Forum Discussion

Ivan54's avatar
Ivan54
Bronze Contributor
Sep 20, 2016

Custom Domain for O365 Groups in a Federated Hybrid Environment

So, I'm trying to wrap my head around my current problem and could use a little help. What we have:   Office 365 with a verified custom domain (e.g. contoso.com) Exchange 2013 onPrem also the M...
exchange
groups
Office 365 Groups
Ivan54's avatar
Ivan54
Bronze Contributor
Oct 04, 2016

Hi Tony, I've talked to our CSP and they weren't able to find any articles that confirm this functionality explicitly.

I've managed to enable the subdomain (e.g. groups.contoso.com) for our tenant have that synced back to onPrem (e.g. groupsname@groups.contoso.com). Reminder: MX records for groups.contoso.com point to O365 directly.

I've added additionaly aliases (groupsname@contoso.com) to the group, but I'm unable to get mail through to the group by using any aliases from external or internal. Reminder: MX records for contoso.com point onPrem.

 

Do you have any documentation that mentions functioning vanity domains for Office 365 Groups in a federated (ADFS) environment?

 

Ankit Kapoor's avatar
Ankit Kapoor
Copper Contributor
Oct 06, 2016

Hello Ivan,

 

Could you verify if the send-Connector is configured correctly for groups.contoso.com as mentioned in the point 4 of https://technet.microsoft.com/en-us/library/mt668829(v=exchg.150).aspxdoc. If the connector was not configured then group should be configured to receive mails for external senders.

 

Could you share the NDR error details?

 

Thanks

 

  • Ivan54's avatar
    Ivan54
    Bronze Contributor
    Oct 07, 2016

    Hi Ankit,

     

    Yes, I've verified that onPrem

    • groups.contoso.com is in the accepted domains and set to internal relay
    • groups.contoso.com is added to the "Outbound to Office 365" Send Connector (through that powershell cmd line)

     

    But I agree with Tonys comments, that there must be something wrong with the mail flow somehow. Because I've realized that I can't even send mails from onPrem to O365 for @groups.contoso.com groups that have this set as a primary SMTPaddress.

     

    Here's the NDR:

    Delivery has failed to these recipients or groups:

    <GROUP DISPLAY NAME>
    A problem occurred and this message couldn't be delivered. Check to be sure the email address is correct. If the problem continues, please contact your helpdesk.




    Diagnostic information for administrators:

    Generating server: servername.subdomain.contoso.com

    groupaliasmailto:iakw_it@groups.acv.at.contoso.com
    Remote Server returned '< #5.4.4 smtp;554 5.4.4 SMTPSEND.DNS.NonExistentDomain; nonexistent domain>'

    Original message headers:

    Received: from servername.subdomain.contoso.com (INTERNAL EXCHANGE IP) by servername.subdomain.contoso.com (INTERNAL EXCHANGE IP) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 6 Oct 2016 09:48:16 +0200Received: from sservername.subdomain.contoso.com ([IP v6 ADDRESS]) by servername.subdomain.contoso.com ([IP v6 ADDRESS]) with mapi id 15.00.1210.000; Thu, 6 Oct 2016 07:48:16 +0000Content-Type: multipart/mixed;        boundary="_000_83f62b9e9c1142f3be0bbdf4ec953e69smx01vcorpacvat_"From: "UNGER, Ivan (ADMIN)" <mailto:adminunger@acv.at>To: IAKW IT <mailto:iakw_it@groups.acv.at>Subject: test to groups.contoso.com 3Thread-Topic: test to groups.contoso.com 3Thread-Index: AQHSH6X/JciWgSC/2Eyop2WgMGxIbQ==Date: Thu, 6 Oct 2016 07:48:16 +0000Message-ID: <mailto:83f62b9e9c1142f3be0bbdf4ec953e69@smx01v.corp.acv.at>Accept-Language: en-US, de-ATContent-Language: en-USX-MS-Has-Attach:X-MS-TNEF-Correlator: <mailto:83f62b9e9c1142f3be0bbdf4ec953e69@smx01v.corp.acv.at>x-ms-exchange-transport-fromentityheader: Hostedx-originating-ip: [CLIENT IP v4 ADDRESS]x-esetresult: clean, is OKx-esetid: 37303A2962C4E3676C7D62MIME-Version: 1.0X-OrganizationHeadersPreserved: servername.subdomain.contoso.com

     

    Mail Flow for user mailboxes that use the contoso.com domain seems to be working just fine. So it can't be all wrong with the send connector. It just not working for Office 365 groups from onPrem to O365 (contoso.com or groups.contoso.com).

     

    • Ankit Kapoor's avatar
      Ankit Kapoor
      Copper Contributor
      Oct 07, 2016

      Hi Ivan,

       

      We are aware of the issue because of which on-prem transport raises AuthRequired NDR messages from external users to groups (even if group allows external users).

       

      On-prem transport throwing NonExistentDomain NDR only for groups even for the org. users is something new. We will need more details to debug it and hence I suggest you to open a ticket for the same.

       

      Thanks

      Ankit 

      • Adam Wheat's avatar
        Adam Wheat
        Copper Contributor
        Oct 28, 2016

        Ankit,

        I believe that I have the identical issue/architecture as OP with regard to the on-premesis server returning 5.7.1 Authentication Required errors when an esternal sender trys to email an Office365 Group.

         

        You note that you are aware of this issue... is there any update/resolution?

         

        Thanks

Resources