Exchange Hybrid: Remote mailbox users unable to receive mail after hybrid connector intermittently fails

To diagnose unstable hybrid mail flow in your Exchange Hybrid deployment, you can follow these break-fix steps:

1. Check Receive Connectors: Ensure that the Receive connectors on your on-premises Exchange servers are configured correctly. Use the following PowerShell command to verify that the connectors are listening on TCP port 25 for both IPv4 and IPv6:

      (Get-HybridConfiguration).ReceivingTransportServers
   

   Then, check the bindings with:

      Get-ReceiveConnector -Server "<Server Name>" | Format-Table Identity,Bindings
   

   The expected output for Bindings should be {[::]:25, 0.0.0.0:25}.
2. Monitor Transport Services: Since you mentioned that mail flow resumes after restarting the on-prem Exchange Transport service, monitor the service for any errors or performance issues. Check the event logs for any related errors that might indicate why the service fails intermittently.
3. Validate Certificates: Ensure that the certificates used for secure mail transport are valid and correctly installed on all relevant Exchange servers. They should be issued by a commercial certification authority, not expired, and assigned to the necessary services (IIS and SMTP).
4. Test Connectivity: Use the Microsoft Remote Connectivity Analyzer to test inbound Internet connectivity to your on-premises Exchange servers. This can help identify issues with Autodiscover and Exchange Web Services (EWS) endpoints:
   • Run tests for Synchronization, Notification, Availability, and Automatic Replies.
   • Run the Inbound SMTP Email test to verify SMTP connectivity.
5. Review Message Tracking Logs: Since you've already checked the message tracking logs, continue to monitor them for patterns or specific errors that occur when the mail flow fails. This can provide insights into whether the issue is with specific senders, recipients, or times.
6. Check Network Configuration: Ensure that your firewall and network configurations allow for proper communication between the on-premises Exchange servers and Exchange Online. Verify that there are no intermittent network issues that could affect mail flow.
7. Re-run Hybrid Configuration Wizard: If you suspect configuration issues, consider re-running the Hybrid Configuration Wizard to ensure that all settings are correctly applied and up to date.

By systematically checking these components, you should be able to identify the root cause of the unstable hybrid mail flow and take corrective action.

References:

• Troubleshoot a hybrid deployment
• Can't receive mail in a hybrid environment after you install a new certificate on the server

Hi Carter Jackson

Thank you for reaching out to Microsoft Q&A forum

From my perspective in this context, this behavior typically presents as messages queuing on the on-premises Exchange server for the hybrid connector, with no hard failures in message tracking logs. Mail flow resumes temporarily after restarting the Microsoft Exchange Transport service. This pattern suggests a transient or systemic issue affecting the transport pipeline, connector throughput, or external enforcement mechanisms.

Given this, I would like to recommend you follow the troubleshooting process below:

1. Check for Exchange Online Throttling (Transport-based Enforcement):

Run this cmdlet:

Get-OnPremServerReportInfo

If your server is listed, apply the latest Cumulative Update (CU) and Security Updates (SU).

Alternatively, check the Exchange Admin Center (EAC) under Reports > Mail Flow > “Out-of-date on-premises Exchange servers”. If throttling is active, you may request a 90-day pause via the EAC to restore mail flow while remediation is in progress.

2. Investigate On-Premises backpressure:

Run this cmdlet to analyze resource utilization for DatabaseUsedSpace, PrivateBytes, QueueLength, and UsedVersionBuckets.

Get-ExchangeDiagnosticInfo -Process EdgeTransport -Component ResourceThrottling

3. Optimize hybrid connector throughput:

Increase concurrent connections to Exchange Online:

Set-TransportService <ServerName> -MaxPerDomainOutboundConnections 40

Also, you can lower the threshold for opening new connections by editing EdgeTransport.exe.config

<add key="SmtpConnectorQueueMessageCountThresholdForConcurrentConnections" value="2"/>

Kindly restart the MSExchangeTransport service after making this change.

Additionally, reduce retry intervals for faster recovery from transient failures:

Set-TransportService <ServerName> -MessageRetryInterval 00:05:00

4. Check for third-party or custom transport agents that may be interfering with mail flow

Run this cmdlet and disable non-essential agents for testing.

Get-TransportAgent

5. Implement Monitoring and Alerting

Monitor hybrid delivery queue length by running:

Get-Queue -Filter {NextHopDomain -like "*onmicrosoft.com"}

This structured approach should help you to identify the root cause and restore stable hybrid mail flow.

Link references:

1. Troubleshoot mail flow in Exchange hybrid deployments
2. Understanding Back Pressure in Exchange
3. Email messages are stuck in Exchange Server queues
4. Microsoft pulls Exchange security updates over mail delivery issues

Note: Microsoft is providing this information as a convenience to you. These sites are not controlled by Microsoft, and Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please ensure that you fully understand the risks before using any suggestions from the above link.

If the problem still persists, kindly let me know in the comments for further support.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.