On-Premises Delivery Failover

Organizations with on-premises mail environments often will have a primary site and at least one backup site. When Exchange Online Protection is being used to protect those on-premises mail environments, the ideal configuration would have EOP only delivering mail to the primary on-premises site, and only to the backup site if the primary site goes down. In EOP, you can add multiple smart hosts to an EOP outbound connector but cannot add priorities to them.

EOP Outbound Connector Refresher

For EOP to be able to deliver incoming messages to your on-premises mail environment you will need an outbound connector in the cloud that is of type on-premises. This connector will be setup with a smart host, which can be either IPs, Fully Qualified Domain Names (FQDN), or a combination of those two, which will point to your on-premises mail environment.

If you have multiple smart hosts entered, the outbound connector will initially choose one at random to deliver a message, and following that will use round-robin load balancing to distribute subsequent messages among the smart host entries. If the initial smart host does not respond, the connector will try the next one and if none of the entries respond, the message will be put into deferral and retried approximately every five minutes for 48 hours. See Inbound and Outbound connector FAQ for more information.

If you have a primary site and at least one backup site, you most likely want all mail to be delivered to the primary site and only delivered to the backup site if the primary fails. Well, this is indeed a possible setup and can be accomplished with some DNS configuration.

Setting up DNS

If you remember from my previous article, Outbound Connector Smart Host Behavior, when an FQDN is entered as an outbound connector smart host, the connector will perform an MX lookup on the FQDN and will take MX Priority into account when evaluating the results. Keeping this in mind, here’s an example.

Ex. Contoso.com has three on-premises sites with different public IPs. Note that in this example I’m using private IPs.

Site A – 10.0.0.5
Site B – 10.1.0.5
Site C – 10.2.0.5

Contoso.com wants EOP to route all incoming mail to site A, but if Site A goes down, then route all mail to Site B. They only want mail delivered to Site C as a last resort if both Site A and Site B are down. The following will need to be configured in DNS.

MX Records

Host MX Priority          Points To
contoso.com 10 contoso-com.mail.protection.outlook.com
onprem.contoso.com          10 mail-a.contoso.com
onprem.contoso.com 20 mail-b.contoso.com
onprem.contoso.com 30 mail-c.contoso.com

A Records

Host Points To
mail-a.contoso.com               10.0.0.5
mail-b.contoso.com 10.1.0.5
mail-c.contoso.com 10.2.0.5

Now back in EOP, specify onprem.contoso.com as the only smart host in your outbound connector.

From this point on, when EOP needs to deliver mail on-premises, it will look up the MX for onprem.contoso.com and will respect the MX Priority weights that are specified in DNS. Keep in mind that a network hiccup could cause a failover.

Happy failover!