Unable to send email from O365 to Exchange 2016 on-prem and vice versa

Homer Sibayan 126 Reputation points
2020-09-15T06:34:17.107+00:00

Hi Experts!

Can someone help us if you have any idea on how to fix the issue with our O365 to On prem . Can't send email from 0365 to on-prem vice versa after we successfully setting up hybrid configuration wizard.

Here’s the summary Report on the issue;

Main issue: Unable to send email from O365 to Exchange 2016 On-Prem and vice versa after successfully setting up hybrid configuration wizard.
List of mitigation process have been tried so far:
• As suggested by Microsoft we changed the accepted domains in Exchange Admin Center from relay to authoritative.
• NAT rule creation in Sophos UTM.
• Adding a new UPN suffix domainl.com to the domain controller.
• Opening a ticket to microsoft and sophos.
• Reinstallation of hybrid configuration wizard to another exchange server.
• Reinstallation of the exchange certificate to exch01 and exch02.

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,197 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,360 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,897 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Homer Sibayan 126 Reputation points
    2020-09-23T09:54:46.427+00:00

    Hi Lydia Zhou,

    The Latest update we have is we have on in progress with from On-Prem to O365 send and received email is now working. Unfortunately the mail flow from O365 to On-Prem is not delivered/delayed.

    What we have found out based on Reviewing the reported error LED=450 4.4.316 Connection refused};{MSG=Socket error code 10061, indicates that Office 365 was unable to connect to on-premises Exchange. You could not make a connection because the target machine actively refused it.

    A10061 error is caused by either a firewall or anti-virus software presence on the local computer or network connection. Either one may be blocking the ports needed to make a successful FTP connection to the server. Please see attached screenshot error. 26961-o365g.jpg

    Step taken/Troubleshooting done :

    1. Modify/Change Current Network Address Translation (NAT) in UTM configuration:

    • From O365 IP address to Exchange On-prem IP Address of (AHMCEXCH02)
    • Verify the Public IP Address to use.
    • Change the Destination translation from hostname (AHMCEXCH02 to IP address to be define.

    Findings :

    1. Old Sophos IP 202.124.150.53 - IP address should correspond and point to the On-premises Exchange Server / Sophos spam filtering.
    2. From IP : 104.47.34.97 is the Office 365 IP address which is attempting to send the email to on-premises.
    3. Reviewing the reported error LED=450 4.4.316 Connection refused};{MSG=Socket error code 10061, indicates that Office 365 was unable to connect to on-premises Exchange.
    4. Office O365 used asianmail.com in message event details.
    5. Since email is encrypted between Office 365 and on-premises Exchange we also need to verify the certificate used by the encrypted SMTP connection to ensure that it is valid. – should be itworksmail.asianmail.ca

    Any suggestion to be added on the list below to check based on your idea and experience ? This would help us on our issue.

    Next Steps :

    1. 10061 means connection refused, so definitely take a look at on firewall and make sure external systems (or only EO) can reach you On-Prem server. Port
      25 namely.
    2. Temporary disable the security software/Anti-virus on the computer
    3. Check if the SPF record is added correctly for your domain in Office 365.

    Status :

    1. Email Delivered and received from On-Prem to O365 – Working
    2. Delayed/Unable to deliver email to On-Prem from MS O365. It was based on Office O365 Admin Center Report, indicated that the email is currently not yet delivered to Exchange On-Prem organization.
    1 person found this answer helpful.
  2. Homer Sibayan 361 Reputation points
    2022-04-27T11:32:39.567+00:00

    Hi All

    For your reference, the issue has been fixed by unblocking port 25. You may check it with your ISP if port 25 is blocked on the connection. If your ISP blocked the connection from 0365 going to on premise it will affect your inbound email from 0365 to on premise. Exchange on- premise emails will got stucked on queue, and as long as you think you did not do any changes on network and firewall you must check it first on Internet service Provider.

    Other additonal reference may help you
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/mail-flow-intelligence-in-office-365?view=o365-worldwide#error-code-450-44316-connection-refused

    Thanks

    1 person found this answer helpful.
    0 comments
  3. Lydia Zhou - MSFT 2,371 Reputation points Microsoft Employee
    2020-09-16T02:52:35.007+00:00

    @Homer Sibayan

    Do you get any NDR messages when send emails? You can post the screenshot here, and don't forget to cover your personal information.

    What's the detailed version of your on-premises Exchange servers? You can check with this command: 

    Get-ExchangeServer | Format-List Name,Edition,AdminDisplayVersion

    Do you mean the mail flow issue only occurs between your on-premises organization and O365? Do mailboxes on on-premises Exchange and O365 have issues when send to and receive from external users?
    Does this issue occur with mailboxes migrated to O365, or also occur with mailboxes created on O365?

    Here are some suggestions for you:

    1. HCW helps to configure the hybrid mail routing, the needed connectors can be created automatically for the mail flow between the on-premises and Exchange Online organization. Messages sent between recipients on on-premises and Exchange Online should appear as "internal" for Exchange components. Please check the configuration of the connectors used for message transport between on-premises and Exchange Online organizations.
    2. Please make sure the domain name you want to use is also added to O365 successfully.
    3. The hybrid deployment requires a valid digital certificate purchased from a trusted CA, and the cert will be used for the secure message transport. Please check and make sure it's valid.
    4. Here is a blog about Demystifying and troubleshooting hybrid mail flow: when is a message internal, you can check it for more details. Hope you can get some useful information from it.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  4. Diogo Costa 1 Reputation point
    2021-08-02T10:51:31.42+00:00

    Hello, any update on this thread?
    What could be the problem?
    I have a similiar problem, Most of the emails delayed from O365 - to onPrem.
    When I try to validate the connector, i get this error (the same of yours):

    450 4.4.316 Connection refused [Message=Socket error code 10061] [LastAttemptedServerName=fqdn.smarthost.com] [LastAttemptedIP=x.x.x.x:25] [VI1EUR04FT046.eop-eur04.prod.protection.outlook.com]

    could be Firewall?
    PTR - from the smart host?

    Any way to check if the exchange server see the message, and detect where's the delay?

    Thanks

    0 comments