Exchange Online Troubleshooting Tips

Contents
Exchange Online Troubleshooting

Active Sync
Issues for mobile devices
Add Users
Proxy address is already being used
Antispam
Cautions against bypassing spam filters
User Impersonation messages are classified as phishing
Archive mailboxes
Messages aren't moved to archive mailboxes
Configure Contacts
Update contact information
Configure Mailboxes
Can't remove mailbox permissions
Enable or disable POP3, IMAP, MAPI, OWA or ActiveSync
Set automatic replies
Connecting to the Service
Access is denied with Windows PowerShell
Can't connect to Exchange Online
WinRM client cannot process the request
Connectors
550 5.7.64 TenantAttribution
Important notice for Office 365
Delegates
Error viewing delegates in Outlook
Delete Calendar Items
Can't remove calendar items or emails
Message store has reached its maximum size
Distribution Groups
Prevent users from creating and managing DG
You don't have sufficient permissions
Email Alias
Remove an alias from a contact
Remove an alias from a distribution list
Remove an alias from a group
Remove an alias from a mail-enabled security group
Remove an alias from a shared mailbox
Remove an email alias
Mailbox Migration
Issue with Add-RecipientPermission
Migrate data with Admin Center
No smtp proxy matching
Mail Delivery
554 5.2.0 STOREDRV.Deliver.Exception
Find and fix email delivery issues
IMCEAEX non-delivery report
Non-delivery report error codes
Meetings
No conference rooms with Room Finders
Modern Authentication
Transition from D/ITAR to vNext
Move Mailboxes
Can't see free/busy information
Outlook Connectivity
Resources to fix connection issues
Sending and receiving email
Outlook Profiles
Can't set up profile with Autodiscover
Outlook Crashes
Issues with crash or stop responding
OWA Attachments
Can't open or view attachments
OWA Time Zones
Incorrect time zone in OWA
Incorrect time zone in read receipt
Send Emails
Changes in message store
Shared Mailboxes
Sent items aren't saved
Exchange Online Troubleshooting
9/17/2019 • 2 minutes to read • Edit Online
Welcome to Exchange Online! Here's a collection of information on how to identify and fix errors that you may run
into when you use this product.
How to collect ActiveSync device logs to troubleshoot
sync issues between mobile devices and Exchange
Online
Introduction
This article describes how to collect Exchange ActiveSync device logs to troubleshoot sync issues between mobile
devices and Exchange Online in Microsoft Office 365. If you can't sync your mobile device to your mailbox, you
may be asked by Office 365 Support to collect logs for troubleshooting.
Procedure
To capture ActiveSync device log information, use one of the following methods.
Method 1: Use Outlook on the web
1. Sign in to the Office 365 portal ( https://portal.office.com/).
2. Click Mail to open Outlook on the web (formerly known as Outlook Web App). In the upper-right area of
the page, click Settings, and then click Options.
3. In the navigation pane on the left, expand General, and then click Mobile Devices.
4. In the list of devices, select the device that you want to track, and then click Start Logging.
5. In the Information dialog box, click Yes.
6. Reproduce the behavior that you want to capture, and then click Retrieve Log.
An email message that contains the log file (EASMailboxLog.txt) as an attachment is sent to your mailbox.
Method 2: Use Exchange Online PowerShell
1. Connect to Exchange Online by using remote PowerShell. For more information, see Connect to Exchange
Online using remote PowerShell.
2. Run the following command to enable ActiveSync logging for a specific user:
Set-CASMailbox alias -ActiveSyncDebugLogging:$true
3. Reproduce the behavior that you want to capture.

4. Run the following command to retrieve the log:
Get-MobileDeviceStatistics -Mailbox alias -GetMailboxLog:$true -NotificationEmailAddresses

"admin@contoso.com"
NOTE
This command retrieves the statistics for the mobile device that's set up to synchronize with the mailbox of the user
who you specified. In this example, it also sends the log file to admin@contoso.com.
More information
Still need help? Go to Microsoft Community.
"Proxy address is already being used" error message
in Exchange Online
Problem
When you try to create a new user in Exchange Online or when you try to assign an Exchange Online license to an
Office 365 user, you receive the following message:
We are preparing the mailbox for this user.
However, the mailbox creation process doesn't complete successfully. If you try to access the properties of this user,
you receive an error message that resembles the following:
The proxy address "SMTP:<user>@contoso.com" is already being used by "
<domain>.prod.outlook.com/Microsoft Exchange Hosted
Organizations/contoso.onmicrosoft.com/<forest>". Please choose another proxy address.
Cause
An object that has the same proxy address already exists in Exchange Online.
Solution
Check for objects have the same proxy address, and then remove or change the proxy address of the object that's
in conflict. To determine which objects share the proxy address of a specified user, follow these steps:
1. Connect to Exchange Online by using a remote Windows PowerShell session. For more information about how
to do this, see Connect to Exchange Online using remote PowerShell.
2. Run the following command:Run Get-Recipient | where {$_.EmailAddresses -match
"user@contoso.onmicrosoft.com"} | fL Name, RecipientType,emailaddresses This command lists all mail
recipients that have a type that matches the proxy address of a specified user. The duplicate proxy address may
be associated with any of the following:
Site mailbox
Mail contact
Mail user
Mail-enabled distribution group
Group mailbox
Mail-enabled public folder
Only one proxy address at a time can be assigned to an object. After you determine which object is in conflict, you
can remove or change the proxy address that's associated with that object.
More information
For more information about primary addresses and proxy addresses, see Add or remove email addresses for a
mailbox.
Cautions against bypassing Office 365 spam filters
Summary
This article discusses why you should not bypass spam filters in Microsoft Office 365. This article applies to both
users and administrators who do the following:
Enable Allow or Block lists in Spam Filter policies.
Skip scanning in Transport Rules.
Enable Safe and Blocked senders in Outlook or Outlook on the Web.
If you use these lists or options, consider the following guidelines:
We recommend that you do not use these features because they may override the verdict that is set by Office
365 spam filters. Instead, we suggest that you report junk email messages to Microsoft for analysis to help
reduce the number and effect of future junk email messages.
If you have to set bypassing, you should do this carefully because Microsoft will honor your configuration
request and potentially let harmful messages pass through. Additionally, bypassing should be done only on a
temporary basis. This is because spam filters can evolve, and verdicts could improve over time.
It is very important that you take the following precautions:
Never put domains that you own onto the Allow and Block lists.
Never put common domains, such as microsoft.com and office.com, onto the Allow and Block lists.
Do not keep domains on the lists permanently unless you disagree with the verdict of Microsoft.
For more information, see the various methods available to create safe sender and block sender lists and when to
use them.
User Impersonation messages are classified as
phishing but not as user impersonation
Symptoms
You set up an Office 365 Advanced Threat Protection (ATP ) anti-phishing policy to help protect your organization
from malicious impersonation-based phishing attacks and other phishing attacks. However, the policy does not act
as expected on impersonation messages.
Cause
When a message is processed, it may have more than one malicious indicator. When this occurs, the action taken
on the message is based on the order in which policies are applied. For more information about the ordering of
policies, see What policy applies when multiple protection methods and detection scans run on your email.
Workaround
To work around this problem, change the actions of your anti-spam and anti-phishing policies to Quarantine
message. To do this, follow these steps:
1. In Security and Compliance Center (SCC ), navigate to Threat Management > Policies > Anti-spam
2. Under Default spam filter policy, select Edit policy
3. Under Spam and bulk actions, select Quarantine message for Spam, High confidence spam, and
Phishing email
Messages aren't moved to archive mailboxes after
you create a retention policy in Exchange Online
Problem
In Microsoft Exchange Online for Microsoft Office 365, you use the New -RetentionPolicy Windows PowerShell
cmdlet to create a retention policy that moves email messages from a user's' mailbox to the user's archive mailbox.
For example, you create a retention policy by using the following series of PowerShell cmdlets.
New-RetentionPolicyTag "ArchiveTag" –Type All –RetentionEnabled $true –AgeLimitForRetention 90 –RetentionAction

MoveToArchive
New-RetentionPolicy "CorpPolicy" –RetentionPolicyTagLinks "ArchiveTag"
Set-Mailbox <mailbox> -RetentionPolicy "CorpPolicy"
Start-ManagedFolderAssistant –Identity <mailbox>
However after you create the retention policy, the policy doesn't automatically run. That is, messages that have
reached the age limit that's set in the policy aren't automatically moved to the user's archive mailbox.
Cause
This issue occurs if the size of the mailbox in Exchange Online is less than 10 megabytes (MB ). The retention policy
runs automatically one time every seven days for mailboxes that are larger than 10 MB. However, the retention
policy doesn't automatically run for mailboxes that are smaller than 10 MB.
Workaround
For mailboxes that are smaller than 10 MB, manually run the Start-ManagedFolderAssistant –Identity <mailbox>
cmdlet every time that you want to move messages to the archive.
More information
For more information about how to set up and manage retention policies in Exchange Online, see Set Up and
Manage Retention Policies in Exchange Online with Windows PowerShell.
How to update contact information in Exchange
Online in Office 365
Introduction
This article describes how administrators and users can update personal contact information by using the
Exchange admin center in Microsoft Office 365. It also discusses how administrators can limit the kind of contact
information that users can update.
More information
Administrators and users can update the following personal contact information by using the Exchange admin
center:
Photo
General:
First name
Initial
Last name
Display name
Contact location:
Street
City
State/Province
ZIP/ Postal code
Country/Region
Office
Contact numbers:
Work phone
Fax
Home phone
Mobile number
NOTE
Only managed users can update their personal contact information. Users who are in organizations that use directory
synchronization can't update their contact information by using the Exchange admin center. For organizations that use
directory synchronization, use on-premises tools to update contact information.
How to update contact information

1. Sign in to Outlook Web App.
2. Click **Settings **, and then click Options.
3. In the left navigation pane, click Account, and then click Edit Information.
4. Make the changes that you want, and then click Save.
NOTE
The offline address book (OAB) will not be updated for at least 24 hours.
How administrators can update users' contact information

1. Sign in to the Office 365 portal ( https://portal.office.com) as an administrator.
2. Click Admin, and then click Exchange.
3. In the left navigation pane, click Recipients, and then click Mailboxes.
4. Double-click the user whose contact information you want to change.
5. In the **User Mailbox **window, click Contact Information.
6. Make the changes that you want, and then click Save.
How administrators can limit users' ability to update their own contact information
This procedure must be applied to all user role policies in an organization.
3. In the left navigation pane, click permissions, and then click user roles.
4. Select the role that's assigned to the user. By default, the Default Role Assignment Policy is assigned to all
users.
5. Click Edit ( ).
6. In the **Role Assignment Policy **window, under Contact Policy, make sure that the
**MyContactInformation **and the **MyProfileInformation **check boxes are cleared.
NOTE
You can also control the level of access for the user by clicking to select the two check boxes and then clicking to clear
specific options that are listed under the two check boxes.
7. Click Save.
Can't remove mailbox permissions in Office 365
dedicated/ITAR
Symptoms
In Microsoft Office 365 dedicated/ITAR, you try to remove mailbox permissions from a mailbox by using the
Remove-ADPermission or Remove-MailboxPermission cmdlet in Remote PowerShell. When you do this, you
receive an error message that states that the access control entry cannot be removed.
For example, you try to use the following cmdlet to remove mailbox permissions:
Remove-MailboxPermission -Identity MailboxAccount -User UserAccount -AccessRights FullAccess -Confirm:$false
When you run the cmdlet, you recieve the following error message:
WARNING
Can't remove the access control entry on the object "User" for the user account because the ACE doesn't exist
on the object.
Cause
This behavior is by design for Office 365 dedicated/ITAR customers in the legacy environment and for customers
who run Microsoft Exchange Server 2016 in an Exchange resource forest design.
Workaround
To work around this behavior, use the new BypassMasterAccountSid parameter when you remove permissions
by using the Remove-ADPermission or Remove-MailboxPermission cmdlet.
For example, run the following cmdlet:
Remove-MailboxPermission -Identity MailboxAccount -User UserAccount -AccessRights FullAccess -Confirm:$false –

BypassMasterAccountSid
Enable or disable POP3, IMAP, MAPI, Outlook Web
App or Exchange ActiveSync in Office 365
Summary
This article identifies the commands to use to enable or disable the following items for a mailbox in Exchange
Online in Office 365:
Post Office Protocol (POP )
Internet Message Access Protocol (IMAP )
Messaging Application Programming Interface (MAPI)
Outlook Web App
Microsoft Exchange ActiveSync
More information
NOTE
Before you run any of the commands in the following steps, you have to first connect to Exchange Online by using remote
PowerShell. For more info about how to do this, see Connect to Exchange Online Using Remote PowerShell.
Enable or disable POP3 for an Exchange Online mailbox

To enable POP3 for a specific user, run the following cmdlet:
Set-CASMailbox <Alias,Primary SMTP, or UPN> -PopEnabled $True
To disable POP3 for a specific user, run the following cmdlet:
Set-CASMailbox <Alias, Primary SMTP, or UPN> -PopEnabled $False
Enable or disable IMAP for an Exchange Online mailbox

To enable IMAP for a specific user, run the following cmdlet:
Set-CASMailbox <Alias, Primary SMTP, or UPN> -ImapEnabled $True
To disable IMAP for a specific user, run the following cmdlet:
Set-CASMailbox <Alias, Primary SMTP, or UPN> -ImapEnabled $False
Enable or disable MAPI for an Exchange Online mailbox

To enable MAPI for a specific user, run the following cmdlet:
Set-CASMailbox <Alias, Primary SMTP, or UPN> -MAPIEnabled $True

To disable MAPI for a specific user, run the following cmdlet:
Set-CASMailbox <Alias, Primary SMTP, or UPN> -MAPIEnabled $False
Enable or disable Outlook Web App for an Exchange Online mailbox

To enable Outlook Web App for a specific user, run the following cmdlet:
Set-CASMailbox <Alias, Primary SMTP, or UPN> -OWAEnabled $True
To disable Outlook Web App for a specific user, run the following cmdlet:
Set-CASMailbox <Alias, Primary SMTP, or UPN> -OWAEnabled $False
Enable or disable Exchange ActiveSync for an Exchange Online mailbox

To enable Exchange ActiveSync for a specific user, run the following cmdlet:
Set-CASMailbox <Alias, Primary SMTP, or UPN> -ActiveSyncEnabled $True
To disable Exchange ActiveSync for a specific user, run the following cmdlet:
Set-CASMailbox <Alias, Primary SMTP, or UPN> -ActiveSyncEnabled $False
Enable or disable Exchange Web Services (EWS ) for an Exchange Online mailbox
To enable EWS for an Exchange Online mailbox, run the following cmdlet:
Set-CASMailbox <Alias, Primary SMTP, or UPN> -EWSEnabled $True
To disable EWS for an Exchange Online mailbox, run the following cmdlet:
Set-CASMailbox <Alias, Primary SMTP, or UPN> -EWSEnabled $False

How to set automatic replies on a user's mailbox in
Office 365
Introduction
This article describes three methods that administrators can use to set automatic "out of office" replies on a user's
mailbox in Microsoft Office 365.
More Information
Method 1
1. Sign in to the Office 365 portal.
2. Locate Users > Active users (or Groups > Shared mailboxes if you set this on a shared mailbox).
3. Select a user who has a Microsoft Exchange mailbox.
4. On the flyout menu on the right, locate Mail settings > Automatic replies (if it's a shared mailbox, just locate
Automatic replies on the flyout).
Method 2
1. Sign in to the Office 365 admin portal by using administrator credentials.
2. Expand Admin Centers, and then select Exchange.
3. Click the picture in the upper-right corner, select Another User, and then select the user mailbox that you want
to change.
4. On the left side, select Options, click Organize E -mail, and then click Automatic replies.
Method 3
Run the following cmdlet in Exchange Online PowerShell:
Set-MailboxAutoReplyConfiguration
For more information about this cmdlet, see Set-MailboxAutoReplyConfiguration.

"Access is denied" error when you connect to
Exchange Online by using remote Windows
PowerShell
Problem
When you try to connect to Microsoft Exchange Online by using remote Windows PowerShell, you receive the
following error message:
[outlook.office365.com] Connecting to remote server failed with the following error message: Access is
denied. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [].

PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionOpenedFailed
Import-PSSession : Cannot validate argument on parameter 'Session'. The argument is null.

Supply a non-null argument and try the command again.
At D:\Users\Connect.ps1:7 char:21
+ Import-PSSession < < < < $Session
+ CategoryInfo : Invalid Data: (:) [Import-PSSession], ParameterBindingValidationException
+ FullyQualifiedErrorId :
ParameterArgumentValidationError,Microsoft.PowerShell.Commands.ImportPSSessionCommand
Cause
This issue occurs for one of the following reasons:
You enter an incorrect user name or password.
You try to sign in to the service by using an account that doesn't have access to Exchange Online.
Solution
To resolve this issue, use the Exchange admin center in Office 365 to add the user as a member of the
administrator role group. To do this, follow these steps:
3. Click permissions, and then click admin roles.
4. Double-click the role group to which you want to add the user. For example, if you want the user to have full
access that includes Windows PowerShell, double-click Organization Management.
5. To add the user to the list, click Add ( ) under Members.
6. Click Save.
More information
For more information about how to connect to Exchange Online by using remote PowerShell, go to Connect to
Exchange Online using Remote PowerShell.
Office 365 users can't connect to Exchange Online
because of incorrect service settings
Problem
Office 365 users in your organization who connect to Exchange Online by using incorrect hardcoded service
settings (or IP addresses) will be unable to connect to the service after these outdated service settings are
discontinued on July 8, 2015. (The original date was June 26, 2015).
The services for which users may be using incorrect settings include the following:
Autodiscover: A feature that's used to automatically discover server names for connectivity
Exchange ActiveSync (EAS ): A protocol that's used by email client applications on mobile devices
POP3 and IMAP4: Protocols that are used by email client applications on desktop and mobile devices
SMTP: Protocol that's used for sending email messages
If users continue to use the outdated, hardcoded service settings, they will be unable to connect to the service after
July 8, 2015. Use the information that's provided in this article to make sure that these settings are set correctly for
users in your organization.
Solution
The following table lists the features, protocols, and expected server settings that must be set, and provides links to
the articles that contain instructions to configure these settings.
FEATURE AND SERVER NAME(CORRECT

PROTOCOL PORT CONFIGURATION) REFERENCES
Autodiscover (CName 443 autodiscover.outlook.c Create DNS records at

Record) om any DNS hosting
provider for Office
365
Exchange ActiveSync 443 outlook.office365.com Set up a mobile device

(EAS) to synchronize with
your account
POP3 995 outlook.office365.com Settings for POP and

IMAP access for Office
365 for business or
Microsoft Exchange
accounts
IMAP4 993 outlook.office365.com Settings for POP and

365 for business or
Microsoft Exchange
accounts
FEATURE AND SERVER NAME(CORRECT
PROTOCOL PORT CONFIGURATION) REFERENCES
SMTP 587 smtp.office365.com Settings for POP and

365 for business or
Microsoft Exchange
accounts; How to
Allow a Multi-function
Device or Application
to Send E-mail
through Office 365
Using SMTP
Windows uses a file that's named Hosts to map hostnames to IP addresses. This file is checked before DNS is used
to resolve a server name. If the Hosts file on a Windows computer has an entry for any of the server names in the
table, and if the entry is associated with a hardcoded IP address, DNS is not used to resolve that server name.
Make sure that you reset the Hosts file on all such systems that may be experiencing the issue that's documented in
this article.
For more information about how to reset the hosts file, see the following Microsoft Knowledge Base article:
972034 How can I reset the Hosts file back to the default?
More information
"WinRM client cannot process the request" error
when you connect to Exchange Online through
remote Windows PowerShell
Problem
When you try to use remote Windows PowerShell to connect to Microsoft Exchange Online in Microsoft Office
365, you receive the following error message:
[outlook.office365.com] Connecting to remote server failed with the following error message:
The "WinRM client cannot process the request because the server name cannot be resolved. For more information,
see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError:
(System.Manageme....RemoteRunspace:RemoteRunspace) [].
PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionOpenedFailed
Cause
This issue occurs if either an internal firewall or the Windows Remote Management service has not been started.
Solution
To resolve this issue, check whether the Windows Remote Management service is installed and has started. To do
this, follow these steps:
1. Do one of the following:
In Windows 8, press the Windows logo key+R to open the Run dialog box, type services.msc, and then
press Enter.
In Windows 7 or Windows Vista, click Start, type services.mscin the **Start search **field, and then press
Enter.
In Windows XP, click Start, click Run, type services.msc, and then press Enter.
2. In the Services window, double-click Windows Remote Management.
3. Set the startup type to Manual, and then click OK.
4. Right-click the service, and then click Start.
5. Let the service start.
NOTE
If the service was already started but it's not responding, you may have to click Restart.
6. Try to connect to Exchange Online again.

More information
For more information about how to connect to Exchange Online by using remote PowerShell, go to Connect to
Exchange Online using Remote PowerShell.
"550 5.7.64 TenantAttribution; Relay Access Denied
SMTP" error when users send mail externally in Office
365
Symptoms
When users send mail (that is relayed out through Microsoft Office 365) externally, they receive the following error
message:
550 5.7.64 TenantAttribution; Relay Access Denied SMTP.
Cause
This issue is due to one of the following reasons:
You use an inbound connector in Office 365 that's configured to use a certificate from on-premises to verify the
identity of the submitting server. (This is the recommended method. The alternative is by IP address). However,
the certificate on-premises no longer matches the certificate that is specified in Office 365. This may be due to a
configuration change on-premises or a new/renewed certificate that uses a different name.
The IP address that's configured in the Office 365 connector no longer matches the IP address that's being used
by the submitting server.
Resolution
To identify the submitting server and authorize relay, there must be a connector that is configured correctly in
Office 365, and the connector must match the submitting server.
Option 1: Rerun the HCW to update the inbound connector (recommended for hybrid customers)
Rerun the Hybrid Configuration Wizard (HCW ) to update the inbound connector in Exchange Online. Be aware
that any manual customization to a hybrid configuration (which is uncommon) may have to be redone after the
Wizard is finished. For information about what the values for the TLS Sender certificate were and changes that are
made, see the HCW logs. For more information, see Hybrid Configuration wizard.
1. Download and run the Hybrid Configuration Wizard from the Exchange Online admin center.
2. Make sure that the new certificate is selected on the transport certificate page.
When the Wizard has successfully completed, the value for the TLSSenderCertificate name should match the
certificate that's used by the on-premises server. Changes may take some time to take effect.
Option 2: Change the inbound connector without running HCW
Make sure that the new certificate is sent from on-premises Exchange to Exchange Online Protection (EOP ) when
users send external mail. If the new certificate isn’t sent from on-premises Exchange to EOP, there may be a
certificate configuration issue on-premises. Confirm the issue by enabling logging on the send connector that is
used for routing mail to Office 365 and checking those logs. To find the location of the send connector logs, run the
following cmdlet against the source servers that are listed in that send connector. (Here we assume that the send
connector name that's used for relaying to external domains through EOP is "outbound to Office 365.")
For Exchange 2010
(Get-SendConnector "outbound to office 365").SourceTransportServers | foreach {get-transportserver $_.name} |
Select-Object name,SendProtocolLogPath
For Exchange 2013 and later versions
Get-SendConnector "outbound to office 365").SourceTransportServers | foreach {get-transportservice $_.name} |

Select-Object name,SendProtocolLogPath
1. In the send connector log, you can check for the thumbprint of the certificate that is given to Exchange
Online. The following is a code example from send connector logs.
Date/Time,Outbound to office 365,SessionID,SequenceNumber,LocalEndpoint,RemoteEndpoint,<,220 2.0.0 SMTP

server ready, Date/Time,Outbound to office
365,SessionID,SequenceNumber,LocalEndpoint,RemoteEndpoint,*,,Sending certificate Date/Time,Outbound to
office 365,SessionID,SequenceNumber,LocalEndpoint,RemoteEndpoint,*,CN=*.contoso.com,Certificate subject
Date/Time,Outbound to office 365,SessionID,SequenceNumber,LocalEndpoint,RemoteEndpoint,*,"CN=CommonName,
OU= OrganizationalUnit, O=OrganizationName, L=Location, S=State, C=Country",Certificate issuer name
Date/Time,Outbound to office
365,SessionID,SequenceNumber,LocalEndpoint,RemoteEndpoint,*,CertificateSerialNumber,Certificate serial
number Date/Time,Outbound to office
365,SessionID,SequenceNumber,LocalEndpoint,RemoteEndpoint,*,CertificateThumbprintNumber,Certificate
thumbprint
2. At this point, you can locate the matching inbound connector in Office 365 and verify that the certificate
value matches. In this example, the **TlsSenderCertificateName **value must be set to *.contoso.com.
NOTE
To relay messages through Office 365, the domain of the sender or the domain of contoso.com must be verified in
the Office 365 tenant. Otherwise, you may see an error similar to that described in "Symptoms" but also an explicit
ATT36 error. (For information about the ATT36 error, see KB 3169958 Important notice for Office 365 email
customers who have configured connectors.)
More information
Still need help? Go to Microsoft Community or the Exchange TechNet Forums.
Important notice for Office 365 email customers who
have configured connectors
Notice
If you are an Exchange Online or Exchange Online Protection (EOP ) customer, and you have configured
connectors, this article contains important information that might affect your organization. To make sure that your
mail flow isn’t interrupted, we strongly recommend that you read this article and take any necessary action before
the July 5, 2017, deadline.
Introduction
If your organization has a hybrid deployment (on-premises plus Microsoft Office 365), you frequently have to relay
email messages to the Internet through Office 365. That is, messages that you send from your on-premises
environment (mailboxes, applications, scanners, fax machines, and so on) to Internet recipients are first routed to
Office 365, and then sent out.
Figure: Email relayed from your on-premises email servers to the Internet through Office 365
For this relay to work correctly, your organization must follow these steps:
1. Create one or more connectors in Office 365 to authenticate email messages from your on-premises mail
servers by using either the sending IP address or a certificate.
2. Configure your on-premises servers to relay through Office 365.
3. Configure your setup so that either of the following conditions is true:
Sender domain
The sender domain belongs to your organization (that is, you have registered your domain in
Office365).
Note For more information, see Add User and Domain in Office 365.
Certificate-based connector configuration
Your on-premises email server is configured to use a certificate to send email to Office 365, and the
Common-Name (CN ) or Subject Alternate Name (SAN ) in the certificate contains a domain name
that you have registered in Office 365, and you have created a certificate-based connector in Office
365 that has that domain.
If neither of the conditions in step 3 is true, Office 365 can't determine whether the message that was sent from
your on-premises environment belongs to your organization. Therefore, if you use hybrid deployments, you should
make sure that you meet either of the step 3 conditions.
Summary
Beginning July 5, 2017, Office 365 no longer supports relaying email messages if a hybrid environment customer
has not configured their environment for either of the step 3 conditions. Such messages are rejected and trigger
the following error message:
550 5.7.64 Relay Access Denied ATTR36. For more details please refer to KB 3169958.
Additionally, you must meet the second condition ("certificate-based connector configuration") in step 3 in the
"Introduction" section if your organization requires that any of the following scenarios continue to work after July
5, 2017.
NOTE
The original deadline for this new process was moved from February 1, 2017, to July 5, 2017, to provide sufficient time for
customers to implement the changes.
Scenarios in which Office 365 does not support relaying email messages by default
Your organization has to send non-delivery reports (NDRs) from the on-premises environment to a
recipient on the Internet, and it has to relay the messages through Office 365. For example, somebody sends
an email message to john@contoso.com, a user who used to exist in your organization's on-premises
environment. This causes an NDR to be sent to the original sender.
Your organization has to send messages from the email server in your on-premises environment from
domains that your organization hasn't added to Office 365. For example, your organization (contoso.com)
sends email as the fabrikam.com domain, and fabrikam.com doesn’t belong to your organization.
A forwarding rule is configured on your on-premises server, and messages are relayed through Office 365.
For example, contoso.com is your organization’s domain. A user on your organization’s on-premises server,
kate@contoso.com, enables forwarding for all messages to kate@tailspintoys.com. When
john@fabrikam.com sends a message to kate@contoso.com, the message is automatically forwarded to
kate@tailspintoys.com.
From the point of view of Office 365, the message is sent from john@fabrikam.com to
kate@tailspintoys.com. Because Kate’s mail is forwarded, neither the sender domain nor the recipient
domain belongs to your organization.
Figure: A forwarded message from contoso.com that's allowed to be relayed through Office 365 because the step
3 "certificate-basedconnector configuration" condition is met
More information
You can set up a certificate-based connector for Office 365 to relay messages to the Internet. To do this, use the
following method.
Step 1: Create or change a certificate -based connector in Office 365
To create or change a certificate-based connector, follow these steps:
1. Sign in to the Office 365 portal ( https://portal.office.com), click Admin, and then open the Exchange admin
center. For more information, see Exchange admin center in Exchange Online.
2. Click mail flow, click connectors, and then do one of the following:
If there are no connectors, click (Add) to create a connector.
If a connector already exists, select it, and then click (Edit).
3. On the Select your mail flow scenario page, select **Your organization’s email server **in the From box,
and then select Office 365 in the To box.
NOTE
This creates a connector that indicates that your on-premises server is the sending source for your messages.
4. Enter the connector name and other information, and then click Next.
5. On the New connector or Edit connector page, select the first option to use a Transport Layer Security
(TLS ) certificate to identify the sender source of your organization’s messages. The domain name in the
option should match the CN name or SAN in the certificate that you're using.
NOTE
This domain must be a domain that belongs to your organization, and you have to have added it to Office 365. For
more information, see Add Domains in Office 365.
For example, Contoso.com belongs to your organization, and it’s part of the CN name or SAN name in the
certificate that your organization uses to communicate with Office 365. If the domain in the certificate
contains multiple domains (such as mail1.contoso.com, mail2.contoso.com), we recommend that the domain
in the connector UI be *.contoso.com.
NOTE
Existing hybrid customers who used the Hybrid Configuration Wizard to configure their connectors should check their
existing connector to make sure that it uses, for example, *.contoso.com instead of mail.contoso.com or
<hostname>.contoso.com. This is because mail.contoso.com and <hostname>.contoso.com may not be
registered domains in Office 365.
Figure: Setting up the connector to use the "contoso.com" format (for example)
Step 2: Register your domain in Office 365
To register your domain, follow the steps in the following Office article:
Add users and domain to Office 365
In the Microsoft 365 Admin Center, click Setup, and then click Domains to see the list of domains that are
registered.
Step 3: Configure your on-premises environment

To configure your on-premises environment, follow these steps:
1. If your organization uses Exchange Server for its on-premises server, configure the server to send messages
over TLS. To do this, see Set up your email server to relay mail to the Internet via Office 365. (This is Part 2.2
of Set up connectors to route mail between Office 365 and your own email servers.)
NOTE
If you've already used Hybrid Configuration Wizard, you can continue to use it. However, make sure that you use a
certificate that matches the criteria that's outlined in Step 1, sub-step 5 of this section.
2. Install a certificate in your on-premises environment. To do this, see “Step 6: Configure an SSL certificate” in
Configure mail flow and client access.
References
For more information about how to address the connector setting requirement, see Important connector notice.
For more information about how to relay messages through Office 365, see the "Setting up mail flow where some
mailboxes are in Office 365 and some mailboxes are on your organization’s mail servers" section of Mail flow best
practices for Exchange Online and Office 365.
Still need help? Go toMicrosoft Community or the Exchange TechNet Forums.
Error viewing delegates in Outlook after a migration
from on-premises to Exchange Online
Symptoms
Assume that your mailbox is migrated from an on-premises Exchange environment to Microsoft Exchange Online.
After you sign in to Microsoft Outlook, you may experience one of the following issues that affect the Outlook
delegate feature:
When you view the delegate permissions, a value of None is listed in the Delegate Permissions dialog
box.
When you try to remove or add a delegate, you receive the following error message:
The Delegates settings were not saved correctly. Unable to activate send-on-behalf-of list. You do not
have sufficient permission to perform this operation on this object.
Resolution
To resolve this issue after a move is made to Exchange Online from an on-premises environment, restart the
Outlook client.
You can also force Outlook to download a new address book. To do this, select Send / Receive > Send/Receive
Groups > Download Address Book.
Complete these steps to make sure that the Outlook client has the most up-to-date information.
You can't remove a calendar item or an email
message in Outlook in Office 365
Problem
You can't remove a calendar item such as a meeting request, a reminder, or an email message in Microsoft Outlook
in Microsoft Office 365. Additionally, if you try to remove a meeting request, you may receive an error message
that resembles the following message:
This meeting cannot be removed because you are the meeting organizer.
Solution
NOTE
Before you try the methods in this section, exit all clients (such as Outlook and Outlook on the web) on which the mailbox is
set up, start Outlook, and then try to remove the item. If the problem persists, try Method 1 first. If that doesn't fix the
problem, try the next method.
To resolve this problem, use one or more of the following methods.

Recommended method
Try to delete the item in Outlook on the web. If you can't delete it in Outlook on the web, go to the next method.
NOTE
If you can't complete a task in Outlook but you can complete it in Outlook on the web, this might mean that Outlook has to
be updated.
Additional methods
Method 2: Use the Search-Mailbox cmdlet
Use the Search-Mailbox cmdlet to search for and remove the item. For more information, see Search and delete
messages.
Method 3: Run Outlook commands
Depending on the kind of item that you're trying to remove, you can use the following command line switches to
remove the item.
Caution Exit Outlook before you run any of these switches.
Click Start, enter outlook /cleanremindersin the search box, and then press Enter.
Click Start, enter outlook /cleandmrecords in the search box, and then press Enter.
After you run the applicable switches, start Outlook, and then try to delete the message again.
For more information about these switches, see Command-line switches for Outlook for Windows.
Method 4: Delete the message after you edit it
1. In Outlook, double-click the email message.
2. In the **Move **group in the message ribbon, click Actions, and then click Edit Message.
3. Remove some characters from the message, or add characters to it.
4. Click **File, **and then save the message.
5. Try to delete the message again.
Method 5: Empty the Deleted Items folder
In Outlook, delete all items that are in the Deleted Items folder, and then try to delete the meeting request or
message.
Method 6: Delete the meeting reminders by using the MFCMAPI editor
The following steps show how to remove a meeting reminder that still appears even after the original meeting is
removed. This typically occurs if the meeting reminder is corrupted.
NOTE
Although the MFCMAPI editor is supported by Exchange Online, use caution when you make changes to mailboxes by using
this tool. Using the MFCMAPI editor incorrectly can cause permanent damage to a mailbox. The exact steps may vary,
depending on the version of MFCMAPI that you're using.
1. Download MFCMAPI from github (scroll down and then click Latest release).
2. In Outlook, click the Send/Receivetab.
3. In the Preferencesgroup, click Work Offline, and then exit Outlook.
4. Double-click the MFCMapi.exe file to start the MFCMAPI editor.
5. On the **Session **menu, click Logon and Display Store Table.
6. Right-click the mail profile that you want to change, and then click Open Store.
7. Expand Root-Mailbox, expand Finder, and then double-click Reminders.
8. Locate the recurring appointment by sorting the **Subject **column or the **To **column.
9. Right-click the appointment, and then click Delete Message.
10. In the **Delete Item **dialog box, select one of the permanent deletion options, and then click OK.
11. Click Start, type outlook.exe /cleanreminders in the search box, and then press Enter.
12. If you're prompted, select your profile to start Outlook.
More information
"Message store has reached its maximum size" error
when an Office 365 user tries to delete an item in
Outlook or Outlook on the Web
Symptoms
When a Microsoft Office 365 user tries to delete an item such as a calendar event in Outlook or Outlook on the
Web, the user experiences the following symptoms:
In Outlook, the user receives the following error message:
The message store has reached its maximum size. To reduce the amount of data in this message
store, select some items that you no longer need, permanently (Shift + Del) delete them.
In Outlook on the Web, the user receives the following error message:
The action couldn't be completed. An error occurred on the server.
Cause
This issue occurs if the items in the Recoverable Items folder of the user's mailbox exceed the default quota of 30
gigabytes (GB ).
Solution
To fix this issue, use either of the following methods:
Make sure that Litigation Hold or In-Place Hold is enabled. If either feature is enabled, the storage quota for the
Recoverable Items folder is automatically increased from 30 GB to 100 GB.
Enable the archive mailbox, turn on the auto-expanding archiving feature in Exchange Online, and then create a
custom retention policy for mailboxes on hold. After you complete these steps, the storage quota for the
Recoverable Items folder in the user's archive will be unlimited.
For more information about how to increase the storage quota, see Increase the Recoverable Items quota for
mailboxes on hold.
More information
The Recoverable Items folder is not visible to the user. It contains mail items that have been soft-deleted.
An item is considered soft-deleted in the following cases:
A user deletes an item or empties all items from the Deleted Items folder.
A user presses Shift+Delete to delete an item from any other mailbox folder.
Users can use the Recover Deleted Items feature in Outlook or Outlook Web App to recover a deleted item.
For more information about deleted item recovery, see Recoverable Items folder.
How to prevent users from creating and managing
distribution groups in Office 365
Introduction
Users in a Microsoft Office 365 environment can create distribution groups and manage those distribution groups.
As an admin, you may want to prevent users or a subset of users from creating and managing distribution groups.
Procedure
The functionality to create and manage distribution groups is available to users in organizations that don't use
directory synchronization to sync users and groups from the on-premises environment to Office 365. Exchange
Online admins can disable this functionality so that users can't create and manage their own distribution groups. To
do this, follow these steps:
Step 1: Edit the default role assignment policy or create a new role assignment policy
Depending on the particular scenario and the kind of organization, Exchange Online admins have two options for
using a role assignment policy to control whether users can create and manage distribution groups. These options
are as follows:
If you want to apply the policy to all users in your organization, edit the default role assignment policy.
If you have already created several role assignment policies or if you only want to disable this feature for a
subset of users in your organization, create a new role assignment policy.
Do one of the following things, as appropriate for your situation:
Edit the default role assignment policy
To edit the default role assignment policy, follow these steps:
1. Sign in to the Office 365 portal as an admin, click Admin, and then click Exchange to open the Exchange
admin center.
2. In the left navigation pane click permissions, and then click user roles.
3. Double-click Default Role Assignment Policy.
4. Click to clear the MyDistributionGroups check box and the MyDistributionGroupMembershipcheck box.
5. Click Save.
Create a new role assignment policy
To create a new role assignment policy, follow these steps:
admin center.
2. In the left navigation pane click permissions, and then click user roles.
3. Click New ( ).
4. Type a name for the new role assignment policy, and then click to select the options that you want. Make
sure that the MyDistributionGroups check box and the MyDistributionGroupMembershipcheck box are
cleared.
5. Click Save.
Step 2: Apply the role assignment policy
IMPORTANT
If you only use one role assignment policy in your organization, you don't have to follow this step.
After you set up the role assignment policy, apply the policy. Be aware that if you changed the default role
assignment policy, you don't have to reapply it. However, if you created a new role assignment policy, you must
apply it to users in your organization.
To apply the role assignment policy, use one of the following methods, as appropriate for your situation.
Manually apply the role assignment policy to one user by using the Exchange admin center
To apply the role assignment policy to one user, follow these steps:
admin center.
2. In the left navigation pane, click recipients, and then click mailboxes.
3. Double-click the mailbox to which you want to apply the policy.
4. In the mailbox details window, click mailbox features, and then in the Role assignment policybox, select
the policy that you want to apply.
5. Click Save.
Apply the role assignment policy to all users by using remote PowerShell
To apply the role assignment policy to all users in the organization by using remote PowerShell, follow these
steps:
1. Connect to Exchange Online by using remote PowerShell. For more information about how to do
this, see Connect to Exchange Online using remote PowerShell.
2. At the PowerShell prompt, type the following command, and then press Enter:
Get-Mailbox | Set-Mailbox –RoleAssignmentPolicy “ <Name of Policy> ”
More information
"You don't have sufficient permissions" error when
you try to remove or make a change to a distribution
group
Problem
You try to remove or make a change to a distribution group by using the Exchange admin center in Microsoft
Exchange Online for Microsoft Office 365 or in on-premises Microsoft Exchange Server. In this situation, you
receive the following error message: You don't have sufficient permissions. This operation can only be performed
by a manager of the group.
Cause
This issue occurs if you're not a manager of the group. In this situation, you're not listed in the ManagedBy
attribute.
Solution
Use one of the following methods.
Method 1: Use Exchange Online PowerShell or the Exchange Management ShellImportantYou have to be an
Exchange Online admin, an Exchange admin, or a member of the "Security Group Creation and Membership"
role in the Exchange admin center to perform this procedure.
1. Take one of the following actions, as appropriate for your situation:
Connect to Exchange Online by using remote PowerShell. For more information about how to do this,
see Connect to Exchange Online using Remote PowerShell.
On Exchange Server in your on-premises environment, open the Exchange Management Shell.
2. Make the change that you want to the distribution group by using the appropriate Windows PowerShell
cmdlet.
For example, to remove the distribution group, use the Remove-DistributionGroupcmdlet together with the
BypassSecurityGroupManagerCheck parameter. Here's an example:Remove-DistributionGroup -
BypassSecurityGroupManagerCheck Note In this cmdlet and in other cmdlets in the "Examples" section, the
distribution group is represented by the placeholder .
Examples
Here are some more examples of other Windows PowerShell cmdlets that you can use to manage distribution
groups:
To assign ownership of a group, use the Set-DistributionGroupcmdlet, as in the following example:
Set-DistributionGroup <NameOfGroup> -ManagedBy "Admin@contoso.com" -BypassSecurityGroupManagerCheck
To add a user to a group, use the Add-DistributionGroupcmdlet, as in the following example:
Add-DistributionGroupMember -Identity <NameOfGroup> -Member user@contoso.com

To remove a user from a group, use the Remove-DistributionGroup cmdlet, as in the following example:
Remove-DistributionGroupMember -Identity <NameOfGroup> -Member user@contoso.com
To check the members list for a group, use the Get-DistributionGroupMember cmdlet, as in the following
example:
Get-DistributionGroupMember -identity <NameOfGroup>|fl DisplayName,WindowsLiveID,RecipientType
Method 2: Add yourself to the "ManagedBy" attributeTo add yourself to the ManagedBy attribute, follow these
steps:
1. Take one of the following actions, as appropriate for your situation:
Connect to Exchange Online by using remote PowerShell. For more information about how to do this,
see Connect to Exchange Online using Remote PowerShell.
On Exchange Server in your on-premises environment, open the Exchange Management Shell.
2. Run the following command:
Set-DistributionGroup <group> -ManagedBy @{Add="<value1>", "<value2>", …} -

BypassSecurityGroupManagerCheck
For example, if you're an Exchange Online admin or an Exchange admin who isn't listed in
the ManagedBy attribute and you want to make changes to a distribution group that's named Accounting,
run the following command to add yourself to the ManagedBy attribute:
Set-DistributionGroup Accounting -ManagedBy @{Add="<Alias>"} -BypassSecurityGroupManagerCheck
After you do this, you'll be able to change the distribution group.

For more information about the Set-DistributionGroup cmdlet, see Set-DistributionGroup.
References
To learn about managing distribution groups that are synced to Office 365 from the on-premises environment, see
the following Microsoft Knowledge Base article:
2417592 Owners of an on-premises distribution group that's synced to Office 365 can't manage the distribution
group in Exchange Online
Troubleshoot: Remove an alias from a contact
Did you get this error when you were creating a new user? "This email address is already being used as an alias for
the contact <contact name>." This article will show you how to remove the email alias from the contact.
Cau t i on
It is unusual for a contact to have an alias because it has to be added using Exchange Online PowerShell. You'll
have to remove it using Exchange Online PowerShell.
If you're new to PowerShell, you can do this! The Exchange Online PowerShell commands used in this article will
only remove an alias from a contact.
Remove the email alias from the contact using Exchange Online
PowerShell
Before you can do this procedure, you need the following:
Connect to Exchange Online PowerShell
The display name of the contact
The email address that you want to remove
1. In Exchange Online PowerShell, replace the contact name and email address with your values, and run the
following command:
Set-MailContact -Identity "Contact name" -Alias @{remove="alias@contoso.com"}
2. It may take a few minutes, but when the command has completed, the command prompt will return. You'll
only get a message if there was an error.
3. Close the connection to Exchange Online PowerShell by running the following command:
Remove-PSSession $Session
Troubleshoot: Remove an alias from a distribution list
the distribution list <list name>." This article will show you how to remove the email alias from the distribution list.
Cau t i on
It is unusual for a distribution list to have an alias because it has to be added using Exchange Online PowerShell.
You'll have to remove it using Exchange Online PowerShell.
only remove an alias from a distribution list.
Remove the email alias from the distribution list using Exchange Online
PowerShell
The name of the distribution list
1. In Exchange Online PowerShell, replace the distribution list name and the email address with your values,
and run the following command:
Set-DistributionGroup -Identity "List name" -Alias @{remove="alias@contoso.com"}
Troubleshoot: Remove an alias from a group
the group <group name>." This article will show you how to remove the email alias from the group.
Cau t i on
It is unusual for a group to have an alias because it has to be added using Exchange Online PowerShell. You'll have
to remove it using Exchange Online PowerShell.
only remove an alias from an Office 365 group.
Remove the email alias from the group using Exchange Online
PowerShell
The name of the group
1. In Exchange Online PowerShell, replace the group name and email address with your values, and run the
following command:
Set-UnifiedGroup -Identity "Group name" -EmailAddresses @{remove="alias@contoso.com"}
Troubleshoot: Remove an alias from a mail-enabled
security group
the mail-enabled security group <group name>." This article will show you how to remove the email alias from the
mail-enabled security group.
Cau t i on
It is unusual for a mail-enabled security group to have an alias because it has to be added using Exchange Online
PowerShell. You'll have to remove it using Exchange Online PowerShell.
only remove an alias from an mail-enabled security group.
Remove the email alias from the group using Exchange Online
PowerShell
The name of the group
1. In Exchange Online PowerShell, replace the group name and the email address with your values, and run
the following command:
Set-DistributionGroup -Identity "Group name" -Alias @{remove="alias@contoso.com"}
Troubleshoot: Remove an alias from a shared mailbox
the shared mailbox <mailbox name>." This article will show you how to remove the email address from the shared
mailbox so you can re-use it.
TIP
Email addresses are how the internet knows where to send your email and all email addresses must be unique - across the
entire internet no two email addresses can be the same.
Remove the email alias from the shared mailbox

Before you begin, make sure you've noted which shared mailbox you need to remove the email address from.
1. From the admin center, you can find the shared mailbox a couple of different ways:
From the admin center Home page, type the name of the shared mailbox into the search field, and then
select it from the list. It will open the shared mailbox's details card.
Go to Groups > Shared mailboxes, and then select the shared mailbox from the list.
2. In the Name, Email, and Email aliases section, select Edit.
3. In the Email aliases section, remove the email address by selecting the remove (wastebin) icon, and then
Save.
NOTE
You can't remove the primary email address. If you need to remove the primary email address, add a second email
address for this shared mailbox and select Set as primary. Then you can remove the email alias.
Did this solve your problem?

Let us know if this did or didn't solve your problem by giving feedback at the bottom of this page: Was this
information helpful?
Troubleshoot: Remove an email alias from a user
user <user name>." This article will show you how to remove the email alias from the user.
TIP
Email addresses are how the internet knows where to send your email and all email addresses must be unique - across the
entire internet no two email addresses can be the same.
Remove the email address from the user

Before you begin, make sure you've noted which user you need to remove the email address from.
Use the new admin center to remove the email address
The new admin center is available to all Microsoft 365 admins. You can opt in by selecting the Try the new admin
center toggle located at the top of the Home page. For more information, see About the new Microsoft 365 admin
center.
1. There are two ways you can find a user's account information:
In the admin center, type the user's name into the search field at the top of the page, and then select them
from the list. It will open the user card.
Or, in the admin center, go to the Users > Active users page and select the user from the list.
2. Select Manage email aliases.
3. Select the alias you want to remove and select the remove (wastebin) icon, and then Save changes.
Use the old admin center to remove the email address
1. There are two ways you can find a user's account information:
In the admin center, type the user's name into the search field at the top of the page, and then select them
from the list. It will open the user card.
Or, in the admin center, go to the Users > Active users page and select the user from the list.
2. Next to Username/Email, Aliases, select Edit.
3. Select the alias you want to remove and select the remove (wastebin) icon, and then Save.
NOTE
You can't remove the primary email address. If you need to remove the primary email address, create a second email
address for this user and select Set as primary. Then you can remove the user's email address.
Did this solve your problem?

Let us know if this did or didn't solve your problem by giving feedback at the bottom of this page.
"You can't use the domain because it's not an
accepted domain for your organization" error when
you run the Add-RecipientPermission cmdlet
Problem
Scenario 1
When you try to run the Add-RecipientPermission cmdlet in Exchange Online, you receive the following error
message:
You can't use the domain because it's not an accepted domain for your organization. CategoryInfo :
NotSpecified: (:) [Add-RecipientPermission], NotAcceptedDomainException
Scenario 2
When you try to run the New -MoveRequest cmdlet in Exchange Online, in order to move a mailbox from on-
premises to Exchange Online, you receive the following error message:
You can't use the domain because it's not an accepted domain for your organization. CategoryInfo :
NotSpecified: (:) [New-MoveRequest], NotAcceptedDomainException
Scenario 3
When you create a migration by using New -MigrationBatch command or from Exchange Online Exchange Admin
Center, in order to move a mailbox from On-Premises to Exchange Online, after a while the migration will fail. And
you'll see the following output on the ErrorSummary when you run:
Get-MigrationUserStatistics User1@contoso.com | fl
You can't use the domain because it's not an accepted domain for your organization.
Cause
The proxy address of the recipient uses a domain that isn't configured as an accepted domain in the organization.
Solution
Do one of the following:
Add and verify the domain. For more information, see Adding additional domains to Office 365.
Remove the proxy address from the recipient. For more information, see Add or remove email addresses for a
mailbox.
Assign an Exchange Online license to the affected user. For more information, see Assign licenses to users in
Office 365 for business or Assign licenses to user accounts with Office 365 PowerShell.
More information
How to migrate mailbox data by using the Exchange
Admin Center in Office 365
Introduction
This article describes the migration features that are available in the Exchange Admin Center in Microsoft Office
365. It also discusses migration scenarios in which the Exchange Admin Center is used to migrate data from the
following existing environments:
Microsoft Exchange Server 2003
Internet Message Access Protocol (IMAP )
More information
The Exchange Admin Center in Office 365 is used to migrate data from a hosted and on-premises Exchange
environment or an IMAP environment through the creation and management of migration batches. Migration
batches are specific requests to migrate all mailboxes or a subset of mailboxes from a remote mailbox source.
Supported kinds of migration
In Exchange Online, IT admins have several options to migrate mailbox data from their existing on-premises or
hosted environment. These options vary based on the source environment and the result that the customer wants
to achieve. As with any deployment of Exchange Online in Office 365, customers can review the Exchange Server
Deployment Assistant to determine the settings that they have to set up to reach the end state that they want.
Remote move
Remote move enables migration from a deployment of Exchange 2010 or later versions. It uses the Microsoft
Exchange Mailbox Replication Service (MRS ) Proxy service. For more information about remote moves, go to the
following Microsoft TechNet website:
Mailbox Moves in Exchange 2013
Staged migration
Staged migration enables migration from an on-premises Exchange 2003 or Exchange 2007 deployment. The main
difference in this kind of migration is that the migration is targeted at customers who want to establish a
permanent mail coexistence with Exchange Online and their on-premises environments. This requires that
customers deploy directory synchronization when they deploy Exchange Online. This option is available for
customers who have Enterprise Exchange licenses only. IT admins must provide a list of users to migrate in each
batch by using a comma-separated values (CSV ) file.
Cutover migration
The cutover migration option is for customers who want to migrate their whole environment at one time. This
migration is limited to less than 2,000 mailboxes and is targeted at business customers who are running Exchange
2003 or a later version in their environment. Specifically, this migration supports users who are using the
Microsoft Exchange Autodiscover service against Exchange 2007 (or later-version) environments to determine the
mailboxes that are available for migration. However, if you're running Exchange 2003 in your on-premises
environment, you can manually enter the remote procedure call (RPC ) proxy addresses to access the Exchange
mailboxes for migration. This option is available to Office 365 Enterprise customers and Office 365 Business
customers.
IMAP migration
IMAP migration is targeted at customers who may be using non-Exchange-based mail systems in their current
hosted environment or have access to the data only by using the IMAP 4 protocol. The Office 365 migration
engine uses the information that's provided by IT admins in the EAC to connect to IMAP mailboxes and download
mailbox data. IT admins must provide a list of users to migrate in each batch by using a CSV file.
Offboarding migration
IT admins can move mailboxes from Exchange Online to a remote mailbox server by using the MRS Proxy service.
How to manage migration batches in Exchange Online
Admins whose organizations are deployed on Exchange Online can create and manage multiple migration batches
by using the E -mail Migration wizard in the Exchange Admin Center by using Exchange Online PowerShell.
Admins can "pre-stage" several migration batches for execution and can control when a migration batch is started.
More than one migration batch can be run at one time.
How to create migration batches by using the E-mail Migration wizard in the Exchange Admin Center
To create a migration batch, follow these steps:
1. Sign in to the Office 365 portal ( https://portal.office.com).
3. Click Migration, click New ( ), and then click Onboarding.
4. Select the migration option that you want, and then click Next. Migration options are as follows:
Remote move
Staged migration
Cutover migration
IMAP
The following screen shot shows the migration options:
Remote move walkthrough

For more information about remote move, go to the following Microsoft TechNet website:
Mailbox Moves in Exchange 2013
Staged migration walkthrough
To create a staged migration batch, follow these steps:
1. Prepare a CSV file.
Each row in the CSV file that you use to migrate on-premises Exchange mailboxes to the cloud in a staged
Exchange migration should contain information about the on-premises mailbox.
2. On the "Select the mailboxes" screen, locate the CSV file that you created in step 1, and then click Next. The
following screen shot shows an example:
3. Enter the credentials of your on-premises admin account, and then click Next. The following screen shot
shows an example:
4. If the Autodiscover service can't detect the connection settings for the on-premises Exchange server, you're
prompted to enter the following information:
The fully qualified domain name (FQDN ) of the Exchange server that hosts the mailbox that you're
migrating
The FQDN of the proxy server for the Exchange server
If the Autodiscover service can detect the connection settings for the on-premises Exchange server, you're
prompted to confirm the entries. The following screen shot shows an example:
Click Next.
5. Enter a name for the migration batch, and then click Next.
6. Specify the admins in your Office 365 organization who should receive the migration report, select one of
the following migration methods, and then click** New**:
Automatically start the migration
Manually start the migration later
Cutover migration walkthrough

To create a cutover migration batch, follow these steps:
1. Specify the Windows admin user account credentials for the Exchange server.
2. If the Autodiscover service can't detect the connection settings for the on-premises Exchange server, you're
prompted to enter the following information:
The FQDN of the Exchange server that hosts the mailboxes that you're migrating
The FQDN of the proxy server for the Exchange server
If the Autodiscover service can detect the connection settings for the on-premises Exchange server, you're
prompted to confirm the entries. The following screen shot shows an example:
Click Next.
the following migration methods, and then click New:
IMAP migration - Walkthrough

To create an IMAP migration batch, follow these steps:
1. Prepare a CSV file.
The CSV file that you use to migrate the content of user's mailboxes should contain a row for each user.
Each row contains information about the user's cloud-based mailbox and IMAP mailbox that are used to
process the migration.
2. On the "Select the mailboxes" screen, locate the CSV file that you created in step 1, and then click Next. The
following screen shot shows an example:
3. On the IMAP Configuration screen, enter the connection settings for the server from which you want to
migrate mailbox data. The following screen shot shows an example:
the following migration methods, and then click New:
How to manage migration batches by using the Exchange Admin Center

After admins create the migration batch, they can create additional migration batches. Additionally, admins can
change, delete, pause, or start an existing migration batch. They can use the following controls to perform these
actions:
Admins can also change the associated endpoint of a migration batch by using controls on the Migration tab. If
more than one batch is started, admins can select the migration batch that has the highest priority.
Migration endpoints
Migration endpoints are management objects that describe the remote server information and connection settings
that are associated with one or more batches. When you provide server information during a migration batch
request, you're actually creating a migration endpoint. After you create migration endpoints, you can assign them
to new migration batches or pending migration batches.
The following screen shot shows migration endpoint properties that are accessed through migration batch
properties:
The following screen shot shows migration endpoint properties that are accessed from the **More **button on the
**Migration **screen:
How to manage migration batches by using Exchange Online PowerShell

Admins can use the following Exchange Online PowerShell cmdlets to manage migration batches:
Complete-MigrationBatch
Get-MigrationBatch
Get-MigrationConfig
Get-MigrationEndpoint
Get-MigrationStatistics
Get-MigrationUser
Get-MigrationUserStatistics
New -MigrationBatch
New -MigrationEndpoint
Remove-MigrationBatch
Remove-MigrationEndpoint
Remove-MigrationUser
Set-MigrationBatch
Set-MigrationEndpoint
Start-MigrationBatch
Stop-MigrationBatch
Test-MigrationServerAvailability
For more information about how to use each cmdlet, run the Get-Helpcmdlet.
How to monitor the status of the migration batch
Admins can view the current status of each migration batch in the Exchange Admin Center. To do this, they should
select the migration batch on the **Migration **tab. The status information is as follows:
Type: Migration type. Migration types are as follows:
Remote move
Staged migration
Cutover migration
IMAP
Direction: Migration direction. Migration directions are as follows:
Onboarding
Offboarding
Status: The current state of the migration batch that are selected. The status are as follows:
Created
Removing
In Progress
Completed
Failed Mailboxes: The number of mailboxes for which the migration isn't successful
Created by: The mailbox address of the admin who created the migration batch
Create Time: The date and time when the migration batch was created
Start Time: The date and time when the migration batch was initiated
Initial Sync Time: The date and time when the initial sync started
Initial Sync Duration: The time that is taken to complete the initial sync
Last Synced Time: The date and time when the last sync completed for the active users
References
Target mailbox doesn't have an smtp proxy matching
in a mailbox migration
Problem
Assume that you have a hybrid deployment of on-premises Microsoft Exchange Server and Exchange Online in
Office 365. When you try to move mailboxes from your on-premises environment to Exchange Online, you receive
the following error message:
The target mailbox doesn't have an smtp proxy matching '<domain>.mail.onmicrosoft.com'
Cause
This issue may occur if one of the following conditions is true:
The source mailbox isn't stamped to have a <domain>.mail.onmicrosoft.com smtp address.
The proxy address <domain>.mail.onmicrosoft.com is not synced to Office 365 on the corresponding cloud
mail-user object.
Solution
To find the cause of the issue and determine from which mailbox the <domain>.mail.onmicrosoft.com email
address is missing, run the following commands in the Exchange Management Shell and Exchange Online
PowerShell:
In Exchange Management Shell on-premises:
Get-Mailbox <AffectedUser> | FL EmailAddresses, EmailAddressPolicyEnabled
In Exchange Online PowerShell:
Get-MailUser <AffectedUser> | Select -ExpandProperty emailaddresses
Scenario 1: <domain>.mail.onmicrosoft.com email address is missing from on-premises source mailbox

(Exchange Management Shell)
To resolve this issue, add the <domain>.mail.onmicrosoft.com email address to the on-premises source mailbox.
If the on-premises mailbox has an email address policy applied (that is, the EmailAddressPolicyEnabled
parameter value is True or the Automatically update email addresses based on the email address policy
applied to this recipient checkbox is selected for the user in Exchange Admin Center or Exchange Management
Console), this means that the email address policy doesn't contain the secondary
SMTP <domain>.mail.onmicrosoft.com domain in the email address policy template. You can double-check this
policy by running the following command in Exchange Management Shell:
Get-EmailAddressPolicy | FL Identity, EnabledEmailAddressTemplates
In this case, add <domain>.mail.onmicrosoft.com to the email address policy. To do this, follow these steps:
1. Open the Exchange Admin Center on the on-premises Exchange server.
2. Click Mail flow, and then click Email address policies.
3. Select the email address policy that you want to change, and then click Edit.
4. In email address format, add the domain (<domain>.mail.onmicrosoft.com) to the policy, click Save, and
then click apply to to apply the change to the recipients.
5. You should now see that the <domain>.mail.onmicrosoft.com SMTP address is stamped on the on-
premises mailbox when you run the following command:
Get-Mailbox <AffectedUser> | FL EmailAddresses, EmailAddressPolicyEnabled
6. Wait for directory synchronization to run. Or, force a delta directory synchronization. For more
information about how to do this, see Start the Scheduler.
If the on-premises mailbox doesn't have an email address policy applied (that is, the EmailAddressPolicyEnabled
parameter value is False or the Automatically update email addresses based on the email address policy
applied to this recipient checkbox isn't selected for the user in Exchange Admin Center or Exchange
Management Console), or if, for whatever reason, the email address policy doesn't stamp or apply
the user@domain.mail.onmicrosoft.com smtp address on the recipient, you have to manually add the
<domain>.mail.onmicrosoft.com email address on the user, and then synchronize the change to Azure AD. To do
this, follow these steps:
1. Open the Exchange Admin Center on the on-premises Exchange server.
2. Click recipients, and then click mailboxes.
3. Select and double-click the on-premises mailbox that you want to change.
4. In email addresses, click the add icon () to add** **user@domain.mail.onmicrosoft.com email address to
the user's email addresses.
5. Click OK, and then Save.
6. You should now see the <domain>.mail.onmicrosoft.com stamped on the on-premises mailbox when you
run the following command:
Get-Mailbox <AffectedUser> | FL EmailAddresses
7. Wait for directory synchronization to run. Or, force a delta directory synchronization. For more information
about how to do this, see Start the Scheduler.
Scenario 2: <domain>.mail.onmicrosoft.com email address is stamped on the on-premises source mailbox but is
missing from the cloud mail-user object (Exchange Online PowerShell)
In this case, you probably have a synchronization issue. Determine whether the directory synchronization works
and whether you have any synchronization errors that are reported in the Azure Active Directory (Azure AD )
Connect tool or Office 365 admin center. For more information about how to do this, see View directory
synchronization errors in Office 365.
You may also have a user validation error, if you already have a cloud user object on which the
user@domain.mail.onmicrosoft.com email address is stamped.
To see this error, you have to connect to Office 365 PowerShell and then run one of the following commands,
depending whether you connect to MSOnline (MSOL ) service or Azure AD for Windows PowerShell:
(Get-MsolUser -UserPrincipalName
<AffectedUserUPN>).Errors.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription
(Get-AzureADUser -ObjectId <AffectedUserUPN>).Errors.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription
For more information, refer to You see validation errors for users in the Office 365 portal or in the Azure Active
Directory Module for Windows PowerShell. Then, in Office 365 PowerShell, check whether the proxy addresses in
Azure AD contain the email address user@domain.mail.onmicrosoft.com. To do this, run one of the
following commands:
(Get-MsolUser -UserPrincipalName <AffectedUserUPN>).ProxyAddresses

(Get-AzureADUser -ObjectId <AffectedUserUPN>).ProxyAddresses
If you find the user@domain.mail.onmicrosoft.com smtp address for the user in the command result, but you still
don't have this email address in Exchange Online PowerShell by using the Get-MailUser command, this means
that the Directory Synchronization tool brought the address successfully into Azure AD, and you probably have a
synchronization issue between Azure AD and Exchange Online.
Another cause may be if the domain.mail.onmicrosoft.com smtp domain that is stamped on the on-premises user
is incorrect. For example, the domain doesn't exist in your Office 365 tenant or Exchange Online accepted domains.
For more information about accepted domains, see View accepted domains.
If you cannot determine the cause of the issue, open a support case with Microsoft Support team to investigate
further.
MORE INFORMATION
For more info about email address policies and Exchange hybrid deployments, see the "Email address policy"
section of the The cloud on your terms (PART I): deploying hybrid blog post.
For more info about how to edit an email address policy, see Edit an email address policy.
For more info about the coexistence domain that's added by the Hybrid Configuration wizard, see the "Domains"
entry at Hybrid Configuration wizard.
Still need help? Go to Microsoft Community or the Exchange TechNet forums.
"554 5.2.0
STOREDRV.Deliver.Exception:ObjectNotFoundException.MapiExceptionNotFound"
NDR when users send mail in Exchange Online
Problem
When users send messages to a specific mailbox in Exchange Online, they receive a nondelivery report that contains the following error code:
554 5.2.0 STOREDRV.Deliver.Exception:ObjectNotFoundException.MapiExceptionNotFound; Failed to process message due to a permanent
exception with message Cannot get ID from name
For example, users may experience this issue when they send mail to a distribution group.
Cause
This issue occurs if the Clutter feature is enabled for the user but the Clutter folder is missing in the user’s mailbox.
Workaround
To work around this issue, turn off Clutter for the user. To do this, use one of the following methods.
1. In Outlook on the web, click Settings in the upper-right corner.
2. Click My app settings, click Mail, and then click Clutter.
3. Clear the **Separate items identified as clutter **check box, and then click Save.
For more information about how to turn Clutter on or off, see Use Clutter to sort low priority messages in Outlook 2016 for Windows.
Method 2: Use Exchange Online PowerShell
1. Connect to Exchange Online by using PowerShell. For more information, see Connect to Exchange Online using remote PowerShell.
2. Run the following command:
Get-Mailbox user@contoso.com | Set-Clutter -Enable $false
For more information about how to use the Set-Clutter cmdlet to turn Clutter on or off, see Set-Clutter.
MORE INFORMATION
Find and fix email delivery issues as an Office 365 for
business admin
When users report that they aren't getting email, it can be hard to find what's wrong. You might run through
several troubleshooting scenarios in your mind. Is something wrong with Outlook? Is the Office 365 service down?
Is there a problem with mail flow or spam filter settings? Or is the problem due to something that's outside your
control, like the sender is on a global block list? Fortunately, Office 365 provides powerful automated tools that can
help you find and fix a variety of problems.
First things first, check if there's a problem with Outlook or another

email app
If only one user is reporting having trouble receiving email, there might be a problem with their email account or
their email app. Have the affected user try the following solutions before you move on to admin-specific tasks.
Use Outlook on the web to look for missing messages - 5 minutes
If a user is receiving email in their Outlook on the web mailbox but not on the email app that's installed on their
machine, that could indicate that there's an issue with the users machine or email app. Ask the user with the issue
to sign in to Outlook on the web to verify that their Office 365 email account is working correctly.
Instructions: Sign in to Outlook on the web for business
Run Microsoft Support and Recovery Assistant to fix Outlook problems or account issues - 10 minutes
If a single user in your organization is having trouble receiving email, it could be due to a licensing issue, a profile
problem, the wrong version of Outlook, or a mix of other issues. Fortunately, Support and Recovery Assistant finds
and helps you fix most issues with Outlook or Office 365. As a first step in troubleshooting email delivery
problems for Office 365 for business, we recommend that you download and run Microsoft Support and Recovery
Assistant on the affected machine. Note that if you are experiencing issues with Outlook for Mac or are having
mobile access issues, you can use the app to check your account settings, but you need to install it on a PC. After
you sign in with the affected account, the app will check for issues. Users can typically download and run Support
and Recovery Assistant without help from their Office 365 admin.
Let us fix your issue Download and run Microsoft Support

and Recovery Assistant
If the Support and Recovery Assistant app doesn't fix the email delivery
issue, try these admin tools
As an Office 365 for business admin, you have access to several tools that can help you investigate why users can't
get email. The following video gives a brief overview of the tools available to you.
The following tools are listed from the quickest to the most in-depth option.
Check Office 365 service health for Exchange Online issues - 5 minutes
The service health page lists the status of Office 365 services and indicates if there have been any recent service
incidents. Use the following steps to check the service health.
1. Where to sign in to Office 365 for business with your work or school account.
2. Select the app launcher icon in the upper-left and choose Admin.
TIP
Admin appears only to Office 365 administrators.
Can't find the app you're looking for? From the app launcher, selectAll apps to see an alphabetical list of the
Office 365 apps available to you. From there, you can search for a specific app.
3. Under Service health, go to View the service health.
If there is an indication that ExchangeOnline service is degraded, email delivery might be delayed for your
organization, and CompanyName service engineers are already working to restore service. Check the service
health page for progress updates. In this case, you don't need to open a service request because CompanyName is
already working to resolve the issue.
Use message trace for in-depth email delivery troubleshooting - 15 minutes
Sometimes an email message gets lost in transit, or it can take a lot longer than expected for delivery, and your
users can wonder what happened. The message trace feature lets you follow messages as they pass through your
Exchange Online service. Getting detailed information about a specific message lets you efficiently answer your
user's questions, troubleshoot mail flow issues, validate policy changes, and can prevent you from needing to
contact technical support for assistance.
Open the message trace tool
If you're an Office 365 Midsize Business, Office 365 Business, or Office 365 Enterprise admin, you access and run
the message trace tool through the Exchange admin center. To get there, do the following:
1. Where to sign in to Office 365 for business with your work or school account.
2. Select the app launcher icon in the upper-left and choose Admin.
TIP
Admin appears only to Office 365 administrators.
Can't find the app you're looking for? From the app launcher, selectAll apps to see an alphabetical list of the
Office 365 apps available to you. From there, you can search for a specific app.
3. Go to Exchange.
4. Under mail flow, go to message trace.
If you're an Office 365 Small Business admin, do the following to find message trace:
1. Go to Admin > Service settings > Email, calendar, and contacts.
2. Under Email troubleshooting, click Troubleshoot message delivery.
Run a message trace and view delivery details of messages sent in the last week
By default, message trace is set to search for all messages sent or received by your organization in the past 48
hours. You can choose Search at the bottom of the page to generate this report. This report can give you a general
idea about what is happening with mail flow in your organization. However, to troubleshoot a specific user's mail
delivery issue, you want to scope the message trace results to that user's mailbox and the time frame that they
expected to receive the message.
1. From the Date range menu, choose the date range that is closest to the time that the missing message was
sent.
2. Use Add sender and Add recipient to add one or more senders and recipients, respectively.
3. Click Search to run the message trace.
4. The message trace results page shows all the messages that match the criteria that you selected. Typical
messages are marked Delivered under the status column.
5. To see details about a message, choose the message and select ( Details).
6. Details appear with an explanation of what happened to the message. To fix the problem, follow the
instructions in the How to fix it section.
To search for a different message, you can click the Clear button on the message trace page, and then specify new
search criteria.
View the results of a message trace that is greater than 7 days old
Message traces for items more than 7 days old are only available as a downloadable .CSV file. Because data about
older messages is stored in a different database, message traces for older messages can take up to an hour. To
download the .CSV file, do one of the following.
Click the link inside the email notification that is sent when the trace is completed.
To view a list of traces that were run for items that are more than 7 days old, click View pending or
completed traces in the message trace tool.
In the resulting UI, the list of traces is sorted based on the date and time that they were submitted, with the
most recent submissions appearing first.
When you select a specific message trace, additional information appears in the right pane. Depending on
what search criteria you specified, this may include details such as the date range for which the trace was
run, and the sender and intended recipients of the message.
NOTE
Message traces containing data that is greater than 7 days old are automatically deleted. They cannot be manually deleted.
Common questions about message trace

After a message is sent, how long before a message trace can pick it up?
Message trace data can appear as soon as 10 minutes after a message is sent, or it can take up to one hour.
Why am I getting a timeout error when I run a message trace?
The search is probably taking too long. Try simplifying your search criteria.
Why is my message taking so long to arrive to its destination?
Possible causes include the following:
The intended destination isn't responsive. This is the most likely scenario.
A large message takes a long time to process.
Latency in the service is causing delays.
The message was blocked by the filtering service.
IMCEAEX non-delivery report when you send email
messages to an internal user in Office 365
Symptoms
When you send email messages to an internal user in Microsoft Office 365, you receive an IMCEAEX non-delivery
report (NDR ) because of a bad LegacyExchangeDN reference. The IMCEAEX NDR indicates that the user no
longer exists in the environment.
Cause
This issue occurs because the value for the LegacyExchangeDN attribute changed. The auto-complete cache in
Microsoft Outlook and in Microsoft Outlook Web App (OWA) uses the value of the LegacyExchangeDN attribute
to route email messages internally. If the value changes, the delivery of email messages may fail with a 5.1.1
NDR. For example, the recipient address in the NDR resembles the following:
**IMCEAEX-
_O=MMS_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIEN
TS_CN=User6ed4e168-addd-4b03-95f5-b9c9a421957358d@mgd.domain.com**
Resolution
To resolve this issue, use the following method.
Create an X500 proxy address for the old LegacyExchangeDN attribute for the user
To create an X500 proxy address for the old LegacyExchangeDNattribute for the user, make the following changes
based on the recipient address in the NDR:
Replace any underscore character (_) with a slash character (/).
Replace "+20" with a blank space.
Replace "+28" with an opening parenthesis character.
Replace "+29" with a closing parenthesis character.
Delete the "IMCEAEX-" string.
Delete the "@mgd.domain.com" string.
Add "X500:" at the beginning.
After you make these changes, the proxy address for the example in the "Symptoms" section resembles the
following:
X500:/O=MMS/OU=EXCHANGE ADMINISTRATIVE GROUP
(FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=User-addd-4b03-95f5-b9c9a421957358d
NOTE
The most common items will be replaced. However, there may be other symbols in the LegacyExchangeDN attribute that will
also be changed from the way that they appear in the NDR. Generally, any character pattern of "+##" must be replaced with
the corresponding ASCII symbol.
If you are unfamiliar with the ASCII code in question, see ASCII Character Codes Chart 1.
Non-delivery report error codes
When Office 365 can't deliver email you sent, you'll receive an email notification called a non-delivery report. Find
your error code for specific help with getting your email delivered:
Code 4.4.7 Code 5.7.12
Code 5.1.8 Code 5.7.124
Code 5.1.10 Code 5.7.133
Codes 5.1.1 through 5.1.20 Code 5.7.134
Code 5.4.1 Codes 5.7.13 or 5.7.135
Codes 5.4.6 through 5.4.20 Code 5.7.136
Code 5.6.11 Codes 451 5.7.500-699 (ASxxx)
Code 5.7.1
Additional email help

Get help when email messages won't send
Find and fix email delivery issues as an Office 365 for business admin
Office 365 email anti-spam protection
Email in Office 365 for business - Admin Help
Recover deleted items in a user mailbox - Admin Help
My messages won't send
Fix Outlook account problems in Office 365
Message trace in the Security & Compliance Center
Troubleshoot Office 365 mail flow
Room Finder in Outlook doesn't display any
conference rooms when a user creates a meeting
Problem
When a user creates a new meeting in Microsoft Outlook, no conference rooms are listed in the Choose an
available room box in the Room Finder.
This issue may occur if the user doesn't select a room list. A room list must be selected before available rooms are
displayed in the Room Finder.
Solution
To display available rooms, select a room list from the Show a room list box.
More information
To create a room list and to add existing rooms to the room list, follow these steps:
1. Do one of the following:
In on-premises Exchange Server or in an Exchange hybrid environment, open the Exchange
Management Shell.
In Exchange Online, connect to Exchange Online by using remote PowerShell. For more information, see
Connect to Exchange Online PowerShell.
2. Run the following command to create a room list:
New-DistributionGroup <RoomListName> -RoomList -Members $Members
3. Run the following command to add existing rooms to the room list:
Add-DistributionGroupMember <RoomListName> -Member <RoomMailbox>
For more information, see Create a room list distribution group and Create and manage room mailboxes.
Modern Authentication configuration requirements
for transition from Office 365 dedicated/ITAR to
vNext
Summary
This article describes configuration requirements for Modern Authentication after a transition from Microsoft
Office 365 dedicated/ITAR to vNext, depending on Outlook version.
More Information
The configuration requirements vary, depending on the Outlook version. The following table outlines the
requirements and includes links to related articles.
ALWAYSUSEMSOAUTHF MAPI/HTTP REQUIRED

MODERN AUTH ENABLEADAL REG KEY ORAUTODISCOVER REG (REMOVE ANY BLOCKS
OUTLOOK VERSION SUPPORT REQUIRED KEY REQUIRED CURRENTLY)
Outlook 2016 Yes No Yes Yes
Outlook 2013 Yes Yes Yes Yes
Outlook 2010 No Not available Not available Not available
Important Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the
registry for restoration in case problems occur.
Outlook 2010
Modern Authentication is not supported.
Users use Basic Authentication and may be prompted multiple times for credentials.
Outlook 2013
Modern Authentication is not enabled by default.
Modern Authentication can be set by using the following registry subkeys. To do that, set
the DWORD value to 1.
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version
For more information, see Enable Modern Authentication for Office 2013 on Windows devices.
Recommend that users force Outlook to use Modern Authentication. To do that, set the DWORD value of
the following registry key to 1.
HKEY_CURRENT_USER\Software\Microsoft\Exchange\AlwaysUseMSOAuthForAutoDiscover
Outlook 2016
Modern Authentication is enabled by default.
Recommend that users force Outlook to use Modern Authentication. To do that, set the DWORD value of
the following registry key to 1.
HKEY_CURRENT_USER\Software\Microsoft\Exchange\AlwaysUseMSOAuthForAutoDiscover
For more information, see - Outlook prompts for password when Modern Authentication is enabled.
KB 3126599
MAPI/HTTP cannot be disabled. For more information, see - Outlook 2010, 2013, or 2016 may not connect
KB 2937684
using MAPI over HTTPs as expected.

Skype for Business or Lync 2013
Recommend that users enable Modern Authentication after the Skype migration is completed.
Recommend that users enable the following registry keys if you use Modern Authentication for Exchange.
To do that, set the DWORD value to 1.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Lync\
AllowAdalForNonLyncIndependentOfLync
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Lync\
AllowAdalForNonLyncIndependentOfLync
Users can't see free/busy information after a mailbox
is moved to Office 365
Symptoms
After a mailbox is moved to Microsoft Office 365, an on-premises user can't see the free/busy information for the
mailbox in Scheduling Assistant.
Also, the user can no longer view the Calendar folder, and the user receives a "Could not be updated" error.
Cause
The default permissions of the Calendar folder are set to None or Contributor. When you query free/busy
information by using Scheduling Assistant in a cross-forest scenario, the Availability service uses the organization
relationship instead of delegated user permissions. Scheduling Assistant makes cross-forest requests on behalf of
the organization relationship instead of on behalf of the user who is requesting it. The organization relationship
links to the default account that is seen in the calendar permissions. Therefore, it can't process an explicitly granted
permission such as "Free/Busy time" or "Free/Busy time, subject, location."
Workaround
When the default permissions of the Calendar folder are set to None or Contributor, details can be obtained only
when user delegation is used by attaching calendars directly to the calendar view of Outlook. In a hybrid
deployment, free/busy and calendar-sharing functionality work differently than when both users are in the same
environment. The default permissions determine the kind of free/busy information that users in a remote forest
can see. If the default permissions are set to None or Contributor, no free/busy information is displayed for
remote users, and users cannot view the mailbox calendar. This is because neither kind of permission offers any
level of free/busy visibility.
If a remote user must be able to see free/busy information for the mailbox, the mailbox owner can work around
this issue by changing the default permissions to Free/Busy time or Free/Busy time, subject, location. This
changes the free/busy information that is shared for all remote users. For example, the default permissions can be
set to Free/Busy time:
Remote users can see the free/busy data in Scheduling Assistant:
Or, remote users can see the free/busy data as an additional calendar:
A remote user can be granted Calendar folder permissions to obtain additional access to the contents of the
Calendar folder:
NOTE
Granting the Free/Busy time, subject, location (Limited Details) permission is insufficient in a hybrid environment. The
user has to be granted at least Reviewer permission to view calendar item details.
The remote user (Test User 1) can now see the mailbox Calendar folder:
More Information
For more information about cross-forest free/busy configuration, click the following article number to view the
article in the Microsoft Knowledge Base:
3079932 Users can see only basic free/busy mailbox information in a remote forest in Office 365
There are some differences with contributor permissions when you set the default calendar permissions or when
you explicitly grant a user calendar permissions. When the default calendar permissions are set, the Free/busy
setting uses None.
When a user is granted contributor rights, the permission level will automatically change to Custom. This includes
Free/Busy time.
This is expected behavior, because users who can create items in a calendar can also see the folder and view
free/busy information.
Office 365: Outlook and mobile device connectivity
troubleshooting resources
Introduction
This article contains links to technical resources and support information for troubleshooting Microsoft Outlook
connectivity and mobile device connectivity in Office 365.
Cannot connect to Exchange Online by using Outlook

Microsoft Knowledge Base articles
2459968 Outlook 2011 for Mac doesn't automatically set up your email server settings for Exchange Online in
Office 365
Help articles
Fix your Outlook email connection by repairing your profile
Poor performance
Knowledge Base articles
2413813 How to troubleshoot issues in which Outlook 2007 or Outlook 2010 crashes or stops responding
(hangs) when it's used with Office 365
2441551 Outlook performance is slow in the Office 365 environment
2646504 How to remove automappping for a shared mailbox in Office 365
Auto Account Setup fails in Office 365

2404385 Outlook can't set up a new profile by using Exchange Autodiscover for an Exchange Online mailbox in
Office 365
2427141 You can't find a user in the offline address book in Office 365
2429946 How to troubleshoot the Outlook Offline Address Book in an Office 365 environment
2710605 "Anonymous authentication enabled for virtual directory" error message when you use the Exchange
Analyzer tool to send an anonymous HTTP request from the remote server to the URL in Office 365
2710606 Error message in the Exchange Remote Connectivity Analyzer tool when you test the Outlook
Anywhere feature in an Office 365 environment: "Mutual Authentication could not be established"
Repeated password prompts in Outlook

2466333 Federated users can't connect to an Exchange Online mailbox
2637629 How to troubleshoot non-browser apps that can’t sign in to Office 365, Azure, or Intune
Cannot view free/busy information in the Outlook calendar

2555008 How to troubleshoot free/busy issues in a hybrid deployment of on-premises Exchange Server and
Exchange Online in Office 365
2581088 How to troubleshoot issues that prevent a user from viewing other users' free/busy information in
Office Outlook 2007 and in Outlook 2010 in an Office 365 environment
Cannot configure mobile devices

2427193 A mobile device can't connect to Exchange Online by using Exchange ActiveSync
2679626 Your Office 365 email account is not automatically set up on your Google Android device or on your
Apple iOS -based device through the Autodiscover service
Tools and Diagnostics wiki articles in the Office 365 Community
https://go.microsoft.com/fwlink/?linkid=2003907
The third-party products that this article discusses are manufactured by companies that are independent of
Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these
products.
Fix Outlook connection problems in Office 365 and
Exchange Online
If you're using Outlook to access your Office 365 email account or another Exchange-based email account, and
you're having problems, we want to get you back to sending and receiving email as quickly as possible.
NOTE
If you're looking for help with Outlook.com, check out Help for Outlook.com. > If you're looking for help with Outlook for
Mac, check out Outlook 2016 for Mac Help.
Let us fix your Outlook connection problems for you

We can diagnose and fix several common Outlook connectivity issues for you. If our automated tool can't fix your
issue, or you'd like to fix it yourself, see the next section.
Let us fix your issue Need more help?

Support and Recovery Contact support for business
Assistant for Office 365 products - Admin Help.
Fix software update and profile issues

Out-of-date software and corrupted Outlook profiles are two of the most common issues that can prevent you
from sending and receiving email. If you're an admin with multiple users reporting problems, you also should
check for service issues with Office 365.
Common Outlook fixes
Run Windows Update If your Outlook client software or

Windows operating system software is
out of date, you might have problems
sending and receiving email. For
Windows Update instructions, see
Windows Update: FAQ
Repair your Outlook profile An Outlook profile is a set of

configuration information that includes
your user name, password, and file
storage location. To repair your Outlook
profile, see Fix your Outlook email
connection by repairing your profile.
Check for service issues Admin only: If more than one person
in your organization is experiencing
email problems in Office 365, it could be
due to a problem with the service. Go
to the Office 365 service health
dashboard page (admin sign in
required), and check the status of the
services under Exchange Online.
Outlook can't set up a new profile by using Exchange
Autodiscover for an Exchange Online mailbox in
Office 365
Problem
When you try to set up a new mail account for Office 365 by using the Add New Account Wizard in Microsoft
Outlook, your Outlook profile isn't automatically set up. Additionally, you receive the following error message
when Outlook tries to set up the server settings for your profile:
An encrypted connection to your mail services is not available
When you test by using the Microsoft Remote Connectivity Analyzer, the following error message may be
returned:
Autodiscover cannot process the given e-mail address. Only mailboxes and contacts are allowed.
Cause
This problem occurs for one of the following reasons:
The wrong email address was entered on the Auto Account Setup page of the Add New Account Wizard in
Outlook.
The required updates for Outlook to automatically connect to Exchange Online aren't installed for the version of
Outlook that you're running.
The Autodiscover CNAME record for your domain doesn’t exist or isn’t set up correctly.
In organizations that use Active Directory synchronization, the mail, mailNickname, displayName , and
proxyAddresses attributes are not set up correctly for the synced user in the on-premises Active Directory.
NOTE
This article discusses Outlook 2016, Outlook 2013, and Exchange Online. For help in connecting to Exchange Online from a
mobile device, see Set up and use Office 365 on your phone or tablet. For help in connecting Outlook to a third-party
service, contact your third-party mail provider.
Solution
Recommended method
Method 1: Run Office 365 Support and Recovery Assistant
Use the I need help setting up my Office 365 email in Outlook** diagnostic in the Support and Recovery
Assistant (SaRA ). **Click Run when you are prompted by your browser. This diagnostic does automated checks
and returns possible solutions for you to use to try to fix any detected issues.
Additional methods
If you're using a custom domain
If Method 1 doesn't resolve the problem, and if you're using a custom domain with Office 365, use the following
methods in the order in which they're listed. If the first method doesn't resolve the problem, go to the next one.
Method 2: Upgrade to the latest version of Outlook
First, make sure that you enter the correct email address and password on the Auto Account Setup page of the Add
New Account Wizard in Outlook.
If you're using Outlook 2010 or an earlier version, upgrade to the latest version of Outlook. For more information,
see Download and install Office using Office 365 for business on your PC.
For more information about how to set up Outlook for Office 365, see the following resources:
Set up email in Outlook (for Windows)
Set up an email account in Outlook 2016 for Mac
NOTE
If this method doesn’t resolve the problem, go to Method 3.
Method 3: Make sure that the Autodiscover CNAME record is set up correctly
The Autodiscover CNAME record must exist and must be set up correctly. We strongly recommend that you set up
Exchange Autodiscover when you are using Outlook to connect to Exchange Online mailboxes. Setting up
Autodiscover and other related DNS records is required for Outlook connectivity in Exchange Online.
Administrators can use the Domain Troubleshooting Wizard in Office 365 or Microsoft Remote Connectivity
Analyzer to confirm that the records are set up correctly.
Use the Domain Troubleshooting Wizard in Office 365
To use the Domain Troubleshooting Wizard in Office 365, follow these steps.
1. Sign in to the Office 365 portal ( https://portal.office.com) by using an administrator account.
2. Click Admin to open the Microsoft 365 admin center.
3. In the left navigation pane, click Domains, select the domain name that's used by the affected user, and then
click Troubleshoot to start the wizard.
Use Microsoft Remote Connectivity Analyzer
To use Remote Connectivity Analyzer to test whether Exchange Autodiscover is working correctly, follow these
steps:
1. In a web browser, browse to the Microsoft Remote Connectivity Analyzer tool at the following website:
Remote Connectivity Analyzer
2. Complete all the required fields on the form, and then click Perform Test.
3. When the test is finished, determine whether it's successful.
If the test is successful, Autodiscover is working correctly.
If the test fails, verify that the Autodiscover service is set up correctly. For more information, see the
following resources:
If all mailboxes in your organization are in Exchange Online, add an Autodiscover CNAME record.
For more information, see Create DNS records for Office 365 at any DNS hosting provider and
External Domain Name System records for Office 365.
If you have an Exchange hybrid deployment, set up the Autodiscover public DNS records for your
existing SMTP domains to point to an on-premises Exchange server. For more information, see
Hybrid deployment prerequisites.
Method 4: Make sure that the user's attributes in Active Directory are set correctly
You can use the Get-RemoteMailbox cmdlet to determine the whether the following attributes are set correctly for
the user. Common issues occur when a value is not set for one or more of these attributes. The following is an
example of the correct attributes.
ATTRIBUTE EXAMPLE
primarySMTPAddress ted@contoso.com
alias ted
displayName Ted Bremer
emailAddresses SMTP: ted@contoso.com X400:c=us;a= ;p=First

Organization;o=Exchange;s=Bremer;g=Ted
remoteRoutingAddress ted@contoso.mail.onmicrosoft.com
To update these attributes, you can use the Set-RemoteMailbox cmdlet.

After the correct values are set for these attributes, force directory synchronization to occur, and then try to set up
the user's email account in Outlook.
If you're not using a custom domain
Method 2: Use the Add New Account Wizard in Outlook
If Method 1 doesn't resolve the problem, and you’re not using a custom domain together with Office 365, you can
use the Add New Account Wizard in Outlook to set up your Outlook profile by using the default
"onmicrosoft.com"-based email address that’s associated with users’ Exchange Online mailboxes when you signed
up for Office 365. When you use the Add New Account Wizard to set up a new mail profile, you specify your Office
365 password and your default Office 365 email address in the form of <user>@<domain>.onmicrosoft.com (for
example, kim@contoso.onmicrosoft.com).
This method is supported and works for customers who may not plan to have their own vanity or custom domain.
This method also supports Autodiscover. If your mailbox server location changes, Outlook is updated accordingly
by using the new location of your mailbox server.
More information
Microsoft doesn't support manually setting up a profile in Outlook for connectivity to mailboxes in Exchange
Online in Office 365. However, we can help you complete other tasks, such as setting up DNS and Autodiscover
records (as discussed in Method 2). This lets you set up your account through the supported methods.
References
Go to Microsoft Support and Recovery Assistant for Office 365 to solve this problem.
For more information, see the following Microsoft Knowledge Base articles:
2555008 How to troubleshoot free/busy issues in a hybrid deployment of on-premises Exchange Server and
Exchange Online in Office 365
How to troubleshoot issues that cause Outlook to
crash or stop responding when used with Office 365
Introduction
This article describes how to troubleshoot the following kinds of issues in Microsoft Outlook when it's used
together with Office 365:
Outlook stops responding (hangs).
Outlook crashes even though you aren't actively using it.
Outlook crashes when you start it.
Procedure
To help troubleshoot Outlook issues in an Office 365 environment, follow these steps.
Step 1: Investigate possible issues caused by add-ins
1. Exit Outlook.
2. Open a Run dialog box. To do this, use one of the following procedures, as appropriate to your version of
Windows:
If you're running Windows 10, Windows 8.1, or Windows 8, press the Windows logo key+R.
If you're running Windows 7, click Start, type Run in the Search box, and then click Run.
3. Type Outlook /safe, and then click OK.
4. If the issue is fixed, click Options on the File menu, and then click Add-Ins.
5. Select COM Add-ins, and then click Go.
6. Click to clear all the check boxes in the list, and then click OK.
7. Restart Outlook. If the issue doesn't occur, start adding the add-ins one at a time until the issue occurs.
Step 2: Repair Office
1. Open Control Panel, and then click Uninstall a program.
2. In the list of installed programs, right-click the entry for your Office installation, and then click Change, and
then click Online Repair.
Step 3: Run Outlook Diagnostics
1. Run the Outlook won't start automated diagnostics to fix the issues.
NOTE
Click Run when you're prompted by your browser.
2. If the tool doesn't resolve the issue, go to Windows or Look to start **Microsoft Support and Recovery
Assistant for Office 365 **(SaRA).
3. On the first screen, select Outlook, and then select Next.
4. Select any of the following options, as appropriate, and then select Next:
Outlook keeps hanging or freezing
Outlook keeps crashing with a message "Microsoft Outlook has stopped working."
SaRA runs some diagnostic checks, and returns possible solutions for you to use to try to fix Outlook
connectivity issues.
Step 4: Create a new Outlook profile
NOTE
If you ran SaRA in Step 3, and you created a new profile, you can skip all of Step 4.
1. Open Control Panel, and then click Mail.

2. Click Show Profiles.
3. Select the profile that you want to remove, and then click Remove.
IMPORTANT
Removing the profile also removes associated data files. If you're not sure whether the data files are backed up or
stored on a server, do not remove the profile. Instead, go to step 4.
4. Click Add.
5. In the Profile Name box, type a name for the new profile.
6. Specify the user name, the primary SMTP address, and the password. Then, click Next.
7. You may receive the following message: Allow this website to configure **alias@domain** server settings?
In this message, click to select the Don't ask me about this website again check box, and then click
Allow.
8. When you're prompted, enter your logon credentials, and then click OK.
9. When Setup is finished, click Finish.
Step 5: Run SaRA Advanced Diagnostics before you contact Support
This step creates detailed information about your Outlook configuration and provides solutions for any known
issues that are detected. It also gives you the option to upload your results to Microsoft so that a Support engineer
can review them before you make a Support call.
1. Click Outlook Advanced Diagnostics.
2. Click Run when you are prompted by your browser.
More information
For more info about command-line switches that are used together with Outlook, go to Command-line switches
for Microsoft Office products.
Office 365 users can't open or view attachments in
Outlook Web App
Problem
When Office 365 users try to open or view attachments in email messages in Outlook Web App, they experience
the following symptoms:
In Office 365, the attachment isn't displayed in the message. Instead, a generic placeholder, such as “1
Attachment” is displayed, and this can't be opened.
When users try to view attachments in Office 365, they receive the following error message: Access to
attachments has been blocked. Blocked attachments: .
Cause
This issue occurs if the attachment is blocked by Outlook Web App. By default, Outlook Web App blocks
attachments that have the following file name extensions:
.vsmacros, .msh2xml, .msh1xml, .ps2xml, .ps1xml, .mshxml, .gadget, .mhtml, .psc2, .psc1, .msh2,.msh1, .aspx, .xml,
.wsh, .wsf, .wsc, .vsw, .vst, .vss, .vbs, .vbe, .url, .tmp, .shs, .shb, .sct,.scr, .scf, .reg, .pst, .ps2, .ps1, .prg, .prf, .plg, .pif, .pcd,
.ops, .mst, .msp, .msi, .msh,.msc, .mht, .mdz, .mdw, .mdt, .mde, .mdb, .mda, .maw, .mav, .mau, .mat, .mas, .mar, .maq,
.mam,.mag, .maf, .mad, .lnk, .ksh, .jse, .its, .isp, .ins, .inf, .htc, .hta, .hlp, .fxp, .exe, .der,.csh, .crt, .cpl, .com, .cmd, .chm, .cer,
.bat, .bas, .asx, .asp, .app, .adp, .ade, .ws, .vb, .js
SOLUTION
Change the Outlook Web App mailbox policy to include and exclude the file types that you want. For more
information about how to do this, see the “Add or remove file types from file access lists” section of the following
Microsoft website:
View and customize settings in Outlook Web App mailbox policies
The following is an example of the Windows PowerShell commands to remove the .xml file type from the
BlockedFileTypes and BlockedMimeTypes lists and add it to the AllowedFileTypes and AllowedMimeTypes lists:
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -BlockedFileTypes @{Remove = ".xml"}

Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -AllowedFileTypes @{Add = ".xml"}
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -BlockedMimeTypes @{Remove = "text/xml", "application/xml”}
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy –AllowedMimeTypes @{Add = "text/xml", "application/xml”}
Things to consider:
It may take several minutes before changes to the Outlook Web App policy take effect.
Be aware that by changing the Outlook Web App mailbox policy to include file types that are blocked by default,
you may make your system more vulnerable to security threats.
Workaround
Direct users to compress the files that they intend to send (for example, as a .zip file) and then send the compressed
files as attachments.
More information
The time zone setting in Outlook Web App in Office
365 is set incorrectly to "(UTC) Monrovia, Reykjavik"
Problem
A Microsoft Office 365 user says that the time zone setting in Microsoft Outlook Web App is incorrect. Instead of
being set to the user's current time zone, the time zone setting is set to (UTC ) Monrovia, Reykjavik.
Cause
This issue occurs if the user didn't set the time zone to the correct setting when he or she first signed in to Outlook
Web App.
The first time that a user signs in to Outlook Web App, the user has to set his or her current time zone. If the user
doesn't set the time zone, the time zone is set to (UTC ) Monrovia, Reykjavik. There's no method for admins to
set up the time zone setting in advance in Outlook Web App for all users.
The following screen shot shows the Outlook Web App sign-in screen in Office 365.
Solution
Change the time zone to the correct setting in Outlook Web App. To do this, follow these steps.
1. Sign in to Outlook Web App, click Settings, and then click Options.
2. In the left navigation pane, click Settings, and then click Regional.
3. In the Current time zone box, click the arrow, and then click the correct time zone setting.
4. Click Save.
More information
For more information about how to set the time zone in Outlook Web App, see Regional settings.
For more information about incorrect time zone information in read receipts, see the following Microsoft
Knowledge Base article:
2800633 Read receipt from an Office 365 recipient displays incorrect time zone information
Read receipt from an Office 365 recipient displays
incorrect time zone information
Problem
When an Office 365 user sends an email message to another Office 365 user by using Microsoft Outlook or
Microsoft Outlook Web App, the message requests a read receipt. After the recipient reads the message, the read
receipt that the sender receives displays a different time zone from the actual time zone setting of the sender. For
example, the read receipt shows a time zone of (UTC ) Monrovia, Reykjavik.
Cause
Office 365 doesn't have access to the time zone of the client computer. The time zone that's used to create the read
receipt is taken from the Exchange Online server instead of from the client computer. Therefore, the read receipt
displays the date and the time based on the time zone setting of the Exchange Online server.
More information
In Office 365, the date and time of read receipts is based on the time zone setting of the Exchange Online server.
Because Office 365 is a cloud service, and users can be in any one of 24 different time zones, the time stamp uses
Coordinated Universal Time (UTC ).
For example, if you're the sender and your time zone setting is set to (UTC -06:00) Central Time (US & Canada),
you have to subtract 6 hours from the UTC time that's on the read receipt to reflect the time in your time zone.
UTC is the primary time standard by which the world regulates clocks and time. UTC is one of several closely
related successors to Greenwich Mean Time (GMT).
Changes in message store and throttling for
concurrent connections
Summary
This article describes improvements that are being made to the SMTP Authenticated Submission client protocol
that will be rolled out beginning September 1, 2018.
This protocol is used by applications, services, and devices to automatically send email messages.
Changes being implemented

Messages stored in the Sent Items folder
Email messages that are sent out will be stored in the Sent Item folder of the mailbox that is used. This behavior
lets the user determine which email messages are sent by a multifunction device, and makes it easier to
troubleshoot issues.
NOTE
Be aware that the Sent Items folder contributes to the mailbox size. If the mailbox gets full, sending email messages will be
blocked. For a mailbox that sends a high volume of email messages, the retention policy for the Sent Items folder should be
set to empty the folder before the mailbox becomes full.
Depending on the application or device that sends email messages, you may experience one of the following errors
if the mailbox becomes full:
554 5.2.2 mailbox full;
STOREDRV.Submission.Exception:QuotaExceededException.MapiExceptionShutoffQuotaExceeded
554 5.2.2 mailbox full;
STOREDRV.Submission.Exception:QuotaExceededException.MapiExceptionQuotaExceeded
New throttling limit for concurrent connections that submit messages
The service has various limits to prevent abuse and to ensure fair use. An additional limit is being added. Under the
new limit, up to three concurrent connections are allowed to send email messages at the same time. If an
application tries to send more than three messages at the same time by using multiple connections, each
connection will receive the following error message:
432 4.3.2 STOREDRV.ClientSubmit; sender thread limit exceeded
Additional throttling limits for the SMTP Authentication protocol are:
30 messages per minute
Recipient rate limit of 10,000 recipients per day
Exceeding these limits causes the following error:
554 5.2.0 STOREDRV.Submission.Exception:SubmissionQuotaExceededException
This change for concurrent connections will better protect the service from large bursts of email messages that are
sent by automated systems within a short time period. This change will not affect most SMTP Authenticated**
**Submission users who only send from one email client or multifunction device for a given mailbox.
In case any application or device is throttled, the application or device should be designed to retry submitting
messages to make sure that the messages get sent. This change will just result in a small delay to any messages
that are throttled. If you cannot accept this change, you have several options:
Use a different mailbox for each application or device.
If an application sends messages such as newsletters, batching can be used. Or, you can send messages to a
distribution list instead of to individual recipients because this is much more efficient and avoids throttling.
If timing is very important (for example, for an alert system that generates multiple alerts at the same time), use
of a third-party email delivery service may be necessary in extreme cases.
New behavior when submitting messages

These changes to the protocol will cause messages to take a new route through our service. Therefore, minor
changes to submission behavior could occur because some printers and devices send messages that don’t fully
comply with the industry standard for email, RFC 5322.
For example, submission behavior could change if the Reply or Mail From address isn't surrounded by angle
brackets ("<" and ">") or if the sender display name contains an invalid character, such as the at sign (@), that isn't
surrounded by quotation marks. Printers or devices that don't fully adhere to the RFC standard can generate
sending errors.
This can often be fixed by updating the settings on the device or printer by adding angle brackets ("<" and
">") around the Reply or Mail From address.
Additionally, messages might arrive at the recipient with a different display name than they did before the change.
Messages that are sent by using SMTP Authenticated Submission protocol will now behave in the same way as
other submission protocols in Office 365, such as the protocol that is used when emails are sent by using Outlook
on the web. As a result, the sender’s Office 365 display name will now be shown as part of the From address.
To change the sender’s display name that message recipients will see, you can change the Display Name setting on
the sender’s mailbox to the desired display name.
Reference
For more information about the change, see the following Microsoft Exchange Team Blog article:
Changes coming to the SMTP Authenticated Submission client protocol
Messages sent from a shared mailbox aren't saved to
the Sent Items folder of the shared mailbox in
Outlook
Problem
Assume that you're using Microsoft Outlook 2010 or a later version, and you've been delegated permission to send
email messages as another user or on behalf of another user from a shared mailbox. However, when you send a
message as another user or on behalf of the user, the sent message isn't saved to the Sent Items folder of the
shared mailbox. Instead, it's saved to the Sent Items folder of your mailbox.
Cause
In Office 365, shared mailboxes don't require a license and can't be added to Outlook as an independent mailbox.
You can't sign in to a shared mailbox. Instead, you sign in to your own mailbox, and then you open the shared
mailbox. When you send or reply to a new message from the shared mailbox, Outlook automatically sends or
replies from the sender's account. Therefore, messages are stored in the Sent Items folder of the sender's mailbox.
Solution
IMPORTANT
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you
modify it, back up the registry for restoration in case problems occur.
To work around this issue, use one of the following methods.

Method 1: Set the DelegateSentItemsStyle registry value on the Outlook client
NOTE
Outlook must be configured to run in cached mode for this option to work correctly. For more information, see the following
Microsoft Knowledge Base article:
2703723 Email remains in the Outbox when you use the DelegateSentItemsStyle registry value
If you're running Outlook 2010, install the Outlook 2010 hotfix package that's dated December 14, 2010. Then,
follow these steps.
For more information about this hotfix package, see the following Microsoft Knowledge Base article:
2459115 Description of the Outlook 2010 hotfix package (outlook-x-none.msp): December 14, 2010
NOTE
If you're running Outlook 2013 or a later version, you don't have to install any hotfix.
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Office\x.0\Outlook\Preferences
NOTE
The x.0 placeholder represents your version of Office (16.0 = Office 2016, 15.0 = Office 2013, 14.0 = Office 2010).
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type DelegateSentItemsStyle, and then press Enter.
5. Right-click DelegateSentItemsStyle, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Exit Registry Editor.
Method 2: Configure the mailbox to save a copy of the message to the Sent Items folder of the shared mailbox
in Exchange Online or in on-premises Exchange Server
Exchange Online in Office 365 or Exchange Server 2013 Cumulative Update 9 or later update
Cumulative Update 9 for Exchange Server 2013 introduced a new feature that lets administrators configure the
Sent Items folder to which a message is copied. For more information, see Exchange Blog - Want more control
over Sent Items when using shared mailboxes?
Exchange Server 2010 Service Pack 2 Update Rollup 4 or later update
Update Rollup 4 for Exchange Server 2010 Service Pack 2 introduced a new Exchange PowerShell cmdlet to
configure the Sent Items folder to which a message is copied. Because this new feature is handled by the server
that's running Exchange Server, Outlook can be configured in online mode or cached Exchange mode. However,
this feature works only if the Outlook DelegateSentItemsStyleregistry value is disabled.
For more information about the Set-MailboxSentItemsConfiguration cmdlet, see the following Microsoft
Knowledge Base article:
2632409 Messages sent by using the "Send As" and "Send on behalf" permissions are only copied to the Sent
Items folder of the sender in an Exchange Server 2010 environment
NOTE
The MessageCopyForSentAsEnabled and MessageCopyForSendOnBehalfEnabled settings are not supported if the user
mailbox and shared mailbox are located in different environments (cloud and on-premises). The settings are supported only if
both mailboxes are in the same environment (cloud or on-premises).
More information
Still need help? Go to Microsoft Community or the Exchange TechNet forums.

Exchange Online Troubleshooting Tips

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Exchange Online Troubleshooting Tips

Uploaded by

Copyright:

Available Formats

Contents

Exchange Online Troubleshooting

Set-CASMailbox alias -ActiveSyncDebugLogging:$true

3. Reproduce the behavior that you want to capture.

Get-MobileDeviceStatistics -Mailbox alias -GetMailboxLog:$true -NotificationEmailAddresses

New-RetentionPolicyTag "ArchiveTag" –Type All –RetentionEnabled $true –AgeLimitForRetention 90 –RetentionAction

New-RetentionPolicy "CorpPolicy" –RetentionPolicyTagLinks "ArchiveTag"

Set-Mailbox <mailbox> -RetentionPolicy "CorpPolicy"

Start-ManagedFolderAssistant –Identity <mailbox>

How to update contact information

How administrators can update users' contact information

Remove-MailboxPermission -Identity MailboxAccount -User UserAccount -AccessRights FullAccess -Confirm:$false

Remove-MailboxPermission -Identity MailboxAccount -User UserAccount -AccessRights FullAccess -Confirm:$false –

Enable or disable POP3 for an Exchange Online mailbox

Set-CASMailbox <Alias,Primary SMTP, or UPN> -PopEnabled $True

To disable POP3 for a specific user, run the following cmdlet:

Set-CASMailbox <Alias, Primary SMTP, or UPN> -PopEnabled $False

Enable or disable IMAP for an Exchange Online mailbox

Set-CASMailbox <Alias, Primary SMTP, or UPN> -ImapEnabled $True

To disable IMAP for a specific user, run the following cmdlet:

Set-CASMailbox <Alias, Primary SMTP, or UPN> -ImapEnabled $False

Enable or disable MAPI for an Exchange Online mailbox

Set-CASMailbox <Alias, Primary SMTP, or UPN> -MAPIEnabled $True

Set-CASMailbox <Alias, Primary SMTP, or UPN> -MAPIEnabled $False

Enable or disable Outlook Web App for an Exchange Online mailbox

Set-CASMailbox <Alias, Primary SMTP, or UPN> -OWAEnabled $True

Set-CASMailbox <Alias, Primary SMTP, or UPN> -OWAEnabled $False

Enable or disable Exchange ActiveSync for an Exchange Online mailbox

Set-CASMailbox <Alias, Primary SMTP, or UPN> -ActiveSyncEnabled $True

Set-CASMailbox <Alias, Primary SMTP, or UPN> -ActiveSyncEnabled $False

Set-CASMailbox <Alias, Primary SMTP, or UPN> -EWSEnabled $True

Set-CASMailbox <Alias, Primary SMTP, or UPN> -EWSEnabled $False

Still need help? Go to Microsoft Community.

For more information about this cmdlet, see Set-MailboxAutoReplyConfiguration.

+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [].

Import-PSSession : Cannot validate argument on parameter 'Session'. The argument is null.

+ Import-PSSession < < < < $Session

+ CategoryInfo : Invalid Data: (:) [Import-PSSession], ParameterBindingValidationException

FEATURE AND SERVER NAME(CORRECT

Autodiscover (CName 443 autodiscover.outlook.c Create DNS records at

Exchange ActiveSync 443 outlook.office365.com Set up a mobile device

POP3 995 outlook.office365.com Settings for POP and

IMAP4 993 outlook.office365.com Settings for POP and

SMTP 587 smtp.office365.com Settings for POP and

6. Try to connect to Exchange Online again.

For Exchange 2013 and later versions

Get-SendConnector "outbound to office 365").SourceTransportServers | foreach {get-transportservice $_.name} |

Date/Time,Outbound to office 365,SessionID,SequenceNumber,LocalEndpoint,RemoteEndpoint,<,220 2.0.0 SMTP

If a connector already exists, select it, and then click (Edit).

Step 3: Configure your on-premises environment

To resolve this problem, use one or more of the following methods.

Get-Mailbox | Set-Mailbox –RoleAssignmentPolicy “ <Name of Policy> ”

Set-DistributionGroup <NameOfGroup> -ManagedBy "Admin@contoso.com" -BypassSecurityGroupManagerCheck

To add a user to a group, use the Add-DistributionGroupcmdlet, as in the following example:

Add-DistributionGroupMember -Identity <NameOfGroup> -Member user@contoso.com

Remove-DistributionGroupMember -Identity <NameOfGroup> -Member user@contoso.com

Get-DistributionGroupMember -identity <NameOfGroup>|fl DisplayName,WindowsLiveID,RecipientType

Set-DistributionGroup <group> -ManagedBy @{Add="<value1>", "<value2>", …} -

Set-DistributionGroup Accounting -ManagedBy @{Add="<Alias>"} -BypassSecurityGroupManagerCheck

After you do this, you'll be able to change the distribution group.

Set-MailContact -Identity "Contact name" -Alias @{remove="alias@contoso.com"}

Set-DistributionGroup -Identity "List name" -Alias @{remove="alias@contoso.com"}