Don't get a ndr yet, I can see all the messages on the office365 trace pending/defer
can you post your outbound connector on o365
can you also up logging on hybrid o365 connector (receive) & see if a connection is being made and the status. I.e protocol logging
wild certs are supported with sp3 was an old issue pre sp3. thr hcw wouldn't complete if cert was an issue.
I thought you could use wild card ssl, I'll look again tomorrow
I'd look at protocol logging as mentioned & try opportunistic tls for the outbound connector.
Just chiming in here.. this link might be useful to have a read through: Hybrid deployment - exchange cannot send email to Office 365 due to STARTTLS - Upgrade to Office 365 - Office 365 - Microsoft Office 365 Community
Opportunistic tls seems to have done the trick, thanks guys
Just got home, and glad to see you managed to sort it!.... :-) I was in the middle of driving on the motorway so my hands were pretty tied!
It's quite a common thing people having issues with receiving email between O365 & Hybrid Exchange Server when setting this up, always down to 1 setting being out of place! :-) and it's generally down to the configuration of the receive connector :)
Potential, only if you're concerned data not being sent via TLS.
If you are then I would work on the issue and enforce TLS.
I would look into the reasons as to why you have an issue using TLS, I would imagine it's something to do with the SSL Certificate being used as in FOPE it will have a rule which states...
The Security.. which generally is setup as follows (certificate Subject Name Matches X)
and it routes email via smarthost (which points to the Public IP of your Hybrid Server)