DNS Troubleshooting for Exchange Online

 

Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu

Topic Last Modified: 2011-12-16

If you experience problems with mail flow to your cloud-based Exchange organization or problems opening a cloud-based mailbox using Outlook, you can use the Microsoft Exchange Remote Connectivity Analyzer (ExRCA) to test your domain. Or you can use the Nslookup command line utility to view the DNS records for your domain.

Test your domain with the Exchange Remote Connectivity Analyzer

Use the tests at https://www.testexchangeconnectivity.com to troubleshoot the following issues with your domain:

Note   ExRCA has several other tests that you can perform on your domain. However, some of these tests are relevant only for an on-premises Microsoft Exchange organization.

Test incoming mail flow

To test incoming mail flow using ExRCA, under Internet E-Mail Tests, select Inbound SMTP E-Mail. This test retrieves all available MX records for the domain, and then performs the following tests on each MX record:

  1. It tries to resolve the host name specified in the MX record to an IP address.
  2. It tests connectivity on TCP port 25 to the host name specified in the MX record. TCP port 25 is the port used by SMTP.
  3. It sends a test e-mail message to an account in the domain that you specify.
  4. It tests the host name specified in the MX record for open relay. An open relay enables messages to be resubmitted or "relayed" by using a different server to mask the true source of the messages. Note that this last test is irrelevant for cloud-based Exchange because you can't configure it as an open relay, intentionally or unintentionally.
Use the Inbound SMTP Email test to test mail flow and to verify the mail-routing MX record for your domain

  1. Open https://www.testexchangeconnectivity.com.
  2. Under Internet E-Mail Tests, select Inbound SMTP E-Mail, and then click Next.
  3. In the Inbound SMTP Email section, enter the e-mail address of an account in your domain, such as admin@contoso.edu.
    Note   The test will try to send a message to the e-mail account that you specify. If you have no functioning accounts in your cloud-based domain, that part of the test will fail.
  4. In the Verification section, type the letters that are displayed in the CAPTCHA image, and then click Perform Test.
  5. When the test is complete, you can do the following:
    • Click Copy to save the information in the report. You can then paste the information into a text file.
    • Click Expand All to view the test results.

If you also created an MX record to prove domain ownership, the overall Incoming SMTP E-Mail test will always fail. To understand the test results, look in the Test Steps section. For each MX record, you’ll see two Testing Mail Exchanger tests:

  • Testing Mail Exchanger <token>.mail.outlook.com.   This tests the MX record used for mail routing. This step and all sub-steps should succeed.
  • Testing Mail Exchanger <token>.msv1.invalid.   This tests the MX record used for proof of domain ownership. This test will always fail because this MX record isn’t designed to route e-mail.

Top of page

Test Outlook connectivity to a mailbox

To test Outlook connectivity to a mailbox using ExRCA, under Microsoft Office Outlook Connectivity Tests, select Outlook Autodiscover. This test uses three different methods of contacting the Autodiscover service for your domain. Only the "HTTP redirect method" is expected to succeed. This test does the following:

  1. It tries to resolve the host "autodiscover.<domain name>" to an IP address.
  2. It tests connectivity on TCP port 80 to the host "autodiscover.<domain name>". TCP port 80 is the port used by HTTP.
  3. It tests "autodiscover.<domain name>" for an HTTP redirect response.
  4. It tests the validity of the HTTP redirect URL from the previous result.
Use the Outlook Autodiscover test to test Outlook connectivity to a mailbox and to verify the Autodiscover CNAME record for your domain

  1. Open https://www.testexchangeconnectivity.com.
  2. Under Microsoft Office Outlook Connectivity Tests, select Outlook Autodiscover, and then click Next.
  3. In the Outlook Autodiscover section, enter the following information:
    • E-mail Address   Enter the e-mail address of an account in your cloud-based domain, such as testuser@contoso.edu.
    • Domain\Username (or UPN)   Enter the same e-mail address that you entered in the previous field, such as admin@contoso.edu.
    • Password   Enter and confirm the password for the account you specified in the previous steps.
    • Ignore Trust for SSL   Leave this box unchecked.
  4. Select the check box to acknowledge the security warning.
    Note   As described in the security warning and in the Notice section, we recommend that, if possible, you use a temporary test account, and then delete the account when you are finished testing.
  5. In the Verification section, type the letters that are displayed in the CAPTCHA image, and then click Perform Test.
  6. When the test is complete, you can do the following:
    • You can click Copy to save the information in the report. You can then paste the information into a text file.
    • You can click Expand/Collapse to view the test results.

Pay particular attention to the test results under "Attempting to contact the Autodiscover service using the HTTP redirect method". All tests should pass successfully if the Autodiscover CNAME record for your cloud-based domain is configured correctly.

Note that the following tests under "Attempting each method of contacting the AutoDiscover Service" will fail even if your Autodiscover CNAME record is configured correctly:

  • Attempting to test potential AutoDiscover URL https://< domain name >/AutoDiscover/AutoDiscover.xml
  • Attempting to test potential AutoDiscover URL https://autodiscover.< domain name >/AutoDiscover/AutoDiscover.xml

For more information about issues related to the Autodiscover service, Troubleshooting Autodiscover in Exchange Online.

Top of page

View DNS records with Nslookup

You can use the Nslookup tool that comes with any version of Microsoft Windows to view the DNS records for your domain.

Note   Firewall or Internet proxy restrictions that are enforced on your organization's internal network may prevent the Nslookup tool from functioning correctly.

Also, in the following steps, always type your domain name with a trailing period. The trailing period ( . ) indicates a fully qualified domain name (FQDN). The use of the trailing period prevents any default DNS suffixes that are configured for your network from being unintentionally added to the domain name.

View the MX records

Open a command prompt and run the following command:

Nslookup -type=MX <domain name>.

For example, if your domain name is contoso.edu, run the following command:

Nslookup -type=MX contoso.edu.

Note the trailing period after the domain name. If you have two MX records, one for proving domain ownership, and one for mail routing, the output of the command will resemble the following:

contoso.edu   MX preference=10, mail exchanger = e0e792760b25459f40912aae164e0a.mail.outlook.com
contoso.edu   MX preference=100, mail exchanger = msv1.invalid

Top of page

View the Autodiscover CNAME record

Open a command prompt and run the following command:

Nslookup -type=CNAME autodiscover.<domain name>.

For example, if your domain name is contoso.edu, run the following command:

Nslookup -type=CNAME autodiscover.contoso.edu.

Note the trailing period after the domain name. The output of the command will resemble the following:

autodiscover.contoso.edu   canonical name = autodiscover.contoso.edu

Top of page

View the TXT records

Open a command prompt and run the following command:

Nslookup -type=TXT <domain name>.

For example, if your domain name is contoso.edu, run the following command:

Nslookup -type=TXT contoso.edu.

Note the trailing period after the domain name. If you have two TXT records, one for ensuring that destination e-mail systems trust messages sent from your domain, and one for proving domain ownership, the output of the command will resemble the following:

contoso.edu   text = "v=spf1 include:outlook.com include:spf.messaging.microsoft.com ~all"
contoso.edu   text = "v=msv1 t=e0e792760b25459f40912aae164e0a"

Top of page

View the SRV records

Note   The SRV record described in this example is used in Live@edu only.

Open a command prompt and run the following command:

Nslookup -type=SRV _sipfederationtls._tcp.<domain name>.

For example, if your domain name is contoso.edu, run the following command:

Nslookup -type=SRV _sipfederationtls._tcp.autodiscover.contoso.edu.

Note the trailing period after the domain name. The output of the command will resemble the following:

_sipfederationtls._tcp.contoso.edu   SRV service location:
   priority    = 10
   weight    = 2
   port    = 5061
   svr hostname    = federation.messenger.msn.com

Top of page

Troubleshoot the Nslookup results

If any of your DNS records appear to be incorrect, or the services that are associated with the DNS records aren't working, consider these possible causes:

  • It is very easy to make a typographical error when you create a record. Make sure that you used the correct values when you created the DNS records.
  • Some DNS hosting services support managing multiple domains using the same Web management interface, and therefore require you to enter @ to specify the parent domain name for certain types of DNS records. Entering the actual domain name instead of @ can cause unexpected results in the DNS record.
  • Some DNS hosting services may not support an MX priority value of 0. Instead of 0, try using the value of 10 in the MX mail routing record.

Top of page

 
Related help topics
Loading...
No resources were found.