Exchange 2010 - Office 365 Hybrid Migration - On-Premise to O365 not working

HCW was run and was Successful. The send connector "Outbound to Office 365" is there as well as the "Inbound from Office 365" receive connector.

I have made the domains I'm working with along with the onmicrosoft.com domains 'Internal Relay' under accepted Domains.

The mail that is trying to be sent to domain-0.com is being sent to the Public IP address for the on-premise mail server.  The on-premise mail server's default send connector does have the 'Use the External DNS lookup on the transport server' set and it is set to google's DNS.

I'm not sure why the email sent to domain-a.com is in the Queue for domain-0.com and not tenant.mail.onmicrosoft.com

Look like my External DNS for domain-0.com was set to the on-premise server. I changed the MX record to <domain-0.com>.mail.protection.outlook.com   and all of the mail in the Queue went out.

I have yet to Migrate a user for a Domain that would have both on-premise and O365 users.

The send connector on-premises should indeed only feature the tenant.mail.onmicrosoft.com domain, so check your settings. Not sure how that happened, but in general the HCW should detect/warn you for this - check the following KB: https://support.microsoft.com/en-us/help/3087172/-hcw8039-the-hybrid-send-connector-must-only-contain-the-single-addres

Did you happen to select the "centralized mail transport" option when running the HCW?

he send connector on-premises should indeed only feature the tenant.mail.onmicrosoft.com domain

The send connector (Outbound to Office 365)  does only have the <tenant>.mail.onmicrosoft.com as the only item in the Address space.

Though it seems like when sending an email from on-Premise to O365  (user@domain-a.com) the email should be sent to user@<tenant>.mail.onmicrosoft.com and not domain-0.com (the AD Username)

So when sending to user@domain-a.com the mail ends up in the Queue for domain-0.com. It uses the default send connector which uses External DNS to send email email. It looked up the Public MX record for domain-0.com and is using that host to send the email. I had to change the Public DNS MX for domain-0.com to <domain-0.com>01e.mail.protection.outlook.com

Sorry, I'm testing with a Migrated user.

user@domain-a.com is on O365.
me@domain-d.com is on On-Premise

From: me@domain-d.com
To: user@domain-a.com

the email Ends up in the Mail Queue for domain-0.com (the users AD Account Domain, Primary Domain on O365 Domains List)
Seems like should of gone to user@tenant.mail.onmicrosoft.com and sent via the Outbound to Office 365 connector.

Are you referring to the "Routing E-Mail Address"   It is set to domain-0.com

Is this set in the Remove Move Request - Target Delivery Domain? I did select haydon-mill.com as that is the Primary Tenant Domain, though not the tenant name space.

(I'm sure you can tell I'm in over my Head! ;-)

Thanks!

so I changed the Routing E-Mail Address to the tenant.mail.onmicrosoft.com and I get an error:

SN1NAM04FT022.mail.protection.outlook.com #<SN1NAM04FT022.mail.protection.outlook.com #5.4.1 smtp;550 5.4.1 [user@tenant.mail.onmicrosoft.com]: Recipient address rejected: Access denied [SN1NAM04FT022.eop-NAM04.prod.protection.outlook.com]> #SMTP#

in O365 Portal I do not see the domain: tenant.mail.onmicrosoft.com
I do see tenant.onmicrosoft.com

To setup tenant.mail.onmicrosoft.com as a domain in the O365 Portal It wants me to add DNS Records to MS's DNS Servers.

if you navigate to exchange admin panel \ domains, you should see that domain at both places

how many hub transport servers are there who can send emails to outside, I think all servers are not added to onpremise to o365 connector" and hence O365 is rejecting the messages

also no need to add any dns records for microsoft domains, you cannot do that as it is controlled by MS

Only one On-Premise Server.
On portal.office.com setup/domains I see my own domains and tenant.onmicrosoft.com  
I do NOT see the tenant.mail.onmicrosoft.com

on On-Premise Exchange 2010 Server, Hub Transport I see:
Remote Domains:
  My Own Domains
  tenant.mail.onmicrosoft.com
  tenant.onmicrosoft.com

Accepted Domains:
   My Own Domains
   tenant.mail.onmicrosoft.com

send connector:
Outbound to Office 365 - azureeandm.mail.onmicrosoft.com

receive connector:
Inbound from Office 365 - has all of the MS IPs in it.

Exchange admin center
Mail Flow
Accepted Domains
  tenant.mail.onmicrosoft.com  - Authoritative
  tenant.onmicrosoft.com - Authoritative

If I do the remote move request I'm guessing I need to select the tenant.mail.onmicrosoft.com target domain for that to be the remote email address that the mail will be sent on at O365.

If I select tenant.mail.onmicrosoft.com I get the following error:
Cannot convert the "Microsoft.Exchange.MailboxReplicationService.TargetDeliveryDomainMismatchPermanentException" value of type "System.String" to type "System.Type".If I select my domain-0.com domain it moves fine.

here is what happens if I use Powershell to move.

[PS] C:\Windows\system32>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
WARNING: Your connection has been redirected to the following URI: "https://ps.outlook.com/PowerShell-LiveID?PSVersion=2.0 "
[... lots of stuff...]
ModuleType Name                      ExportedCommands
---------- ----                      ----------------
Script     tmp_e4c285dd-498c-4f94... {Get-DeviceComplianceDetailsReportFilter, Get-PublicFolderMigrationReque...

[PS] C:\Windows\system32>New-MoveRequest -identity <user> -Remote -RemoteHostName 'on-premise.server.com' -TargetDeliveryDomain 'tenant.mail.onmicrosoft.com' -Remotecredential $OnPremisesCreds -Bad
VERBOSE: [23:30:25.651 GMT] New-MoveRequest : Active Directory session settings for 'New-MoveRequest' are: View Entire Forest: 'False', Default Scope: '<AD-Domain>', Configuration Domain Controller:
'ADDC.<AD-Domainn>', Preferred Global Catalog: 'addc2.<AD-Domainn>', Preferred Domain Controllers: '{ addc2.<AD-Domainn> }'
VERBOSE: [23:30:25.653 GMT] New-MoveRequest : Runspace context: Executing user: <AD-Domainn>/myOU/Scott, Executing user organization: , Current organization: ,
RBAC-enabled: Enabled.
VERBOSE: [23:30:25.655 GMT] New-MoveRequest : Beginning processing &
VERBOSE: [23:30:25.657 GMT] New-MoveRequest : Instantiating handler with index 0 for cmdlet extension agent "Admin Audit Log Agent".
WARNING: When an item can't be read from the source database or it can't be written to the destination database, it will be considered corrupted. By specifying a non-zero BadItemLimit, you are requesting that
Exchange not copy such items to the destination mailbox. At move completion, these corrupted items won't be available in the destination mailbox.
VERBOSE: [23:30:25.711 GMT] New-MoveRequest : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclu
 Recipient Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [23:30:25.738 GMT] New-MoveRequest : Searching objects "<user>" of type "ADUser" under the root "$null".
VERBOSE: [23:30:25.786 GMT] New-MoveRequest : Previous operation run on domain controller 'addc2.<AD-Domainn>'.
VERBOSE: [23:30:25.790 GMT] New-MoveRequest : Processing object "$null".
VERBOSE: [23:30:25.805 GMT] New-MoveRequest : Admin Audit Log: Entered Handler:OnComplete.
Target user '<user name>' already has a primary mailbox.
    + CategoryInfo          : InvalidArgument: (<user>:MailboxOrMailUserIdParameter) [New-MoveRequest], RecipientTaskException
    + FullyQualifiedErrorId : 35586141,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest

VERBOSE: [23:30:25.835 GMT] New-MoveRequest : Ending processing &

Select allOpen in new window

Looking up this it is implying that I should be doing this form Office365, which is that the New-PSSession is supposed to do.

Cannot convert the "Microsoft.Exchange.MailboxReplicationService.TargetDeliveryDomainMismatchPermanentException" value of type "System.String" to type "System.Type".

Okay I figured this one out. My Company has about 20 Domain Names and I'm using some that are not widely used with employees for testing with email.  I added email addresses with the test domains to old Employee accounts and then tried Migrating the accounts.  Though I didn't remove the non-test domains from the accounts. So they still had email addresses with domains that were not validated for Office 365 yet. After removing the non validated domains I was able to Migrate users and resources.

To get the mail flowing I need to Add the tenant.mail.onmicrosoft.com to the Address Policy to add that email to everyone. We have a dozen Policies (we provide email for a few companies) and I had to add it to all of them.

Once the Address Policy was in place I and removed the non-test domains from user accounts I was able to Migrate users and have mail flow from On-Premise to O365.

I still have another issue with sending form O365 to some On-Premise users though I will start another thread for that since it is not directly related.