TROUBLESHOOTING MAILFLOW IN OFFICE 365

In my last project, I used Microsoft Remote Connectivity Analyzer to test

issues concerning

Office 365 Exchange Domain Name Server (DNS) Connectivity test

Inbound SMTP Email test

Outbound SMTP Email test

I utilized Support and Recovery Assistant whenever I have issues with

Outlook or Office 365 for users.
In my organization, there was issues that occurred when the senders mailbox
could not communicate with on premise Exchange server and the recipients mailbox is
hosted in Office 365, I used Mail Flow Guided Walkthrough to fix those problems.

Mail flow issues can also happen when your MX record is not setup correctly.

Tell me about yourself?

OFFICE 365 IMPLEMENTATION

EXCHANGE 2013 HYBRID WITH OFFICE 365

I came into IT industry as an ATM support tech, as a result of my performance I was moved to
Lync team then it was (communicator) before emerging as Exchange administrator over 10
years ago in a commercial bank. Before completing my MBA in Japan, I acquired extensive
knowledge implementing Office 365 hybrid environment and Active Directory Administration.
Inspiring team accomplishment, delivering quality and on-time project are areas in which I excel
TELL ME ABOUT YOUR PREVIOUS POSITION?
In my last project, I lead my team to implement Office 365 hybrid environment that had 1200
users out of which 700 were migrated to the cloud. My team had 2 Senior Engineers and 2
admins, 20 databases, 3 sites, 2 Domain Controllers, 2 Hub and CAS Servers, 2 Edge Transport
Servers, 2 Mailbox Servers. Size of Data migrated was 16TB at a throughput of 1GB/HR

Some of the steps taken to accomplish this tasks was to

Configure ADFS based identity federation in order to provide users with a single sign-on (SSO) experience
when accessing services part of the Office 365 offering.

Configure directory synchronization (DirSync) so that on-premise users, groups and contacts are
synchronized to Office 365. By doing so there will only be one source of authority (the on-premise Active Directory
forest), which means that users migrated to Office 365 can be managed from the on-premise environment. Changes
made to a user in the on-premise environment will be reflected in Office 365.

Deploy Exchange 2013 Hybrid deployment servers into the existing on-premise Exchange organization so
that rich coexistence can be set up between the on-premise Exchange organization and Exchange Online. A hybrid
deployment provides functionality such as free/busy & calendar sharing, MailTips integration (between Exchange
Online & Exchange on-premise), Exchange Online-based online archiving support, option to offboard mailboxes from

Exchange Online (move mailbox back to Exchange on-premises) as well as the option to manage Exchange Online
users using the on-prem Exchange Management Console.

ISSUES FACED

On-premises Exchange servers

Problems; 0n-premises servers were not allowing access from internet. Microsoft Exchange
Online Protection (EOP) services included in Office 365 couldnt reach the on-premises
environment.

Tasks; before troubleshooting, I checked if there was any misconfiguration in our on-premises
servers, and I realized that there was a problem with the way the firewall was configured onpremises.

Action; correctly published the on-premises Exchange servers to the internet to ensure that features are
working correctly in our hybrid deployment. Configured my on-premises firewall and security appliances to
allow inbound access from the internet to the Autodiscover and Exchange Web Services (EWS) endpoints
on the on-premises Exchange Servers

ADFS
Active Directory Federation Services (ADFS) is a software component developed by
Microsoft that can be installed on Windows Server operating systems to provide users
with single sign-on access to systems and applications located across organizational
boundaries. It uses a claims-based access control authorization model to maintain
application security and implement federated identity.
HOW IT WORKS Basically, in ADFS, identity federation is established between two
organizations by establishing trust between two security realms. A federation server on
one side (the Accounts side) authenticates the user through the standard means in
Active Directory Domain Services and then issues a token containing a series of claims
about the user, including its identity. On the other side, the Resources side, another
federation server validates the token and issues another token for the local servers to
accept the claimed identity. This allows a system to provide controlled access to its
resources or services to a user that belongs to another security realm without requiring
the user to authenticate directly to the system and without the two systems sharing a
database of user identities or passwords.
WINDOWS SERVER 2007/2010
EXCHANGE ONLINE ATP

Microsoft Exchange Online Advanced Threat Protection (ATP) is a cloud-based email filtering
service that helps protect your organization against unknown malware and viruses by
providing robust zero-day protection, and includes features to safeguard your organization
from harmful links in real-time. ATP has rich reporting and URL trace capabilities that give
admins insight into the kind of attacks happening in your organization.
The following are the primary ways you can use ATP for messaging protection:

In an Exchange Online Protection filtering-only scenario ATP provides cloudbased email protection for your on-premises Exchange Server 2013 environment,
legacy Exchange Server versions, or any other on-premises SMTP email solution.

As a part of Microsoft Exchange Online ATP can be enabled to protect Exchange

Online cloud-hosted mailboxes. To learn more about Exchange Online, see
the Exchange Online Service Description.

In a hybrid deployment ATP can be configured to protect your messaging

environment and control mail routing when you have a mix of on-premises and cloud
mailboxes with Exchange Online Protection for inbound email filtering.

PREVIOUS EXPERIENCE DOING EXCHANGE OFFICE 365

CONFIGURING EXCHANGE 2010 AND 2013 HYBRID
MAILFLOW TROUBLESHOOITNG
HOW DOES AUTODISCOVER WORKS IN HYBRID?

- AutoDiscover process with Hybrid Scenario

The term Hybrid configuration or Hybrid environment, describe a scenario in which two
separated Exchange organizations that belong to different Active Directory forests are
working as a one unit The term Hybrid configuration was created, for describing this
type of relationship between the Exchange On-Premise infrastructure and the cloud
(Exchange Online) infrastructure.
The Autodiscover flow in an Exchange Hybrid based environment, can be considered
the most complex flow because the Autodiscover journey is implemented in two
different environments.
Regarding users whom their mailbox was migrated to the cloud (Exchange Online), the
Autodiscover journey will start by the Autodiscover client by addressing the Exchange
on-Premises infrastructure.
The Autodiscover flow is based on a scenario in which the Exchange on-Premises user
mailbox was migrated to the cloud (Exchange Online).
The user which try to create a new Outlook mail profile be address by default the
Exchange on-Premises infrastructure and because the user mailbox is a cloud mailbox,
the Exchange on-Premises server will send the recipient information about his cloud Email address.
The Outlook client will start the Autodiscover process by using the cloud E-mail
address.
In the Exchange Hybrid environment, we can point to the type of Autodiscover clients:
1. Exchange mail client

The Autodiscover process that is implemented by the Exchange client that needs access
to their mailbox.
The Autodiscover client could be any type of mail client such as- Outlook, mobile device
(ActiveSync client) and so on.
2. Server to server
The other type of Autodiscover client could be another Exchange server.
In the Hybrid environment, the Exchange On-Premise infrastructure and the Exchange
Online infrastructure operates as one logic entity.
When relating to the subject of Exchange web service, the information is shared
between the two different Exchange infrastructures (Exchange on-Premises and
Exchange Online (by Relies on the Autodiscover infrastructure.
When Exchange Online infrastructure needs to get information about a specific
Exchange on-Premises recipient, Exchange Online will locate the Exchange onPremises server by using the Autodiscover process.
For example, when a cloud user (user who has an Exchange Online mailbox) need to
see Free/Busy time of Exchange On-Premise user (user that his mailbox is hosted on
the Exchange On-Premise server), the request for the information will be sent from the
Exchange Online server to the Exchange On-Premise server.

The Exchange Online find or allocate the Exchange On-Premise

server by using the Autodiscover services.
The term Autodiscover client, describe the element that needs to
retrieve the Autodiscover information from the Autodiscover Endpoint
(Exchange server).
For example, when a cloud user need to see Free/Busy time of
Exchange On-Premise user , the request for the information will be sent
from the Exchange Online server to the Exchange On-Premise server.

TELL ME ABOUT ADFS SERVER?

HOW DID YOU IMPLEMENT ADFS SERVER? WHAT STEPS DID YOU
TAKE?1, deploy windows server 2008 r2 0r 2012, 2, add the role for ADFS
services, 3 configure ADFS role on the server, 4, to configure you need to

decide what cloud account or tenant namespace you are pointing to for office
365 for traffic, 5 you need to implement a certificate on the ADFS server and
that certificate should to have a local certificate which is server to server
authentication or the OWA certificate as well as the third party certificate you
are using , 6 I tested for my traffic and also implemented the same process
for my ADFS proxy services
WHAT IS DIRSYNC? HOW DOES IT WORK? (YOU USE WIZARD TO
SYNC)

Setting up Active Directory synchronization consists of seven steps:

1.Prepare for Active Directory synchronization

2.Verify domains

3.Activate Active Directory synchronization

4.Install and run IdFix DirSync Error Remediation tool

5.Install and configure the Directory Synchronization tool

6.Verify Directory Synchronization

7.Activate synchronized users

What is Idfix tool?

The IdFix tool is a tool that will find issues in your local Active Directory that
might cause issues with replication or with linked identities after you start
Active Directory replication. The tool will find issues and show them on
screen. When needed you can store the results in a CSV or TXT file.

WHAT ARE THE ATTRIBUTES YOU NEED TO SYNC AND NOT TO SYNC?

-DirSync (What to Snyc and What not to Sync)

What to sync;
Default Users OU
Users of the Organization
Users Credentials

2. What not to Sync;

Security OU
Microsoft Exchange Security Groups
Managed Service Accounts
Foreign Security Principals
Domain Controllers
Computers
Built-in

WHAT IS ONE DRIVE AND HOW DOES IT WORK?

OneDrive is Microsoft's service for hosting files in the "cloud", that's available for free to
all the owners of a Microsoft account. OneDrive offers users a simple way to store, sync
and share all kinds of files, with other people and devices on the Web. Xbox One,
Windows 8.1, Windows 10 and Windows Phone use OneDrive also for synchronizing
your system settings, visual customizations, themes, app settings and even Internet
Explorer or Microsoft Edge tabs, history and saved passwords.
OneDrive offers 5GB of storage space for free. Older users of the service were able
to claim 15 or even 25GB of free space. There are a few ways in which you can add
more free space to your OneDrive. For instance, if you refer this service to a couple of
your friends, you can earn up to 10GB of free OneDrive storage.
WHAT IS RAOMING PROFILE?
A roaming user profile is a concept in the Windows NT family of operating systems that
allows users with a computer joined to a Windows Server domain to log on to any computer
on the same network and access their documents and have a consistent desktop
experience, such as applications remembering toolbar positions and preferences, or the
desktop appearance staying the same.
In highly managed environments (corporations), system administrators can set
up user profiles on a centralized server, so that users log onto any machine and
have available their files and settings. This is accomplished by copying the user
profile from the server when the user logs on and copying it back to the server
when the user logs off. (Of course, there is also caching involved to save time if
the user logs back onto the same machine.)
WHAT CAN OF ISSUE ROAMING PROFILE CAN CAUSE?
One consequence of roaming user profiles is that your program can effectively
see itself changing versions constantly. If Computer A has version 1.0 of your
program and Computer B has version 2.0, then as the profile roams between the
two computers, both versions 1.0 and 2.0 will be operating on the user profile in
turn.

(1) Consumes memory for that profile even though the user is no longer logged
on, and (2) prevents the user's local registry changes from being copied back to
the server.
HOW DO YOU DESIGN WINDOWS 7&10
LEADERSHIP SKILLS?
I do not conform to a specific management style. I try to adjust my style of management to
each situation, since part of my job is to assess both the best way to complete the project
efficiently and the style of leadership that works best with current staff dynamics.
What is your proudest moment in your past?

At my last position, I oversaw the implementation of a new software system that enabled
Bulk migration of running VMs to pave way for site renovation. I developed a customized
training program, worked one-on-one with about one-quarter of the employees and
introduced an incentive program to ensure that they stay current with the software. This
allowed me to practice planning a large-scale project and motivating a sizable group of
employees.

WHAT IS THE PURPOSE OF SINGLE SIGN ON?

Enables users to access both the on-premises and cloud-based organizations

with a single user name and password
Provides users with a familiar sign-on experience
Allows administrators to easily control account policies for cloud-based
services by using on-premises Active Directory management tools