Email from on-premises to Office365 connector not working in a Hybrid enviroment.

the message is saying that your onpremise exchange outbound public IP have got blacklisted probably and you need to remove it from blacklist, they have provided the details of blacklister
OR
Ensure that within onpremise to O365 connector you have added all onpremise public IPs which can be / are used to send emails outbound

El problema es que tienes la ip bloqueada en microsoft.
tienes que blacklistearla para poder usar ese servicio

Es decir,
Entra aqui:
https://www.spamhaus.org/lookup/
Luego solicita que te blacklisteen, llenando el formulario con tu ip publica.

y ya.

As per original poster, issue is:
"2.- If I send an email from an exchange online mailbox to a on premises or external mail, the mail will flow correctly, but if send an email from a user on premises to a user online, I will get the following error (it´s in spanish):"

I suspect the TLS tunnel is not set up properly, too,  as the email sent by the onprem user  would be still received by the user on the o365 part of the hybrid.

I just added our public ip to spamhouse white list.... now I don´t get a bounce back error email, it goes through, but it dosent arribe at my office365 mailbox.... :S
checking the logs...

2018-03-14T15:59:54.647Z,Outbound to Office 365,08D5869E5C4484EE,18,192.168.1.2:53309,216.32.181.42:25,>,BDAT 8613 LAST,
2018-03-14T15:59:56.066Z,Outbound to Office 365,08D5869E5C4484EE,19,192.168.1.2:53309,216.32.181.42:25,<,"250 2.6.0 <59f3862958f0415b890e3ba10e7d5578@contoso.com> [InternalId=433791703533, Hostname=CO1NAM04HT017.eop-NAM04.prod.protection.outlook.com] 13680 bytes in 0.323, 41.236 KB/sec Queued mail for delivery",
2018-03-14T15:59:56.072Z,Outbound to Office 365,08D5869E5C4484EE,20,192.168.1.2:53309,216.32.181.42:25,>,QUIT,
2018-03-14T15:59:56.162Z,Outbound to Office 365,08D5869E5C4484EE,21,192.168.1.2:53309,216.32.181.42:25,<,221 2.0.0 Service closing transmission channel,
2018-03-14T15:59:56.162Z,Outbound to Office 365,08D5869E5C4484EE,22,192.168.1.2:53309,216.32.181.42:25,-,,Local

Ok after that, you just need to go the office365 / Exchange online console.
and modify the way your connector validates your connection.

Instead of using your SSL address use your IP address, and you're done.
I've done that everytime in my environment.

I just added the public ip address into the conector, and still not getting the email through...  :(

Are you getting any bounce back?

here's the connector of my o365 from my organization to o365.

if this doesn't work.
Make sure that your O365 accounts has the ProxyAddress attribute set on AD.

There´s no bounce back....
The ip is the same as the one I set on spamhouse..
And the attribute is correct.. I have  contoso.mail.onmicrosoft.com and contoso.onmicrosoft.com, as well as  contoso.com and domain.local

What happens if I delete the conector and run hybrid configuration again?, will it destroy something important?? LOL

No it will just run and create all the connectors again...

Perfect, let me run the Wizard again...
Thank you José!

But, I don't think that would fix it.
Probably is better just to create a support ticket with microsoft.

I think someone recommended that in the first comment of this request.  LOL!  :P

https://www.experts-exchange.com/questions/29088891/Email-from-on-premises-to-Office365-connector-not-working-in-a-Hybrid-enviroment.html?anchor=a42499853¬ificationFollowed=205170746&anchorAnswerId=42498217#a42498217

;P

I hate to create support tickets heheheh  let me try another few things before contacting support, that´s the way I love to learn hehehe

Here´s a little thing maybe you could help me, I added a personal domain to the connector, so emails sent to this domain via on premises, they will flow through O365, and got a bounce back error:

Información de diagnóstico para los administradores:
Generando servidor: Apolo.contoso.local
oficina@personaldomain.com
BN3NAM04FT028.mail.protection.outlook.com
Remote Server returned '550 5.7.64 TenantAttribution; Relay Access Denied [BN3NAM04FT028.eop-NAM04.prod.protection.outlook.com]'
Encabezados de mensajes originales:
Received: from Apolo.contoso.local (192.168.1.2) by Apolo.contoso.local (192.168.1.2)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.845.34; Wed, 14
 Mar 2018 18:22:08 -0600
Received: from Apolo.contoso.local ([fe80::ec02:b80d:213b:e828]) by
 Apolo.iDi.local ([fe80::ec02:b80d:213b:e828%12]) with mapi id 15.01.0845.039;
 Wed, 14 Mar 2018 18:22:08 -0600
From: Francisco Garza <francisco.garza@contoso.com.mx>
To: "oficina@personaldomain.com" <oficina@personaldomain.com>
Subject: 222222
Thread-Topic: 222222
Thread-Index: AQHTu/On7a6hVhUa6EOs2rzFV0qB5A==
Date: Thu, 15 Mar 2018 00:22:08 +0000
Message-ID: <9e53f7aa64784ddc8720d65506988dfe@contoso.com.mx>
Accept-Language: es-MX, en-US
Content-Language: es-MX
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [187.163.69.7]
Content-Type: multipart/alternative;
      boundary="_000_9e53f7aa64784ddc8720d65506988dfeideicommx_"
MIME-Version: 1.0

Just to give you an update on the Microsoft Support Ticket...
2 hours on the phone and still no advance.... LOL

José, I know that users migrated to Exchange Online will disappear on the loca ECP in the Mailbox section, and appear on the Mailbox section in ECP O365, but they say that each mailbox migrated in leave in the local "contacts" section a contacto with the smtp: pointing to O365, is this correct?, I can see that in the O365 ECP I see in the "contacts" section all my non migrated users, but not the other way around.

Assuming you've configured the hybrid correctly, mailboxes moved to EXO do not disappear from the 'Mailboxes' section of the on premises ECP.  Their mailbox type changes from "User" to "Office 365".  However, again, assuming hybrid is configured correctly, before an on premises  mailbox is moved to EXO, it will show in the 'Contacts' section as a "Mail User".  And once the on premises mailbox is moved to EXO, then it shows in the 'Mailbox' section in EXO as a mailbox type of "User".

For clarification, the mailbox will still be represented in the on premises ECP but the mailbox type will change.  Mailboxes moved from on premises to EXO are not represented in the Contacts section of the on premises ECP.

In EXO, if there is no contact for the associated unmigrated, on premises mailboxes then you won't be able to move those mailboxes to EXO.

Thank you....
After one week with Microsoft Support, they haven´t fix the problem... I narrow the problem to this:
I have one Migrated user, this user has as email addresses:  me@domain.com and secondary exchangealias@o365domain.onmicrosoft.com

If I send an email from this account to itself using exchangealias@o365domain.onmicrosoft.com, it will arrive... but... if I send an email from any other email system to exchangealias@o365domain.onmicrosoft.com, it will not arrive..... after looking in the Flow Messages, we can see it bounces from one Microsoft server to another until we get a Maximum Hops error.... they still trying to find what´s the problem.

After hours of Microsoft Support, they contacted a second level technician to join the support ticket… they narrowed to be a problem in the EOP server with our Microsoft domain… they made an adjustment and now the connectors are working correctly. I remember that last year I could mark two questions as part of the solution, in this version I haven´t found a way….

The solution for this problem was:
1.      Contacting Microsoft Support (without this, I couldn’t fix the problem)
2.      Adding our Static Public IP to the spamhouse white list.

Thank you for everything, I do not know why I always have to have problems like no one does LOL