Microsoft Forefront -A New Roadblock For Google Apps E-mail Conversions

I recently converted a 45 seat company from hosted Exchange to Google Apps. All was working well. Then.....

A few weeks later when we deactivated Exchange, I began to get a few complaints that some people sending us e-mails were receiving bounce messages. A quick glance at the messages seemed to indicate that the senders were somehow still sending the messages to the old host. So, I felt that the rejections were exactly as they should be, and I advised the senders to determine why they were not updating their MX records, as the vast majority was working fine.

That got me nowhere and the complaints escalated with more companies reporting the same issue. Finally, one of our affiliate law firms with the issue worked through it with Microsoft, although I could not believe the solution at first.

Apparently, our former host also subscribed to Forefront (from Microsoft) which provides some security and policy enforcement. It also nails down the IP address of the mail server for ALL users across Forefront. So, no matter what the MX record says mail will be routed by IP for all Forefront users. This occurs even if the MX record is changed and the old Exchange server is removed.

The solution is to remove the domain from Forefront which must be done by request to the Forefront service by the Forefront/Old Exchange client.

Now all mail from all external companies is flowing correctly to Google Apps.

I have not found ANY mention of this issue on the web or in Google Apps documentation.

This impacted our receipt of mail from several banks, law firms and public authorities (all Forefront users).

By: Tom Brander


