Forum Widgets
Latest Discussions
550 5.7.705 Tenant Email Block 55+ Hours - Support Unresolved
Our M365 tenant (labaradorpake.onmicrosoft.com) has been blocked from sending outbound email for over 55 hours with error 550 5.7.705 Access denied, tenant has exceeded threshold. Despite multiple support tickets and promises of 24-hour resolution, the block remains active. **Error Details:** - NDR: 550 5.7.705 Access denied, tenant has exceeded threshold - Scope: External outbound email only is blocked; internal tenant-to-tenant email works fine - Microsoft Defender Restricted Entities page shows 0 restricted users — the block is at tenant level, NOT user level - No transport rules exist that could be blocking outbound - No alerts in Exchange Admin Center **Timeline:** - June 19: Support ticket #2606190040005588 created, agent Manisha confirmed remediation complete and promised block would be lifted within 24 hours - June 21 (55+ hours later): Block STILL ACTIVE. Manisha has not responded to follow-ups. - June 21: Created 2nd ticket #2606210040000778, assigned to agent Odunayo — no action taken - June 21: Created 3rd ticket #2606210040000844 with phone callback request — no callback received yet **What we have tried:** 1. Three Microsoft support tickets (all Sev C) 2. Escalation emails to agent, tech lead, team manager (all bounce due to tenant block preventing outbound email) 3. Support Assistant chat bot — cannot escalate to human agents 4. Azure Portal support — No Access for this tenant tier 5. getsupport.microsoft.com — No Access 6. Microsoft Learn Q&A post: https://learn.microsoft.com/en-us/answers/questions/5926147 7. Phone callback requested on 3rd ticket — still waiting **Critical Impact:** The tenant cannot send ANY external email. All outbound messages to external recipients bounce with 550 5.7.705. This is a complete business email outage that has persisted for over 55 hours despite Microsoft support confirming remediation was complete. Has anyone experienced a similar tenant-level block (550 5.7.705) that took this long to resolve? What escalation paths actually work when support agents are unresponsive? Any advice on getting this block lifted urgently would be greatly appreciated. Cross-posted from Microsoft Learn Q&A: https://learn.microsoft.com/en-us/answers/questions/5926147
Exchange 2010 to Microsoft 365 Migration – Recommended Approach and Tools
I’m looking for guidance on migrating Exchange 2010 (on-premises) to Microsoft 365 / Office 365. Is a direct migration from Exchange 2010 supported, or is an intermediate hop (such as upgrading Exchange or setting up a hybrid configuration) required? Additionally, could you please recommend any reliable tools that can help with this migration? I also have a few PST files that need to be migrated as part of the process. I’d appreciate insights on best practices, common challenges, and lessons learned from real-world migrations. Thanks in advance for your help.
DKIM CnameMissing for alderohotel.it stuck for 6 days - backend cache reset needed
DKIM for custom domain alderohotel.it has been stuck in CnameMissing status for 6 days despite correct CNAME records. Tenant: alderotech (Microsoft 365) CNAME records published on Aruba DNS: - selector1._domainkey.alderohotel.it → selector1-alderohotel-it._domainkey.alderotech.w-v1.dkim.mail.microsoft.com - selector2._domainkey.alderohotel.it → selector2-alderohotel-it._domainkey.alderotech.w-v1.dkim.mail.microsoft.com Verified via PowerShell Resolve-DnsName: records resolve correctly. Get-DkimSigningConfig -Identity alderohotel.it returns Status: CnameMissing. Set-DkimSigningConfig -Enabled $true fails with CNAME validation error. Microsoft support diagnostic tool also shows CnameMissing. Requesting manual backend cache reset for DKIM signing config on alderohotel.it.Outlook Desktop users continually prompted for credentials On-Prem Exchange SE
Battling ongoing issues with users being continually prompted for password using Outlook 2024 LTSC with on-prem Exchange 2019 SE. Removed Windows credentials, turned off cache mode, removed shared calendar(s), outlook connection status seems fine. Only (temp) workaround seems to be removing mail profile and recreating it. All other network resources on domain are fine. Any input appreciated. Thanks
Exchange SE HU6: PDF attachments truncated to 13 KB via Outlook Desktop — OWA unaffected
We've spent days isolating this and ruled out everything we could touch. The corruption survives agent disabling, Bitdefender removal, and BypassFiltering — and the message tracking logs show exactly where it happens. Environment: Exchange Server SE, Build 15.2.2562.41 (HU6 / KB5081755), Windows Server 2025 Problem: PDF attachments sent internally via Outlook Desktop (MAPI) arrive corrupted at ~13 KB (original: ~32 KB, no xref/EOF). All PDF sizes, all internal recipients affected. Started 21 May 2026. Key finding — OWA works, Outlook Desktop doesn't: Sending the identical email via OWA → attachment arrives intact. Outlook Desktop → truncated. Message tracking proof: Both paths deliver the message at full size (~42 KB) via STOREDRIVER DELIVER. Only the Outlook Desktop delivery shows an additional X-SDDS=0.106 step in the STOREDRIVER latency breakdown. That step does not appear in the OWA delivery. The corruption happens inside that MAPI/TNEF store write step — not in transport. Systematically ruled out: All transport agents disabled → still 13 KB Exchange Malware Agent + Set-MalwareFilteringServer -BypassFiltering $true → still 13 KB Bitdefender GravityZone fully uninstalled from server → still 13 KB EEMS mitigations: only PING1 and M2.1.0 applied, neither affects MAPI delivery Temporal correlation: Three Windows updates installed 21.05.2026: KB5087051 (.NET Framework 4.8.1), KB5087539 (Windows Server 2025 CU), KB5089717 (Servicing Stack). Exchange SE HU6 (KB5081755) was installed around the same period. Workaround: Sending via OWA works. Not acceptable long-term. Has anyone seen this? Is this a known regression in HU6 or KB5087051?
Will server to server migration work cross-domain/cross-active directory?
Back in 2016, I upgraded a client from Exchange 2008R2 to Exchange 2016. The way I did it was "the textbook way" I built the new Exchange 2016 server on the same network as the 2008R2 server, and migrated the mailboxes from the old server to the new server, using the migration tool in the ECP interface, then deinstalled the server. It was a pretty cake migration except for one problem - the internal AD domain name was "wonkulating.com" however the client had failed to maintain public registration for that domain, and had registered "wonkulatinggronkulator.com" for use on the Internet. So I set it up so that all internal and external access was to "email address removed for privacy reasons" User were happy, and the IT dept was able to kick the migration can down the road again. Well fast forward a decade. Now I'm an employee for the former client and worse I manage the IT group there - so my can-kicking bandaid has come back to haunt me now that it's time to update to exchange SE. (it also adds to the fun that there's a couple hundred more users on the network than there were a decade ago) I decided to cut the Gordion knot and kill off "wonkulating.com" since there's not a snowball's chance in hades we could afford to buy it now. So I built a new AD for wonkulatinggronkulator.com, and did the jiggery pokery with the DNS servers and setup trust between the forests and so on and now, servers on both domains are happy happy, I can apply both wonkulating.com and wonkulatinggronkulator.com security objects to server filesystems, users can login to either domain at any workstation regardless of what domain the workstation was joined to, and so on, and we are getting ready to migrate the users and workstations off the old AD and on to the new AD. My question to all of you is this. I'm planning on installing Exchange SE into the new AD forest wonkulatinggronkulator.com and we will move the users over in groups of 10 or 20 or so, so that staff can make sure everyone is happy, can login, get at their files, etc. But what I am wondering is if the exchange servers will cooperate with each other. I'm not using ADMT or any of that to move user objects over to the new server so userIDs will exist in parallel for some time to allow a gradual migration of file and application servers. (we are too big now for the come-in-on-weekend-and-hose-everything-up-in-a-mad-rush-migration-fueled-with-pizza-and-mountain-dew routine) It would be very nice to just kick off a migration job on one of the mailservers and have the inbox copied over, but if I have to I can tear out the mailbox on the old server into a PST file and jam it into the new server via import. Documentation on microsoft.com seems to say at some points the servers will cooperate with each other and at other points it seems to say each mailserver is atomic. Like most orgs we have a bastion host mailserver that touches the actual Internet, the exchange server is only allowed to provide OWA services to the Internet, while the bastion host server (running Linux, by the way) does the actual heavy lifting of spam scanning and filtering out scam mails. Only cleaned mail is passed to the on-prem exchange server. So if the servers -won't- cooperate cross-forest, then I can adjust mail routing on a per-user basis on the bastion host to send incoming mail to the server in wonkulating.com or the server in wonkulatinggronkulator.com depending on which server they are on. Technically, the ACTUAL user ID on the old AD is WONKULATING\exampleuser while on the new AD it will be WONKULATINGGRONKULATOR\exampleuser, so the servers SHOULD be smart enough to know they are different userIDs - except that the server on wonkulating.com was hacked up by me a decade ago to believe it was authoritative for BOTH "email address removed for privacy reasons" and "email address removed for privacy reasons" email addresses and that they were the same userID basically. So, I don't know what's going to happen until I try it and all of the documentation I can find on this matter is pretty fluffy, as it assumes you are moving from a domain name you own to a different domain name you own because you bought a company or something, or you are moving from one mailserver to the other inside of the same forest/domain. Lastly, suggestions to install Exchange SE into wonkulating.com then move it later into wonkulatinggronkulator.com will be /dev/nulled immediately, I'm done kicking the can down the road. There's more than 20 years of garbage in the wonkulating.com AD and the nonsense described here is just the tip of the iceberg. (you should see the GPO's in wonkulating.com, simply horrifying) Thanks!
Send admin notifications on x number of messages from an email address
Hi, We're having a problem with a repeat spam/phishing offender that recycles email addresses from a particular domain. Because the email address is new it hasn't had a chance to be picked up by blacklists, so it doesn't get picked up as spam. We can't block on content, subject or sender because it all changes so for these campaigns we're relying on user reports to give us the heads up. We also can't block the domain because we receive legitimate email from the domain also. I'd like to change this so we can hit them before users notice and possibly whilst the spam campaign is in flight but I'm unsure as to how to go about it. Is there a rule or other setting I can configure which sends notifications to specific e-mail addresses if, say 100 emails were received from any email address (or from a specific domain?) within an hour, or 5 hours? I don't see how I can configure such a rule in mailflow rules so I'm guessing this might be somewhere else. There's an element of us likely being falsely alerted to marketing campaigns, but hopefully it's configurable enough that we can limit it down to only applying this against a specific sender domain, or adding a new custom mailflow rule which will lower the likelihood of false positives. Many thanks, - LswardReporting Recent Distribution List Changes
A recent discussion about reporting changes to Microsoft 365 groups provoked the question about how to report distribution list changes. The answer is that the same structure can be taken in a PowerShell script to fetch and report data, including the audit records containing the information about the changes, but the actual code is very different. Distribution lists Exchange Online objects and not Entra ID groups… https://office365itpros.com/2026/06/02/distribution-list-changes/FIX - Outlook 2013,2016,2019 fails open mailbox Exchange 2019 on-prem in offline LAN
Exchange 2019 on-prem + Outlook 2013/2016/2019 in offline LAN Symptoms: - OWA works - ECP works - Autodiscover works - Test-MAPIConnectivity is successful - Outlook profile can be created - Outlook fails to open the mailbox / “Cannot start Microsoft Outlook” / “The set of folders cannot be opened” / “The attempt to log on to Microsoft Exchange has failed” - Environment has no internet connection Root cause: The Windows client had a default gateway configured, but the gateway IP did not respond to ping. In our case the client received 192.168.1.1 as default gateway, but this IP was unreachable in the offline network. Fix: Set the client default gateway to an existing reachable IP address, for example the Exchange/DC server IP 192.168.1.5. Internet access is not required, but the default gateway must be reachable/responding. After changing: Default gateway: 192.168.1.5 DNS: 192.168.1.5 mail/autodiscover DNS or hosts pointing to Exchange 2019 Result: Outlook 2013, Outlook 2016 and Outlook 2019 connected to Exchange 2019 successfully.
