Category Archives: Office365

Exchange Microsoft Office365 SSL

Exchange: Replacing certificate for Microsoft 365 hybrid connector’s

When certificates needs to be renewed or changed on (on-premise) Exchange server’s, and you have Microsoft 365 hybrid setup though Hybrid Configuration Wizard, a Office 365 connecter is setup as send and receive:

Receive:
Default Frontend xxxx/EXCH01

Send:
Outbound to Office 365
xxxxx send connector

If you try to delete the old certificate, without setting the new cert for the connectors, you will get this in ECP:
“A special Rpc error occurs on server EXCH01: These certificates are tagged with following Send Connectors : Outbound to Office 365. Removing and replacing certificates from Send Connector would break the mail flow. If you still want to proceed then replace or remove these certificates from Send Connector and then try this command.”

So we need to move into Powershell and replace it, because it cannot be done through the ECP:

Get the thumprint for the new cert:

Get-ExchangeCertificate

So here it is, the top level cert, it’s a wildcard cert, thus the “*.” in the subject name, sorry for the maskings, this is from a non-lab environment

Copy the thumprint to notepad for next command.

Read the certificate subject and thumprint into a variable:

$cert = Get-ExchangeCertificate -Thumbprint <paste the thumbprint in here from previous command>

$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)" - Do not change anything here!

The replace the connectors:

Send Connector –

Set-SendConnector "Outbound to Office 365" -TlsCertificateName $tlscertificatename

Receive Connector –

Set-ReceiveConnector "EXCH01\Default Frontend EXCH01" -TlsCertificateName $tlscertificatename

Note: replace the word “EXCH01” with the name of your Exchangeserver like “MY-EXCH01\Default Frontend MY-EXCH01”

Run IISRESET

This is because the old and new certificate have the same “issuer” and “subject”, the set-sendconnector and set-receiveconenctor, cannot thereforem tell the difference, but solution is easy:

Just add another cert on the servers thumbprint to the first script, then run all commands throgh, after that, do the same again, but now with the real cert’s thumprint, and it works ?

Note that if you fail to replace your certificate before it expires (You forgot to), your mailflow between on-prem Excahnge and Exchange Online (365) will stop working and you will see this in the logs:

[Message=451 5.7.3 STARTTLS is required to send mail]

source links:

https://martinsblog.dk/exchange-replacing-certificate-for-microsoft-365-hybrid-connectors/
https://martinsblog.dk/exchange-an-error-occurred-while-using-ssl-configuration-for-endpoint-0-0-0-0444/
https://www.azure365pro.com/replacing-send-connector-certificate/

Exchange Microsoft Office365

Email Forwarding on an on-prem mailbox to Office 365 mailbox

 

 Configure email forwarding for a mailbox

Set-Mailbox -Identity “OnPrem mailbox” -ForwardingSMTPAddress “Office 365 mailbox”

Exchange Office365 Tips & tricks

MRS Proxy Error “The connection to the server could not be completed”

Check MRS endpoint user and password.

read more »

Exchange Microsoft Office365

Remote Server returned ‘550 5.1.8 Access denied, bad outbound sender

Remote Server returned ‘550 5.1.8 Access denied, bad outbound sender’

Solution:

Non-Office 365 user use this https://sender.office.com (self-service delisting portal) to remove themselves from the blocked senders list.

Office 365 user, as an admin you can unblock your blocked Office 365 email account via using Exchange admin center.

• Go to the EAC, navigate to protection > action center.
• Select the Search icon and enter the SMTP address of the blocked user.
• Click Unblock Account in the description pane.
• Click Yes to confirm the change.

For more detailed information, please refer to the article: Removing a user, domain, or IP address from a block list after sending spam email

Code Snippets Office365 PowerShell

Office 365 : Password Sync doesn’t synchronize with Azure AD Connect

Verified password sync is disabled via using PowerShell

Following cmdlets have been used to verify above and I noticed password sync was in fact disabled although I checked the option in Azure AD connect setup.

Import-Module ADSync
Get-ADSyncAADPasswordSyncConfiguration -SourceConnector <‘LOCAL DOMAIN NAME>

Enabled password sync via PowerShell

Set-ADSyncAADPasswordSyncConfiguration -SourceConnector <‘LOCAL DOMAIN NAME> -TargetConnector <‘xxxxxxx.onmicrosoft.com – AAD’> -Enable $true

 

thanks to: http://www.tekronin.net/2015/10/09/office-365-woes-password-sync-doesnt-synchronize-with-azure-ad-connect/

http://www.tekronin.net/2015/10/09/office-365-woes-password-sync-doesnt-synchronize-with-azure-ad-connect/

Azure Microsoft Office365

Azure Password Sync

Check your synchronization user security tab, or in domain properties if “Replicating Directory Changes” and “Replicating Directory Changes All” is checked.

Exchange Office365 Tips & tricks

Emails between O365 and On-premises do not work

Error message: 451 4.4.0 Primary target IP address responded with: “451 5.7.3 Must issue a STARTTLS commnd first” Office 365 Hybrid

In some scenarios you might need to, in your firewall:   Disable Content Inspection with TLS

 

more about in:

http://www.moh10ly.com/blog/office-365/emails-between-o365-and-on-premises-do-not-work