors: Exchange Size Limits (PowerShell)

Send Connector: This has a maximum message size, to view yours use the following command.

[box]

Get-SendConnector | format-list Name, name,maxmessagesize

[/box]

To change the limit on a specific send connector , use the following command.

[box]

Set-SendConnector "{connector-name}" -MaxMessageSize 100MB

[/box]

To change the limit on all send connectors , use the following command.

[box]

Get-SendConnector | Set-SendConnector -MaxMessageSize 100MB

[/box]

ReceiveConnector: This has a maximum message size, to view yours, use the following command.

[box]

Get-ReceiveConnector | format-table Name, MaxMessageSize

[/box]

You will have many, the one you probably want to change is called “Default Frontend {Server-name}” To change the limit, use the following command;

[box]

Set-ReceiveConnector "{connector-name}" -MaxMessageSize 100MB

[/box]

To change the limit on all receive connectors , use the following command.

[box]

Get-ReceiveConnector | Set-SendConnector -MaxMessageSize 100MB

[/box]

Send & Receive Connectors: Exchange Size Limits (Exchange Admin Center)

Send Connector: If you prefer to do things in the GUI, then Mail flow > Send Connectors > Select the send connector > Edit > Maximum Send Message (MB) > Set accordingly > Save.

Receive Connector: Mail Flow > Receive Connectors > Select the receive connector (usually the Default Frontend  {server-name} connector > Edit > Maximum Receive Message Size > Save.

User ‘Mailbox’: Exchange Size Limits (PowerShell)

You can set individual limits on a particular mailbox. BUT Remember MOST RESTRICTIVE LIMITS WILL APPLY, so if you set a mailbox to 50o0Mb send receive, then, if the connectors the mail travels through, have a more restrictive figure, or the global transport figure is more restrictive the message WILL BE BLOCKED. UNLESS: The message is between two mailboxes internally. So it’s sensible practice to only set a mailbox restriction to LOWER than the connectors or system wide settings.

[box]

Set-Mailbox -Identity "user-name" -MaxSendSize 100MB -MaxReceiveSize 100MB

[/box]

To ensure that worked or view max limits for a particular user use the following syntax.

[box]

Get-Mailbox -Identity "user-name" | format-table MaxSendSize,MaxReceiveSize

[/box]

User ‘Mailbox’: Exchange Size Limits (Exchange Admin Center)

Again this can also be done front the web management console > Recipients > Mailboxes > Select the user to be changed > Edit > Mailbox Features > Message Size Restrictions > View Details > Set accordingly > OK > Save.

I’ve Done All This And It Still Wont Work? 

Sometimes the settings above don’t take effect until all the AppPools in IIS (on the CAS servers) have been restarted, an IISRESET command should solve the problem, (or a reboot if you can handle the downtime.) However even then in some cases you will continue to see the same error message. There are three places that it can still be misconfigured.

OWA Config File

Open the File located at;

%ExchangeInstallPath%ClientAccess\owa\web.config

Locate and set the maxRequestLength (NOTE: the value is in Kilobits)

EWS Config File

Open the File located at;

%ExchangeInstallPath%ClientAccess\exchweb\ews\web.config

Locate and set the maxRequestLength (NOTE: the value is in Kilobits)

ActiveSync (Sync)  Config File

Open the File located at;

%ExchangeInstallPath%ClientAccess\Sync\web.config

Locate and set the maxRequestLength (NOTE: the value is in Kilobits)

Having changed these values, perform an IISRESET;

Repeat for any additional servers.

Related Articles, References, Credits, or External Links

Message Size Limits on Exchange 2003

Exchange – Message Not Sent ‘Because there are too many recipients’

No Mail Flow On-Premises To/From Office 365

KB ID 0001631

Problem

I upgraded my On-Premises Hybrid Exchange server recently, from Exchange 2016 to Exchange 2019. I remembered to add the new server onto the Office 365 send connector, but there was no mail flow between an on premises mailbox and an office365 mailbox?

Solution

This happens because, (even if you are using the same certificate on the new and old servers) the certificate that is used for TLS security between your on-premises Exchange server and Exchange online, does not get ’embedded’ properly on the send/receive connectors. You may see either (or both) of the following two problems.

Check The Office 365 Mail Flow

Log into Office 365 > Admin > Exchange Admin Center > Mail Flow > Connectors > Select the ‘Outbound’ connector > Validate this connector.

Herein lies the problem!

450 4.4.317 Cannot connect to remote server [Message=SubjectMismatch] [LastAttemptedServerName={on-prem-fqdn}] [LastAttemptedIP={on-prem-ip}}:25] [{outlook-FQDN}]

At first I thought the on-premises server was presenting the wrong cert for TLS, turns out it was not presenting a cert at all! You can check by executing the following command on the RECEIVE CONNECTOR;

[box]

Get-ReceiveConnector "{SERVER-NAME}\Default Frontend {SERVER-NAME}" | fl TlsCertificateName  

[/box]

If it returns no entry (like the image below), then you need to simply attach the correct certificate. To do that first get the ‘thumbprint’ of the correct certificate;

[box]

Get-ExchangeCertificate  

[/box]

Copy the correct thumbprint, and embed it with the following commands;

[box]

$tlscert=Get-ExchangeCertificate {THUMBPRINT}
$tlscertname="<I>$($TLScert.Issuer)<S>$($TLSCert.Subject)"
Get-ReceiveConnector "{SERVER_NAME}\Default Frontend {SERVER_NAME}" | Set-ReceiveConnector -TlsCertificateName $tlscertname
Restart-Service MSExchangeTransport

[/box]

Now test validation again from Office 365 portal.

Check The Office On-Premises Mail Flow

To do this, open Exchange Tools > Queue Viewer, and you will probably see something like this;

454 4.7.5 The certificate specified in TlsCertificateName of the SendConnector could not be found.

To fix this, the procedure is much the same as above, only this time you perform the procedure on the SEND CONNECTOR ;

Note: I’m assuming you are using the same Thumbprint you used above,

[box]

$tlscert=Get-ExchangeCertificate -Thumbprint {THUMBPRINT}
$tlscertname = (‘<I>’+$tlscert.issuer+'<S>’+$tlscert.subject)
Set-SendConnector -Identity "Outbound to Office 365" -TLSCertificateName $tlscertname
Restart-Service MSExchangeTransport

[/box]

By the time you go back to Queue viewer the queues should have started to empty.

Related Articles, References, Credits, or External Links

NA