Copilot for Microsoft 365 Tech Accelerator
Feb 28 2024 07:00 AM - Feb 29 2024 10:30 AM (PST)
Microsoft Tech Community
SOLVED

Not Able to enable DKIM in Office365 - Online Exchange server

Copper Contributor

I have been trying to enable DKIM on office365 since a couple of days. I have entered all the require CNAME entry in the DNS. But when I try to run the below command via Powershell 

 

Ran Powershell as an administrator then ran the following command 

Set-ExecutionPolicy RemoteSigned
(kindly select yes to all option if asked)
$UserCredential = Get-Credential
(enter your Global admin account)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

Once connected to Exchange online ran the below command

Set-DkimSigningConfig -Identity "MYDOMAIN" -Enabled $true

I am getting an below error saying 

 

The operation couldn't be performed because object 'MYDOMAIN' couldn't be found on 'MAXPR01A05DC004.INDPR01A005.PROD.OUTLOOK.COM'.

 

Can someone help me here 

8 Replies

Hey @Sumesh1980 ,

 

Run Get-Accepteddomain from exchange powershell, check if you are able to see the domain listed here.

Verify exchange services are selected while adding the domain, step 5 in the following article : https://support.microsoft.com/en-us/office/connect-your-domain-to-office-365-cd74b4fa-6d34-4669-9937...

 

If you don't see the domain listed in get-accepteddomain , and the services are selected that would mean a sync did not happen AADS and EXO; you will have to get a ticket going with MS to run the sync.  Also, check if you are able to set the domain as SMTP for one of the users and try sending out a test email.

 

Thanks

@harveer singh 

Get-Accepteddomain is showing my domain. And also I am able to send emails that were configured on my mobile. 

 

best response confirmed by Sumesh1980 (Copper Contributor)
Solution

Hey @Sumesh1980 ,

 

Okay, Just tested it, it appears you did not run the command :

New-DkimSigningConfig -DomainName <domain> -Enabled $false before updating the CNAME records.

 

So here are the steps that you need to complete in order to get this working:

1. New-DkimSigningConfig -DomainName <domain> -Enabled $false
2. Get-DkimSigningConfig -Identity <domain> | Format-List Selector1CNAME, Selector2CNAME

 

Grab the CNAMES and update them in DNS.

Then run the command:

Set-DkimSigningConfig -Identity <domain> -Enabled $true

 

After running the command in Step 1, it should not give you the domain not found error.

 

Thanks

@harveer singh 

 

 

Tried adding the CNAME as suggested by you
 
Set-DkimSigningConfig -Identity <domain> | Format-List Selector1CNAME, Selector2CNAME
 
CNAME format was same as below
 
Host name:selector1._domainkey
Points to address or value:    selector1-<domainGUID>._domainkey.<initialDomain>
TTL:3600
 
Host name: selector2._domainkey
Points to address or value: selector2-<domainGUID>._domainkey.<initialDomain>
TTL: 3600
 
But I am getting error as below
 
CNAME record does not exist for this config. Please publish the following two CNAME records first.
 
selector1-DOMAIN-com._domainkey.initialDomain.onmicrosoft.com
selector2-DOMAIN-com._domainkey.initialDomain.onmicrosoft.com
    + CategoryInfo          : InvalidOperation: (:) [Set-DkimSigningConfig], Exception
    + FullyQualifiedErrorId : [Server=BMXPR01MB2423,RequestId=7a956dda-cf6e-4c60-b2b3-a50ac94264f0,TimeStamp=8/22/2020
    7:49:41 PM] [FailureCategory=Cmdlet-Exception] 3BEB77E9,Microsoft.Exchange.Management.SystemConfigurationTasks.Se
  tDkimSigningConfig
    + PSComputerName        : outlook.office365.com
 
 
Does it take time to CNAME to propogate it internet ?
 

 

 

@Sumesh1980 

It depends on the DNS you are using and there may be a delay but most of the times it is not actually the DNS rather incorrectly updated records. The common mistake is to end up updating domain name twice like for example :

selector1._domainkey.domain.com.domain.com is updated as the CNAME instead of simply selector1._domainkey.domain.com. 

Please follow instructions related to your DNS provider only to update the records. See this case in older post:

 

https://techcommunity.microsoft.com/t5/exchange/unable-to-activate-dkim/m-p/1540512

 

Thanks

@harveer singhHey thanks for helping me here. I was able to fix the issue.

 

Thanks Buddy

Thanks! Solved my problem!
Great. It solve my issue
1 best response

Accepted Solutions
best response confirmed by Sumesh1980 (Copper Contributor)
Solution

Hey @Sumesh1980 ,

 

Okay, Just tested it, it appears you did not run the command :

New-DkimSigningConfig -DomainName <domain> -Enabled $false before updating the CNAME records.

 

So here are the steps that you need to complete in order to get this working:

1. New-DkimSigningConfig -DomainName <domain> -Enabled $false
2. Get-DkimSigningConfig -Identity <domain> | Format-List Selector1CNAME, Selector2CNAME

 

Grab the CNAMES and update them in DNS.

Then run the command:

Set-DkimSigningConfig -Identity <domain> -Enabled $true

 

After running the command in Step 1, it should not give you the domain not found error.

 

Thanks

View solution in original post