Saturday, August 17, 2013

Exchange 2007 (SP3) - migration (staged) - Exchange Online (Office 365) - Part 6.1 - mail flow problems


Post-migration mail flow troubleshooting


After initiating directory synchronization in parts 4.1 and 4.2, migrating mailboxes in part 5, and licensing users in part 6, I tested mail flow between various endpoints.
 
These were the results.
 
Positive:
  • Users not yet migrated could send email to each other (no surprises here).
  • Migrated users (Office 365 users) could send email to each other.
  • Migrated users could send email to external recipients (Gmail, Outlook.com, others).
 
Negative:
 
  1. Migrated users (Office 365 users) could not send email to users not yet migrated (whose mailbox was still onsite).
  2. Users not yet migrated could not send email to migrated Office 365 users.
  3. External senders (using Gmail, Outlook.com) could not send email to the migrated Office 365 users.
 
 
Problem 1
 
 Problem 1 was caused by the filtered synchronization for which we opted in part 4.x.
 
Only users, contacts and groups in the following containers were synchronized with Windows Azure Active Directory:






Therefore, Windows Azure Active Directory had no reference to those users and cannot resolve their email address. The error message stated:
 
 
"The email address you entered couldn't be found. Please check the recipient's email address and try to resend the message."
 
 
The solution is to either synchronize all Active Directory containers holding objects likely to send and receive email, or simply move the objects in question to one of the OUs being synchronized with Office 365 (Windows Azure AD).
 
I chose the second option. Once this was completed, all members of the organization, both migrated and non-migrated, could communicate by email.
 
 
 
Problem 2 (and 3)
 
Problems 2 and 3 are unlikely to be encountered in a production environment but possibly in a practice network. My practice network accesses the Internet via an IP address dynamically assigned by my ISP. Inbound mail flow is achieved with a product called "No-IP" that dynamically adjusts DNS records, the MX records in particular, as the DHCP assigned IP addresses change.
 
However, many spam filtering services, such as SpamHaus, block email sent from dynamically assigned IP addresses.
 
This problem was resolved, at least temporarily, by a request sent to Microsoft tech support to unblock the IP address or whitelist the domain name. At this time, it is not clear which option was selected since the IP address is still the same. If the IP address changes (as it will) and mail still flows from point to point, we could assume that the domain name was whitelisted.
 
In any event, at the time of this writing, mail flow is successful in all directions and between all recipients.

No comments:

Post a Comment