Forum Discussion

Sumesh1980's avatar
Sumesh1980
Copper Contributor
Aug 22, 2020
Solved

Not Able to enable DKIM in Office365 - Online Exchange server

I have been trying to enable DKIM on office365 since a couple of days. I have entered all the require CNAME entry in the DNS. But when I try to run the below command via Powershell    Ran Powershel...
  • harveer singh's avatar
    harveer singh
    Aug 22, 2020

    Hey Sumesh1980 ,

     

    Okay, Just tested it, it appears you did not run the command :

    New-DkimSigningConfig -DomainName <domain> -Enabled $false before updating the CNAME records.

     

    So here are the steps that you need to complete in order to get this working:

    1. New-DkimSigningConfig -DomainName <domain> -Enabled $false
    2. Get-DkimSigningConfig -Identity <domain> | Format-List Selector1CNAME, Selector2CNAME

     

    Grab the CNAMES and update them in DNS.

    Then run the command:

    Set-DkimSigningConfig -Identity <domain> -Enabled $true

     

    After running the command in Step 1, it should not give you the domain not found error.

     

    Thanks

Sumesh1980's avatar
Sumesh1980
Copper Contributor
Aug 22, 2020

harveer singh 

Get-Accepteddomain is showing my domain. And also I am able to send emails that were configured on my mobile. 

 

harveer singh's avatar
harveer singh
Steel Contributor
Aug 22, 2020

Hey Sumesh1980 ,

 

Okay, Just tested it, it appears you did not run the command :

New-DkimSigningConfig -DomainName <domain> -Enabled $false before updating the CNAME records.

 

So here are the steps that you need to complete in order to get this working:

1. New-DkimSigningConfig -DomainName <domain> -Enabled $false
2. Get-DkimSigningConfig -Identity <domain> | Format-List Selector1CNAME, Selector2CNAME

 

Grab the CNAMES and update them in DNS.

Then run the command:

Set-DkimSigningConfig -Identity <domain> -Enabled $true

 

After running the command in Step 1, it should not give you the domain not found error.

 

Thanks

  • SeunGab's avatar
    SeunGab
    Copper Contributor
    Apr 27, 2021
    Great. It solve my issue
  • Frederik Devreese's avatar
    Frederik Devreese
    Copper Contributor
    Dec 31, 2020
    Thanks! Solved my problem!
  • Sumesh1980's avatar
    Sumesh1980
    Copper Contributor
    Aug 22, 2020

    harveer singh 

     

     

    Tried adding the CNAME as suggested by you
     
    Set-DkimSigningConfig -Identity <domain> | Format-List Selector1CNAME, Selector2CNAME
     
    CNAME format was same as below
     
    Host name:selector1._domainkey
    Points to address or value:    selector1-<domainGUID>._domainkey.<initialDomain>
    TTL:3600
     
    Host name: selector2._domainkey
    Points to address or value: selector2-<domainGUID>._domainkey.<initialDomain>
    TTL: 3600
     
    But I am getting error as below
     
    CNAME record does not exist for this config. Please publish the following two CNAME records first.
     
    selector1-DOMAIN-com._domainkey.initialDomain.onmicrosoft.com
    selector2-DOMAIN-com._domainkey.initialDomain.onmicrosoft.com
        + CategoryInfo          : InvalidOperation: (:) [Set-DkimSigningConfig], Exception
        + FullyQualifiedErrorId : [Server=BMXPR01MB2423,RequestId=7a956dda-cf6e-4c60-b2b3-a50ac94264f0,TimeStamp=8/22/2020
        7:49:41 PM] [FailureCategory=Cmdlet-Exception] 3BEB77E9,Microsoft.Exchange.Management.SystemConfigurationTasks.Se
      tDkimSigningConfig
        + PSComputerName        : outlook.office365.com
     
     
    Does it take time to CNAME to propogate it internet ?
     

     

     
    • harveer singh's avatar
      harveer singh
      Steel Contributor
      Aug 22, 2020

      Sumesh1980 

      It depends on the DNS you are using and there may be a delay but most of the times it is not actually the DNS rather incorrectly updated records. The common mistake is to end up updating domain name twice like for example :

      selector1._domainkey.domain.com.domain.com is updated as the CNAME instead of simply selector1._domainkey.domain.com. 

      Please follow instructions related to your DNS provider only to update the records. See this case in older post:

       

      https://techcommunity.microsoft.com/t5/exchange/unable-to-activate-dkim/m-p/1540512

       

      Thanks

      • Sumesh1980's avatar
        Sumesh1980
        Copper Contributor
        Aug 23, 2020

        harveer singhHey thanks for helping me here. I was able to fix the issue.

         

        Thanks Buddy

Resources