Email from on-premises to Office365 connector not working in a Hybrid enviroment.

On premises to Office365 connector not working.
I configured O365 Hybrid Wizard, sync AD, and everything looks fine.

I have two problems:

1.- I can only migrate mailbox to exchange online if the default address from the user is @contoso.onmicrosoft.com not using our principal @contoso.com
2.- If I send an email from an exchange online mailbox to a on premises or external mail, the mail will flow correctly, but if send an email from a user on premises to a user online, I will get the following error (it´s in spanish):

BN3NAM04FT043.mail.protection.outlook.com rejected your messages:
Eugenio Martínez Páez (eugenio.martinez@contoso.com)
No se entregó el mensaje por un problema de seguridad o de permisos. Puede que un moderador lo haya rechazado, que la dirección solo acepte correo electrónico de ciertos remitentes o que otra restricción esté impidiendo la entrega.
BN3NAM04FT043.mail.protection.outlook.com produjo este error:
Service unavailable, Client host [local public ip] blocked using Spamhaus. To request removal from this list see http://www.spamhaus.org/lookup.lasso (AS16012612)

I tryed to recreate the conectors but not managed to get it right.
Can someone help me?
LVL 2
marpanetAsked:
Who is Participating?
 
MaheshArchitectCommented:
the message is saying that your onpremise exchange outbound public IP have got blacklisted probably and you need to remove it from blacklist, they have provided the details of blacklister
OR
Ensure that within onpremise to O365 connector you have added all onpremise public IPs which can be / are used to send emails outbound
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
El problema es que tienes la ip bloqueada en microsoft.
tienes que blacklistearla para poder usar ese servicio

Es decir,
Entra aqui:
https://www.spamhaus.org/lookup/
Luego solicita que te blacklisteen, llenando el formulario con tu ip publica.

y ya.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
MichelangeloConsultantCommented:
As per original poster, issue is:
"2.- If I send an email from an exchange online mailbox to a on premises or external mail, the mail will flow correctly, but if send an email from a user on premises to a user online, I will get the following error (it´s in spanish):"

I suspect the TLS tunnel is not set up properly, too,  as the email sent by the onprem user  would be still received by the user on the o365 part of the hybrid.
0
 
marpanetAuthor Commented:
I just added our public ip to spamhouse white list.... now I don´t get a bounce back error email, it goes through, but it dosent arribe at my office365 mailbox.... :S
checking the logs...

2018-03-14T15:59:54.647Z,Outbound to Office 365,08D5869E5C4484EE,18,192.168.1.2:53309,216.32.181.42:25,>,BDAT 8613 LAST,
2018-03-14T15:59:56.066Z,Outbound to Office 365,08D5869E5C4484EE,19,192.168.1.2:53309,216.32.181.42:25,<,"250 2.6.0 <59f3862958f0415b890e3ba10e7d5578@contoso.com> [InternalId=433791703533, Hostname=CO1NAM04HT017.eop-NAM04.prod.protection.outlook.com] 13680 bytes in 0.323, 41.236 KB/sec Queued mail for delivery",
2018-03-14T15:59:56.072Z,Outbound to Office 365,08D5869E5C4484EE,20,192.168.1.2:53309,216.32.181.42:25,>,QUIT,
2018-03-14T15:59:56.162Z,Outbound to Office 365,08D5869E5C4484EE,21,192.168.1.2:53309,216.32.181.42:25,<,221 2.0.0 Service closing transmission channel,
2018-03-14T15:59:56.162Z,Outbound to Office 365,08D5869E5C4484EE,22,192.168.1.2:53309,216.32.181.42:25,-,,Local
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
Ok after that, you just need to go the office365 / Exchange online console.
and modify the way your connector validates your connection.

Instead of using your SSL address use your IP address, and you're done.
I've done that everytime in my environment.
0
 
marpanetAuthor Commented:
I just added the public ip address into the conector, and still not getting the email through...  :(
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
Are you getting any bounce back?

here's the connector of my o365 from my organization to o365.
Screenshot_2.png
if this doesn't work.
Make sure that your O365 accounts has the ProxyAddress attribute set on AD.
proxy.png
0
 
marpanetAuthor Commented:
There´s no bounce back....
The ip is the same as the one I set on spamhouse..
And the attribute is correct.. I have  contoso.mail.onmicrosoft.com and contoso.onmicrosoft.com, as well as  contoso.com and domain.local

Untitled.png
0
 
marpanetAuthor Commented:
What happens if I delete the conector and run hybrid configuration again?, will it destroy something important?? LOL
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
No it will just run and create all the connectors again...
0
 
marpanetAuthor Commented:
Perfect, let me run the Wizard again...
Thank you José!
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
But, I don't think that would fix it.
Probably is better just to create a support ticket with microsoft.
0
 
Todd NelsonSystems EngineerCommented:
0
 
marpanetAuthor Commented:
;P

I hate to create support tickets heheheh  let me try another few things before contacting support, that´s the way I love to learn hehehe
0
 
marpanetAuthor Commented:
Here´s a little thing maybe you could help me, I added a personal domain to the connector, so emails sent to this domain via on premises, they will flow through O365, and got a bounce back error:

Información de diagnóstico para los administradores:
Generando servidor: Apolo.contoso.local
oficina@personaldomain.com
BN3NAM04FT028.mail.protection.outlook.com
Remote Server returned '550 5.7.64 TenantAttribution; Relay Access Denied [BN3NAM04FT028.eop-NAM04.prod.protection.outlook.com]'
Encabezados de mensajes originales:
Received: from Apolo.contoso.local (192.168.1.2) by Apolo.contoso.local (192.168.1.2)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.845.34; Wed, 14
 Mar 2018 18:22:08 -0600
Received: from Apolo.contoso.local ([fe80::ec02:b80d:213b:e828]) by
 Apolo.iDi.local ([fe80::ec02:b80d:213b:e828%12]) with mapi id 15.01.0845.039;
 Wed, 14 Mar 2018 18:22:08 -0600
From: Francisco Garza <francisco.garza@contoso.com.mx>
To: "oficina@personaldomain.com" <oficina@personaldomain.com>
Subject: 222222
Thread-Topic: 222222
Thread-Index: AQHTu/On7a6hVhUa6EOs2rzFV0qB5A==
Date: Thu, 15 Mar 2018 00:22:08 +0000
Message-ID: <9e53f7aa64784ddc8720d65506988dfe@contoso.com.mx>
Accept-Language: es-MX, en-US
Content-Language: es-MX
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [187.163.69.7]
Content-Type: multipart/alternative;
      boundary="_000_9e53f7aa64784ddc8720d65506988dfeideicommx_"
MIME-Version: 1.0
0
 
marpanetAuthor Commented:
Just to give you an update on the Microsoft Support Ticket...
2 hours on the phone and still no advance.... LOL

José, I know that users migrated to Exchange Online will disappear on the loca ECP in the Mailbox section, and appear on the Mailbox section in ECP O365, but they say that each mailbox migrated in leave in the local "contacts" section a contacto with the smtp: pointing to O365, is this correct?, I can see that in the O365 ECP I see in the "contacts" section all my non migrated users, but not the other way around.
0
 
Todd NelsonSystems EngineerCommented:
Assuming you've configured the hybrid correctly, mailboxes moved to EXO do not disappear from the 'Mailboxes' section of the on premises ECP.  Their mailbox type changes from "User" to "Office 365".  However, again, assuming hybrid is configured correctly, before an on premises  mailbox is moved to EXO, it will show in the 'Contacts' section as a "Mail User".  And once the on premises mailbox is moved to EXO, then it shows in the 'Mailbox' section in EXO as a mailbox type of "User".

For clarification, the mailbox will still be represented in the on premises ECP but the mailbox type will change.  Mailboxes moved from on premises to EXO are not represented in the Contacts section of the on premises ECP.

In EXO, if there is no contact for the associated unmigrated, on premises mailboxes then you won't be able to move those mailboxes to EXO.
0
 
marpanetAuthor Commented:
Thank you....
After one week with Microsoft Support, they haven´t fix the problem... I narrow the problem to this:
I have one Migrated user, this user has as email addresses:  me@domain.com and secondary exchangealias@o365domain.onmicrosoft.com

If I send an email from this account to itself using exchangealias@o365domain.onmicrosoft.com, it will arrive... but... if I send an email from any other email system to exchangealias@o365domain.onmicrosoft.com, it will not arrive..... after looking in the Flow Messages, we can see it bounces from one Microsoft server to another until we get a Maximum Hops error.... they still trying to find what´s the problem.
0
 
marpanetAuthor Commented:
After hours of Microsoft Support, they contacted a second level technician to join the support ticket… they narrowed to be a problem in the EOP server with our Microsoft domain… they made an adjustment and now the connectors are working correctly. I remember that last year I could mark two questions as part of the solution, in this version I haven´t found a way….

The solution for this problem was:
1.      Contacting Microsoft Support (without this, I couldn’t fix the problem)
2.      Adding our Static Public IP to the spamhouse white list.

Thank you for everything, I do not know why I always have to have problems like no one does LOL
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.