marpanet
asked on
Email from on-premises to Office365 connector not working in a Hybrid enviroment.
On premises to Office365 connector not working.
I configured O365 Hybrid Wizard, sync AD, and everything looks fine.
I have two problems:
1.- I can only migrate mailbox to exchange online if the default address from the user is @contoso.onmicrosoft.com not using our principal @contoso.com
2.- If I send an email from an exchange online mailbox to a on premises or external mail, the mail will flow correctly, but if send an email from a user on premises to a user online, I will get the following error (it´s in spanish):
BN3NAM04FT043.mail.protect ion.outloo k.com rejected your messages:
Eugenio Martínez Páez (eugenio.martinez@contoso. com)
No se entregó el mensaje por un problema de seguridad o de permisos. Puede que un moderador lo haya rechazado, que la dirección solo acepte correo electrónico de ciertos remitentes o que otra restricción esté impidiendo la entrega.
BN3NAM04FT043.mail.protect ion.outloo k.com produjo este error:
Service unavailable, Client host [local public ip] blocked using Spamhaus. To request removal from this list see http://www.spamhaus.org/lookup.lasso (AS16012612)
I tryed to recreate the conectors but not managed to get it right.
Can someone help me?
I configured O365 Hybrid Wizard, sync AD, and everything looks fine.
I have two problems:
1.- I can only migrate mailbox to exchange online if the default address from the user is @contoso.onmicrosoft.com not using our principal @contoso.com
2.- If I send an email from an exchange online mailbox to a on premises or external mail, the mail will flow correctly, but if send an email from a user on premises to a user online, I will get the following error (it´s in spanish):
BN3NAM04FT043.mail.protect
Eugenio Martínez Páez (eugenio.martinez@contoso.
No se entregó el mensaje por un problema de seguridad o de permisos. Puede que un moderador lo haya rechazado, que la dirección solo acepte correo electrónico de ciertos remitentes o que otra restricción esté impidiendo la entrega.
BN3NAM04FT043.mail.protect
Service unavailable, Client host [local public ip] blocked using Spamhaus. To request removal from this list see http://www.spamhaus.org/lookup.lasso (AS16012612)
I tryed to recreate the conectors but not managed to get it right.
Can someone help me?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
El problema es que tienes la ip bloqueada en microsoft.
tienes que blacklistearla para poder usar ese servicio
Es decir,
Entra aqui:
https://www.spamhaus.org/lookup/
Luego solicita que te blacklisteen, llenando el formulario con tu ip publica.
y ya.
tienes que blacklistearla para poder usar ese servicio
Es decir,
Entra aqui:
https://www.spamhaus.org/lookup/
Luego solicita que te blacklisteen, llenando el formulario con tu ip publica.
y ya.
As per original poster, issue is:
"2.- If I send an email from an exchange online mailbox to a on premises or external mail, the mail will flow correctly, but if send an email from a user on premises to a user online, I will get the following error (it´s in spanish):"
I suspect the TLS tunnel is not set up properly, too, as the email sent by the onprem user would be still received by the user on the o365 part of the hybrid.
"2.- If I send an email from an exchange online mailbox to a on premises or external mail, the mail will flow correctly, but if send an email from a user on premises to a user online, I will get the following error (it´s in spanish):"
I suspect the TLS tunnel is not set up properly, too, as the email sent by the onprem user would be still received by the user on the o365 part of the hybrid.
ASKER
I just added our public ip to spamhouse white list.... now I don´t get a bounce back error email, it goes through, but it dosent arribe at my office365 mailbox.... :S
checking the logs...
2018-03-14T15:59:54.647Z,O utbound to Office 365,08D5869E5C4484EE,18,19 2.168.1.2: 53309,216. 32.181.42: 25,>,BDAT 8613 LAST,
2018-03-14T15:59:56.066Z,O utbound to Office 365,08D5869E5C4484EE,19,19 2.168.1.2: 53309,216. 32.181.42: 25,<,"250 2.6.0 <59f3862958f0415b890e3ba10 e7d5578@co ntoso.com> [InternalId=433791703533, Hostname=CO1NAM04HT017.eop -NAM04.pro d.protecti on.outlook .com] 13680 bytes in 0.323, 41.236 KB/sec Queued mail for delivery",
2018-03-14T15:59:56.072Z,O utbound to Office 365,08D5869E5C4484EE,20,19 2.168.1.2: 53309,216. 32.181.42: 25,>,QUIT,
2018-03-14T15:59:56.162Z,O utbound to Office 365,08D5869E5C4484EE,21,19 2.168.1.2: 53309,216. 32.181.42: 25,<,221 2.0.0 Service closing transmission channel,
2018-03-14T15:59:56.162Z,O utbound to Office 365,08D5869E5C4484EE,22,19 2.168.1.2: 53309,216. 32.181.42: 25,-,,Loca l
checking the logs...
2018-03-14T15:59:54.647Z,O
2018-03-14T15:59:56.066Z,O
2018-03-14T15:59:56.072Z,O
2018-03-14T15:59:56.162Z,O
2018-03-14T15:59:56.162Z,O
Ok after that, you just need to go the office365 / Exchange online console.
and modify the way your connector validates your connection.
Instead of using your SSL address use your IP address, and you're done.
I've done that everytime in my environment.
and modify the way your connector validates your connection.
Instead of using your SSL address use your IP address, and you're done.
I've done that everytime in my environment.
ASKER
I just added the public ip address into the conector, and still not getting the email through... :(
ASKER
ASKER
What happens if I delete the conector and run hybrid configuration again?, will it destroy something important?? LOL
No it will just run and create all the connectors again...
ASKER
Perfect, let me run the Wizard again...
Thank you José!
Thank you José!
But, I don't think that would fix it.
Probably is better just to create a support ticket with microsoft.
Probably is better just to create a support ticket with microsoft.
I think someone recommended that in the first comment of this request. LOL! :P
https://www.experts-exchange.com/questions/29088891/Email-from-on-premises-to-Office365-connector-not-working-in-a-Hybrid-enviroment.html?anchor=a42499853¬ificationFollowed=205170746&anchorAnswerId=42498217#a42498217
https://www.experts-exchange.com/questions/29088891/Email-from-on-premises-to-Office365-connector-not-working-in-a-Hybrid-enviroment.html?anchor=a42499853¬ificationFollowed=205170746&anchorAnswerId=42498217#a42498217
ASKER
;P
I hate to create support tickets heheheh let me try another few things before contacting support, that´s the way I love to learn hehehe
I hate to create support tickets heheheh let me try another few things before contacting support, that´s the way I love to learn hehehe
ASKER
Here´s a little thing maybe you could help me, I added a personal domain to the connector, so emails sent to this domain via on premises, they will flow through O365, and got a bounce back error:
Información de diagnóstico para los administradores:
Generando servidor: Apolo.contoso.local
oficina@personaldomain.com
BN3NAM04FT028.mail.protect ion.outloo k.com
Remote Server returned '550 5.7.64 TenantAttribution; Relay Access Denied [BN3NAM04FT028.eop-NAM04.p rod.protec tion.outlo ok.com]'
Encabezados de mensajes originales:
Received: from Apolo.contoso.local (192.168.1.2) by Apolo.contoso.local (192.168.1.2)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_ AES_256_CB C_SHA384_P 256) id 15.1.845.34; Wed, 14
Mar 2018 18:22:08 -0600
Received: from Apolo.contoso.local ([fe80::ec02:b80d:213b:e82 8]) by
Apolo.iDi.local ([fe80::ec02:b80d:213b:e82 8%12]) with mapi id 15.01.0845.039;
Wed, 14 Mar 2018 18:22:08 -0600
From: Francisco Garza <francisco.garza@contoso.c om.mx>
To: "oficina@personaldomain.co m" <oficina@personaldomain.co m>
Subject: 222222
Thread-Topic: 222222
Thread-Index: AQHTu/On7a6hVhUa6EOs2rzFV0 qB5A==
Date: Thu, 15 Mar 2018 00:22:08 +0000
Message-ID: <9e53f7aa64784ddc8720d6550 6988dfe@co ntoso.com. mx>
Accept-Language: es-MX, en-US
Content-Language: es-MX
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [187.163.69.7]
Content-Type: multipart/alternative;
boundary="_000_9e53f7aa647 84ddc8720d 65506988df eideicommx _"
MIME-Version: 1.0
Información de diagnóstico para los administradores:
Generando servidor: Apolo.contoso.local
oficina@personaldomain.com
BN3NAM04FT028.mail.protect
Remote Server returned '550 5.7.64 TenantAttribution; Relay Access Denied [BN3NAM04FT028.eop-NAM04.p
Encabezados de mensajes originales:
Received: from Apolo.contoso.local (192.168.1.2) by Apolo.contoso.local (192.168.1.2)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_
Mar 2018 18:22:08 -0600
Received: from Apolo.contoso.local ([fe80::ec02:b80d:213b:e82
Apolo.iDi.local ([fe80::ec02:b80d:213b:e82
Wed, 14 Mar 2018 18:22:08 -0600
From: Francisco Garza <francisco.garza@contoso.c
To: "oficina@personaldomain.co
Subject: 222222
Thread-Topic: 222222
Thread-Index: AQHTu/On7a6hVhUa6EOs2rzFV0
Date: Thu, 15 Mar 2018 00:22:08 +0000
Message-ID: <9e53f7aa64784ddc8720d6550
Accept-Language: es-MX, en-US
Content-Language: es-MX
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [187.163.69.7]
Content-Type: multipart/alternative;
boundary="_000_9e53f7aa647
MIME-Version: 1.0
ASKER
Just to give you an update on the Microsoft Support Ticket...
2 hours on the phone and still no advance.... LOL
José, I know that users migrated to Exchange Online will disappear on the loca ECP in the Mailbox section, and appear on the Mailbox section in ECP O365, but they say that each mailbox migrated in leave in the local "contacts" section a contacto with the smtp: pointing to O365, is this correct?, I can see that in the O365 ECP I see in the "contacts" section all my non migrated users, but not the other way around.
2 hours on the phone and still no advance.... LOL
José, I know that users migrated to Exchange Online will disappear on the loca ECP in the Mailbox section, and appear on the Mailbox section in ECP O365, but they say that each mailbox migrated in leave in the local "contacts" section a contacto with the smtp: pointing to O365, is this correct?, I can see that in the O365 ECP I see in the "contacts" section all my non migrated users, but not the other way around.
Assuming you've configured the hybrid correctly, mailboxes moved to EXO do not disappear from the 'Mailboxes' section of the on premises ECP. Their mailbox type changes from "User" to "Office 365". However, again, assuming hybrid is configured correctly, before an on premises mailbox is moved to EXO, it will show in the 'Contacts' section as a "Mail User". And once the on premises mailbox is moved to EXO, then it shows in the 'Mailbox' section in EXO as a mailbox type of "User".
For clarification, the mailbox will still be represented in the on premises ECP but the mailbox type will change. Mailboxes moved from on premises to EXO are not represented in the Contacts section of the on premises ECP.
In EXO, if there is no contact for the associated unmigrated, on premises mailboxes then you won't be able to move those mailboxes to EXO.
For clarification, the mailbox will still be represented in the on premises ECP but the mailbox type will change. Mailboxes moved from on premises to EXO are not represented in the Contacts section of the on premises ECP.
In EXO, if there is no contact for the associated unmigrated, on premises mailboxes then you won't be able to move those mailboxes to EXO.
ASKER
Thank you....
After one week with Microsoft Support, they haven´t fix the problem... I narrow the problem to this:
I have one Migrated user, this user has as email addresses: me@domain.com and secondary exchangealias@o365domain.o nmicrosoft .com
If I send an email from this account to itself using exchangealias@o365domain.o nmicrosoft .com, it will arrive... but... if I send an email from any other email system to exchangealias@o365domain.o nmicrosoft .com, it will not arrive..... after looking in the Flow Messages, we can see it bounces from one Microsoft server to another until we get a Maximum Hops error.... they still trying to find what´s the problem.
After one week with Microsoft Support, they haven´t fix the problem... I narrow the problem to this:
I have one Migrated user, this user has as email addresses: me@domain.com and secondary exchangealias@o365domain.o
If I send an email from this account to itself using exchangealias@o365domain.o
ASKER
After hours of Microsoft Support, they contacted a second level technician to join the support ticket… they narrowed to be a problem in the EOP server with our Microsoft domain… they made an adjustment and now the connectors are working correctly. I remember that last year I could mark two questions as part of the solution, in this version I haven´t found a way….
The solution for this problem was:
1. Contacting Microsoft Support (without this, I couldn’t fix the problem)
2. Adding our Static Public IP to the spamhouse white list.
Thank you for everything, I do not know why I always have to have problems like no one does LOL
The solution for this problem was:
1. Contacting Microsoft Support (without this, I couldn’t fix the problem)
2. Adding our Static Public IP to the spamhouse white list.
Thank you for everything, I do not know why I always have to have problems like no one does LOL
OR
Ensure that within onpremise to O365 connector you have added all onpremise public IPs which can be / are used to send emails outbound