question

HomerSibayan-3006 avatar image
0 Votes"
HomerSibayan-3006 asked HomerSibayan-0286 edited

Unable to send email from O365 to Exchange 2016 on-prem and vice versa

Hi Experts!

Can someone help us if you have any idea on how to fix the issue with our O365 to On prem . Can't send email from 0365 to on-prem vice versa after we successfully setting up hybrid configuration wizard.

Here’s the summary Report on the issue;


Main issue: Unable to send email from O365 to Exchange 2016 On-Prem and vice versa after successfully setting up hybrid configuration wizard.
List of mitigation process have been tried so far:
• As suggested by Microsoft we changed the accepted domains in Exchange Admin Center from relay to authoritative.
• NAT rule creation in Sophos UTM.
• Adding a new UPN suffix domainl.com to the domain controller.
• Opening a ticket to microsoft and sophos.
• Reinstallation of hybrid configuration wizard to another exchange server.
• Reinstallation of the exchange certificate to exch01 and exch02.

office-exchange-online-itprooffice-exchange-server-mailflowoffice-exchange-hybrid-itpro
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@HomerSibayan-3006 As your issue is about Exchange, we will remove the tag "office-online-server-exchange" which is used for Technical questions about integrating Office Online Server with Exchange Server.

0 Votes 0 ·
LydiaZhou-MSFT avatar image
0 Votes"
LydiaZhou-MSFT answered LydiaZhou-MSFT commented

@HomerSibayan-3006

Do you get any NDR messages when send emails? You can post the screenshot here, and don't forget to cover your personal information.

What's the detailed version of your on-premises Exchange servers? You can check with this command:

 Get-ExchangeServer | Format-List Name,Edition,AdminDisplayVersion

Do you mean the mail flow issue only occurs between your on-premises organization and O365? Do mailboxes on on-premises Exchange and O365 have issues when send to and receive from external users?
Does this issue occur with mailboxes migrated to O365, or also occur with mailboxes created on O365?

Here are some suggestions for you:

  1. HCW helps to configure the hybrid mail routing, the needed connectors can be created automatically for the mail flow between the on-premises and Exchange Online organization. Messages sent between recipients on on-premises and Exchange Online should appear as "internal" for Exchange components. Please check the configuration of the connectors used for message transport between on-premises and Exchange Online organizations.

  2. Please make sure the domain name you want to use is also added to O365 successfully.

  3. The hybrid deployment requires a valid digital certificate purchased from a trusted CA, and the cert will be used for the secure message transport. Please check and make sure it's valid.

  4. Here is a blog about Demystifying and troubleshooting hybrid mail flow: when is a message internal, you can check it for more details. Hope you can get some useful information from it.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@HomerSibayan-3006

Just checking in to see if above information was helpful. If you have any questions or need further help on this issue, please feel free to post back.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

@HomerSibayan-3006

Is there any update on this thread?
If you have solved your problem, could you share with us? Maybe it will help more people with similar problems.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
HomerSibayan-3006 avatar image
0 Votes"
HomerSibayan-3006 answered LydiaZhou-MSFT commented

Hi Lydia Zhou,

The Latest update we have is we have on in progress with from On-Prem to O365 send and received email is now working. Unfortunately the mail flow from O365 to On-Prem is not delivered/delayed.

What we have found out based on Reviewing the reported error LED=450 4.4.316 Connection refused};{MSG=Socket error code 10061, indicates that Office 365 was unable to connect to on-premises Exchange. You could not make a connection because the target machine actively refused it.

A10061 error is caused by either a firewall or anti-virus software presence on the local computer or network connection. Either one may be blocking the ports needed to make a successful FTP connection to the server. Please see attached screenshot error. 26961-o365g.jpg

Step taken/Troubleshooting done :

  1. Modify/Change Current Network Address Translation (NAT) in UTM configuration:

• From O365 IP address to Exchange On-prem IP Address of (AHMCEXCH02)
• Verify the Public IP Address to use.
• Change the Destination translation from hostname (AHMCEXCH02 to IP address to be define.

Findings :
1. Old Sophos IP 202.124.150.53 - IP address should correspond and point to the On-premises Exchange Server / Sophos spam filtering.
2. From IP : 104.47.34.97 is the Office 365 IP address which is attempting to send the email to on-premises.
3. Reviewing the reported error LED=450 4.4.316 Connection refused};{MSG=Socket error code 10061, indicates that Office 365 was unable to connect to on-premises Exchange.
4. Office O365 used asianmail.com in message event details.
5. Since email is encrypted between Office 365 and on-premises Exchange we also need to verify the certificate used by the encrypted SMTP connection to ensure that it is valid. – should be itworksmail.asianmail.ca


Any suggestion to be added on the list below to check based on your idea and experience ? This would help us on our issue.

Next Steps :
1. 10061 means connection refused, so definitely take a look at on firewall and make sure external systems (or only EO) can reach you On-Prem server. Port
25 namely.
2. Temporary disable the security software/Anti-virus on the computer
3. Check if the SPF record is added correctly for your domain in Office 365.

Status :
1. Email Delivered and received from On-Prem to O365 – Working
2. Delayed/Unable to deliver email to On-Prem from MS O365. It was based on Office O365 Admin Center Report, indicated that the email is currently not yet delivered to Exchange On-Prem organization.






o365g.jpg (93.6 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@HomerSibayan-3006

Yes, please check the firewall settings to make sure connections from Exchange Online IP addresses are not blocked to your on-premises organization. For a list of the Microsoft 365 IP addresses, you can see from: Office 365 URLs and IP address ranges.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
DiogoCosta-8528 avatar image
0 Votes"
DiogoCosta-8528 answered

Hello, any update on this thread?
What could be the problem?
I have a similiar problem, Most of the emails delayed from O365 - to onPrem.
When I try to validate the connector, i get this error (the same of yours):

450 4.4.316 Connection refused [Message=Socket error code 10061] [LastAttemptedServerName=fqdn.smarthost.com] [LastAttemptedIP=x.x.x.x:25] [VI1EUR04FT046.eop-eur04.prod.protection.outlook.com]


could be Firewall?
PTR - from the smart host?

Any way to check if the exchange server see the message, and detect where's the delay?

Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HomerSibayan-0286 avatar image
0 Votes"
HomerSibayan-0286 answered HomerSibayan-0286 edited

Hi All

For your reference, the issue has been fixed by unblocking port 25. You may check it with your ISP if port 25 is blocked on the connection. If your ISP blocked the connection from 0365 going to on premise it will affect your inbound email from 0365 to on premise. Exchange on- premise emails will got stucked on queue, and as long as you think you did not do any changes on network and firewall you must check it first on Internet service Provider.

Other additonal reference may help you
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mail-flow-intelligence-in-office-365?view=o365-worldwide#error-code-450-44316-connection-refused


Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.