none
Exchange 2010 Partner Domain Send Connector refuses messages from O365 Hybrid due to authentication failure

    Question

  • I'm running a Hybrid Exchange 2010 / Office 365 environment and am in the process of migrating our users from on-premise to O365.

    On my premise Exchange 2010 server, I have some specific Send Connectors setup between my domain and partner domains.

    If a mailbox <g class="gr_ gr_17 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="17" id="17">on premise</g> sends to this domain (defined in Send Connector) the message delivers fine. If the mailbox is on O365, the message fails to send with error "#550 5.7.1 RESOLVER.RST.AuthRequired; authentication required ##" I have added the SPF entries for protection.outlook.com to our public records, and that has populated out, however, the error remains.

    The messages are making it from O365 to my premise Exchange, and it is my premise Exchange that is rejecting the message instead of sending it through the connector.

    I've already worked with and MSFT in the O365 group. He was unable to help and suggested I try this group instead.

    Saturday, January 7, 2017 9:33 PM

All replies

  • Did you change anything on the default connectors that have been created by the hybrid wizard.

    It seems to me that you are trying to relay an email from office 365 over your onprem to your partner . it is better to just send the email via o365 to your partner.

    Look at the domain you have configured in the send connector from office 365 to your onprem and make sure your partners domain is not included. this way mailflow will be direct.

    Second workaround ( but less secure )  is to change the default office 365 receive connector onpremises to accept unauthenticated traffic and assign it relay permissions. make sure the ip scope of the connector only includes office 365 Ips or the source Ip of the NAT device in between.

    Both options are not optimal but are workarounds. to get a solution we need more data like the full setup of the connectors.


    MCTS exchange 2013 | MCTS-MCITP exchange 2010 | MCTS-MCITP Exchange: 2007 | MCSA Messaging: 2003 | MCP windows 2000

    Saturday, January 7, 2017 10:19 PM
  • Martijn,

    Thank you for the information, it leads me down the correct path. I'd been looking at the Send Connector as the problem, and it was the Receive Connector from O365. The Receive Connector was actually setup for unauthenticated connections - I've modified these and am now able to send to our partner again.

    Tuesday, January 10, 2017 5:43 PM
  • Hi Joshua,

    Glad to hear that you have solved the issue.


    Best Regards,
    David Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, January 11, 2017 1:42 AM
    Moderator
  • Please also mark some helpful replies as answers so that someone who has similar issue could find the solution as soon as possible.
    Thanks for your collaboration and understanding.

    Best Regards,
    David Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 7, 2017 5:49 AM
    Moderator