Moving domains from BPOS-S to Office 365

Symptoms

When a user in a Microsoft Office 365 environment tries to send an email message, they may receive a Non-Delivery Receipt (NDR) that resembles the following: <Domain_URL> #<<Domain_URL>#5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop> #SMTP#

Cause

This issue may occur if the domain exists as a disabled domain in Microsoft Forefront Online Protection for Exchange (FOPE) under the BPOS account. The domain can be disabled in FOPE if the following events occurred:

• The domain was originally verified in a Microsoft Business Productivity Online Suite (BPOS) environment.
• The domain was deleted from BPOS.
• Time was given for this to propagate.
• The domain was successfully verified in Office 365.

Resolution

To resolve this issue, use either a cmdlet in Microsoft Windows PowerShell, or contact FOPE Support.

Method 1: Use Windows Power Shell

Use the Set-AcceptedDomain cmdlet together with the OutboundOnly parameter to force FOPE to recognize the domain, and create the appropriate records. The OutboundOnly parameter specifies whether this accepted domain is an internal relay domain for the on-premises deployment for organizations that have coexistence with a cloud-based organization.

The authoritative accepted domain for the on-premises deployment is configured as an internal relay accepted domain on the cloud side. If the on-premises deployment is using Microsoft Forefront Online Protection for Exchange, you must set this parameter to $true for the accepted domain that represents your on-premises deployment. This parameter is used only if the DomainType parameter is set to Authoritative or InternalRelay. The default value is $false.

To use Windows PowerShell, follow these steps:

1. Start Windows PowerShell.
2. Type the following cmdlets:

Set-AcceptedDomain <Domain> -OutboundOnly $true

Set-AcceptedDomain <Domain> -OutboundOnly $false

For more information about the Set-AcceptedDomain cmdlet, view the TechNet topic Set-AcceptedDomain.

Method 2: Contact FOPE Support

1. The domain must be deleted from BPOS account in FOPE. If the domain is deleted only from BPOS, the domain is only disabled in FOPE. After you confirm that the domain does not exist in FOPE, proceed to the next step.
2. Contact the FOPE team and have them create the domain you want to use under the Office 365 account. A multi SMTP inbound profile must be created by using the IP information from the customer’s onmicrosoft.com domain.  Note: This tells FOPE where to send the mail once they’re done with it; O365 servers in this case. 
3. The profile that is created must be added to the new domain that was created under the O365 domain. The new domain must be validated and enabled in FOPE. 
4. Wait 30-45 minutes for propagation.
5. Use your email account to send the user a test message. If you receive an NDR, check the error.  If the error “domain does not exist” is present, the information has not fully propagated yet.  Wait 15 minutes and retest.