Exchange online users can't send or receive email in Hybrid configuration.

Copper Contributor

Hello,

I'm testing a hybrid deployment with Exchange 2019 on prem. The hybrid setup seemed to go smoothly and I can migrate mailboxes between on-prem and online and back again. 

The problem I'm having is that online mailboxes cannot send to anyone and can only receive external email (which are routed through the on-prem server). The bounce back received are all similar, whether the email was on-prem to online, online to on-prem, or even online to online. this is the bounce back message for emails originating from Exchange Online to either an on-prem account or another online account.

Generating server: YQBP288MB0097.CANP288.PROD.OUTLOOK.COM

Remote server returned '550 5.7.708 Service unavailable. Access denied, traffic not accepted from this IP. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653 AS(7230) [YQBP288MB0020.CANP288.PROD.OUTLOOK.COM 2023-04-17T20:39:02.347Z 08DB3E6A08BC4E61]'

 

A similar bounce back is received sending from on-prem to online. I'm not sure which IP is being referenced since the mail doesn't leave the Microsoft environment.

 

Any help would be appreciated.

 

Ferdie

3 Replies
Have you configured centralised mail flow (all outgoing mail from Exchange Online routes via the on-prem Exchange servers)? Without having much detail, it looks like your on-prem network is blocking connections from Exchange Online to your on-prem Exchange server. Look at the connector in Exchange Online and make sure it validates fine. A message trace performed in Exchange Online will also show some more information which may shed some light on the issue

@Dan_Snape 

Thanks Dan.

Centralized mail transport is Not enabled, so email to the internet should route directly out of Exchange Online, yet I get the "Access denied, traffic not accepted from this IP" bounce back.

 

There are 2 connectors in Exchange online, Inbound (Your Org to O365) and Outbound (O365 to Your Org). The Outbound connector successfully validates and the on-prem mailbox receives the validation email. Inbound mail from the internet routes through the on-prem server and are delivered to the online mailbox, so the Inbound connector looks like it's working too.