“Remote host said: 550 5.4.1 Relay Access Denied” nondelivery report error when people who are external to your organization send mail to Office 365 users”

 

Based on my experience, this problem can occur when you newly add your domain into Office 365 and the domain information has not been provisioned properly in FOPE(Forefront Online Protection for Exchange)

To help to resolve this problem, please try following steps and check if the problem can be fixed.

Step 1:

Open PowerShell with the Administrator account by going to the main menu. The path to it is “All Programs\Accessories\Windows PowerShell\Windows PowerShell (x86) or Windows PowerShell. It doesn’t matter which one. Right Click it and select “Run As Administrator”.

At the command line type or paste: (right click to paste in the command line shell)
get-executionpolicy
press enter to execute. It should say “RemoteSigned”. If not then type or paste:
set-executionpolicy remotesigned
and press enter. It will show the following;

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic. Do you want to change the execution
policy?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"):

Type “Y” and press enter to change the Execution Policy to RemoteSigned.
This makes changes to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell in the registry.
Now we’re ready for the good stuff.

Step 2:
In the command line type or paste:
$LiveCred = Get-Credential

This will open a logon dialog “Windows PowerShell Credential Request”. Enter the email address of a user account that is an administrator for your Office 365 account and its password. This stores these credentials for doing the “Send As’ setup.
$LiveCred dialog window

Step 3:
Type or paste this in the command line
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

Step 4:
(If you installed the “Microsoft Online Services Module” then you can skip this step. If you’re not sure then do it anyhow.)
Type or paste in the command line
Import-PSSession $Session

This downloads the scripts for administrating Office 365 from PowerShell.

 

Step 5:
Use the following Windows PowerShell commands to force FOPE to recognize your Office 365 domain.

Set-AcceptedDomain domain -OutboundOnly $true
Set-AcceptedDomain domain -OutboundOnly $false

Note Replace domain with the vanity domain that you want to use.

It will take 30 to 45 minutes for propagation to all edge servers.

 

 

—-   additional info from real case —-

I would like to help understanding issue and issue resolution.

 

You had BPOS account before, when you were transferred to office365 from BPOS, domain was deleted with BPOS admin portal on the back ground. This resulted into domain being disabled in FOPE under BPOS tenant. Now you have verified domain with office365 because of which we have duplicate domain entries in office 365 FOPE admin center.

 

Please find the screenshot where it shows that BPOS domain was in disable status.

 

 

I have been able to get this domain being removed from Old BPOS account. I Request you to follow these steps to resolve the issue.

Command:- To Connect Powershell to the  Office365 Environment:

$LiveCred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

set-executionpolicy unrestricted

Import-PSSession $Session

 

Command: To change the Duplicate domain name to the actual one:

Set-AcceptedDomain example.com -OutboundOnly $true

Set-AcceptedDomain example.com -OutboundOnly $false

 

Leave a Reply