This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 20%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
I relay email through Exchange Online Protection from on-premises Internet Information Services (IIS) SMTP server. I have an inbound connector that's set to on-premises and has certificate validation enabled. In this scenario, mail isn't relayed through Exchange Online Protection. Additionally, i receive the following error message: 550 5.7.64 TenantAttribution; Relay Access Denied SMTP.
Public certificate is available and i have verified the Root CA , SAN entries as well CN but still This problem occurs in one of the 2 servers, The primary server is up and running with the same Public SSL certificate, the Secondary on-premises server is not sending the required certificate chain during the Transport Layer Security (TLS) handshake to Exchange Online. Hence the external flow is impacted.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @Anas, Mohd ,
Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back. Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.
You are not supposed to use the SMTP server feature of Windows Server, as it has been deprecated for more than a decade, https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831568(v=ws.11) Since Microsoft does not provide a replacement, you might consider a third party SMTP server.
@Lex Li Agreed but still trying to figure out the root cause because primary server is up but secondary is failing to the TLS handshake with EXO.
Hi @Anas, Mohd ,
From the description, agreed that it's likely to be an issue because the affected server is not sending the required certificate chain during the Transport Layer Security (TLS) handshake to Exchange Online.
Please try following the instructions in the following document and see if it can help fix the issue:
"550 5.7.64 TenantAttribution" when sending emails through Exchange Online Protection
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Yuki Sun-MSFT I already followed this article, but nothing seems to be working for my secondary server, even though the same public certificate is working on my Primary Server without any issue.
Hi @Anas, Mohd ,
I have an inbound connector that's set to on-premises and has certificate validation enabled
Have you tried adding the IP of the secondary sever to the existing inbound connector and check how it goes?
Reference: "550 5.7.64 TenantAttribution" when sending mail externally in Microsoft 365.