Hi, I'm unable to send a email from my on-premise exchange 2013 server to my exchange online server.

Both have separate domain, and the O365 is synced with my AD with Dirsync, it's for all our student.

When I try to send a email from my email to a student address I have NDR error

Remote
Server returned '420 4.2.0 Recipient deferred because there is no Mdb'

The O365 domain is reachable if we send from external address to O365 it's fine. If we send email from O365 to our on-premise server domain, it's fine. It's only when my server want to send to 0365 account.

The O365 domain isn't listed in accepted domain in our on-premise server should be created?

I Have a send connector for the o365 domain in our on-premise server and he take MX to send to the domain and the type is personnalized. Is it correct?

In the get-hybridconfiguration the 0365 isn't listed, should it be since the 0365 domain will not be in our on-premise server.

Thanks

Greetings

My Org has Exchange 2013 Setup.

I am about to configure application in my environment which will send 5000+ emails via a Receive Connector to the internal/external recipients each day.

Please suggest the best practices to configure the SMTP traffic to be relayed through Exchange with out affecting any Exchange SMTP traffic.

Also, suggest if there is any way i can check the current SMTP load to ensure that my Exchange setup has adequate resources to handle the entire SMTP traffic.

Thanks in advance.

Hi,

We use exchange 2013 CU5,

In our environemnt there are certain application which uses anonymous relay. For this we created a dedicated "Application Relay" connector and added our HLB (KEMP 2200) IP in this connector. In HLB we have option to allow IPs of APPLICATION SERVERS to allow for relaying.

The above is the method we folow usually

Now

1. Our security team is insisting that this anonymous method should not be used as oer policy

2. How we can modify or above setup in a secured way?

3. Current settings for "Default Frontend " shows Anonymos selected.....is this correct?

Manju Gowda

Hello

I would like to setup a transport rule to block external email for a set of users. i.e. those users cannot send email externally.

I do not want those users to have to be a member of a distribution group (BlockExternalEmail for example)

What methods can i achieve an ad scoped membership for this transport rule without a distribution group.

Both mail-enabled security groups and distribution groups create a ... distribution list.

Thanks

Hello

Exchange Online / Office 365

We`re sending some mails over scripts to our customers.
The application connects directly to the exchange online and signs in with the user account, using the exchange relay.

Is it possible to save these e-mails in the sent folder?

I know we could send it additional as BCC and move the mail in the inbox of the BCC recipient to sent messages, but this is not a clean solution.

Thanks for your help.

Best regards
Rotart

Hi,

I'm having a problem sending and receiving e-mails on my exchange.
I have setup a send connector and followed the step-by-step guides online.

I get the following logg:

2015-09-22T08:48:50.133Z,InternetSend,08D2C1E4EAD83E25,0,,207.38.2.251:25,*,,attempting to connect
2015-09-22T08:48:50.320Z,InternetSend,08D2C1E4EAD83E25,1,192.168.2.10:30210,207.38.2.251:25,+,,
2015-09-22T08:48:50.508Z,InternetSend,08D2C1E4EAD83E25,2,192.168.2.10:30210,207.38.2.251:25,<,220 upmsg1.unipoint.net ESMTP Postfix,
2015-09-22T08:48:50.508Z,InternetSend,08D2C1E4EAD83E25,3,192.168.2.10:30210,207.38.2.251:25,>,EHLO monkey-srvad.monkey.local,
2015-09-22T08:48:50.695Z,InternetSend,08D2C1E4EAD83E25,4,192.168.2.10:30210,207.38.2.251:25,<,250-upmsg1.unipoint.net,
2015-09-22T08:48:50.695Z,InternetSend,08D2C1E4EAD83E25,5,192.168.2.10:30210,207.38.2.251:25,<,250-PIPELINING,
2015-09-22T08:48:50.695Z,InternetSend,08D2C1E4EAD83E25,6,192.168.2.10:30210,207.38.2.251:25,<,250-SIZE,
2015-09-22T08:48:50.695Z,InternetSend,08D2C1E4EAD83E25,7,192.168.2.10:30210,207.38.2.251:25,<,250-ETRN,
2015-09-22T08:48:50.695Z,InternetSend,08D2C1E4EAD83E25,8,192.168.2.10:30210,207.38.2.251:25,<,250-STARTTLS,
2015-09-22T08:48:50.695Z,InternetSend,08D2C1E4EAD83E25,9,192.168.2.10:30210,207.38.2.251:25,<,250-AUTH DIGEST-MD5 PLAIN CRAM-MD5 LOGIN,
2015-09-22T08:48:50.695Z,InternetSend,08D2C1E4EAD83E25,10,192.168.2.10:30210,207.38.2.251:25,<,250-AUTH=DIGEST-MD5 PLAIN CRAM-MD5 LOGIN,
2015-09-22T08:48:50.695Z,InternetSend,08D2C1E4EAD83E25,11,192.168.2.10:30210,207.38.2.251:25,<,250-ENHANCEDSTATUSCODES,
2015-09-22T08:48:50.695Z,InternetSend,08D2C1E4EAD83E25,12,192.168.2.10:30210,207.38.2.251:25,<,250-8BITMIME,
2015-09-22T08:48:50.695Z,InternetSend,08D2C1E4EAD83E25,13,192.168.2.10:30210,207.38.2.251:25,<,250 DSN,
2015-09-22T08:48:50.695Z,InternetSend,08D2C1E4EAD83E25,14,192.168.2.10:30210,207.38.2.251:25,>,STARTTLS,
2015-09-22T08:48:50.882Z,InternetSend,08D2C1E4EAD83E25,15,192.168.2.10:30210,207.38.2.251:25,<,220 2.0.0 Ready to start TLS,
2015-09-22T08:48:50.882Z,InternetSend,08D2C1E4EAD83E25,16,192.168.2.10:30210,207.38.2.251:25,*,,Sending certificate
2015-09-22T08:48:50.882Z,InternetSend,08D2C1E4EAD83E25,17,192.168.2.10:30210,207.38.2.251:25,*,CN=monkey-srvad.monkey.local,Certificate subject
2015-09-22T08:48:50.882Z,InternetSend,08D2C1E4EAD83E25,18,192.168.2.10:30210,207.38.2.251:25,*,"CN=monkey-MONKEY-SRVAD-CA, DC=monkey, DC=local",Certificate issuer name
2015-09-22T08:48:50.882Z,InternetSend,08D2C1E4EAD83E25,19,192.168.2.10:30210,207.38.2.251:25,*,6103388C000000000002,Certificate serial number
2015-09-22T08:48:50.882Z,InternetSend,08D2C1E4EAD83E25,20,192.168.2.10:30210,207.38.2.251:25,*,A90FA095E86E317CA9A0F1492060154025E6E80D,Certificate thumbprint
2015-09-22T08:48:50.882Z,InternetSend,08D2C1E4EAD83E25,21,192.168.2.10:30210,207.38.2.251:25,*,monkey-srvad.monkey.local,Certificate alternate names
2015-09-22T08:48:51.069Z,InternetSend,08D2C1E4EAD83E25,22,192.168.2.10:30210,207.38.2.251:25,*,,Received certificate
2015-09-22T08:48:51.069Z,InternetSend,08D2C1E4EAD83E25,23,192.168.2.10:30210,207.38.2.251:25,*,CE724C99123EF74DAC404132623990D9FDBC5688,Certificate thumbprint
2015-09-22T08:48:51.069Z,InternetSend,08D2C1E4EAD83E25,24,192.168.2.10:30210,207.38.2.251:25,>,EHLO monkey-srvad.monkey.local,
2015-09-22T08:48:51.475Z,InternetSend,08D2C1E4EAD83E25,25,192.168.2.10:30210,207.38.2.251:25,<,250-upmsg1.unipoint.net,
2015-09-22T08:48:51.475Z,InternetSend,08D2C1E4EAD83E25,26,192.168.2.10:30210,207.38.2.251:25,<,250-PIPELINING,
2015-09-22T08:48:51.475Z,InternetSend,08D2C1E4EAD83E25,27,192.168.2.10:30210,207.38.2.251:25,<,250-SIZE,
2015-09-22T08:48:51.475Z,InternetSend,08D2C1E4EAD83E25,28,192.168.2.10:30210,207.38.2.251:25,<,250-ETRN,
2015-09-22T08:48:51.475Z,InternetSend,08D2C1E4EAD83E25,29,192.168.2.10:30210,207.38.2.251:25,<,250-AUTH DIGEST-MD5 PLAIN CRAM-MD5 LOGIN,
2015-09-22T08:48:51.475Z,InternetSend,08D2C1E4EAD83E25,30,192.168.2.10:30210,207.38.2.251:25,<,250-AUTH=DIGEST-MD5 PLAIN CRAM-MD5 LOGIN,
2015-09-22T08:48:51.475Z,InternetSend,08D2C1E4EAD83E25,31,192.168.2.10:30210,207.38.2.251:25,<,250-ENHANCEDSTATUSCODES,
2015-09-22T08:48:51.475Z,InternetSend,08D2C1E4EAD83E25,32,192.168.2.10:30210,207.38.2.251:25,<,250-8BITMIME,
2015-09-22T08:48:51.475Z,InternetSend,08D2C1E4EAD83E25,33,192.168.2.10:30210,207.38.2.251:25,<,250 DSN,
2015-09-22T08:48:51.475Z,InternetSend,08D2C1E4EAD83E25,34,192.168.2.10:30210,207.38.2.251:25,*,,sending message with RecordId 180388626672 and InternetMessageId <8a30447e24734177963feafefa073068@monkey-srvad.monkey.local>
2015-09-22T08:48:51.475Z,InternetSend,08D2C1E4EAD83E25,35,192.168.2.10:30210,207.38.2.251:25,>,MAIL FROM:<niclasj@monkey.local> SIZE=4586,
2015-09-22T08:48:51.475Z,InternetSend,08D2C1E4EAD83E25,36,192.168.2.10:30210,207.38.2.251:25,>,RCPT TO:<niclasjohansson1992@gmail.com>,
2015-09-22T08:48:51.849Z,InternetSend,08D2C1E4EAD83E25,37,192.168.2.10:30210,207.38.2.251:25,<,250 2.1.0 Ok,
2015-09-22T08:48:51.849Z,InternetSend,08D2C1E4EAD83E25,38,192.168.2.10:30210,207.38.2.251:25,<,450 4.1.8 <niclasj@monkey.local>: Sender address rejected: Domain not found,
2015-09-22T08:48:51.849Z,InternetSend,08D2C1E4EAD83E25,39,192.168.2.10:30210,207.38.2.251:25,>,QUIT,
2015-09-22T08:48:52.021Z,InternetSend,08D2C1E4EAD83E25,40,192.168.2.10:30210,207.38.2.251:25,<,221 2.0.0 Bye,
2015-09-22T08:48:52.021Z,InternetSend,08D2C1E4EAD83E25,41,192.168.2.10:30210,207.38.2.251:25,-,,Local

I also want to know how I can change so i dont have username@monkey.local but instead I want username@monkeysports.se

Thanks!

Hi,

I have a 3 node Exchange 2013 (CU1) with a CAS Server and 2 node (MBX Servers) DAG which has been working fine for well over 8 months but during some Office 365 Preparation work, I noticed that Outlook clients (INTERNALLY only) were continually prompting for credentials (that were subsequently not accepted), to log onto their Exchange mailboxes.

The security settings on the Outlook Anywhere settings have definitely changed to Anonymous Logon (were using "Negotiate Authentication") but even when I run powershell commands below

Set-OutlookAnywhere -Identity “<Server>\RPC (Default Web Site)” -InternalClientAuthenticationMethod ntlm -InternalClientsRequireSsl $true

to change the settings to NTLM and then try and create a new profile, the name is resolved OK but the mailbox is not added to the profile (the credentials are requested but not accepted and cancelling the request, results in the error about Exchange not being available).

Just not clear what has changed . I only added the External domain to Office 365 Portal and added external DNS records (autodiscover.outlook.com& msoid), set up ADFS server and UPN suffix for external domain) and after some time, my Outlook clients could no longer connect .

I still have my old Exchange 2010 Exchange available and when I have migrated a test account back, Outlook connects fine to that mailbox.

WSUS updates have been applied to the Exchange 2013 nodes (although not around the time, the problem occurred) and I'm wondering whether I should look at restoring snaphot of the 2013 CAS ?

John Philipson

Hi

We have a big problem here!
A lot of messages are just deleted by the transport agent. I don't know why that happens. Message tracking just show me the following entries:

TrendMicro Scanmail has been installed on the server, and from that point I get these entries. So there must be a relation between, but I don't know what.

Any Suggestions?

Regards
Peter

Hi ,everyone,

I am trying to make exchange 2013 works in following way:

We have several email address for public , like  

help@mycustomersupport.com,

help1@mycustomersupport.com,

        ........

I want all of above email received, go to  the mailbox with default smtp address customersupport@mydomain.com.

I am trying to accomplish in this way:

1.  the exchange default domain is mydomain.com

2. Add  mycustomersupport.com as authorized accept domain.

3. update mailbox customersupport@mydomain.com, add a  smtp address binging to "*@mycustomersupport.com" 

But it does not work,

Exchange reply NDR for user mailbox not found , testing with email send to help@mycustomersupport.com

Would anyone suggest any approach? Does exchange support widecard smtp like *@mycustomersupport.com?

Hi!
I have a problem where Out of office messages containing special characters gets replaced with a questionmark on the recieving end. Where to look for the reason? I guess there is some kind of encondingsetting I should look for?

I have also had reports on the same thing happening when a user sets up a inboxrule that forwards/redirects a incoming message.

Maybe this is the key?

https://technet.microsoft.com/en-us/library/aa997857(v=exchg.150).aspx

We have:

DomainName                           : *
ByteEncoderTypeFor7BitCharsets       : Undefined
CharacterSet                         : iso-8859-1
NonMimeCharacterSet                  : iso-8859-1
AllowedOOFType                       : ExternalLegacy
ContentType                          : MimeText

Hello Folks!!!, Hope you can help with this incident. We have an Exchange Server 2013 installed in a Windows Server 2012 R2, the mailflow it's working fine, BUT, in the past 2 days, I've detected that my organization cant' send mail to specifics external domains, lets say Domain ABC.external, and Domian XYZ.external, two different domains.

Never the less, We can send to other external domains.

The only thing that I can distiguish from those domains is that both are in Office 365.

Hope you can help me in this!!

Luis Antonio Navarrete Aranda Consultor Senior Akros Solutions Ecuador

We recently upgraded from Exchange 2007 to 2013.  I'm still adjusting to the many changes.  I'm trying to troubleshoot a problem where one of our managers is reporting that an external client isn't getting all expected mail from us.  We have a SharePoint application that sends automated replies.

This particular end-user made 4 inquiries, and says they only received one response from us instead of 4.

So in Exchange 2007 I would open the toolbox, open the mail flow troubleshooter, and enter the recipients email address to see how many times my transport server tried to send mail.

In this case, if I saw 4 entries, I could confirm that our application did indeed hit the relay server 4 times, then I could start looking in other areas, like on their end, as to why they didn't receive them.  

I have no NDR's coming back from the recipient.  This recipient has been receiving mails from us for years.  

The mail flow delivery reports lone-tool in EAC only seem to work when there is a mailbox involved, but in this case the local SMTP service on my Sharepoint server is directly contacting my transport server and relaying mail to the outside.

So i tried looking at the transport logs.  I did a test email and found the below log data from me sending a test email with subject "Test2"

The only thing i can see that looks fishy is the "No suitable shadow servers,,SMTP,HAREDIRECTFAIL" but I don't even know if that is an issue.  I used the MX record, then tried telnetting to their mail server on port 25 from mine and did a manual test which seemed to work just fine.  Is the below method the only way for me to look and see if the older missing emails were relayed off my server?

Any help is greatly appreciated!

Hi,

I have a 3 node Exchange 2013 (CU9) with a CAS Server and 2 node (MBX Servers) DAG which has been working fine for well over 8 months but during some Office 365 Preparation work, I noticed that Outlook clients (INTERNALLY only) were continually prompting for credentials (that were subsequently not accepted), to log onto their Exchange mailboxes.

By setting the IISAuthenticationMethods set to "Basic, Ntlm, Negotiate" (see below settings), I was able to get the EXISTING INTERNAL outlook clients to connect (they just ignore the credentials request) 

ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

but I can still NOT set up new profiles. Autodiscovery should obviously find the CAS server and return the mailbox GUID but it resolves to the Mailbox Node Server instead and then refuses to connect.

I have a different internal to external Domain so have used an autodiscover SRV setting on my internal DNS that points to the external name on my SSL certificate (eg mail.domain.com) and this all used to work so a bit stumped as to what to troubleshoot.

John Philipson

Hi guys,

We have a very strange problem in our environment.

First let me explain our setup which have been working successfully for more that four years until last Sunday.

We have two servers running Exchange 2010 Enterprise. Both server are running The Hubtransport role, the CAS role and the mailbox role.

The servers are members of a DAG solution and both servers normally have active databases.

Last week we configured a new Certificate from GoDaddy. At first everything worked fine but I had trouble applying the certificate on one of the servers to the Hub transport role.

Last Sunday we noticed mails send from server a towards users hosted on Server B got stuck in the Queue.

After a lot of trouble shooting I created a ticket at MS. They helped me but it didn't went as smooth as we wanted.

I was really hoping they would tell me I just made a mistake which was easy to fix..

Unfortunately Microsoft told me yesterday they couldn't help me anymore and that I needed to perform an Inplace Updgrade which should fix the problem with the old Certificate.

This reminds me I forgot to mention something :), since I couldn't apply the new certificate to the transport role the old one was still used. Result TLS handshake mismatch..

After the disappointing message from Microsoft we worked during the evening to get stuff sorted out. I mean if people tell you, you can't fix stuff, you are kind of forced to proof them wrong...

If you have the same feeling this is your chance :) Any help is appreciated!!

Status at the moment:

We got rid of the old certificate; although MS told us this wasn't possible we still sorted it out.

Since our certificate from GoDaddy couldn’t hold the FQDN anymore we entered this in a Self Signed Cert. and assigned this to the SMTP service.

Right now queues are still pilling up the error message we get:

451 4.4.0 Primary target IP Address Responded with: "421 4.4.2 Connection Dropped due to SocketError."

I tried every single thing which I could found on the WWW to sort it out, I mean everything!

Mail sent from Server A still isn't delivered to people on Server B and the other way arround

I checked if there was a issue with the internal DNS, if there were problems to setup a SMTP session on port 25 between the two servers.

No problems to be found. Both Servers are showing StartTLS.

So basically I got stuck. if anyone of you guys had this at a certain moment and sorted it out, please share it with me.

Like mentioned your help is appreciated!

My work has been using an older version of Domino (8.5.3) since we are going to make the move to exchange. Well that step has begun. I have created a server 2012 r2 with Exchange 2013 installed onto it. I believe it is setup correctly because I can send mail to users with an Active Directory account(after making a mailbox for them) and they can send/receive emails internally.

Here is where I am stuck, trying to figure out the connector portion.  We do use a anti-spam appliance from McAfee.  I was told to just setup the connector on Exchange to the Mcafee spam appliance and I should receive emails. Thing is my internal network is domain.net and our external address is domain.org.  Since everything in exchange has .net address how do I get mail to flow?

Also do I need a new Certificate created?   

Forgive my lack of keeping up!

Does anyone know if the new email encryption feature in hosted Exchange (365) can be deployed in house?  The one that allows a one time password, etc?

Thanks!

Bret

We are in the middle of a Migration from Exchange 2003 to 2010 to 2013.

2003 is no more. After moving 3 mailboxes to the 2013 Servers, we are not able to send mails with them.

We have 3 Locations (1 Root and 2 subdomains)

Domain a.de (root)

Subdomain b.a.de

Subdomain c.a.de

a.de is able to send to the subdomains, but b and c are not.

If a user in c trys to send an internal mail to a or b, the mail Returns with:

Remote Server returned '550 5.7.1 Not authorized

The same happens from b to c or a

We are working with Microsoft Support on that. We have been told to execute "Setup /preparealldomains" in all Domains.

Does this make any sense? The execution fails in b and c as there is a third subdomain d.a.de which cannot be reached from the sites b and c. (no ip Routing to b and c but a, no Exchange site planned in d)

(hope that i haven´t  convused too much....)