Hybrid Configuration Wizard mailflow problem

Recently the Exchange hybrid team released the new “stand alone” hybrid wizard called “Microsoft Office 365 Hybrid Configuration Wizard” or HCW.

Read the post on the Exchange Team Blog about the new Hybrid Configuration Wizard hereĀ http://blogs.technet.com/b/exchange/archive/2015/09/04/introducing-the-microsoft-office-365-hybrid-configuration-wizard.aspx

Today I decided to try it out in my lab to prepare myself for a migration.

I was amazed how easy it went. It was almost “next, next, finish”.
Only one thing didn’t work for me – the mailflow from on-premise to Office 365.

I started to investigate. First I took a look at the que. I could see the message from the outside, to on-prem. This message was supposed to be delivered to the user in the cloud.

Hybrid Configuration Wizard

Message from outside to a user in the cloud

Here is another view of the message in the que.

Hybrid Configuration Wizard

Message stuck in the que

I took a look at the error message. My first thought was that it was a network error. “Connection timed out”.

Hybrid Configuration Wizard

Connection timed out

I decided to test network connectivity. It worked as it should.

Hybrid Configuration Wizard

telnet to Office 365 worked as it should

I then took a look at the Receive Connector in my Office 365 tennant. I saw the message to the right “How to identify email sent from your email server” and was thinking if it could be somthing with my “Send Connector”.

Hybrid Configuration Wizard

Only accept messages from on-prem with the correct certificate

I went back to the on-prem server and took a look at the Send Connector. I saw that the “Assigned to services” was only assigned to IIS.

Hybrid Configuration Wizard

Only service assigned to the 3rd party certificate is IIS, – not SMTP

I then assigned the certificate to the SMTP service.

Hybrid Configuration Wizard

Assign certificate to SMTP service

Now I did a retry on the que and took a look again, and the mail was delivered to Office 365.

Hybrid Configuration Wizard

Retry que and the mails was sent succesfully

I don’t know it the Hybrid Configuration Wizard – HCW – was supposed to assign the certificate to this service or not, but remember to check.


2 thoughts on “Hybrid Configuration Wizard mailflow problem

  1. Boney Francis

    HCW doesn’t build or choose a certificate by itself, assigning a certificate is one of the manual steps we perform during the “next, next, finish”. If this certificate we assign for the HCW-created-Send-connector to use doesn’t have SMTP service assigned, it wouldn’t be able to negotiate a TLS communication with O365’s HCW-created-Inbound-connector, and thus mail flow fails. This Inbound Connector is forced to accept only TLS encrypted mails on port 587, which is why it didn’t accept connection on port 25 either(‘Last Error’, Get-Queue).
    Hope this helps clarify, but indeed a nice article to anyone who faces this error.

    1. SteenPedersen

      This checkmark should be set by the HCW, I guess it would be easily done. Yes I choose the certificate in the HCW, but it doesn’t warn me that it is not assigned for SMTP and it doesn’t do it for me.


Leave a Reply

Your email address will not be published. Required fields are marked *