Email from on-premises to Office365 connector not working in a Hybrid enviroment.

On premises to Office365 connector not working.
I configured O365 Hybrid Wizard, sync AD, and everything looks fine.

I have two problems:

1.- I can only migrate mailbox to exchange online if the default address from the user is not using our principal
2.- If I send an email from an exchange online mailbox to a on premises or external mail, the mail will flow correctly, but if send an email from a user on premises to a user online, I will get the following error (it´s in spanish): rejected your messages:
Eugenio Martínez Páez (
No se entregó el mensaje por un problema de seguridad o de permisos. Puede que un moderador lo haya rechazado, que la dirección solo acepte correo electrónico de ciertos remitentes o que otra restricción esté impidiendo la entrega. produjo este error:
Service unavailable, Client host [local public ip] blocked using Spamhaus. To request removal from this list see (AS16012612)

I tryed to recreate the conectors but not managed to get it right.
Can someone help me?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
the message is saying that your onpremise exchange outbound public IP have got blacklisted probably and you need to remove it from blacklist, they have provided the details of blacklister
Ensure that within onpremise to O365 connector you have added all onpremise public IPs which can be / are used to send emails outbound
Jose Gabriel Ortega CastroCEOCommented:
El problema es que tienes la ip bloqueada en microsoft.
tienes que blacklistearla para poder usar ese servicio

Es decir,
Entra aqui:
Luego solicita que te blacklisteen, llenando el formulario con tu ip publica.

y ya.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

As per original poster, issue is:
"2.- If I send an email from an exchange online mailbox to a on premises or external mail, the mail will flow correctly, but if send an email from a user on premises to a user online, I will get the following error (it´s in spanish):"

I suspect the TLS tunnel is not set up properly, too,  as the email sent by the onprem user  would be still received by the user on the o365 part of the hybrid.
marpanetAuthor Commented:
I just added our public ip to spamhouse white list.... now I don´t get a bounce back error email, it goes through, but it dosent arribe at my office365 mailbox.... :S
checking the logs...

2018-03-14T15:59:54.647Z,Outbound to Office 365,08D5869E5C4484EE,18,,,>,BDAT 8613 LAST,
2018-03-14T15:59:56.066Z,Outbound to Office 365,08D5869E5C4484EE,19,,,<,"250 2.6.0 <> [InternalId=433791703533,] 13680 bytes in 0.323, 41.236 KB/sec Queued mail for delivery",
2018-03-14T15:59:56.072Z,Outbound to Office 365,08D5869E5C4484EE,20,,,>,QUIT,
2018-03-14T15:59:56.162Z,Outbound to Office 365,08D5869E5C4484EE,21,,,<,221 2.0.0 Service closing transmission channel,
2018-03-14T15:59:56.162Z,Outbound to Office 365,08D5869E5C4484EE,22,,,-,,Local
Jose Gabriel Ortega CastroCEOCommented:
Ok after that, you just need to go the office365 / Exchange online console.
and modify the way your connector validates your connection.

Instead of using your SSL address use your IP address, and you're done.
I've done that everytime in my environment.
marpanetAuthor Commented:
I just added the public ip address into the conector, and still not getting the email through...  :(
Jose Gabriel Ortega CastroCEOCommented:
Are you getting any bounce back?

here's the connector of my o365 from my organization to o365.
if this doesn't work.
Make sure that your O365 accounts has the ProxyAddress attribute set on AD.
marpanetAuthor Commented:
There´s no bounce back....
The ip is the same as the one I set on spamhouse..
And the attribute is correct.. I have and, as well as and domain.local

marpanetAuthor Commented:
What happens if I delete the conector and run hybrid configuration again?, will it destroy something important?? LOL
Jose Gabriel Ortega CastroCEOCommented:
No it will just run and create all the connectors again...
marpanetAuthor Commented:
Perfect, let me run the Wizard again...
Thank you José!
Jose Gabriel Ortega CastroCEOCommented:
But, I don't think that would fix it.
Probably is better just to create a support ticket with microsoft.
Todd NelsonSystems EngineerCommented:
marpanetAuthor Commented:

I hate to create support tickets heheheh  let me try another few things before contacting support, that´s the way I love to learn hehehe
marpanetAuthor Commented:
Here´s a little thing maybe you could help me, I added a personal domain to the connector, so emails sent to this domain via on premises, they will flow through O365, and got a bounce back error:

Información de diagnóstico para los administradores:
Generando servidor: Apolo.contoso.local
Remote Server returned '550 5.7.64 TenantAttribution; Relay Access Denied []'
Encabezados de mensajes originales:
Received: from Apolo.contoso.local ( by Apolo.contoso.local (
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.845.34; Wed, 14
 Mar 2018 18:22:08 -0600
Received: from Apolo.contoso.local ([fe80::ec02:b80d:213b:e828]) by
 Apolo.iDi.local ([fe80::ec02:b80d:213b:e828%12]) with mapi id 15.01.0845.039;
 Wed, 14 Mar 2018 18:22:08 -0600
From: Francisco Garza <>
To: "" <>
Subject: 222222
Thread-Topic: 222222
Thread-Index: AQHTu/On7a6hVhUa6EOs2rzFV0qB5A==
Date: Thu, 15 Mar 2018 00:22:08 +0000
Message-ID: <>
Accept-Language: es-MX, en-US
Content-Language: es-MX
x-originating-ip: []
Content-Type: multipart/alternative;
MIME-Version: 1.0
marpanetAuthor Commented:
Just to give you an update on the Microsoft Support Ticket...
2 hours on the phone and still no advance.... LOL

José, I know that users migrated to Exchange Online will disappear on the loca ECP in the Mailbox section, and appear on the Mailbox section in ECP O365, but they say that each mailbox migrated in leave in the local "contacts" section a contacto with the smtp: pointing to O365, is this correct?, I can see that in the O365 ECP I see in the "contacts" section all my non migrated users, but not the other way around.
Todd NelsonSystems EngineerCommented:
Assuming you've configured the hybrid correctly, mailboxes moved to EXO do not disappear from the 'Mailboxes' section of the on premises ECP.  Their mailbox type changes from "User" to "Office 365".  However, again, assuming hybrid is configured correctly, before an on premises  mailbox is moved to EXO, it will show in the 'Contacts' section as a "Mail User".  And once the on premises mailbox is moved to EXO, then it shows in the 'Mailbox' section in EXO as a mailbox type of "User".

For clarification, the mailbox will still be represented in the on premises ECP but the mailbox type will change.  Mailboxes moved from on premises to EXO are not represented in the Contacts section of the on premises ECP.

In EXO, if there is no contact for the associated unmigrated, on premises mailboxes then you won't be able to move those mailboxes to EXO.
marpanetAuthor Commented:
Thank you....
After one week with Microsoft Support, they haven´t fix the problem... I narrow the problem to this:
I have one Migrated user, this user has as email addresses: and secondary

If I send an email from this account to itself using, it will arrive... but... if I send an email from any other email system to, it will not arrive..... after looking in the Flow Messages, we can see it bounces from one Microsoft server to another until we get a Maximum Hops error.... they still trying to find what´s the problem.
marpanetAuthor Commented:
After hours of Microsoft Support, they contacted a second level technician to join the support ticket… they narrowed to be a problem in the EOP server with our Microsoft domain… they made an adjustment and now the connectors are working correctly. I remember that last year I could mark two questions as part of the solution, in this version I haven´t found a way….

The solution for this problem was:
1.      Contacting Microsoft Support (without this, I couldn’t fix the problem)
2.      Adding our Static Public IP to the spamhouse white list.

Thank you for everything, I do not know why I always have to have problems like no one does LOL
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.