Recently we have faced an issue in Office 365 test account where we cannot send email from our Office 365 test account to our On-Premises Exchange Server. 

Note: Our On-Premises Exchange Server is a Hybrid Exchange Server.

We also have receive connector for the Barracuda.

Message trace in Exchange Online Admin:

Reason: [{LED=450 4.4.317 Cannot connect to remote server [Message=421 4.3.2 Service not available] [LastAttemptedServerName=mail.domain.org] [LastAttemptedIP=216.x.x.x:25] [CO1NAM11FT015.eop-nam11.prod.protection.outlook.com]};{MSG=421 4.3.2 Service not available};{FQDN=mail.domain.org};{IP=216.x.x.x};{LRT=10/9/2020 1. OutboundProxyTargetIP: 216.x.x.x. OutboundProxyTargetHostName: mail.domain.org

When we see 450 4.4.317 is a certificate error, I attached the relevant certificate on the receive connector and send connector Office 365.

Then I re-run the Hybrid Configuration Wizard.

But no luck; still, I am getting 421 4.3.2 error.

How to fix [Message=421 4.3.2 Service not available] error?

To fix this issue, you can be done in 2 steps.

Step 1: Add a custom receive connector to Office 365 IP for Port 25.

Step 2: Bind the SSL Certificate to three receive connectors: default, default frontend, above-mentioned custom receive connector.

I hope from above solution you can easily fix [Message=421 4.3.2 Service not available] error.