Troubleshooting Email Delivery in Exchange 2019 / SE Hybrid

 

Troubleshooting Email Delivery in Exchange Hybrid

A Complete Guide: Message Trace, Protocol Logs, and Real-World Error Resolution

Exchange 2019 Hybrid | Exchange Online | May 2026

 

1. Understanding the Hybrid Mail Flow Architecture

In an Exchange Hybrid environment, mail flows through multiple components depending on the direction. Understanding this architecture is the foundation of any troubleshooting effort.

 

Direction	Flow Path	Key Components
EXO → On-Prem	EXO → MX/Smarthost → Edge/Mailbox → Recipient	Outbound Connector in EXO, Receive Connector on Edge/Mailbox
On-Prem → EXO	Mailbox → Send Connector → EXO Protection	Send Connector with SmartHost, TLS Certificate
On-Prem → Internet	Mailbox → Send Connector → Internet	Internet Send Connector with DNS Routing
Internet → On-Prem	Internet → MX Record → Edge/Mailbox	MX Record, Receive Connector, Port 25 Forwarding

 

2. Protocol Log — Enabling, Paths, and Reading

2.1 What are Protocol Logs?

Protocol logs record every SMTP conversation between Exchange servers. They capture the full SMTP dialogue including EHLO, STARTTLS, MAIL FROM, RCPT TO, DATA, and response codes. They are the most powerful diagnostic tool available for mail flow issues.

 

2.2 Types of Protocol Logs

Log Type	Server	Path	Purpose
SmtpReceive	Mailbox/Edge	TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive	Inbound SMTP connections
SmtpSend	Mailbox/Edge	TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpSend	Outbound SMTP connections
Hub SmtpReceive	Mailbox	TransportRoles\Logs\Hub\ProtocolLog\SmtpReceive	Internal Hub receive
Hub SmtpSend	Mailbox	TransportRoles\Logs\Hub\ProtocolLog\SmtpSend	Internal Hub send
Edge SmtpReceive	Edge	TransportRoles\Logs\Edge\ProtocolLog\SmtpReceive	Edge inbound
Edge SmtpSend	Edge	TransportRoles\Logs\Edge\ProtocolLog\SmtpSend	Edge outbound

 

2.3 Enabling Protocol Logging

Protocol logging must be enabled on both Receive and Send connectors. By default it is set to None.

 

Enable on Receive Connectors (Mailbox Server):

# Enable on Default Frontend connector Set-ReceiveConnector 'Default Frontend CMHYBD01' -ProtocolLoggingLevel Verbose   # Enable on all receive connectors at once Get-ReceiveConnector | Set-ReceiveConnector -ProtocolLoggingLevel Verbose   # Verify Get-ReceiveConnector | Select Name, ProtocolLoggingLevel | Format-List

 

Enable on Send Connectors (Mailbox Server):

# Enable on Outbound to Office 365 Set-SendConnector 'Outbound to Office 365' -ProtocolLoggingLevel Verbose   # Enable on all send connectors Get-SendConnector | Set-SendConnector -ProtocolLoggingLevel Verbose   # Verify Get-SendConnector | Select Name, ProtocolLoggingLevel | Format-List

 

Enable on Edge Server:

# On Edge - enable receive connector logging Set-ReceiveConnector 'Default internal receive connector CMEDGE01' -ProtocolLoggingLevel Verbose   # Set log path explicitly Set-TransportService cmedge01 -ReceiveProtocolLogPath 'C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Edge\ProtocolLog\SmtpReceive'   # Restart transport to apply Restart-Service MSExchangeTransport

 

TIP: Important Always restart MSExchangeTransport after changing protocol logging settings to ensure the changes take effect immediately.

 

2.4 Finding and Reading Protocol Logs with Tail Command

The -Tail parameter in Get-Content shows only the last N lines of a log file, which is the most efficient way to read large protocol logs in real time.

 

Get the Latest Log File and Read Last 30 Lines:

# Define the log path $logPath = 'C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive'   # Get the most recent log file $latest = Get-ChildItem $logPath | Sort LastWriteTime -Descending | Select -First 1   # Read last 30 lines Get-Content $latest.FullName -Tail 30   # Watch log in REAL TIME (like Linux tail -f) Get-Content $latest.FullName -Tail 10 -Wait

 

Read Send Protocol Log:

$sendLog = 'C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpSend' $latest = Get-ChildItem $sendLog | Sort LastWriteTime -Descending | Select -First 1 Get-Content $latest.FullName -Tail 50

 

TIP: Tail Limitation The -Tail parameter reads from the END of the file. For very large log files, use -Wait to monitor in real time. Note that a new log file is created each hour, so always get the latest file first using Sort LastWriteTime -Descending | Select -First 1.

 

2.5 Understanding Protocol Log Format

Each line in a protocol log contains these fields separated by commas:

 

Field	Description	Example
date-time	UTC timestamp	2026-05-01T06:06:57.291Z
connector-id	Connector handling the session	CMHYBD01\Default Frontend CMHYBD01
session-id	Unique session identifier	08DEA74796A6E2C8
sequence-number	Line number in session	21
local-endpoint	Local IP:Port	192.168.1.4:25
remote-endpoint	Remote IP:Port	40.93.131.26:31611
event	+,-,>,<,*	+ = connected, - = disconnected, > = sent, < = received, * = info
data	SMTP command or response	250 2.6.0 Queued mail for delivery
context	Additional info	TLS negotiation succeeded

 

Reading a Real Session from Our Lab:

# Example of a successful EXO → On-Prem delivery session: 2026-05-01T06:06:57.291Z,...,0,192.168.1.4:25,40.93.131.26:31611,+,,              # EXO connected 2026-05-01T06:06:57.291Z,...,1,...,>,220 cmhybd01... ESMTP MAIL Service ready      # Banner sent 2026-05-01T06:06:57.291Z,...,2,...,<,EHLO PNYPR01CU001.outbound.protection...      # EXO says hello 2026-05-01T06:06:57.291Z,...,3,...,>,250 ... STARTTLS ...                          # We offer TLS 2026-05-01T06:06:57.291Z,...,4,...,<,STARTTLS                                      # EXO starts TLS 2026-05-01T06:06:57.291Z,...,5,...,*,TLS negotiation succeeded                     # TLS established 2026-05-01T06:06:57.291Z,...,22,...,>,250 2.6.0 Queued mail for delivery           # Mail accepted!

 

2.6 Exporting Protocol Logs to CSV

For detailed analysis or sharing with Microsoft support, export protocol logs to CSV format:

 

# Export a specific protocol log to CSV $logPath = 'C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive' $latest = Get-ChildItem $logPath | Sort LastWriteTime -Descending | Select -First 1   # Import as CSV (skip header lines starting with #) $log = Get-Content $latest.FullName | Where-Object {$_ -notmatch '^#'} | ConvertFrom-Csv -Header 'DateTime','ConnectorId','SessionId','SequenceNumber','LocalEndpoint','RemoteEndpoint','Event','Data','Context'   # Filter for specific session or error $log | Where-Object {$_.Data -like '*550*' -or $_.Data -like '*fail*'} | Export-Csv 'C:\Logs\smtp_errors.csv' -NoTypeInformation   # Export all TLS failures $log | Where-Object {$_.Context -like '*TLS*' -or $_.Data -like '*454*'} | Export-Csv 'C:\Logs\tls_issues.csv' -NoTypeInformation   # Export specific IP session $log | Where-Object {$_.RemoteEndpoint -like '*40.93.*'} | Export-Csv 'C:\Logs\exo_sessions.csv' -NoTypeInformation

 

 

3. Message Tracking Logs

3.1 What is Message Tracking?

Message tracking logs record every message event as it passes through the Exchange transport pipeline. Unlike protocol logs (which show SMTP conversations), message tracking shows high-level events like RECEIVE, SUBMIT, DELIVER, SEND, FAIL, and REDIRECT.

 

3.2 Message Tracking Event Types

Event	Description	What It Means
RECEIVE	Message received by transport	Mail entered the transport pipeline
SUBMIT	Message submitted to transport	Mail submitted from mailbox store
DELIVER	Message delivered to mailbox	Mail successfully delivered
SEND	Message sent to next hop	Mail handed off to next server
FAIL	Delivery failed	Mail could not be delivered
REDIRECT	Message redirected	Mail redirected by rule or policy
RESOLVE	Recipient resolved	Recipient address resolved in AD
EXPAND	Distribution group expanded	DL membership expanded
DEFER	Delivery deferred	Temporary delivery failure, will retry
DROP	Message dropped	Mail dropped by policy or filter

 

3.3 Message Tracking Commands

Basic Message Tracking:

# Get all events in last 30 minutes Get-MessageTrackingLog -Start (Get-Date).AddMinutes(-30) | Select Timestamp, EventId, Source, MessageSubject, RecipientAddress | Format-List   # Filter by specific event type Get-MessageTrackingLog -Start (Get-Date).AddMinutes(-30) -EventId DELIVER | Select Timestamp, MessageSubject, RecipientAddress | Format-List   # Find failed messages Get-MessageTrackingLog -Start (Get-Date).AddHours(-2) -EventId FAIL | Select Timestamp, MessageSubject, RecipientAddress, RecipientStatus | Format-List   # Search by subject Get-MessageTrackingLog -MessageSubject 'Test Email' -Start (Get-Date).AddHours(-1) | Format-List   # Search by sender Get-MessageTrackingLog -Sender 'user@domain.com' -Start (Get-Date).AddHours(-1) | Format-List   # Search by recipient Get-MessageTrackingLog -Recipients 'user@domain.com' -Start (Get-Date).AddHours(-1) | Format-List

 

Export Message Tracking to CSV:

# Export last 24 hours of failed deliveries to CSV Get-MessageTrackingLog -Start (Get-Date).AddHours(-24) -EventId FAIL | Select Timestamp, EventId, Source, MessageSubject, SenderAddress, RecipientAddress, RecipientStatus | Export-Csv 'C:\Logs\failed_deliveries.csv' -NoTypeInformation   # Export all events for a specific sender Get-MessageTrackingLog -Sender 'raghu@cloudmonkeys.xyz' -Start (Get-Date).AddDays(-1) | Export-Csv 'C:\Logs\sender_trace.csv' -NoTypeInformation   # Quick summary of mail flow Get-MessageTrackingLog -Start (Get-Date).AddHours(-1) | Group-Object EventId | Select Name, Count | Sort Count -Descending

 

3.4 Exchange Online Message Trace

In Exchange Online, use Get-MessageTrace or the EAC Message Trace tool to trace mail flow within EXO.

 

# Connect to Exchange Online Connect-ExchangeOnline -UserPrincipalName admin@cloudmonkeys.xyz   # Basic message trace Get-MessageTrace -SenderAddress 'raghu@cloudmonkeys.xyz' -StartDate (Get-Date).AddHours(-2) | Format-List Subject, Status, ToAddress, Received   # Trace by recipient Get-MessageTrace -RecipientAddress 'ramki@cloudfield.onmicrosoft.com' -StartDate (Get-Date).AddHours(-2) | Format-List   # Get detailed trace events $trace = Get-MessageTrace -SenderAddress 'raghu@cloudmonkeys.xyz' -StartDate (Get-Date).AddHours(-2) | Select -First 1 Get-MessageTraceDetail -MessageTraceId $trace.MessageTraceId -RecipientAddress $trace.RecipientAddress | Format-List   # Export to CSV Get-MessageTrace -StartDate (Get-Date).AddHours(-24) -EndDate (Get-Date) | Export-Csv 'C:\Logs\exo_trace.csv' -NoTypeInformation

 

 

4. Queue Management and Troubleshooting

4.1 Checking Mail Queues

# View all queues Get-Queue   # View queue details Get-Queue -Identity 'cmhybd01\6' | Format-List *   # View messages in a specific queue Get-Message -Queue 'cmhybd01\6' | Format-List FromAddress, Recipients, Status, LastError   # Count messages per queue Get-Queue | Select Identity, Status, MessageCount, NextHopDomain, LastError | Format-Table

 

4.2 Queue Status Types

Status	Meaning	Action
Active	Messages being delivered	Normal — no action needed
Ready	Queue ready, waiting for messages	Normal
Retry	Temporary failure, will retry	Check LastError for reason
Suspended	Queue manually suspended	Resume with Resume-Queue
Unreachable	No connector found for domain	Check send connector address spaces

 

4.3 Queue Retry and Resubmit Commands

# Retry a specific queue Retry-Queue -Identity 'cmhybd01\6'   # Retry and resubmit (reprocess from scratch) Retry-Queue -Identity 'cmhybd01\6' -Resubmit $true   # Retry all queues Get-Queue | Retry-Queue   # Resume a suspended queue Resume-Queue -Identity 'cmhybd01\6'   # Suspend a queue (stop delivery) Suspend-Queue -Identity 'cmhybd01\6'   # Remove all messages from a queue Remove-Message -Queue 'cmhybd01\6' -WithNDR $false -Confirm:$false

 

 

5. Real-World Errors Encountered and Resolved

The following section documents every error encountered during a real Exchange 2019 Hybrid lab troubleshooting session, along with the exact fix applied. All errors and fixes are taken directly from live diagnostic sessions.

 

Error 1: Mail Stuck in Drafts — Never Entering Queue

ERROR: Mail never leaves Outlook/OWA — Get-Queue shows Submission with 0 messages Symptom: Mail sent from on-prem mailbox goes to Sent Items but never appears in transport queue

 

Diagnosis Steps:

Get-Queue Get-Service MSExchangeTransport, MSExchangeSubmission | Select Name, Status Get-MailboxDatabase -Status | Select Name, Mounted, Server

FIX: Check and Restart Transport Services Restart-Service MSExchangeSubmission Restart-Service MSExchangeTransport Verify all MSExchange* services are Running

 

Error 2: EdgeSync LDAP Unavailable

ERROR: Test-EdgeSynchronization -FullCompareMode returns SyncStatus: Failed FailureDetail: EdgeSync service cannot connect to this subscription because of error 'The LDAP server is unavailable.' CredentialRecords: Number of credentials 0

 

Root Cause: The ADAM (AD LDS) database on the Edge server was corrupt or empty. CredentialRecords showing 0 confirmed the bootstrap credential exchange never completed.

# Verify ADAM is running Get-Service ADAM_MSExchange | Select Name, Status   # Test LDAP port connectivity from Mailbox server Test-NetConnection -ComputerName cmedge01.cloudmonkeys.xyz -Port 50389 Test-NetConnection -ComputerName cmedge01.cloudmonkeys.xyz -Port 50636   # Test ADAM database access $root = [ADSI]'LDAP://localhost:50389/CN=MSExchangeTransportService,CN=First Organization,...' $root.PSBase.Children | Select Name, ObjectClass # Error: 'An operations error occurred' = ADAM database corrupt

FIX: Re-subscribe Edge Server 1. Remove-EdgeSubscription -Identity cmedge01 -Confirm:$false 2. New-EdgeSubscription -FileName 'C:\EdgeSub.xml' -Force (on Edge) 3. Copy XML to Mailbox server 4. New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path 'C:\EdgeSub.xml' -Encoding Byte -ReadCount 0)) -Site 'Default-First-Site-Name' 5. Start-EdgeSynchronization -Server CMHYBD01

 

Error 3: ADAM Service Fails to Start After Database Deletion

ERROR: EventID 7023: ADAM service terminated with error %%3221225487 (0xC000000F) The system cannot find the file specified — ADAM database files were deleted but ADAM cannot reinitialize from scratch

FIX: Reinstall ADAM Instance Using Exchange Answer File 1. Run adamuninstall.exe /instancename:MSExchange /unattend 2. Populate AdamInstallAnswer.ini with correct values from registry 3. Run adaminstall.exe /answer:AdamInstallAnswer.ini /quiet 4. If still failing, reinstall Edge Transport role via Setup.exe

 

Error 4: Exchange Setup Fails — Missing Registry Keys

ERROR: Setup Step 6 of 8 fails: The registry key 'SOFTWARE\Microsoft\ExchangeServer\v15\Transport' does not exist Setup.exe /Mode:Install /Roles:EdgeTransport fails partway through when registry was previously cleaned

FIX: Create Required Registry Keys Before Setup reg add 'HKLM\SOFTWARE\Microsoft\ExchangeServer\v15\Transport' /f reg add 'HKLM\SOFTWARE\Microsoft\ExchangeServer\v15\Pickup' /f reg add 'HKLM\SOFTWARE\Microsoft\ExchangeServer\v15\Gateway' /f (repeat for all required subkeys)

 

Error 5: ASDat.MSI Installation Fails with Error 1603

ERROR: Installing product ASDat.MSI failed. Fatal error. Error code 1603 Anti-spam MSI package corrupt or broken Windows Installer registration from previous failed install

FIX: Pre-install Hygiene MSIs from Exchange ISO 1. Find MSIs: E:\Setup\ServerRoles\TransportRoles\agents\Hygiene\ 2. Copy ASDat.MSI, ASEntIRS.MSI, ASEntSig.MSI to local path 3. msiexec.exe /i ASDat.MSI ALLUSERS=1 /qn 4. Repeat for ASEntIRS.MSI and ASEntSig.MSI 5. Re-run Exchange setup

 

Error 6: EXO Connector Validation Fails — SubjectMismatch

ERROR: 450 4.4.317 Cannot establish session — SubjectMismatch. Expected: mail.cloudmonkeys.xyz, Presented: CN=cmedge01.cloudmonkeys.xyz Edge server presenting wrong TLS certificate during EXO connection. Multiple certs with SMTP service causing incorrect cert selection

FIX: Remove Wrong Certs and Set Correct FQDN 1. Remove-ExchangeCertificate for all wrong certs 2. Keep only mail.cloudmonkeys.xyz (Let's Encrypt cert) 3. Enable-ExchangeCertificate -Thumbprint <correct> -Services SMTP -Force 4. Set-ReceiveConnector 'Default internal...' -Fqdn 'mail.cloudmonkeys.xyz' 5. Restart-Service MSExchangeTransport

 

Error 7: PRX2 — DNS Query Failed During Internal Proxy

ERROR: 451 4.7.0 Temporary server error. PRX2 — DNS query failed with error ErrorRetry -> DnsQueryFailed: ErrorRetry Frontend Transport cannot resolve internal hostname when proxying inbound mail. Caused by multiple DNS servers including public NIC ISP DNS

# Diagnosis Get-TransportService CMHYBD01 | Select InternalDNSServers, ExternalDNSServers | Format-List # Found: InternalDNSServers: {202.88.152.10, 202.88.152.8, 192.168.1.11}  <- ISP DNS mixed in!

FIX: Set Explicit Internal and External DNS Servers Set-TransportService CMHYBD01 -InternalDNSServers '192.168.1.11' -InternalDNSAdapterEnabled $false Set-TransportService CMHYBD01 -ExternalDNSServers '8.8.8.8','8.8.4.4' -ExternalDNSAdapterEnabled $false Set-FrontendTransportService CMHYBD01 -InternalDNSServers '192.168.1.11' -InternalDNSAdapterEnabled $false Set-FrontendTransportService CMHYBD01 -ExternalDNSServers '8.8.8.8','8.8.4.4' -ExternalDNSAdapterEnabled $false

 

Error 8: Mail to EXO Goes to Unreachable Domain Queue

ERROR: A matching connector cannot be found to route the external recipient Recipients at cloudfield.onmicrosoft.com land in Unreachable queue because no send connector covers that address space

# Diagnosis Get-Message -Queue cmhybd01\Unreachable | Format-List FromAddress, Recipients, Subject # Recipients: ramki@cloudfield.onmicrosoft.com — No Matching Connector   # Check send connectors Get-SendConnector | Format-List Name, AddressSpaces # Found: cloudfield.mail.onmicrosoft.com covered but NOT cloudfield.onmicrosoft.com

FIX: Add Missing Address Space to Send Connector Set-SendConnector 'Outbound to Office 365' -AddressSpaces 'smtp:cloudmonkeys.xyz;1','smtp:cloudfield.onmicrosoft.com;1' Retry-Queue cmhybd01\Unreachable -Resubmit $true

 

Error 9: 550 5.7.1 Client Host Blocked by Spamhaus

ERROR: 550 5.7.1 Service unavailable, Client host [27.7.57.241] blocked using Spamhaus Public IP address on Spamhaus PBL (Policy Block List) — common for residential/business ISP IPs

FIX: Request PBL Removal and Use Temporary Workaround Short term: Set-SendConnector 'Outbound to Office 365' -SmartHosts 'smtp.office365.com' Long term: Request removal at https://www.spamhaus.org/removal/ PBL removal is usually instant for legitimate IPs

 

Error 10: EXO Outbound Connector TLS Certificate Mismatch

ERROR: 454 4.7.5 Certificate validation failure, Reason: SubjectMismatch Mailbox server presenting certificate that doesn't match the TlsDomain configured on the send connector

# Diagnosis Get-SendConnector 'Outbound to Office 365' | Format-List TlsDomain, TlsAuthLevel, Fqdn # TlsDomain: cloudmonkeys.xyz  <- Wrong! Should match EXO cert

FIX: Set Correct TlsDomain and FQDN on Send Connector Set-SendConnector 'Outbound to Office 365' -TlsAuthLevel DomainValidation -TlsDomain 'mail.protection.outlook.com' -Fqdn 'mail.cloudmonkeys.xyz'

 

 

6. DNS Configuration Best Practices for Hybrid

 

DNS Record	Type	Value	Purpose
cloudmonkeys.xyz	MX	cloudmonkeys-xyz.mail.protection.outlook.com (Priority 0)	Inbound mail routes to EXO
mail.cloudmonkeys.xyz	A	27.7.57.241 (Public IP)	External SMTP endpoint
autodiscover.cloudmonkeys.xyz	A/CNAME	Public IP or autodiscover.outlook.com	Outlook auto-configuration
cmedge01.cloudmonkeys.xyz	A (Internal)	192.168.1.25	Internal resolution of Edge server
cmhybd01.cloudmonkeys.xyz	A (Internal)	192.168.1.13	Internal resolution — do NOT register public NIC

 

Split DNS Configuration (Critical for Hybrid):

# Internal DNS (DC) should resolve servers to INTERNAL IPs # External DNS (GoDaddy/public) should resolve mail.cloudmonkeys.xyz to PUBLIC IP   # Prevent public NIC from registering in DNS Set-DnsClient -InterfaceAlias 'Pub' -RegisterThisConnectionsAddress $false ipconfig /registerdns   # Set transport to use DC for internal, Google for external Set-TransportService CMHYBD01 -InternalDNSServers '192.168.1.11' -InternalDNSAdapterEnabled $false Set-TransportService CMHYBD01 -ExternalDNSServers '8.8.8.8','8.8.4.4' -ExternalDNSAdapterEnabled $false

 

 

7. Quick Reference — Common SMTP Response Codes

Code	Meaning	Common Cause in Hybrid
220	Service ready	Normal — server ready to accept
250	OK / Success	Command accepted successfully
251	User not local — will forward	Recipient in another domain
354	Start mail input	Ready to receive message body
421	Service temporarily unavailable	Server overloaded or maintenance
450	Mailbox unavailable — try again	Temporary failure, will retry
451 4.4.0	DNS query failed	Transport DNS misconfigured
451 4.7.0	PRX2 — Temp server error	Frontend proxy DNS failure
454 4.7.5	Certificate validation failure	TLS cert mismatch or SubjectMismatch
500	Syntax error	Invalid SMTP command
503 5.5.2	Send hello first	EHLO not sent before STARTTLS
504 5.7.4	Unrecognized auth type	AUTH attempted without TLS
550 5.7.1	Rejected — policy	Spamhaus or blacklist block
550 5.7.64	TenantAttribution	EXO connector not matching
554 5.4.14	Hop count exceeded	Mail routing loop

 

 

8. Troubleshooting Checklist

 

When Mail is Stuck in Drafts (On-Prem):

1.     Check all MSExchange* services are Running

2.     Verify mailbox databases are Mounted: Get-MailboxDatabase -Status

3.     Check submission queue: Get-Queue

4.     Restart MSExchangeSubmission and MSExchangeTransport

5.     Check send connector address spaces cover recipient domain

6.     Check external DNS servers are set on transport service

 

When EXO Mail Not Reaching On-Prem:

7.     Verify MX record points to EXO protection

8.     Check port 25 forwarding on router to correct internal IP

9.     Validate EXO Outbound Connector: Validate-OutboundConnector

10.  Check TLS certificate on receive connector matches expected FQDN

11.  Enable protocol logging and check SmtpReceive log for connection attempts

12.  Verify internal DNS resolves hostnames correctly

 

When EdgeSync Fails:

13.  Check ADAM service is running: Get-Service ADAM_MSExchange

14.  Test LDAP ports: Test-NetConnection -Port 50389 and 50636

15.  Run Test-EdgeSynchronization -FullCompareMode

16.  Check CredentialRecords — if 0, re-subscription needed

17.  Verify firewall rules allow ports 50389 and 50636

18.  Check DNS resolution of Edge server FQDN from Mailbox server

 

— End of Document —