Running into errors during an Exchange Hybrid deployment can be frustrating, especially when you see a confusing message like the one below. If you’re setting up a hybrid environment and encounter the "Socket Error Code 10061" during connector validation, don’t worry. We have a solution. In this article, we will explain what this error means, why it occurs, and the exact steps we took to fix it.
The Error Message
Here’s the full error we encountered.
450 4.4.316 Connection refused
[Message = Socket error code 10061]
[LastAttemptedServerName = <YourConnectionPoint.domain>]
[LastAttemptedIP = <Your Public IP>]
What does this mean?
This error happens when Microsoft 365 tries to connect to your on-premises hybrid server via port 25, which is used for SMTP email traffic, but the connection gets rejected. Essentially, the server isn’t responding. This could be because nothing is listening on port 25, or a firewall is blocking the connection.
Why This Happens?
The main causes are usually one of these.
- Port 25 isn’t open or isn’t configured correctly on the hybrid server.
- The Receive Connector (the Exchange component that handles incoming email) isn’t set up right.
- Firewall or network rules are preventing Microsoft 365 from connecting.
Our Initial Checks
Before looking for fixes, we confirmed a few things.
- The hostname <Yourconnectionpoint. domain> resolved correctly to the public IP address.
- The Exchange Hybrid Configuration Wizard (HCW) was re-run after recent infrastructure changes.
- Other Exchange services, like Outlook Web Access (OWA) and Exchange Admin Center (EAC), were working fine externally.
These checks helped us focus on the issue related to the hybrid connector.
How do we fix it?
Here’s the step-by-step process we followed to resolve the error. You can follow these same steps to troubleshoot and fix the issue in your environment.
Step 1. Verify Port 25 is Listening
First, we checked if the hybrid server was listening on port 25, which is essential for SMTP communication.
Action: On the Exchange hybrid server, open a PowerShell window and run.
![Listening]()
What to look for: You should see a listener on 0.0.0.0:25 (or your server’s specific IP). If nothing shows up, the server isn’t listening on port 25, which is likely the problem.
Step 2. Check the Receive Connector Settings
The Receive Connector in Exchange manages incoming email connections, so we checked its configuration.
Action: Use the Exchange Admin Center (EAC) or Exchange Management Shell. Run this command to inspect the connector.
![Connector Settings]()
What to confirm?
- The connector is bound to port 25.
- It’s listening on the right IP (for example, 0.0.0.0 for all IPs or a specific network interface).
- The "Remote IP Ranges" include Microsoft 365’s Exchange Online IP addresses. You can find these IPs in Microsoft’s official documentation.
If anything is misconfigured, update the connector settings in EAC or PowerShell.
Step 3. Restart the Transport Service
Sometimes, changes to the Receive Connector don’t take effect until you restart the Microsoft Exchange Transport service.
Action: Run this PowerShell command.
![Transport Service]()
This ensures the updated settings are applied.
Step 4. Re-run the Hybrid Configuration Wizard
After confirming the Receive Connector and port 25, re-run the Hybrid Configuration Wizard to validate the connector. This step checks if Microsoft 365 can now connect successfully.
The Result
After verifying the Receive Connector was listening on port 25 and was correctly set up to accept connections from Microsoft 365, we re-ran the HCW. The validation completed successfully—no more error!
Key Takeaways
- Error: Socket Error Code 10061 (Connection refused).
- Cause: Port 25 wasn’t listening, or the Receive Connector was misconfigured.
- Fix: Validate port 25, check and correct Receive Connector settings, restart the Transport service, and re-run the HCW.
Pro Tip
Even if you haven’t made recent firewall changes, double-check these in your hybrid setup.
- Receive Connector bindings: Ensure they’re set up correctly.
- Port availability: Confirm port 25 is open and not blocked by a firewall.
- TLS and IP allowlists: Verify that Microsoft 365 IPs are allowed and TLS settings are compatible.
Need Help?
Encountering this error can be frustrating, but these steps should help you get back on track. If you’re still having trouble, share your setup details or error messages, and we’ll assist you further. Have you dealt with similar issues? Let us know in the comments!