none
Exchange Online Hybrid Mail Flow Issues RRS feed

  • Question

  • Hello,

    i'm trying to deploy Exchange Online using Hybrid method for some time now, but i'm still stuck with my 'test accounts'.

    Some basic info:

    Exchange On-Premises: 2010 SP3

    Mail domain: XXX.com

    Local domain: XXX.com

    MX: MX1.xxx.com, MX2.xxx.com (both local, Cisco C170 Email Security Appliances). I'm not planning to use EOP mxs for now.

    Azure AD Connect: newest and working 1.1.380.0

    Basically i run HCW already some time ago, and everything should be fine etc. I got 2 test accounts migrated already to Exchange Online, i can log to them and all, but now i got some problems with mail flow with them.

    I can send and receive messages between onpremises and online, i can send from online to external addresses (i.e. gmail), but i can't receive messages sent from external to online. I can see them in IronPort message logs, Exchange took them, and that's it, i don't know where are they going after that. 

    So, Exchange configuration:

    Hybrid Configuration - Done

    Federation Trust - Done

    Organization Relationships - Done:

    - On-premises to O365 - {ID}, Domains: XXX.mail.onmicrosoft.com, Sharing Enabled: True, Calendar Enabled: True

    Accepted Domains On-Premises:

    XXX.com - Internal Relay

    XXX.mail.onmicrosoft.com - Internal Relay

    Remote Domains On-Premises:

    * - Allow external out-of-office messages only

    Hybrid Domain - XXX.com - Allow external out-of-office messages only

    Hybrid Domain - XXX.mail.onmicrosoft.com - Allow external out-of-office messages only

    Hybrid Domain - XXX.onmicrosoft.com - Allow external out-of-office messages only

    Send Connectors:

    - MX1 - Route through my MX1

    - MX2  - Route through my MX2

    I think i am missing some "Outbound to Office 365" send connector here, but i have no idea how to configure it properly.

    Accepted Domains EAC:

    XXX.com - Internal Relay

    XXX.mail.onmicrosoft.com - Internet Relay

    XXX.onmicrosoft.com - Authoritative

    Remote Domains EAC:

    * - Default - Allow external out-of-office messages only

    Hybrid Domain - XXX.com - Allow external out-of-office messages only

    Hybrid Domain - XXX.mail.onmicrosoft.com - Allow external out-of-office messages only

    Hybrid Domain - XXX.onmicrosoft.com - Allow external out-of-office messages only

    Connectors EAC:

    Outbound to {ID} - FROM: Office 365, TO: My Server

    Inbound from {ID} - FROM: My Server TO: Office 365

    It's default, i didn't change anything here.

    Migrated Accounts:

    u.test1@XXX.com - Remote User Mailbox - Routing E-mail Address SMTP: u.test1@XXX.mail.onmicrosoft.com

    u.test2@XXX.com - Remote User Mailbox - Routing E-mail Address SMTP: u.test2@XXX.mail.onmicrosoft.com

    What am i missing? What did i clicked wrong?

    How on earth can i tell what is going on with extermal message after it has gone through my IronPort to Exchange Already?

    I just want those 2 test accounts fully working before i will make next step and migrate any other user from On-Premises to Online.



    • Changed type sthEnPL Friday, February 24, 2017 1:49 PM
    • Edited by sthEnPL Friday, February 24, 2017 1:50 PM
    Friday, February 24, 2017 1:41 PM

All replies

  • Hello,

    Need some additional info to isolate the issue.

    • External emails are not receiving recently or when you setup hybrid itself?
    • Can you check the HomeMDB value in ADSI Edit?
    • And the msexchangerecipienttypedetails value?

    If the homeMDB/recipienttypedetails value is still pointing your exchange server, the emails won't get delivered in office 365.

    Ref:

    https://blogs.technet.microsoft.com/johnbai/2013/09/11/o365-exchange-and-ad-how-msexchrecipientdisplaytype-and-msexchangerecipienttypedetails-relate-to-your-on-premises/

    Regards,

    Vishagan

    Friday, February 24, 2017 3:13 PM
  • Hi 

    Please check target address attribute for the affected online mailbox? Does it have a correct prefix like smtp:tenant.mail.onmicrosoft.com

    If emails are to be seen from gateway to Exchange server > Then possibly a mail loop if there is no NDR

    Run Get-sendconnector and share the output from Onprem to see if a send connector is created by Hybrid wizard from Onprem to O365 

    See below article for connectors:-

    - https://technet.microsoft.com/en-IN/library/dn751020(v=exchg.150).aspx

    Generally in Hybrid:-

    MX pointing to On prem > domain set as internal relay > external email reaches to Gateway> Through connector reaches the exchange server on prem > Queries AD and validates the location of the mailbox > It sees the migrated user is a mail enabled user (Target address) and via send connector sends an email to O365 user


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/




    • Edited by Akabe Friday, February 24, 2017 3:32 PM
    Friday, February 24, 2017 3:24 PM
  • Hello,

    Need some additional info to isolate the issue.

    • External emails are not receiving recently or when you setup hybrid itself?
    • Can you check the HomeMDB value in ADSI Edit?
    • And the msexchangerecipienttypedetails value?

    If the homeMDB/recipienttypedetails value is still pointing your exchange server, the emails won't get delivered in office 365.

    Ref:

    https://blogs.technet.microsoft.com/johnbai/2013/09/11/o365-exchange-and-ad-how-msexchrecipientdisplaytype-and-msexchangerecipienttypedetails-relate-to-your-on-premises/

    Regards,

    Vishagan

    To be more specific:

    External Emails are not working only for my test ONLINE Accounts. External Emails sent to my on-premises Accounts are working perfectly finy.

    Attributes in AD account that i migrate to Exchange Online:

    HomeMDB attribute is not filled

    msExchRecipientTypeDetails = 2147483648 (which is RemoteMailbox i guess)

    Friday, February 24, 2017 3:39 PM
  • Hi 

    Please check target address attribute for the affected online mailbox? Does it have a correct prefix like smtp:tenant.mail.onmicrosoft.com

    If emails are to be seen from gateway to Exchange server > Then possibly a mail loop

    Run Get-sendconnector and share the output from Onprem to see if a send connector is created by Hybrid wizard from Onprem to O365 

    See below article for connectors:-

    - https://technet.microsoft.com/en-IN/library/dn751020(v=exchg.150).aspx


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/


    targetAddress attribute: SMTP:u.test1@XXX.mail.onmicrosoft.com

    get-sendconnector

    Identity               AddressSpaces                               Enabled
    --------               -------------                               -------
    Postfix                {SMTP:*.XXX.com.pl;5, SMTP:*.XXXX.com;5}     False  
    MX2                    {SMTP:*;10}                                  True   
    MX1                    {SMTP:*;10}                                  True   
    Outbound to Office 365 {smtp:XXX.mail.onmicrosoft.com;1}            False  

    Outbound to Office 365 is disabled because i changed it in meantime, and i have no idea how to configure it back properly (i mean what FQDN, address space and smarthosts to use)



    • Edited by sthEnPL Friday, February 24, 2017 3:45 PM
    Friday, February 24, 2017 3:42 PM
  • change the affected cloud users target address as smtp:u.test1@XXX.mail.onmicrosoft.com. This address will be added as an alias not the primary smtp address in the user's mailbox > force the sync

    In EXO powershell

    Get-mailbox | fl email*, prim*

    Also run get-recipient  | fl reci* for a cloud mailbox on on prem shell and share the details


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/




    • Edited by Akabe Friday, February 24, 2017 3:53 PM
    Friday, February 24, 2017 3:45 PM
  • But it is already added as an alias.

    u.test1 currently:

    SMTP:

    u.test1@XXX.mail.onmicrosoft.com

    u.test1@XXX.com (primary / default)

    Routing E-mail Address:

    SMTP: u.test1@XXX.mail.onmicrosoft.com

    Get-maibox for online mailbox:

    EmailAddresses            : {x500:/o=XXX Group/ou=Exchange Administrative Group (FY...)/cn=Recipients/cn=userYYYYY, X500:/o=XXXXGroup/ou=External (FY...)/cn=Recipients/cn=0.....8
                                cebad5, SPO:SPO_9....ba@SPO_a301.....17, SIP:u.test1@XXX.com...}

    EmailAddressPolicyEnabled : False

    PrimarySmtpAddress        : u.test1@XXX.com


    • Edited by sthEnPL Friday, February 24, 2017 3:57 PM
    Friday, February 24, 2017 3:53 PM
  • SMTP- is the primary (Upper case)

    smtp- Is an alias (Lower case)

    Under proxy address tab of a cloud mailbox > primary address will be SMTP:u.test1@XXX.com and alias would be smtp:u.test1@XXX.mail.onmicrosoft.com

    This is why i think you do not see the next path. I think it is a mail loop issue. It is unable to find the next route or hop based on the primary address


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/


    • Edited by Akabe Friday, February 24, 2017 3:56 PM
    Friday, February 24, 2017 3:55 PM
  • Does it change anything if i say, that emails sent to u.test1@XXX.mail.onmicrosoft.com and u.test1@XXX.onmicrosoft.com are working fine? 
    Friday, February 24, 2017 4:03 PM
  • It would not break anything as it wilL fix your problem

    A mailbox can only have one primary SMTP address and followed by multiple email aliases (smtp)

    In your case the user is associated with two Primary addresses and that is why it is not in a condition to deleiver that external email 

    Run message trace againt the cloud mailbox and you will see the deliver store would not be seen 

    Two things:-

    Proxyaddress tab > Make sure smtp:u.test1@XXX.mail.onmicrosoft.com and SMTP:u.test1@DOMAIN.COM

    Target address:- smtp:u.test1@XXX.mail.onmicrosoft.com

    Force the dirsync/AAdconnect 

    Then validate it by running get-mailbox clouduser | Prim*, email*

    Then test mail flow 


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/



    • Proposed as answer by Vishagan Ramasamy Friday, February 24, 2017 4:46 PM
    • Edited by Akabe Friday, February 24, 2017 4:54 PM
    • Unproposed as answer by Vishagan Ramasamy Saturday, February 25, 2017 7:28 AM
    Friday, February 24, 2017 4:32 PM
  • Proxyaddress tab >

    smtp:u.test1@XXX.mail.onmicrosoft.com

    SMTP:u.test1@XXX.com

    x500:/o=ExchangeLabs(...)

    X500:/o=XXX Group(...)

    TargetAddress tab>

    smtp:u.test1@XXX.mail.onmicrosoft.com

    get-mailbox >

    EmailAddresses            : {x500:/o=XXX Group(...), SMTP:u.test1@XXX.com, smtp:u.test1@XXXX.mail.onmicrosoft.com, smtp:u.test1@XXX.onmicrosoft.com...}
    EmailAddressPolicyEnabled : False
    PrimarySmtpAddress        : u.test1@XXX.com

    Still nothing. Only internal emails are getting through to u.test@xxx.com

    I think this is some accepted/remote domains configuration problem, both onpremises and online. Can you check the configuration on my first post again? Maybe some internal relay/authoritative d domains are wrong. Or maybe Send Connector missing? I've already lost 2 weeks on that, and still nothing :)

    • Edited by sthEnPL Friday, February 24, 2017 9:36 PM
    Friday, February 24, 2017 9:19 PM
  • Interesting.

    could you run a message trace and share the results

    Also, try to send from any other external domain hotmail or any other domain that is external 

    i assume still no traces of any NDR?

    Please share output of get-recipient |fl and get-mailbox |fl for online mailbox

    Get-mailbox ""| fl forwa*, DeliverToMailboxAndForward

    Also please follow below article to set up connectors correctly:-

    https://technet.microsoft.com/en-IN/library/dn751020(v=exchg.150).aspx

    if nothing works then remove the connectors and rerun hybrid Wizard, the connectores will get recreated


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/




    • Edited by Akabe Friday, February 24, 2017 11:15 PM
    Friday, February 24, 2017 9:35 PM
  • Can you post the latest connectivity logs, Any NDRs? Were you able to track the message ?

    Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\Connectivity

    Regards,

    Fazal

    Friday, February 24, 2017 9:41 PM
  • Hello,

    i'm trying to deploy Exchange Online using Hybrid method for some time now, but i'm still stuck with my 'test accounts'.

    Some basic info:

    Exchange On-Premises: 2010 SP3

    Mail domain: XXX.com

    Local domain: XXX.com

    MX: MX1.xxx.com, MX2.xxx.com (both local, Cisco C170 Email Security Appliances). I'm not planning to use EOP mxs for now.

    Azure AD Connect: newest and working 1.1.380.0

    Basically i run HCW already some time ago, and everything should be fine etc. I got 2 test accounts migrated already to Exchange Online, i can log to them and all, but now i got some problems with mail flow with them.

    I can send and receive messages between onpremises and online, i can send from online to external addresses (i.e. gmail), but i can't receive messages sent from external to online. I can see them in IronPort message logs, Exchange took them, and that's it, i don't know where are they going after that. 

    So, Exchange configuration:

    Hybrid Configuration - Done

    Federation Trust - Done

    Organization Relationships - Done:

    - On-premises to O365 - {ID}, Domains: XXX.mail.onmicrosoft.com, Sharing Enabled: True, Calendar Enabled: True

    Accepted Domains On-Premises:

    XXX.com - Internal Relay

    XXX.mail.onmicrosoft.com - Internal Relay

    Remote Domains On-Premises:

    * - Allow external out-of-office messages only

    Hybrid Domain - XXX.com - Allow external out-of-office messages only

    Hybrid Domain - XXX.mail.onmicrosoft.com - Allow external out-of-office messages only

    Hybrid Domain - XXX.onmicrosoft.com - Allow external out-of-office messages only

    Send Connectors:

    - MX1 - Route through my MX1

    - MX2  - Route through my MX2

    I think i am missing some "Outbound to Office 365" send connector here, but i have no idea how to configure it properly.

    Accepted Domains EAC:

    XXX.com - Internal Relay

    XXX.mail.onmicrosoft.com - Internet Relay

    XXX.onmicrosoft.com - Authoritative

    Remote Domains EAC:

    * - Default - Allow external out-of-office messages only

    Hybrid Domain - XXX.com - Allow external out-of-office messages only

    Hybrid Domain - XXX.mail.onmicrosoft.com - Allow external out-of-office messages only

    Hybrid Domain - XXX.onmicrosoft.com - Allow external out-of-office messages only

    Connectors EAC:

    Outbound to {ID} - FROM: Office 365, TO: My Server

    Inbound from {ID} - FROM: My Server TO: Office 365

    It's default, i didn't change anything here.

    Migrated Accounts:

    u.test1@XXX.com - Remote User Mailbox - Routing E-mail Address SMTP: u.test1@XXX.mail.onmicrosoft.com

    u.test2@XXX.com - Remote User Mailbox - Routing E-mail Address SMTP: u.test2@XXX.mail.onmicrosoft.com

    What am i missing? What did i clicked wrong?

    How on earth can i tell what is going on with extermal message after it has gone through my IronPort to Exchange Already?

    I just want those 2 test accounts fully working before i will make next step and migrate any other user from On-Premises to Online.



    Did you select centralized mail transport mode when you ran the hybrid wizard? Its generally a bad idea for the MX records to point to on-prem unless there is a compliance reason.

    I would highly suggest that you get EOP working and get the MX records pointing to Office 365 *before* you move any mailboxes to 365 - unless you have a compelling reason to do otherwise.

    Friday, February 24, 2017 10:27 PM
    Moderator
  • This is your first and biggest mistake "I'm not planning to use EOP mxs for now." Why? this will only over complicate your environment, and make troubleshooting smtp routing\filtering much more difficult.  Your in for a long road ahead if you stay with your current design.

      

    Bulls on Parade

    Friday, February 24, 2017 11:34 PM
  • Hybrid set up allows you to point MX to on prem. It is not mandatory to point mx to EXO EOP.

    Mail flow to O365 from on prem should and will work in your existing set up. It's matter of fixing the connection between on-prem and cloud as emails are reaching to gateway > on prem exchange servers

    get-sendconnector

    Identity               AddressSpaces                               Enabled
    --------               -------------                               -------
    Postfix                {SMTP:*.XXX.com.pl;5, SMTP:*.XXXX.com;5}     False  
    MX2                    {SMTP:*;10}                                  True   
    MX1                    {SMTP:*;10}                                  True   
    Outbound to Office 365 {smtp:XXX.mail.onmicrosoft.com;1}            False  

    Outbound to Office 365 is disabled because i changed it in meantime, and i have no idea how to configure it back properly (i mean what FQDN, address space and smarthosts to use)

    You need to enable this connector.

    AddressSpaces ----->  {smtp:xxx.mail.onmicrosoft.com;1}

    Leave smart host blank and smarthost mechanism to none

    SourceTransportServers --> the on prem hub transport servers 

    TlsDomain --> mail.protection.outlook.com

    Else you can remove the connectors and re-run hybrid wizard. That will recreate the connectors for you as you are in your initial implementation phase

    Also in get-remotedomain make sure that targetdeliverydomain is set to true for 

    Hybrid Domain - XXX.mail.onmicrosoft.com 

    Hybrid Domain - XXX.onmicrosoft.com 


    Abrar Kaberi | MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/



    • Edited by Akabe Sunday, February 26, 2017 4:10 PM
    Sunday, February 26, 2017 8:01 AM
  • If you want to test out mail flow and not change the mx record of the primary SMTP domain, then create or use an existing subdomain. Add the required accepted domains in 365 and on-prem.  Set the mx record of the subdomain to Office 365. Add the subdomain proxy addresses to some test mailboxes in 365 and on-prem. Test till you feel comfortable. Move the primary MX record to Office 365 and you are done.

    Unless there is a compliance reason or otherwise, setting to a centralized mail transport architecture doesn't provide any value and makes things unnecessarily complicated. There is a reason its not the default and not recommended.

    Sunday, February 26, 2017 2:47 PM
    Moderator
  • Can you post the latest connectivity logs, Any NDRs? Were you able to track the message ?

    Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\Connectivity

    Regards,

    Fazal

    I've deleted send and receive connectors, and recreate them with HCW.

    Connectivity logs are now doing something like this every 5 minutes:

    2017-02-27T08:36:56.502Z,08D45CADC630ECC1,MapiSubmission,96cc2f6b-58b0-4eed-a4e6-23fcf52494ec,-,RegularSubmissions: 2 ShadowSubmissions: 0 Bytes: 63560 Recipients: 39 Failures: 0 ReachedLimit: False Idle: True
    2017-02-27T08:36:57.142Z,08D45CADC630ECC9,SMTP,XXX.mail.onmicrosoft.com,+,DnsConnectorDelivery 6f5482f0-314e-4851-88ce-346d32fa7cc4;QueueLength=8
    2017-02-27T08:36:57.251Z,08D45CADC630ECC9,SMTP,XXX.mail.onmicrosoft.com,>,"XXX-mail-onmicrosoft-com.mail.protection.outlook.com[213.199.154.23, 213.199.154.87]"
    2017-02-27T08:36:58.281Z,08D45CADC630ECC9,SMTP,XXX.mail.onmicrosoft.com,>,Failed connection to 213.199.154.23 (ConnectionRefused:0000274D)[TargetIPAddress:213.199.154.23|MarkedUnhealthy|FailureCount:8|NextRetryTime:2017-02-27T08:41:58.281Z]
    2017-02-27T08:36:58.281Z,08D45CADC630ECC9,SMTP,XXX.mail.onmicrosoft.com,-,Messages: 0 Bytes: 0 (Attempting next target)
    2017-02-27T08:36:58.281Z,08D45CADC630ECCA,SMTP,XXX.mail.onmicrosoft.com,+,DnsConnectorDelivery 6f5482f0-314e-4851-88ce-346d32fa7cc4;QueueLength=7
    2017-02-27T08:36:59.279Z,08D45CADC630ECCA,SMTP,XXX.mail.onmicrosoft.com,>,Failed connection to 213.199.154.87 (ConnectionRefused:0000274D)[TargetHost:XXX-mail-onmicrosoft-com.mail.protection.outlook.com|MarkedUnhealthy|FailureCount:8|NextRetryTime:2017-02-27T08:41:59.279Z][TargetIPAddress:213.199.154.87|MarkedUnhealthy|FailureCount:8|NextRetryTime:2017-02-27T08:41:59.279Z]
    2017-02-27T08:36:59.279Z,08D45CADC630ECCA,SMTP,XXX.mail.onmicrosoft.com,-,Messages: 0 Bytes: 0 (Retry : Unable to connect)
    2017-02-27T08:37:01.573Z,08D45CADC630ECC7,MapiSubmission,bcc81f19-9ae4-4c47-b931-ecf9d860f547,-,RegularSubmissions: 1 ShadowSubmissions: 0 Bytes: 19081 Recipients: 1 Failures: 0 ReachedLimit: False Idle: True


    • Edited by sthEnPL Monday, February 27, 2017 8:47 AM
    Monday, February 27, 2017 8:43 AM
  • Hello,

    i'm trying to deploy Exchange Online using Hybrid method for some time now, but i'm still stuck with my 'test accounts'.

    Some basic info:

    Exchange On-Premises: 2010 SP3

    Mail domain: XXX.com

    Local domain: XXX.com

    MX: MX1.xxx.com, MX2.xxx.com (both local, Cisco C170 Email Security Appliances). I'm not planning to use EOP mxs for now.

    Azure AD Connect: newest and working 1.1.380.0

    Basically i run HCW already some time ago, and everything should be fine etc. I got 2 test accounts migrated already to Exchange Online, i can log to them and all, but now i got some problems with mail flow with them.

    I can send and receive messages between onpremises and online, i can send from online to external addresses (i.e. gmail), but i can't receive messages sent from external to online. I can see them in IronPort message logs, Exchange took them, and that's it, i don't know where are they going after that. 

    So, Exchange configuration:

    Hybrid Configuration - Done

    Federation Trust - Done

    Organization Relationships - Done:

    - On-premises to O365 - {ID}, Domains: XXX.mail.onmicrosoft.com, Sharing Enabled: True, Calendar Enabled: True

    Accepted Domains On-Premises:

    XXX.com - Internal Relay

    XXX.mail.onmicrosoft.com - Internal Relay

    Remote Domains On-Premises:

    * - Allow external out-of-office messages only

    Hybrid Domain - XXX.com - Allow external out-of-office messages only

    Hybrid Domain - XXX.mail.onmicrosoft.com - Allow external out-of-office messages only

    Hybrid Domain - XXX.onmicrosoft.com - Allow external out-of-office messages only

    Send Connectors:

    - MX1 - Route through my MX1

    - MX2  - Route through my MX2

    I think i am missing some "Outbound to Office 365" send connector here, but i have no idea how to configure it properly.

    Accepted Domains EAC:

    XXX.com - Internal Relay

    XXX.mail.onmicrosoft.com - Internet Relay

    XXX.onmicrosoft.com - Authoritative

    Remote Domains EAC:

    * - Default - Allow external out-of-office messages only

    Hybrid Domain - XXX.com - Allow external out-of-office messages only

    Hybrid Domain - XXX.mail.onmicrosoft.com - Allow external out-of-office messages only

    Hybrid Domain - XXX.onmicrosoft.com - Allow external out-of-office messages only

    Connectors EAC:

    Outbound to {ID} - FROM: Office 365, TO: My Server

    Inbound from {ID} - FROM: My Server TO: Office 365

    It's default, i didn't change anything here.

    Migrated Accounts:

    u.test1@XXX.com - Remote User Mailbox - Routing E-mail Address SMTP: u.test1@XXX.mail.onmicrosoft.com

    u.test2@XXX.com - Remote User Mailbox - Routing E-mail Address SMTP: u.test2@XXX.mail.onmicrosoft.com

    What am i missing? What did i clicked wrong?

    How on earth can i tell what is going on with extermal message after it has gone through my IronPort to Exchange Already?

    I just want those 2 test accounts fully working before i will make next step and migrate any other user from On-Premises to Online.



    Did you select centralized mail transport mode when you ran the hybrid wizard? Its generally a bad idea for the MX records to point to on-prem unless there is a compliance reason.

    I would highly suggest that you get EOP working and get the MX records pointing to Office 365 *before* you move any mailboxes to 365 - unless you have a compelling reason to do otherwise.

    Yes, i did selected Centralized Mail Transport Mode on HCW.

    We got our reasons to not use EOP for now.

    Monday, February 27, 2017 8:44 AM
  • This is your first and biggest mistake "I'm not planning to use EOP mxs for now." Why? this will only over complicate your environment, and make troubleshooting smtp routing\filtering much more difficult.  Your in for a long road ahead if you stay with your current design.

      

    Bulls on Parade

    We got our reasons to not use EOP for now.
    Monday, February 27, 2017 8:44 AM
  • Interesting.

    could you run a message trace and share the results

    Also, try to send from any other external domain hotmail or any other domain that is external 

    i assume still no traces of any NDR?

    Please share output of get-recipient |fl and get-mailbox |fl for online mailbox

    Get-mailbox ""| fl forwa*, DeliverToMailboxAndForward

    Also please follow below article to set up connectors correctly:-

    https://technet.microsoft.com/en-IN/library/dn751020(v=exchg.150).aspx

    if nothing works then remove the connectors and rerun hybrid Wizard, the connectores will get recreated


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/




    No Non-Delivery Reports sadly.

    PS H:\> Get-mailbox -Identity "u.test4"| fl forwa*, DeliverToMailboxAndForward
    
    
    ForwardingAddress          : 
    ForwardingSmtpAddress      : 
    DeliverToMailboxAndForward : False


    Monday, February 27, 2017 8:45 AM
  • Hi thnx for getting back. So no forwarding set up. 

    You had two issues:- Target address and primary address issue-- You have already fixed this 

    Last issue is w.r.t connector which is not enabled 

    Now you need to enable the connector. I have shared the details in my last post and i am sure/hope that will resolve your issue 


    Abrar Kaberi | MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/


    • Edited by Akabe Monday, February 27, 2017 8:54 AM
    Monday, February 27, 2017 8:53 AM
  • Hi thnx for getting back. So no forwarding set up. 

    You had two issues:- Target address and primary address issue-- You have already fixed this 

    Last issue is w.r.t connector which is not enabled 

    Now you need to enable the connector. I have shared the details in my last post and i am sure/hope that will resolve your issue 


    Abrar Kaberi | MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/


    I give up...

    HCW recreates send and receive connectors. Now i can't send from on-premises to online mailbox anymore.

    PS H:\> get-remotedomain | fl name, target*
    
    
    Name                 : Default
    TargetDeliveryDomain : False
    
    Name                 : Hybrid Domain - XXX.com
    TargetDeliveryDomain : False
    
    Name                 : Hybrid Domain - XXX.mail.onmicrosoft.com
    TargetDeliveryDomain : True
    
    Name                 : Hybrid Domain - XXX.onmicrosoft.com
    TargetDeliveryDomain : False

    Monday, February 27, 2017 9:13 AM
  • Please set the target delivery domain to true for 

    Hybrid Domain - XXX.com
    TargetDeliveryDomain : False
    
    Name                 : Hybrid Domain - XXX.mail.onmicrosoft.com
    TargetDeliveryDomain : True
    
    Name                 : Hybrid Domain - XXX.onmicrosoft.com

    And please dont give up. You are close to fix this unless you want to go for work around i.e. to move MX to EOP (I will leave that decision to you)

    Once above is set test mail flow 

    Otherwise share the output of Get-sendconnector (from onprem) and get-recieveconnector (from cloud)


    Abrar Kaberi | MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/

    Monday, February 27, 2017 9:27 AM
  • I can set TargetDeliveryDomain to $true for only one domain, which one should i set then? For now it's XXX.mail.onmicrosoft.com. Once i set $true for other domain, rest are $false.

    On-Premises Get-SendConnector:

    PS H:\> Get-SendConnector
    
    Identity               AddressSpaces                               Enabled
    --------               -------------                               -------
    Postfix                {SMTP:*.XXX.com.pl;5, SMTP:*.XXX.com;5}   False  
    MX2                    {SMTP:*;10}                                 True   
    MX1                    {SMTP:*;10}                                 True   
    Outbound to Office 365 {smtp:XXX.mail.onmicrosoft.com;1}           True   

    Somehow i am not able to ask Online for Get-ReceiveConnector:

    $cred = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication Basic -AllowRedirection
    Import-PSSession $Session

    get-receiveconnector

    PS H:\> get-receiveconnector get-receiveconnector : The term 'get-receiveconnector' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + get-receiveconnector + ~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (get-receiveconnector:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException



    • Edited by sthEnPL Monday, February 27, 2017 11:07 AM
    Monday, February 27, 2017 11:07 AM
  • what are these two connectors for:-

    MX2                    {SMTP:*;10}                                 True   
    MX1                    {SMTP:*;10}                                 True  

    Are they for sending emails to internet or Gateway?

    Also, when you run Get-recipient "Online mailbox" | FL Reci*

    Is RecipientTypeDetails shown as RemoteUserMailbox ? 

    Also in AD can you verify values for below attributes:-

    1. msExchRecipientDisplayType

    2. msExchRecipientTypeDetails

    3. msExchRemoteRecipientType


    Abrar Kaberi | MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/



    • Edited by Akabe Monday, February 27, 2017 12:10 PM
    Monday, February 27, 2017 11:49 AM
  • I can set TargetDeliveryDomain to $true for only one domain, which one should i set then? For now it's XXX.mail.onmicrosoft.com. Once i set $true for other domain, rest are $false.

    On-Premises Get-SendConnector:

    PS H:\> Get-SendConnector
    
    Identity               AddressSpaces                               Enabled
    --------               -------------                               -------
    Postfix                {SMTP:*.XXX.com.pl;5, SMTP:*.XXX.com;5}   False  
    MX2                    {SMTP:*;10}                                 True   
    MX1                    {SMTP:*;10}                                 True   
    Outbound to Office 365 {smtp:XXX.mail.onmicrosoft.com;1}           True   

    Somehow i am not able to ask Online for Get-ReceiveConnector:

    $cred = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication Basic -AllowRedirection
    Import-PSSession $Session

    get-receiveconnector

    PS H:\> get-receiveconnector get-receiveconnector : The term 'get-receiveconnector' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + get-receiveconnector + ~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (get-receiveconnector:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException



    Because that doesn't exist in ExO

    Its  Get-InboundConnector

    Monday, February 27, 2017 12:01 PM
    Moderator
  • what are these two connectors for:-

    MX2                    {SMTP:*;10}                                 True   
    MX1                    {SMTP:*;10}                                 True  

    Are they for sending emails to internet or Gateway?

    Also, when you run Get-recipient "Online mailbox" | FL Reci*

    Is RecipientTypeDetails shown as RemoteUserMailbox ? 


    Abrar Kaberi | MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/


    They are configured to route mails through our 2 Cisco C-170 IronPorts as smart hosts.

    On-Premises:

    PS H:\> Get-recipient "u.test4" | FL Reci*
    
    
    RecipientType        : MailUser
    RecipientTypeDetails : RemoteUserMailbox

    Online:

    PS H:\> 
    Get-recipient "u.test4" | FL Reci*
    
    
    RecipientType        : UserMailbox
    RecipientTypeDetails : UserMailbox

    Monday, February 27, 2017 12:16 PM
  • what are these two connectors for:-

    MX2                    {SMTP:*;10}                                 True   
    MX1                    {SMTP:*;10}                                 True  

    Are they for sending emails to internet or Gateway?

    Also, when you run Get-recipient "Online mailbox" | FL Reci*

    Is RecipientTypeDetails shown as RemoteUserMailbox ? 


    Abrar Kaberi | MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/


    They are configured to route mails through our 2 Cisco C-170 IronPorts as smart hosts.

    On-Premises:

    PS H:\> Get-recipient "u.test4" | FL Reci*
    
    
    RecipientType        : MailUser
    RecipientTypeDetails : RemoteUserMailbox

    Online:

    PS H:\> 
    Get-recipient "u.test4" | FL Reci*
    
    
    RecipientType        : UserMailbox
    RecipientTypeDetails : UserMailbox


    Does the Office 365 connector do the same or does it route directly to 365? Hopefully directly to 365.
    Monday, February 27, 2017 12:18 PM
    Moderator
  • what are these two connectors for:-

    MX2                    {SMTP:*;10}                                 True   
    MX1                    {SMTP:*;10}                                 True  

    Are they for sending emails to internet or Gateway?

    Also, when you run Get-recipient "Online mailbox" | FL Reci*

    Is RecipientTypeDetails shown as RemoteUserMailbox ? 


    Abrar Kaberi | MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/


    They are configured to route mails through our 2 Cisco C-170 IronPorts as smart hosts.

    On-Premises:

    PS H:\> Get-recipient "u.test4" | FL Reci*
    
    
    RecipientType        : MailUser
    RecipientTypeDetails : RemoteUserMailbox

    Online:

    PS H:\> 
    Get-recipient "u.test4" | FL Reci*
    
    
    RecipientType        : UserMailbox
    RecipientTypeDetails : UserMailbox


    Does the Office 365 connector do the same or does it route directly to 365? Hopefully directly to 365.

    No smart hosts are being used on "Outbound to Office 365" Send Connector.

    Address Space:

    smtp: XXX.mail.onmicrosoft.com:1

    Use domain name system "MX" records to route mail automatically - checked.

    Source server: Our hub-transport role server.

    Monday, February 27, 2017 12:22 PM
  • what are these two connectors for:-

    MX2                    {SMTP:*;10}                                 True   
    MX1                    {SMTP:*;10}                                 True  

    Are they for sending emails to internet or Gateway?

    Also, when you run Get-recipient "Online mailbox" | FL Reci*

    Is RecipientTypeDetails shown as RemoteUserMailbox ? 


    Abrar Kaberi | MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/


    They are configured to route mails through our 2 Cisco C-170 IronPorts as smart hosts.

    On-Premises:

    PS H:\> Get-recipient "u.test4" | FL Reci*
    
    
    RecipientType        : MailUser
    RecipientTypeDetails : RemoteUserMailbox

    Online:

    PS H:\> 
    Get-recipient "u.test4" | FL Reci*
    
    
    RecipientType        : UserMailbox
    RecipientTypeDetails : UserMailbox


    Does the Office 365 connector do the same or does it route directly to 365? Hopefully directly to 365.

    No smart hosts are being used on "Outbound to Office 365" Send Connector.

    Address Space:

    smtp: XXX.mail.onmicrosoft.com:1

    Use domain name system "MX" records to route mail automatically - checked.

    Source server: Our hub-transport role server.

    on the hub transport server, install the telnet client and then telnet to <yourtenant>.mail.protection.outlook.com on port 25. ( whatever it really is) and send a test message to a mailbox in Exchange online

    https://technet.microsoft.com/en-us/library/bb123686(v=exchg.160).aspx

    There are too many comments to go back through, but I haven't seen what your message tracking for these missing messages looks like I don't think

    Monday, February 27, 2017 12:28 PM
    Moderator
  • So it is not a mailbox issue -> Eliminated as the recipient type is correct 

    Last troubleshooting step on Mailbox/AD account issue:-

     in AD can you verify values for below attributes:-

    1. msExchRecipientDisplayType

    2. msExchRecipientTypeDetails

    3. msExchRemoteRecipientType

    Also, let see the full details of send connector on prem

    Get-sendconnector -identity "Outbound to Office 365" | fl 

    Please do hide any confidential info that you dont wish to share 

    Also please check inbound connector on office365 (Andy mentioned the command) - Get-InboundConnector

    Get-exchangeserver | Get-messagetrackinglog -sender "gmail" -recipients "online mailbox"

    Also check the queue as we might some info from there.

    Get-queue or use Queue Viewer tool


    Abrar Kaberi | MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/




    • Edited by Akabe Monday, February 27, 2017 12:54 PM
    Monday, February 27, 2017 12:32 PM