Академический Документы
Профессиональный Документы
Культура Документы
Troubleshooting Hybrid
Mailflow
Vincent Yim
Premier Field Engineer
Microsoft Services
Agenda
Refresher/Overview of Hybrid Routing
Mailflow Options
EOP in Hybrid
Review tools to assist in mail flow
troubleshooting
Issues
Other fun stuf
Questions
Refresher/Overview of Hybrid
2
Distinct Exchange organizations
Routing
HCW creates connectors in each Exchange
org. # of connectors vary based on
Exchange version
Secure Mail
Refresher/Overview of Hybrid
All
messages that are sent between on-premises
Routing
Refresher/Overview of Hybrid
E-mail
domain sharing
Routing
Both orgs will accept contoso.com authoritative
Refresher/Overview of Hybrid
Coexistence
Routing Domain
Based of of the Microsoft Online Default Routing Domain
The coexistence domain is a domain created for each Office 365 tenant
in the format of
<your tenant>.mail.onmicrosoft.com domain
For example, if your Default Routing domain is tenant.onmicrosoft.com
then your coexistence domain would be tenant.mail.onmicrosoft.com
Created when you activate DirSync in your Office 365 tenant
AutoDiscover and MX records created automatically for this domain
Provides the backbone of all coexistence features
Added as an on-premises email address policy when the HCW is run
Mailboxes moved to Exchange Online will have the coexistence domain
stamped on their user object as a target address
Demo
DirsyncStates Pre/Post Migration
Third Party
Email
Security
System
External User
Internet
Mailflow
Options
MX resolves
MX is
Outbound
toYou
on-canto
switched
Exchange
premises
Exchange
choose to
Online
traffic
gateway
Online
route
isProtection
delivered
outbound
ondirect
premises
mail via EOP
Secure Mail
Encrypted & Authenticated Mail Flow
David
Exchange
On-premises
Mailbox
On-Premises
Organization
Exchange Online
Protection
Chris
Cloud
Mailbox
10
Exchange Online
Centralized mail control: This option routes outbound messages sent from the
Exchange Online users through on-premises
This enables you to apply compliance rules to these messages that must be applied
to all of your recipients, regardless of whether they're located in Exchange Online or
on-premises
Decentralized mail control: This option routes outbound messages sent from Exchange
Third Party
Email
Security
System
External User
Internet
Mailflow
Options
Secure Mail
Encrypted & Authenticated Mail Flow
David
Exchange
On-premises
Mailbox
On-Premises
Organization
MXAllresolves
email in
MX is
toout
onand
of the
switched
premises
Exchange to
Exchange
gateway
Online
tenant
mustOnline
go via
Protection
on-premises
Exchange Online
Protection
Chris
Cloud
Mailbox
Exchange Online
12
EOP
When you create
inbound/outbound
connectors in Exchange
Online Admin Center,
these are sitting at the
edge (EOP)
SPAM Filtering
Bypassed
Message Trace
Loops
NDRs
Messages dropped due to virus
Export to CSV
Telnet
(your Exchange server might be using IP that's been blacklisted by SPAMHAUS or one of
other RBL services in use by EOP)
Demo
Mail Protection Reports for Exchange
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
Issues
Running a Hybrid server from home?
ISPs using dynamic IP ranges will connect, but sessions will then be dropped by EOP.
SMTP fixup/mailguard
220 ****************************************************************************
***********************************
The above is a tell-tale sign that mailguard is enabled on a firewall appliance (most likely
Cisco PIX), and it prevents either side from seeing the STARTTLS verb.
Cannot perform secure mail flow without StartTLS verb
Issues
Changing datacenter IP ranges?
Issues
With Exchange 2010 HCW, you may need to
adjust the EHLO response guessed by HCW
Issues
Missing header?
X-MS-Exhange-Organization-AuthAs =
Internal or Anonymous
If anonymous, your message took another path
2014 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.