asked on

User Can't Connect to Exchange 2007 Mailbox Via OWA or Outlook 2003/2007

We're running Exchange 2007 on a single WS2K8 box that has our CAS and Mailbox roles. Yesterday, OWA and Outlook stopped working for a user when he tried to access his mailbox. He was working for 2 months before this happened. The user is able to login to our domain and can see all his network resources.

OWA and Outlook works for everyone else in the company. I am able from my Outlook client add the user's mailbox and see everything. I read a similar post and the solution was to check if the user's account is locked out or disabled. His account and mailbox are not disabled and definitely connected.

We are running a mixed Exchange 2003/2007 environment with 1 server of each flavor. We previously decommissioned another Exchange 2003 server, where all our current 2007 mailboxes resided. The server was uninstalled about 5 days before this problem came up.

The user gets the following error when going into OWA:

Outlook Web Access could not connect to Microsoft Exchange. If the problem continues, contact technical support for your organization.

Request
Url: https://exchange07.xxxx.xxx:443/owa/default.aspx
User host address: xx.xx.xx.xx

Exception
Exception type: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException
Exception message: Cannot open mailbox /o=staff/ou=first administrative group/cn=recipients/cn=jbtevens.

Call stack
Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)
Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)
Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString)
Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags)
Microsoft.Exchange.Data.Storage.MailboxSession.CreateMailboxSession(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString)
Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString)
Microsoft.Exchange.Clients.Owa.Core.OwaWindowsIdentity.CreateMailboxSession(ExchangePrincipal exchangePrincipal, CultureInfo cultureInfo)
Microsoft.Exchange.Clients.Owa.Core.UserContext.Load(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.CreateUserContext(OwaContext owaContext, UserContextKey userContextKey, UserContext& userContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception
Exception type: Microsoft.Mapi.MapiExceptionLogonFailed
Exception message: MapiExceptionLogonFailed: Unable to open message store. (hr=0x80040111, ec=1010) Diagnostic context: Lid: 18969 EcDoRpcExt2 called [length=483] Lid: 27161 EcDoRpcExt2 returned [ec=0x0][length=124][latency=0] Lid: 23226 --- ROP Parse Start --- Lid: 27962 ROP: ropLogon [254] Lid: 17082 ROP Error: 0x3F2 Lid: 26937 Lid: 21921 StoreEc: 0x3F2 Lid: 27962 ROP: ropExtendedError [250] Lid: 1494 ---- Remote Context Beg ---- Lid: 26426 ROP: ropLogon [254] Lid: 4740 StoreEc: 0x80070005 Lid: 30409 StoreEc: 0x80070005 Lid: 19145 StoreEc: 0x3F2 Lid: 23241 StoreEc: 0x3F2 Lid: 32186 Lid: 8620 StoreEc: 0x3F2 Lid: 1750 ---- Remote Context End ---- Lid: 26849 Lid: 21817 ROP Failure: 0x3F2 Lid: 26297 Lid: 16585 StoreEc: 0x3F2 Lid: 32441 Lid: 1706 StoreEc: 0x3F2 Lid: 24761 Lid: 20665 StoreEc: 0x3F2 Lid: 25785 Lid: 29881 StoreEc: 0x3F2

Call stack
Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, Int32 ec, DiagnosticContext diagCtx)
Microsoft.Mapi.ExRpcConnection.OpenMsgStore(OpenStoreFlag storeFlags, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, MapiStore msgStorePrivate, String& correctServerDn, ClientIdentityInfo clientIdentityAs, String userDnAs, String applicationId, CultureInfo cultureInfo)
Microsoft.Mapi.ConnectionCache.OpenMapiStore(String mailboxDn, Guid mailboxGuid, Guid mdbGuid, ClientIdentityInfo clientIdentity, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId)
Microsoft.Mapi.ConnectionCache.OpenMailbox(String mailboxDn, Guid mailboxGuid, Guid mdbGuid, WindowsIdentity windowsIdentityAs, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId)
Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)

Here is the user's mailbox information

Database : EXCHANGE07\Mail Database
DeletedItemFlags : RetainForCustomPeriod
UseDatabaseRetentionDefaults : False
RetainDeletedItemsUntilBackup : False
DeliverToMailboxAndForward : True
RetentionHoldEnabled : False
EndDateForRetentionHold :
StartDateForRetentionHold :
ManagedFolderMailboxPolicy :
ExchangeGuid : 08ad919e-661f-46fd-9505-35cdd4be9686
ExchangeSecurityDescriptor : System.Security.AccessControl.RawSecurityDescriptor
ExchangeUserAccountControl : None
ExternalOofOptions : External
ForwardingAddress : XXX.XXX/AD Root/Services/Information Services/Helpdesk/User
RetainDeletedItemsFor : 00:00:00
IsMailboxEnabled : True
Languages : {en-US}
OfflineAddressBook :
ProhibitSendQuota : unlimited
ProhibitSendReceiveQuota : unlimited
DowngradeHighPriorityMessagesEnabled : False
ProtocolSettings : {}
RecipientLimits : unlimited
UserAccountControl : NormalAccount, DoNotExpirePassword
IsResource : False
IsLinked : False
IsShared : False
LinkedMasterAccount :
ResourceCapacity :
ResourceCustom : {}
ResourceType :
SamAccountName : user
SCLDeleteThreshold :
SCLDeleteEnabled :
SCLRejectThreshold :
SCLRejectEnabled :
SCLQuarantineThreshold :
SCLQuarantineEnabled :
SCLJunkThreshold :
SCLJunkEnabled :
AntispamBypassEnabled : False
ServerLegacyDN : /o=Staff/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCHANGE07
ServerName : exchange07
UseDatabaseQuotaDefaults : False
IssueWarningQuota : 500000KB
RulesQuota : 64KB
Office : Computer Services
UserPrincipalName : xxxx@xxx.xxx
UMEnabled : False
MaxSafeSenders :
MaxBlockedSenders :
Extensions : {}
AcceptMessagesOnlyFrom : {}
AcceptMessagesOnlyFromDLMembers : {}
AddressListMembership : {Staff, Default Global Address List, Staff, All Users}
Alias : cstevens
OrganizationalUnit : xxx.xxxx/AD Root/Campus Services/Information Services/helpdesk
CustomAttribute1 : non-student
CustomAttribute10 :
CustomAttribute11 :
CustomAttribute12 :
CustomAttribute13 :
CustomAttribute14 :
CustomAttribute15 :
CustomAttribute2 : M
CustomAttribute3 : xxxxxx
CustomAttribute4 :
CustomAttribute5 :
CustomAttribute6 :
CustomAttribute7 :
CustomAttribute8 :
CustomAttribute9 :
DisplayName : User
EmailAddresses : {X400:C=US;A= ;P=Staff;O=Exchange;S=xxxx;G=xxxx;, smtp:user@local, SMTP:user@xxx.xxx}
GrantSendOnBehalfTo : {}
HiddenFromAddressListsEnabled : False
LegacyExchangeDN : /o=staff/ou=first administrative group/cn=recipients/cn=user
MaxSendSize : unlimited
MaxReceiveSize : unlimited
PoliciesIncluded : {{4E23349E-DF7E-4100-A6A9-472DCB05D145},{26491CFC-9E50-4857-861B-0CB8DF22B5D7}}
PoliciesExcluded : {}
EmailAddressPolicyEnabled : True
PrimarySmtpAddress : xxx@xxx.xxx
RecipientType : UserMailbox
RecipientTypeDetails : UserMailbox
RejectMessagesFrom : {}
RejectMessagesFromDLMembers : {}
RequireSenderAuthenticationEnabled : False
SimpleDisplayName :
UMDtmfMap : {}
WindowsEmailAddress : xxxx
IsValid : True
OriginatingServer : xxxx
ExchangeVersion : 0.1 (8.0.535.0)
Name :xxxx
DistinguishedName : CN=xxxx,OU=Computer Services,OU=Information Services,OU=Campus Services,OU=AD Root,DC=xxx,DC=xxx
Identity : xxx/AD Root/Campus Services/Information Services/helpdesk/xxx
ObjectCategory : xxx.xxx/Configuration/Schema/Person
ObjectClass : {top, person, organizationalPerson, user}
WhenChanged : 7/11/2008 8:44:55 AM
WhenCreated : 5/17/2005 1:27:48 PM

Any help would be much appreciated. Thank you so much!!!

greenhacks

Can you reset his password and tell me what happens?

kc4jesus

ASKER

We actually tried changing the password a few days ago and it did not fix the problem. I went ahead and tried again after I got your response. Same results unfortunately : (

ChiefIT

Run an IPconfig /all and see if his/her DNS servers are outside servers. If it is an outside server, it will skip your DNS server and look outside your LAN for your Exchange server.

kc4jesus

ASKER

Thanks for that suggestion. However, all his DNS servers are internal. Also, I get the same results for OWA when trying to login to his mailbox via OWA from any computer on site as well as off site. So it seems like something related to the user's AD account.

An interesting thing I noticed in the Advanced Security Settings for the user in Active Directories and Users is that the box for "Allow inheritable permissions from the parent to propogate to this object and all child objects. Include these with with explicitly defined here" keeps on getting unchecked. This user account formerly had domain admin access. It no longer does. When the user originally started having OWA access problems, I noticed that this box was unchecked. I checked it and then a day later, the box becomes unchecked again. This has happened for the last 3 days in a row. We have 4 DCs running WS2K3 Std. and all have the latest updates.

ChiefIT

Me thinks this will help you out. I had to look this up:

http://support.microsoft.com/kb/555310

kc4jesus

ASKER

I gave that a look and the user is actually already in a security group that have adequate permissions. For fun, I added the individual user account to no avail.

Another interesting observation in the OWA error message that may give us a hint of the problem:

Exception
Exception type: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException
Exception message: Cannot open mailbox /o=staff/ou=first administrative group/cn=recipients/cn=username.

where ou=first administrative group. This is the old Exchange 2003 administrative group where the user's mailbox was associated with before we migrated him to Exchange 2007. Shouldn't this be pointing to the new Exchange 2007 administrative called Exchange Administrative Group?

Thanks again for your help and efforts. It's much appreciated.

kc4jesus

ASKER

More strange details. If I give myself permissions to the problem users mailbox, I can access via OWA the user's mailbox when using the Open Other Mailbox feature when I am logged in with my username. However, OWA still does not work if he uses his username.

ChiefIT

have to think about this a bit. I can't understand why exchange permissions doesn' like the one user.

ASKER CERTIFIED SOLUTION

kc4jesus

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

nui-nl

Hello,

I just got the same problem, I fixed it:

I added it's own account in Magement console for Full acces.
Now i can acces trough MAPI and OWA.

Strange but it works again.