Mail access issues in a hybrid Exchange deployment with cloud-based archive
Office 365 ProPlus is being renamed to Microsoft 365 Apps for enterprise. For more information about this change, read this blog post.
Original KB number: 2901386
The Hybrid Configuration wizard that's included in the Exchange Management Console in Microsoft Exchange Server 2010 is no longer supported. Therefore, you should no longer use the old Hybrid Configuration wizard. Instead, use the Office 365 Hybrid Configuration wizard that's available at Office 365 Hybrid Configuration wizard. For more information, see Office 365 Hybrid Configuration wizard for Exchange 2010.
You experience the following symptoms in a hybrid deployment of on-premises Microsoft Exchange Server and Exchange Online in Office 365:
When on-premises users try to send mail to a user who has a cloud-based archive, they receive a nondelivery report (NDR) that contains the following error message:
554 5.2.0 STOREDRV.Deliver.Exception:UserWithoutFederatedProxyAddressException;
Failed to process message due to a permanent exception with message User doesn't have any SMTP proxy address from a domain that is federated.
UserWithoutFederatedProxyAddressException: User doesn't have any SMTP proxy address from a domain that is federated. ##
A user who has a cloud-based archive can't access mail in Outlook or Outlook on the web (formerly known as Outlook Web App [OWA]). The user receives the following error message in Outlook on the web:
Url: https://mail.contoso.com:443/owa/auth.owaOWA version: 220.127.116.11
ExceptionException type: System.NullReferenceException Exception message: Object reference not set to an instance of an object.
This issue occurs if the email address policy has a default domain that isn't a federated domain. This causes the default SMTP address on the federated arbitration mailbox to use a domain that can't obtain a delegation token.
Verify that you're experiencing this issue:
Open the Exchange Management Shell on the on-premises Exchange 2013 server or Exchange 2010 server.
Run the following cmdlet:
Get-Mailbox -arbitration |fl PrimarySMTPAddress
In the output, note the SMTP domain that's specified for the FederatedEmail mailbox.
The following is an example of the output:
Run the following cmdlet:
get-FederatedOrganizationIdentifier |fl Domains
Check whether the domain that you noted in step 1C is listed. If the domain isn't listed, you've verified that you are experiencing this issue. Go to step 2.
To resolve this issue, do one of the following:
Federate the SMTP domain that's associated with the arbitration mailbox
To do this, use the Exchange admin center or the Exchange Management Console to add the domain name to the existing federation trust.
For more information about how to do this, go to Manage a federation trust.
Change the SMTP address of the arbitration mailbox and the transport settings container in Active Directory
Change the email address of the federated arbitration mailbox to use a federated domain. Also change the email address of the transport settings container so that it matches the email address of the federated arbitration mailbox.
This procedure requires Active Directory Service Interfaces Editor (ADSI Edit). Using ADSI Edit incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems that result from the incorrect use of ADSI Edit can be resolved. Use ADSI Edit at your own risk.
To do this, follow these steps:
Open ADSI Edit, and connect to the domain naming context container.
Under Default naming context, in the User container, open the properties of the federated arbitration mailbox.
Change the value of the proxyAddress attribute so that the primary SMTP address (the address in which SMTP is in uppercase letters) uses a federated domain.
Connect to the Configuration container, and then locate the transport settings container in the following path:
Configuration \ Services \ Microsoft Exchange \ <organization name>
Open the properties of the transport settings container, and then change the value of the MSExchOrgFederatedMailbox attribute to the SMTP address that you specified in step 3.