none
O365 Hybrid Exchange 2016 - Out of Office Auto Replies not sending RRS feed

  • Question

  • Hi folks,

    The behaviour is that when a user sets OoO, this activates fine with internal and external automatic replies being applied ok either on outlook.com or in local Outlook client.  Once the OoO has been set online, I can go to local outlook and see that the OoO configuration is now visible in the outlook client too - and vice versa.

    When I send a mail to a user with OoO applied, the MailTips show the correct OoO for that user.  However I do not receive an Auto Reply email.  This is exactly the same for all users in the organisation and people emailing externally into our organisation.

    I've followed this KB https://support.microsoft.com/en-gb/help/2866165/senders-don-t-receive-out-of-office-notifications-from-an-office-365-u

    With regard to the first suggestion from Microsoft "A forwarding rule or an automatic reply notification is set up in the user's mailbox." I have checked this with powershell and receive 

    ForwardingAddress:
    ForwardingSmtpAddress:
    DeliverToMailboxAndForward: False

    As for the second suggestion, I've checked all forwarding rules and there are none specified for specific users - just a disclaimer for the organisation.

    I have tried creating a brand new user in AD DS locally, syncing this to 365 with aadsync, enabling a mailbox for that user from the local hybrid exchange server using powershell commands (so all the right attributes are being set on the account), and this still shows the same behaviour.

    Done lots of googling on this and am drawing a complete blank, any help appreciated.

    Friday, May 25, 2018 3:00 PM

Answers

  • This is now fixed - it was something Microsoft needed to fix on the O365 side.
    • Marked as answer by iamkl00t Thursday, August 16, 2018 7:11 AM
    Thursday, August 16, 2018 7:11 AM

All replies

  • Hi,

    Does the OOF working fro internal mail flow?
    How about setting OOF in one On-premise Exchange mailbox, try to send one message from On-premise mailbox and cloud mailbox?
    Please note that the OOF reply message only send once for one recipient.

    If it not works for external, please run below command to check the OOF setting for remote domain:
    Get-RemoteDomain | FL Identity,AllowedOOFType,AutoReplyEnabled,AutoForwardEnabled


    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, May 28, 2018 10:00 AM
    Moderator
  • Hi Allen,

    Thank you for your reply.  The problem exists when emailing the mailbox which is OOF either internally or externally.  All our mailboxes are O365 mailboxes - I'm not sure why the previous technician here chose a Hybrid migration over a cutover migration but at present we are stuck with the hybrid config and the management are reluctant to move to cloud only as they aren't sure why the decision was made in the first place and they are concerned that there may be services running that require onsite exchange.

    I ran the command and got the following output:

    [PS] C:\Windows\system32>Get-RemoteDomain | FL Identity,AllowedOOFType,AutoReplyEnabled,AutoForwardEnabled


    Identity           : Default
    AllowedOOFType     : ExternalLegacy
    AutoReplyEnabled   : True
    AutoForwardEnabled : True

    Identity           : Hybrid Domain - contoso.mail.onmicrosoft.com
    AllowedOOFType     : InternalLegacy
    AutoReplyEnabled   : True
    AutoForwardEnabled : True

    Identity           : Hybrid Domain - contoso.onmicrosoft.com
    AllowedOOFType     : External
    AutoReplyEnabled   : True
    AutoForwardEnabled : True

    Identity           : Hybrid Domain - contoso.com
    AllowedOOFType     : External
    AutoReplyEnabled   : True
    AutoForwardEnabled : True

    Tuesday, May 29, 2018 10:11 AM
  • Running the following I can see that OOF is enabled for my test user:

    PS C:\WINDOWS\system32> Get-MailboxAutoReplyConfiguration -Identity john.doe@contoso.com

    RunspaceId                       : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(redacted)
    AutoDeclineFutureRequestsWhenOOF : False
    AutoReplyState                   : Enabled
    CreateOOFEvent                   : False
    DeclineAllEventsForScheduledOOF  : False
    DeclineEventsForScheduledOOF     : False
    EventsToDeleteIDs                :
    EndTime                          : 30/05/2018 08:00:00
    ExternalAudience                 : All
    ExternalMessage                  : <html>
                                       <head>
                                       <style type="text/css" style="display:none">
                                       <!--
                                       p
                                            {margin-top:0;
                                            margin-bottom:0}
                                       -->
                                       </style>
                                       </head>
                                       <body dir="ltr">
                                       <div id="divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000;
                                       font-family:Calibri,Helvetica,sans-serif">
                                       <p style="margin-top:0; margin-bottom:0"><span
                                       id="ms-rterangepaste-start"></span><span style="display:inline!important;
                                       float:none; background-color:transparent; color:rgb(0,0,0);
                                       font-family:Calibri,Helvetica,sans-serif; font-size:16px; font-style:normal;
                                       font-variant:normal; font-weight:400; letter-spacing:normal; orphans:2;
                                       text-align:left; text-decoration:none; text-indent:0px; text-transform:none;
                                       white-space:normal; word-spacing:0px">Thanks
                                        for your email, I'm out of the office</span><span
                                       id="ms-rterangepaste-end"></span><br>
                                       </p>
                                       </div>
                                       </body>
                                       </html>
    InternalMessage                  : <html>
                                       <head>
                                       <style type="text/css" style="display:none">
                                       <!--
                                       p
                                            {margin-top:0;
                                            margin-bottom:0}
                                       -->
                                       </style>
                                       </head>
                                       <body dir="ltr">
                                       <div id="divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000;
                                       font-family:Calibri,Helvetica,sans-serif">
                                       <p style="margin-top:0; margin-bottom:0">Thanks for your email, I'm out of the
                                       office<br>
                                       </p>
                                       </div>
                                       </body>
                                       </html>
    DeclineMeetingMessage            :
    OOFEventSubject                  :
    StartTime                        : 29/05/2018 08:00:00
    MailboxOwnerId                   : John Doe
    Identity                         : John Doe
    IsValid                          : True
    ObjectState                      : Unchanged

    Tuesday, May 29, 2018 10:20 AM
  • also, I receive a mismatch on the version numbers depending whether I use the EAC or powershell - or have a I missed something here?

    Tuesday, May 29, 2018 10:33 AM
  • hi folks has this stumped everyone on here too?
    Wednesday, May 30, 2018 10:43 AM
  • Is this just for O365 users synced or for an on-prem user as well? Have you tried tracking messages, Is OOF reply simply being blocked or not generated at all...How is your mail flow configured..Is MX point to O365?

    Regards,

    Fazal


    Disclaimer: The views expressed on this blog are my own and do not necessarily reflect the views of my employer.

    Thursday, May 31, 2018 4:23 PM
  • Hi Fazal,

    Thanks for the reply... I tried tracking messages and I'm getting the following error on automatic reply messages:

    5.7.750 Service unavailable. Client blocked from sending from unregistered domains. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653 

    So, as we are in a hybrid, all mail for O365 is relayed back down to our on-prem server for sending.  I'm wondering whether OOF replies could be an exception to that and are going straight from O365?  For information we are using an .ac.uk (education) suffix, which I know do have some separate regulation from the standard suffixes... I'm wondering if this could be the cause... I will keep looking and update here if I find the answer.

    Thanks

    Tuesday, June 5, 2018 12:13 PM
  • I've noticed our domain has a _dmarc.contoso.com record set to "v=DMARC1; pct=100; p=none"

    Could it be related?

    Tuesday, June 5, 2018 2:55 PM
  • current mx records

    contoso.com MX preference = 5, mail exchanger = contoso-com.mail.protection.outlook.com

    contoso2.com  MX preference = 0, mail exchanger = contoso2-com01i.mail.protection.outlook.com

    Tuesday, June 5, 2018 3:01 PM
  • Tuesday, June 5, 2018 3:07 PM
  • Tuesday, June 5, 2018 3:08 PM
  • Tuesday, June 5, 2018 3:08 PM
  • Hi,

    I find a similar thread about it, and it seems be caused by incorrect DMARC record.
    You can create one and point to your domain, similar like below:
    v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, June 6, 2018 7:12 AM
    Moderator
  • yeah they already exist but i'm thinking there must be an issue with how they are configured...

    just got this from mxtoolbox.com

    Wednesday, June 6, 2018 8:46 AM
  • as I mentioned above it's configured to _dmarc.contoso.com record set to "v=DMARC1; pct=100; p=none"

    wouldn't the p=none mean do nothing though?

    • Edited by iamkl00t Wednesday, June 6, 2018 9:17 AM added content
    Wednesday, June 6, 2018 8:54 AM
  • I've now fixed the dmarc and blacklist errors above but the original issue still persists...

    We are using SPF, DKIM and DMARC records to secure outgoing email.  I've tried disabling the DKIM in o365 - this didn't fix it, I've also removed the DMARC record from our DNS server and it didn't fix it.

    Wednesday, June 6, 2018 2:59 PM
  • For info folks here are my DMARC/SPF/DKIM records

    DMARC

    v=DMARC1; p=none; pct=100

    SPF

    v=spf1 mx a ip4:xxx.xxx.xxx.xxx include:spf.protection.outlook.com include:spf.contoso.com include:contoso.org include:a._spf.contoso1.com include:contoso.net ~all

    DKIM

    v=DKIM1; k=rsa; p=MIGfMA0GCSq<Public-key data string truncated by me>QIh+RUIwIDAQAB; n=1024,1453511630,1

    Thursday, June 7, 2018 7:24 AM
  • I am not sure if DMARC would be the cause as it would have impacted other mails not just OOF..Can you try creating a cloud only user in the 365 portal, & test ...

    What is the domain-company.mail.onmicrosoft.com set as, Is it authoritative or internal relay on the on-premise..

    Regards,

    Fazal


    Disclaimer: The views expressed on this blog are my own and do not necessarily reflect the views of my employer.

    Thursday, June 7, 2018 8:20 AM
  • Yes it appears so see below:

    Thursday, June 7, 2018 9:51 AM
  • Did you try creating a cloud only user & test OOF? Also set the domain-....mail.onmicrosoft.com to internal relay & test..

    Disclaimer: The views expressed on this blog are my own and do not necessarily reflect the views of my employer.

    Thursday, June 7, 2018 10:38 AM
  • hi folks, resurrecting this thread as I have taken another look at this today (it still isn't working!).

    After looking at the message trace again and the error:
    5.7.750 Service unavailable. Client blocked from sending from unregistered domains. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653

    And reading the bottom of this KB, I'm thinking this is to do with the connectors.  So we have one onsite exchange 2016 server in hybrid mode with O365.  There are 3 connectors in O365 which are configured as follows:

    O365 Connectors

    First connector:
    Status: On
    Name: Inbound from f902ba5d-xxxx-xxxx-xxxx-xxxxxxxx
    From: "Your organization's email server"
    To: O365
    How should O365 identify email from your email server? By verifying that the subject name on the certificate that the sending server uses to authenticate with Office 365 matches this domain name (recommended): *.contoso-legacy.com (our email suffixes are @contoso-new.com (primary) and @contoso-legacy.com)


    Second connector:
    Status:
    On
    Name: Accept email from on-premise
    From: "Your organization's email server"
    To: O365
    How should O365 identify email from your email server? By verifying that the IP address of the sending server matches one of these IP addresses that belong to your organization:
    111.111.111.111
    112.112.112.112


    Third connector:
    Status:
    On
    Name:
    Outbound to f902ba5d-xxxx-xxxx-xxxx-xxxxxxxx
    From:
    O365
    To:
    "Your organization's email server"
    Only when email messages are sent to these domains:
    contoso-new.com
    contoso-legacy.com

    How do you want to route email messages?  Specify one or more smart hosts to which Office 365 will deliver email messages. A smart host is an alternative server and can be identified by using a fully qualified domain name (FQDN) or an IP address:
    webmail.contoso-legacy.com
    How should Office 365 connect to your email server?
    () Always use Transport Layer Security (TLS) to secure the connection (recommended)
    Issued by a trusted certificate authority (CA)
    () And the subject name or subject alternative name (SAN) matches this domain name:
    *.contoso-legacy.com

     

    The onsite connectors are configured as follows:

    On-prem Receive Connectors

    Name: Anonymous Email Relay

    Status: Enabled

    Role: FrontendTransport

    Security:

    Authentication (TLS, Externally Secured)

    Permission Groups (Exchange Servers, Anonymous Users)

    Scoping: Remote Network Settings (internal IP ranges)

    Network adapter bindings: All available IPv4, Port 25

     

    Name: Client Frontend CONTOSOEXCH01

    Status: Enabled

    Role: FrontendTransport

    Security:

    Authentication (TLS, Basic authentication - Offer basic authentication only after starting TLS, Integrated Windows authentication)

    Permission Groups (Exchange Users)

    Scoping:

    Remote Network Settings (::-fff:fff:fff:fff:fff:fff:fff:fff, 0.0.0.0 – 255.255.255.255)

    Network adapter bindings: All available IPv6 (Port 587), All available IPv4 (Port 587)

     

    Name: Client Proxy CONTOSOEXCH01

    Status: Enabled

    Role: HubTransport

    Security:

    Authentication (TLS, Basic authentication - Offer basic authentication only after starting TLS, Integrated Windows authentication, Exchange Server Authentication)

    Permission Groups (Exchange servers, Legacy Exchange Servers, Anonymous Users)

    Scoping:

    Remote Network Settings (::-fff:fff:fff:fff:fff:fff:fff:fff, 0.0.0.0 – 255.255.255.255)

    Network adapter bindings: All available IPv6 (Port 465), All available IPv4 (Port 465)

     

    Name: Default Frontend CONTOSOEXCH01

    Status: Enabled

    Role: FrontendTransport

    Security:

    Authentication (TLS – Enable domain security (mutual auth TLS), Basic authentication - Offer basic authentication only after starting TLS, Integrated Windows authentication, Exchange Server Authentication)

    Permission Groups (Exchange servers, Exchange Users)

    Scoping:

    Remote Network Settings (::-fff:fff:fff:fff:fff:fff:fff:fff, 0.0.0.0 – 255.255.255.255)

    Network adapter bindings: All available IPv6 (Port 25), All available IPv4 (Port 25)

     

    Name: Default CONTOSOEXCH01

    Status: Enabled

    Role: HubTransport

    Security:

    Authentication (TLS, Basic authentication - Offer basic authentication only after starting TLS, Integrated Windows authentication, Exchange Server Authentication)

    Permission Groups (Exchange servers, legacy Exchange servers, Exchange Users)

    Scoping:

    Remote Network Settings (::-fff:fff:fff:fff:fff:fff:fff:fff, 0.0.0.0 – 255.255.255.255)

    Network adapter bindings: All available IPv6 (Port 2525), All available IPv4 (Port 2525)

     

    Name: Outbound Proxy Frontend CONTOSOEXCH01

    Status: Enabled

    Role: FrontendTransport

    Security:

    Authentication (TLS – Enable domain security (mutual auth TLS), Basic authentication - Offer basic authentication only after starting TLS, Integrated Windows authentication, Exchange Server Authentication)

    Permission Groups (Exchange servers)

    Scoping:

    Remote Network Settings (::-fff:fff:fff:fff:fff:fff:fff:fff, 0.0.0.0 – 255.255.255.255)

    Network adapter bindings: All available IPv6 (Port 717), All available IPv4 (Port 717)

     

     

    On-prem Send Connectors

     

    Name: Outbound to O365

    Status: Enabled

    Network Settings: MX record associated with recipient domain

    Address Space: TYPE (smtp), DOMAIN (contoso.mail.onmicrosoft.com), COST (1)

    Source Server: Server (CONTOSOEXCH01), Site (Contoso/Site 1), Role (Mailbox), Version (15.1 Build 1415.2)

    FQDN: mail.contoso-legacy.com

     

    Name: Outgoing Email Send Connector

    Status: Enabled

    Network Settings: MX record associated with recipient domain

    Address Space: TYPE (SMTP), DOMAIN (*), COST (10)

    Source Server: Server (CONTOSOEXCH01), Site (Contoso/Site 1), Role (Mailbox), Version (15.1 Build 1415.2)

    FQDN: <None>

     

    Name: Send outbound email via Office 365

    Status: Enabled

    Network Settings: Route mail through smart hosts, SMART HOST (contoso.mail.protection.outlook.com)

    Address Space: TYPE (smtp), DOMAIN (*), COST (9)

    Source Server: Server (CONTOSOEXCH01), Site (Contoso/Site 1), Role (Mailbox), Version (15.1 Build 1415.2)

    FQDN: mail.contoso-legacy.com

     

    Name: Sharepoint Forwarder 2010

    Status: Enabled

    Network Settings: Route mail through smart hosts, SMART HOST (contososp2010.contoso.com)

    Address Space:

    TYPE (SMTP), DOMAIN (*.sharepoint.contoso.com), COST (1)

    TYPE (SMTP), DOMAIN (*.sp2010.contoso.com), COST (1)

    () Scoped send connector

    Source Server: Server (CONTOSOEXCH01), Site (Contoso/Site 1), Role (Mailbox), Version (15.1 Build 1415.2)

    FQDN: <None>

     

    Name: Sharepoint Forwarder 2010

    Status: Enabled

    Network Settings: Route mail through smart hosts, SMART HOST (someURL.EXTERNAL.contosoEXT.com)

    Address Space:

    TYPE (SMTP), DOMAIN (someURL.EXTERNAL.contosoEXT.com), COST (1)

    Source Server: Server (CONTOSOEXCH01), Site (Contoso/Site 1), Role (Mailbox), Version (15.1 Build 1415.2)

    FQDN: <None>

     

    Would really appreciate if anyone could help me troubleshoot why our clients are unable to send out OOF because I’m struggling with this one.


    • Edited by iamkl00t Monday, July 16, 2018 12:36 PM html again
    Monday, July 16, 2018 12:35 PM
  • I am not sure if DMARC would be the cause as it would have impacted other mails not just OOF..Can you try creating a cloud only user in the 365 portal, & test ...

    What is the domain-company.mail.onmicrosoft.com set as, Is it authoritative or internal relay on the on-premise..

    Regards,

    Fazal


    Disclaimer: The views expressed on this blog are my own and do not necessarily reflect the views of my employer.

    Actually it could since OOFs are sent with a <> sender. 
    Monday, July 16, 2018 1:19 PM
    Moderator
  • Actually it could since OOFs are sent with a <> sender. 

    I tried completely disabling DMARC and it didn't make any difference
    Monday, July 16, 2018 1:48 PM
  • Actually it could since OOFs are sent with a <> sender. 

    I tried completely disabling DMARC and it didn't make any difference
    Yea, saw that, but just wanted to make that clear! 
    Monday, July 16, 2018 1:59 PM
    Moderator
  • for the on-prem to 365 send connectors, can you show all the data?

    Also why do you have this one?

    Name: Outgoing Email Send Connector

    Status: Enabled

    Network Settings: MX record associated with recipient domain

    Address Space: TYPE (SMTP), DOMAIN (*), COST (10)

    Source Server: Server (CONTOSOEXCH01), Site (Contoso/Site 1), Role (Mailbox), Version (15.1 Build 1415.2)

    FQDN: <None>

    Monday, July 16, 2018 2:27 PM
    Moderator
  • Just done another message trace on n OOF that failed today and received this:

    Reason: [{LED=250 2.1.5 RESOLVER.OOF.ExtToInt; handled external OOF addressed to internal recipient};{MSG=};{FQDN=};{IP=};{LRT=}]

    Monday, July 16, 2018 2:58 PM
  • for the on-prem to 365 send connectors, can you show all the data?

    Also why do you have this one?

    Name: Outgoing Email Send Connector

    Status: Enabled

    Network Settings: MX record associated with recipient domain

    Address Space: TYPE (SMTP), DOMAIN (*), COST (10)

    Source Server: Server (CONTOSOEXCH01), Site (Contoso/Site 1), Role (Mailbox), Version (15.1 Build 1415.2)

    FQDN: <None>


    Really sorry... I somehow missed this reply.  I don't know why the rules are configured as they are... I have inherited the site from another engineer who has now left the company.  Does it need to be removed do you think?  I will post the detailed configs separately.
    Tuesday, July 17, 2018 10:41 AM
  • I've uploaded the full configs here
    Tuesday, July 17, 2018 11:53 AM
  • This is now fixed - it was something Microsoft needed to fix on the O365 side.
    • Marked as answer by iamkl00t Thursday, August 16, 2018 7:11 AM
    Thursday, August 16, 2018 7:11 AM
  • Hello friends, I have exactly the same problem , could you please share what was done in O365 side , we have same hybrid scenario and only OoO outside the organisation are not receive by external users.

    Thanks Nik


    • Edited by Nick NM Monday, March 25, 2019 11:40 AM
    Monday, March 25, 2019 11:39 AM
  • Ah yes the old "microsoft magic" that is undefined. is it so hard for people to post the actual solution? i have the a similar problem which is that office 365 is being treated as "outside the organization" so the internal out of office message does not fire for hybrid (internal) users. But the external one does fire.


    Anyways, found a solution. basically you need to enable TNEF and switch allowed ooftype to legacy enabled on the set-remotedomain command:

    on prem:

    Set-RemoteDomain "Hybrid Domain - DOMAIN.mail.onmicrosoft.com" -AllowedOOFType InternalLegacy -TNEFEnabled $true



    o365:

    Set-RemoteDomain "DOMAIN.CA" -AllowedOOFType InternalLegacy -TNEFEnabled $true



    ref:

    https://blogs.perficient.com/2014/12/22/office-365-the-importance-of-remote-domains-in-exchange-hybrid/

    https://support.microsoft.com/en-ca/help/3070442/oof-replies-and-voting-options-do-not-appear-correctly-in-hybrid


    Thursday, May 23, 2019 6:03 PM