We have Plan E3.  We have a hybrid server onsite with a connector to Exchange online.  Our MX records point to FOPE.  We also have a public web site hosted at a 3rd party hosting site (Network Solutions).  The public web site is the same domain name as our Office365 domain.  (contosso.com)  The contosso.com web site has a web form that sends email to user@contosso.com addresses that are at Office365.  None of the mail from the web form is being delivered to the Office365 inbox.  Using the web form to send to a gmail address works fine.  Sending directly to user@contosso.com from the gmail address also works fine.  But the web form does not work to user@contosso.com.  The email is not in the FOPE quarantine. 

I suspect that because the sending SMTP server is also in contosso.com, that Office365 sees it as a forged message.  Since FOPE only allows us to have one inbound connector active, and we are using that connector for our hybrid server, how do we also tell FOPE & Office365 that mail from the "other" contosso.com server is OK?

My company has subscribed to 365 E3, and we are in the first phase of getting some of our employees migrated. For now we are running a split domain – where most people are still on our yahoo bizmail system. I now want to move my primary email to 365. Basically here is the issue. My current 365 admin login in is (given here in anonymous  code) joe@myco.com. However, my primary email that I want to use as my 365 login name and migrate my emails to the cloud is on yahoo bizmail and is joe.smith@myco.com. So my question is what steps do I need to take to convert my 365 login name to the joe.smith email name and what should I do within yahoo bizmail with my primary email name to make sure everything works seamlessly (e.g. make passwords the same, etc.).

Thank you in advance for your help!

Hi All,

I am planning migrate to O365 with a staged Migration which I initially just move 10 users to O365 and the rest will stay on-premises exchange.

Currently inbound and outbound emails are filtered by a third party (Mailguard) that means our MX records are pointing to their IP address or host. How can I configure MX records for O365? 

Thanks

Hi there,

Thanks in advance for your feedback and advice!

A brief overview of my implementation:

1. We are deploying Exchange Online in what is known as Split SMTP Namespace Hybrid Deployment (we will be using our primary SMTP domain name and a new SMTP domain name)

a. Our original SMTP domain name: domain1.com

          b. Our new SMTP domain name: domain2.com

 2. We are moving a group of our company to the Exchange online Cloud service. These particular group will be using the new SMTP domain name: domain2.com

3. The rest of the employees will remain in our original SMTP domain name: domain1.com

4. Project requirements involve: single sign-on, share calendar free/busy, unified GAL (both on premises and cloud-based users to share GAL), mobile users including iphones, droids, Blackberry users to continue accessing their company’s email once their accounts are moved to the Cloud

5. About Email Traffic Flow with Exchange Online:

a. Incoming Email: According to the theory, “with split SMTP namespaces, messages that are sent to the on-premises SMTP namespace are sent to the on-premises Exchange organization, and messages sent to the cloud-based SMTP namespace are sent to the cloud-based organization. Messages to the cloud-based organization are never routed through the on-premises organization, even if recipients from both organizations are addressed on the same message.” This is what happens by default when Split SMTP namespaces are used and that’s how we want it

b. Outgoing Email: outbound messages sent from recipients in either organization are sent directly to the Internet.

I have found online documentation explaining how to implement these Hybrid deployments with a single SMTP domain namespace (Shared SMTP Namespaces) BUT I have not been able to find clear information on how to deal with this Hybrid deployments when you have 2 SMTP domain names (Split SMTP Namespaces). Although most of the steps may be similar, there are some aspects that will have to be setup differently and that’s what I want to clarify

Before asking questions, I will indicate next the resources/servers involved:

We are setup as a single AD Forest with a single domain name (domain1.com). We are running Exchange 2010 SP2 and currently in co-existence with Exchange 2007 as we just finished upgrading from Exch2007 to Exch2010

Server #1: ADFS Proxy sitting on our DMZ

 Server # 2: ADFS sitting on our internal corporate network

NOTE: I know the recommendation is to have 2 ADFS Proxy servers in DMZ and 2 ADFS servers in LAN but we do not have the resources at the moment so I will take the risk

Server # 3: DirSync our internal corporate network

Server #4 and #5: these are 2 Exchange 2010 HUB/CAS servers setup in NLB on-premise and being used as part of our on-premise email system. We are planning to use these 2 existing servers to make them our Hybrid server (It is my understanding that by doing this we will not affect our existing email system)

Questions:

As indicated in the requirements above, we want the people to be moved to the cloud (this will be the people using the new SMTP domain name: domain2.com) to take advantage of Single Sign-on

1. Since our on-premises domain is domain1.com and we want the people to be moved to the cloud to be able to use username@domain2.com as their primary email address, does this mean that I have to create the new domain2.com as an additional domain in our existing AD forest?

  NOTE: we do not want to create a new domain in our existing AD infrastructure so hope there is a work around

Assuming we don’t have to create the domain2.com as an additional domain in our existing AD forest, do we need to add a new UPN for the domain2.com in our domain1.com domain?

2. When installing ADFS you need to define the domain to be converted to a federated domain. Since we will be dealing with 2 SMTP domain names, do we need to convert both: domain1.com and domain2.com as federated domains?

3. We added and verified both domain1.com and domain2.com in the O365 Portal.

4. Another aspect with ADFS and ADFS proxy servers is that you need to define a Federation Service Name. This same Federation Service Name needs to be added to our Public DNS Hosting. I’m not quite clear at this point whether we have to setup this name pointing to domain1.com and domain2.com. For example, fs.domain1.com vs. fs.domain2.com

5. We have installed wildcard cert on ADFS and ADFS proxy servers using *.domain1.com but if we need to use fs.domain2.com onADFS and ADFS proxy servers we will have to obviously get a new SSL cert for the domain2.com, right?

Any other relevant information you guys can share with us for this particular scenario would be greatly appreciated

Thanks again for your prompt feedback!

FT

Hi,

We're currently migrating Public Folders (basically just calendars!) across to Office 365 and I think I may be missing something as it seems more work configuring the clients.

Public Folders automatically became available for all users of Exchange, you had a Calendars folder with say every conference room calendar within it.  Converting these to Room mailboxes is fine, however for each and every user I will need to add about ten different Additional Mailboxes by hand, and this seems a bit backwards.

First of all I'd like to ask am I doing the right thing, I'm not missing some clever way of consolidating Rooms into a single Mailbox users can add once?

If I am doing the right thing can you tell me if there is an easy way of adding these mailboxes to each client rather than typing them in by hand into each and every MAPI profile on every desktop?

Thanks for your help.

Ross

So close but so far...

hello community,

i am using exchange 2010 sp2 rollup 5 v2

trying to setup hybrid and have installed comodo 90 days trial certificate for my domain onprem.uni.me.

i can make secure connection from any browser to owa.  (https://onprem.uni.me/owa)

certificate checking tools from digicert and ssl hopper says that the certificate is correctly installed.

however when using the hybrid configuration wizard , in the certificate section i get "no valid certificate exists for the hub transport server" error.

 Certificate also visible after using get-exchangecertificate |fl command in EMS. however the rootca type parameter shows unknown in the output of above command

Please HELP !

why the cert is invalid when i can make secure connection and also i can connect to my server from office 365 in migration section on portal

We are migrating from a hosted Exchange service to Office 365 E1 and E3 licenses. We have a large number (1,700+) of white list, or as Forefront? calls them, "safe senders".

Our list contains domain-wide entries such as *@domain.com, as well as full simple user.name@live.com entries.

Three questions:

1. What file format do we request export of our old white list from our prior Exchange host for import to Forefront or for import to our domain-wide admin on Office 365?
2. What is the procedure for this sort of import?
3. Does each user have to import it it separately? Or can a Global Admin import once covering all users at our domain?

(We don't have our own Exchange server, only the Microsoft Online one.)

thank you,

Eric

Current Environment is as Follows: E2k7 latest SPs, E2k10 with SP2, cas and mbox servers. We have ADFS 2.0 working, we have DirSync Working and we have the hyrid functionality working. (Less some minor details like calendar share between E2k7 users and Cloud-I believe this is due to availabilityaddress routing and a domain controller issue. But E2k10 mailboxes can see Cloud Calendars without issue and vice versa. E2k7 users are to be migrated to E2k10 asap)

We can move a mailbox to the cloud and assign license and create new remote mailboxes in the cloud, without issue. If we want to move a mailbox back from the cloud to on-prem, this fails without error indications. I have noticed that the Orgrelationship from on prem perspective says, "Mailbox moves True" but the Orgrelationship from Online perspective says, "false" and I cannot seem to find the cmdlet to change that option to True.

So my question is, Should that online orgrelationship say TRUE, and if so how to set it.? Additionally, unless we are missing something, is there anything else to look at??

I am aware of the users who are created directly in the cloud will have all 0's for guid and that would need to be fixed prior to moving back to on-prem. I tried that-GUID got updated correctly, but move still failed.

Any help on this would be greatly appreciated.

Thx

Hello

We are currently moving our customers on-premises exchange to Office 365. We are doing cutover migration and now we are receiving this error when trying to migrate mailboxes. Distribution lists migrated fine.

https://www.testexchangeconnectivity.com/ Outlook Anywhere reports that everything is fine.

Windows Live Domain Services returned an access error: 'System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 157.56.53.146:443 at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Microsoft.Exchange.Management.CredentialServices.CredentialServiceAPISoapServer.GetCredentialInfo(tagPASSID PassIDIn, String bstrAttribList) at Microsoft.Exchange.ProvisioningAgent.PassportLiveIdManager.GetMemberType(SmtpAddress memberName)'. Additional information: "IDSInstance:Business".

We have exchange hybrid deployment for online archiving.     Mailboxes that have been configured for online archive now hang for 10-30 seconds opening outlook.    I assume this is the logon process to the online archive?    Anything we can do to speed this up or eliminate this hang.

I want to migrate approx. 10 users from an on-premise Exchange 2003 to Office 365. I was wondering, if there are any drawbacks when I transfer existing content via PST export/import only. So not using any of the standard migration paths (ie. cutover).

I'd love have a chance to decide individually, which objects (Mails, Contacts, Appointments, etc) will be transferred to Exchange Online.

Do I miss something? What will the "cutover"-method do in addition? Which problems could arise, when PST is the only "means of transport". What will be missing?

Are there third-party tools for anlayzing, checking, cleaning ans preparing PST files?

TNX

The last line in the script is Mai?  When I run the script, I get the following below.  I've looked on the web, and it seems there is a complete script out there, and that resolves the issue, I have yet to locate.  Any assistance would be helpful.

The term Mai is not recognized as the name of a cmdlet....

Thank you in advance

Hello,

We are merging with another company and both companies are on Office 365. We need to consolidate(merge) these companies together and have a single email domain but still allow old email domain to deliver mail to the users in each domain.

I know we can add additional SMTP addresses to the users accounts but how do we merge and continue to receive mail on all three domains(2 old ones and one new one)

Company A: companyA.com

Company B: companyB.com

New company, Company C: Users should receive email to companyC.com and to either companyA.com and companyB.com if they belong to that original company.

One company is using ADFS and the other one is not. How would authentication occur?

Thank you.

I followed most of this http://onlinehelp.microsoft.com/en-us/office365-smallbusinesses/hh335299.aspx

but I can not find  anywhere to change the DNS settings.  when I select my domain it will allow me to click "View DNS settings" For domain purpose I did not select use sharepoint as my external public facing site. So do i not need to worry about the  A record?

To route traffic to your website after you add your domain to Office 365, do the following.

First I will cut to the chase and ask my question:

How do I route internal mail back to my on-site server for delivery?

Now I will explain my situation:

My organisation currently uses Google Apps for the domain.  There are between 5-10 users.

A friend (let's call him Bill) needed some work so I decided to give him a small project consolidating spreadsheet data.  Bill doesn't have Office Desktop and is on a Mac, so I decided to set him up with Office365, with the intention of also trialing the Office365 service with a view to potentially migrating the organisation over in future.

The first - and by far the highest - hurdle was setting his Outlook up.  In an ideal world, I would have simply set him up an IMAP account on our existing server, and have Outlook Web App connect via IMAP to retrieve his mail.  Notwithstanding the potential confusion of him having two addresses, my first endeavour was to try to set this up using the "connected accounts", connecting it to his default .onmicrosoft.com inbox.  Documentation is thin on the ground but finally I was able to determine that whilst IMAP is supported, IMAP from gmail is specifically not supported.  POP was a viable option for this task however the frequency with which Exchange checks the external POP server is limited to an hour minimum - this is mind bogglingly unhelpful and I can't perceive many situations where receiving your emails with up to an hour's delay would be beneficial.

Far from put off by this, I investigated ways of delivering Bill's mail directly to the Exchange server.  This of course would require deleting his gmail account and setting him up an account on Exchange using our domain, which I did after verifying the domain (a straightforward process).

It's impossible to get mail delivered to two separate MX servers without using an intermediary relay to receive the mail and send it on. However, it was possible to use Google Apps for this purpose, keeping everything in the cloud and avoiding a change to MX with the corresponding disruption to the organisation's mail delivery.

I set Google Apps up to relay mail to Exchange, only if addressed bill@ourdomain.com.

It works amazingly - all mail is delivered as usual, and Bill's mail is delivered to his Outlook Web App.

External outbound mail, that is anything he sends that is not addressed to our domain, is also sent correctly.

Problems have arisen however, getting outbound internal mail - that is, any mail sent to users at our domain - to work.  My interpretation of the email bounces was that when Bill sends mail, it is sent via the Exchange server.  Because the Exchange server was performing a lookup using its own address list, and the rest of the organisation doesn't use Exchange, it was returning a "mailbox not found"-type error.

Setting the domain as shared in the Microsoft Online settings stopped the errors, but still didn't result in internal mail being delivered.

The solution of course is very simple - either, Exchange can be told the SMTP server details of our Gmail SMTP server, along with credentials (I appreciate this probably means setting up a Google Apps account for Bill in order to pass SMTP verification but it's so cheap we're not that fussed), or - and this would be my preferred option - Exchange is told not to use its usual process to deliver internal mail, and simply treats it as external mail, delivering it to the MX server listed for our domain.

As I say I've found documentation fairly hard to come by, particularly at this level.  There is plenty of documentation available for Exchange Server but not a lot for the "cloud", hosted incarnation of it.

The workaround I have employed is to set myself up with an Exchange account.  That way, Bill can at least send emails to me at my work email address, which suits the purposes of his task.  However I'm left checking two inboxes as his email gets delivered to my Outlook Web App inbox, with all my other mail being processed by Gmail as usual.  It's clearly not a long-term solution and as I'm trialing Office365 I did want to move my email across to test it, and potentially my business partner's.  We require 100% uptime and reliability during office hours so not being able to email internally would cause so much hassle it wouldn't be worth it.

Microsoft make a lot of noise in their literature about designing Office365 to work with hybrid setups.  It's an honourable intention that marks a departure from their previous culture of making everything proprietary and difficult to interface with non-MS products.  However, almost the first page of the manual states that using Office365 requires moving the domain nameservers over to Microsoft!  I can't see how this would work for all but the smallest of companies, and it still creates downtime and the need for IT support during migration, plus I understand that the MS DNS controls only allow for editing of A and CNAME records - given the raft of services requiring domain authentication via TXT records these days, this limits one's options significantly.  Even if we did decide to migrate email over to Exchange Online, no way would we be pointing our nameservers over. It shouldn't be, and isn't, necessary.

That said, the documentation does say that if one doesn't wish to point their nameservers to Microsoft, they have the option (although this is not the MS-preferred option) to point their MX servers to Exchange.

I did find a section of the documentation that outlines a solution for retaining existing MX servers in a hybrid setup.  However it seems to only be relevant for hybrid setups where the previous email server was an on-site Exchange server.  IMAP migration seems to be documented as an all or nothing process, when it doesn't need to be that way.  The documentation regarding hybrid setup with onsite Exchange mentioned routing outbound email from Exchange Online back to the onsite server using FOPE connectors.  My knowledge of Exchange/Forefront being non-existent, I thought that might be worth a try.  However, having set that up, Bill's email still is not delivered to our existing email server.

I've just gone in to have a look at exactly what settings I put into Forefront, but now when I click "Configure IP safelisting, perimeter message tracing and email policies" from Outlook Web App Settings, Forefront is throwing the following error:

We are sorry but your session has expired.

You need to close this browser window and open a new one to log in again.

The browser window is fresh one, opened by a pop-up from OWA.  Anyway, appreciative that this is probably a temporary glitch, this is not why I'm here.  I am struggling to believe that hybrid setups only work with existing Exchange setups onsite.  Either:

• It is possible to instruct Exchange Online to relay/copy mail to an external server
• It is possible to inform Exchange Online that it isn't the authoritative mail server, and that internal mail should be treated as external mail and delivered to the domain's listed MX server
• There is another method of achieving internal mail delivery
• Office365 does not in fact offer hybrid functionality for those coming from a non-Exchange solution

At the very least, I'd like to know if what I'm trying to achieve is possible.  I'm not interested whether it is supported by Microsoft/Office365 as many Microsoft-unsupported things are entirely possible.  I'd also like to highlight that the amount of potential Office365 customers currently using Google Apps is likely to be relatively high, and of those, many would want to trial the service without disrupting existing email accounts, like I am trying to do.

We completed the mailbox migration successfully from our On-premises infrastructure (based on Exchange 2010) to Office 365 using hybrid migration. ADFS and DirSync were deployed too.

Now, the MX records are redirected to FOPE. At the moment, all mailboxes are located in the cloud and the e-mail service based on cloud is working fine.

Actually, we are planning the On-premises infrastructure decommision in order to remove all Exchange 2010 servers, and we have several doubts regarding this topic. We already have read this post: http://blogs.technet.com/b/exchange/archive/2012/12/05/decommissioning-your-exchange-2010-servers-in-a-hybrid-deployment.aspx

We only need another advises or best-practices about:

1. Is it recommended to mantain the On-premise Exchange Organization or we can remove it safely?
2. Is it recommended to maintain at least one CAS On-Premises in order to manage the Online e-mail platform or this administration can be done using ADSI Edit?
3. Can the hybrid configuraton be safely deleted or should be mantained?

Hi,

I am thinking of migrating afew staff members to office 365, especially bescause they can take their emails anywhere with them.

Everyone is currently on a POP acocunt on their individual PC's.

Would it be possible for me to migrate 5 users to office 365 and their emails would be accessed via webapp and synced office 2010 on their machines, while keeping 20+ users on our current pop server?

so to make it clear, Myself and 4 others have an @mycompany.co.uk, email address that gets migrated over to 365 and the 20+ users who don't need email on the go stay with my current hosting provider with pop accounts also with @mycompany.co.uk email addresses.

Thanks in advance.

Hi,

We migrated some shared mailboxes from on-premises together with dir sync'ing.  We realised we have to create some extra groups for the permissions of each shared mailbox, and that those groups had to be of type MailEnabledSecurity.

We have assigned the group to the shared mailbox with full access (Add-MailboxPermission), and also added the group to the Send As permissions for the shared mailbox(Add-RecipientPermission), but a user which is confirmed in that group (Get-MsolGroup, Get-MsolGroupMember) cannot open the mailbox.

However if we explicitly assign that user directly to the mailbox, as opposed to the group then it works OK.

Why are the groups not propagating?  I thought there might be a delay but if the user change was quick then group change should be as quick?

We simply cannot add every single user to the mailbox, that would be crazy, can you help us?

Thanks,

Ross

Our email is hosted through Rackspace.  We were signed up by Winxnet, which is the IT company that we use.  They are partners with Rackspace.  How do i migrate our email from them?