Share via

External OoO messages won't work - Relay Access Denied

Reinke, Jörg 20 Reputation points
2024-04-30T12:08:09.6933333+00:00

Hi.

We are running an Exchange Server 2019 farm in a hybrid scenario.

Since march SU we experienced, that OoO messages sent to external recipients won't be delivered anymore - Relay Access Denied.

We hoped, that the april SU would fix this again, but we still have issues.

Can find a lot of similar threats, but no answer is given.

I'm aware of the functionality of Out of Office messages, that they only are sent once to a sender, but internal OoO work fine. It's only to external recipients we do experience that issue with.

Any suggestions how to fix the issue?

We did check already "Get-RemoteDomain" - all our domains are

AllowedOOFType : External

AutoReplyEnabled : True

AutoForwardEnabled : True

Some SMTP errors:

LED=550 5.7.64 TenantAttribution; Relay Access Denied [ValidationStatus of 'xyz' is UntrustedRoot]

We reran our HWC without any issues.

Microsoft Connectivity Analyzer didn't give indications.

Has anyone an idea how to fix this issue?

Cheers

Jörg

Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,098 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,905 questions
0 comments
Accepted answer
  1. Noah Ma-MSFT 995 Reputation points Microsoft Vendor
    2024-05-09T09:29:05.32+00:00

    Great to know that the issue has already been resolved and thanks for sharing the solution so that others experiencing the same thing can easily reference this! As I suspected it could be related to a certificate issue, unfortunately my method didn't help you directly. Since the Microsoft Q&A community has a policy that "[The question author cannot accept their own answer. They can only accept answers by others] ", I'll repost your solution in case you'd like to "[Accept]" the answer : )     

    --------------   

    Issue Symptom: 

     The Out of Office messages sent to external recipients won't be delivered anymore with Relay Access Denied error.

     

    Resolution: 

    The Outbound Connector towards internet needs an SSL certificate nowadays. In specific case, you could use the same certificate as what you did on Hybrid Connection, even though you do not require TLS on the connector.

    As soon the certificate was assigned and FrontEnd Services were restarted Outbound queued Out of Office mails got sent again.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Noah Ma-MSFT 995 Reputation points Microsoft Vendor
    2024-05-01T06:59:22.51+00:00

    Hi @Reinke, Jörg,

    Based on your description, I want to check if your issue is the on-premises mailbox cannot send out of office to external.

    If so, did you renew the on-premises certificate recently? It may be due to a configuration change on-premises or a new/renewed certificate.

    Please ensure the certificate on-premises matches the certificate that is specified in M365.

    You could also see following solution part in following link to import the intermediate certificates to the intermediate certification authorities (CAs) on the sending server to see if it helps. Refer to "550 5.7.64 TenantAttribution; Relay Access Denied SMTP" error when sending mail through Exchange Online Protection.

    If you have any questions, please feel free to contact me.

    1 person found this answer helpful.