Hybrid environment problem Ex2019 - Exchange Online 365

Benyamin Marcos Carranza 45 Reputation points
2024-02-21T14:36:22.02+00:00

Good morning dear colleagues, I have a problem sending mail from Ex2019 to Exchange Online, it remains queued on my server and does not go to the output connector that was created in the wizard, the related error in the queues is the following

   454 4.7.5 Certificate validation failure, reason:untrustedroot};{MSG=};{FQDN=*-mail-onmicrosoft-com.mail.protection.outlook.com.

  I already verified the certificate and it is active and working, it is the same one that my connection has in my 365 administration.

  In the information of the message in the queue I see that it is using the output connector but for some reason it cannot make the sending channel from Ex2019 to O365 and thus send it abroad; I have internal communication on both routes, input and output, that means that the connector works, but the external output of my Ex2019 remains stuck.

  Thank you very much in advance for the help.

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,473 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
2,061 questions
0 comments No comments
{count} votes

Accepted answer
  1. Yuki Sun-MSFT 41,041 Reputation points Microsoft Vendor
    2024-02-27T08:42:39.44+00:00

    Hi @Benyamin Marcos Carranza ,

    From the output of Get-SendConnector, do you mean "Outbound to Office365 xxxx" is the only one send connector on Exchange 2019? Did you manually edit the configuration of this connector after running HCW by adding all domains asterisks into the address spaces section?

    If so, please try temporarily disabling this send connector, create a dedicated Internet send connector on Exchange server 2019 for all domains asterisks by following this article, then rerun HCW and check if the mail flow from Exchange 2019 to Office 365 or external recipients can work.

    By the way, are you intended to send all outbound mails via Office 365? If so, you can then read through the steps in the blog below to create another send connector for it:
    Configure outbound mail via Office 365
    (Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Yuki Sun-MSFT 41,041 Reputation points Microsoft Vendor
    2024-02-22T02:52:24.2666667+00:00

    Hi @Benyamin Marcos Carranza ,

    454 4.7.5 Certificate validation failure, reason:untrustedroot};{MSG=};{FQDN=*-mail-onmicrosoft-com.mail.protection.outlook.com.

    According to this error message, it could be related to the root certificates on the affected on-prem server. Please try to download the certificate chains via the link below and then install them on the Exchange 2019 server.
    https://learn.microsoft.com/en-us/purview/encryption-office-365-certificate-chains

    After that, restart the "Microsoft Exchange Transport" and the “Microsoft Exchange Frontend Transport” service, wait for a few minutes and check if it can fix the issue.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Benyamin Marcos Carranza 45 Reputation points
    2024-02-26T20:28:24.8466667+00:00

    this is when i send to from Local, to 365send to 365

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.