Mail from O365 to On-Premise - Some users are seen as and not

I’ve been testing with Domain Names that are not widely used by employees.

Sending from a Migrated user on O365 to a User on the On-Premise server I can send to some but not others. Test or non-test domain.   The interesting thing is I’m seeing a Different Proxy Email Address for the users that I cannot send to.  From my O365 user I’m sending to my Personal email at the On-Premise server and the O365 user is trying to send to:  I’m not sure why it is and not the one with mail in it like this:

What is the Difference between:    and

I don't have any user setup with the proxy address of:  
I do have a address policy defined to have all users have a

I see in the Office 365 Portal/Setup/Domains.  The Domain is not listed there.

Scott TownsendIT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
You have to be more specific here, are you getting some particular NDR or other error message? Did you run a message trace to see what happens ( How do you have the domains (test and non-test) setup, are they verified in O365, are they configured as accepted domains, are they set up as authoritative or Internal relay, where is the MX pointing at?

My guess is that you have an object with the same alias in O365, thus delivery is happening internally. But that's just a guess, need more info as detailed above.
Scott TownsendIT DirectorAuthor Commented:
Sorry, I was getting: 554 5.4.14 Hop count exceeded - possible mail loop ATTR34

Test Domains are setup as Internal Relay on On-Premise, and a Mix of Authoritative/Internal Relay on O365 and are Internal Relay on On-Premise, and a Authoritative on O365

Public MX Records for Test Domains are all setup to use O365
Internal MX Records for Test Domains are all setup to use On-Premise
Public and Internal MX Records for Non-Test Domains are all setup to use On-Premise

I was messing around with some of the On-Premise users and noted a few things.
users with test-domains as Primary Addresses seem to work fine.
If I remove the Auto update based on Address Policy and Choose a Test Domain it seems to work fine.
If I take that same user that just worked and added back the Address Policy which changes the primary domain back to a non-test domain, it fails again.
Another user with the same non-test domain shows up in the O365 Directory with the non-test domain as its primary email address and she works fine. I don't understand why that user shows up in the O365 Directory with their correct Primary SMTP Address and others all show the as the Primary.
Going though the Directory there is a Mix of people that I can see the Correct Primary email address and they can receive mail. Though 95% of the users in the Directory all have the and they are the ones that cause the Error:
554 5.4.14 Hop count exceeded - possible mail loop ATTR34

Another Item to note that I have not tested yet is that the users that do seem to work do NOT have a O365 license assigned to them.
Vasil Michev (MVP)Commented:
So basically you are causing a mail loop. If the MX points to O365, the domain should be set up as authoritative. Having set up the domain as internal relay "instructs" O365 to send the message to where the MX points at, if internal match for that recipient address is not found. In your case, you dont seem to have matching recipient in ExO, and since your MX points to O365 the mail is repeatedly resent to the same destination, causing a loop.

Set the domain(s) to authoritative and try again.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Scott TownsendIT DirectorAuthor Commented:
I think its something Different.

When I look at the User Directory in O365 I see some users with and some with

I can send a message to a user with that is the Correct Primary SMTP for that User and Domain and it works fine.

A user with Primary SMTP Domain that is the same as the user above that works, though in the O365 Directory has the domain listed, mail to them does not work, I get the Loop.

Looking though the list of users in the O365 Directory most of the ones that I have NOT assigned a License to have the Correct Primary Domain listed. All of the users that have a License Assigned have the listed.

the domain I'm testing with is a non-test domain and all of the MX records both Internal and Public are pointing to the On-Premise server.

Does that make sense?
Vasil Michev (MVP)Commented:
Well of course the SMTP address matters, so make sure you are provisioning users with the correct one. There is no email address policy in O365 other than applying the default domain. If you are creating the users directly in O365, select the "correct" address upon creation. If you are provisioning the via dirsync, make sure all the domains you have matching any primary/secondary aliases are added/verified in Office 365 - otherwise the email address will be replaced with Same goes for any .local or similar, non-routable addresses.

Lastly, assigning a license to O365 users triggers the mailbox creation process - at that point any aliases not matching the conditions I mentioned above will be stripped. You cannot have aliases corresponding to non-verified domains in O365, regardless of where the MX points at.
Scott TownsendIT DirectorAuthor Commented:
Thank you, I was afraid of that. I wanted to leave the Main domains intact until I was sure that Everything was working then Migrate the primary non-test domains when I knew it was all working.

All of the users are existing on the On-Premise server and I have migrated a couple to O365. We will run in Hybrid mode until all of the users are off the On-Premise server and on O365. Then we will de-commision the On-Premise server.

If I add the primary Domains I should be able to Omit the MX record and leave it Pointing to the On-Premise server until I'm ready to Migrate those users?

Vasil Michev (MVP)Commented:
Yes, you can have the MX pointing wherever, it's not a requirement to point it to O365 for verified domains. But if you want to use addresses associated with certain domain in O365, you have to verify it. Otherwise only (unlicensed) mail users/mail contacts can have such addresses, not mailboxes.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.