kc4jesus
asked on
User Can't Connect to Exchange 2007 Mailbox Via OWA or Outlook 2003/2007
We're running Exchange 2007 on a single WS2K8 box that has our CAS and Mailbox roles. Yesterday, OWA and Outlook stopped working for a user when he tried to access his mailbox. He was working for 2 months before this happened. The user is able to login to our domain and can see all his network resources.
OWA and Outlook works for everyone else in the company. I am able from my Outlook client add the user's mailbox and see everything. I read a similar post and the solution was to check if the user's account is locked out or disabled. His account and mailbox are not disabled and definitely connected.
We are running a mixed Exchange 2003/2007 environment with 1 server of each flavor. We previously decommissioned another Exchange 2003 server, where all our current 2007 mailboxes resided. The server was uninstalled about 5 days before this problem came up.
The user gets the following error when going into OWA:
Outlook Web Access could not connect to Microsoft Exchange. If the problem continues, contact technical support for your organization.
Request
Url: https://exchange07.xxxx.xxx:443/owa/default.aspx
User host address: xx.xx.xx.xx
Exception
Exception type: Microsoft.Exchange.Data.St orage.Conn ectionFail edTransien tException
Exception message: Cannot open mailbox /o=staff/ou=first administrative group/cn=recipients/cn=jbt evens.
Call stack
Microsoft.Exchange.Data.St orage.Conn ectionCach ePool.Open Mailbox(St ring serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)
Microsoft.Exchange.Data.St orage.Conn ectionCach ePool.Open Mailbox(St ring serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)
Microsoft.Exchange.Data.St orage.Conn ectionCach ePool.Open Mailbox(St ring serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString)
Microsoft.Exchange.Data.St orage.Mail boxSession .Initializ e(LogonTyp e logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags)
Microsoft.Exchange.Data.St orage.Mail boxSession .CreateMai lboxSessio n(LogonTyp e logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString)
Microsoft.Exchange.Data.St orage.Mail boxSession .Open(Exch angePrinci pal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString)
Microsoft.Exchange.Clients .Owa.Core. OwaWindows Identity.C reateMailb oxSession( ExchangePr incipal exchangePrincipal, CultureInfo cultureInfo)
Microsoft.Exchange.Clients .Owa.Core. UserContex t.Load(Owa Context owaContext)
Microsoft.Exchange.Clients .Owa.Core. RequestDis patcher.Cr eateUserCo ntext(OwaC ontext owaContext, UserContextKey userContextKey, UserContext& userContext)
Microsoft.Exchange.Clients .Owa.Core. RequestDis patcher.Pr epareReque stWithoutS ession(Owa Context owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients .Owa.Core. RequestDis patcher.In ternalDisp atchReques t(OwaConte xt owaContext)
Microsoft.Exchange.Clients .Owa.Core. RequestDis patcher.Di spatchRequ est(OwaCon text owaContext)
System.Web.HttpApplication .SyncEvent ExecutionS tep.System .Web.HttpA pplication .IExecutio nStep.Exec ute()
System.Web.HttpApplication .ExecuteSt ep(IExecut ionStep step, Boolean& completedSynchronously)
Inner Exception
Exception type: Microsoft.Mapi.MapiExcepti onLogonFai led
Exception message: MapiExceptionLogonFailed: Unable to open message store. (hr=0x80040111, ec=1010) Diagnostic context: Lid: 18969 EcDoRpcExt2 called [length=483] Lid: 27161 EcDoRpcExt2 returned [ec=0x0][length=124][laten cy=0] Lid: 23226 --- ROP Parse Start --- Lid: 27962 ROP: ropLogon [254] Lid: 17082 ROP Error: 0x3F2 Lid: 26937 Lid: 21921 StoreEc: 0x3F2 Lid: 27962 ROP: ropExtendedError [250] Lid: 1494 ---- Remote Context Beg ---- Lid: 26426 ROP: ropLogon [254] Lid: 4740 StoreEc: 0x80070005 Lid: 30409 StoreEc: 0x80070005 Lid: 19145 StoreEc: 0x3F2 Lid: 23241 StoreEc: 0x3F2 Lid: 32186 Lid: 8620 StoreEc: 0x3F2 Lid: 1750 ---- Remote Context End ---- Lid: 26849 Lid: 21817 ROP Failure: 0x3F2 Lid: 26297 Lid: 16585 StoreEc: 0x3F2 Lid: 32441 Lid: 1706 StoreEc: 0x3F2 Lid: 24761 Lid: 20665 StoreEc: 0x3F2 Lid: 25785 Lid: 29881 StoreEc: 0x3F2
Call stack
Microsoft.Mapi.MapiExcepti onHelper.T hrowIfErro r(String message, Int32 hresult, Int32 ec, DiagnosticContext diagCtx)
Microsoft.Mapi.ExRpcConnec tion.OpenM sgStore(Op enStoreFla g storeFlags, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, MapiStore msgStorePrivate, String& correctServerDn, ClientIdentityInfo clientIdentityAs, String userDnAs, String applicationId, CultureInfo cultureInfo)
Microsoft.Mapi.ConnectionC ache.OpenM apiStore(S tring mailboxDn, Guid mailboxGuid, Guid mdbGuid, ClientIdentityInfo clientIdentity, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId)
Microsoft.Mapi.ConnectionC ache.OpenM ailbox(Str ing mailboxDn, Guid mailboxGuid, Guid mdbGuid, WindowsIdentity windowsIdentityAs, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId)
Microsoft.Exchange.Data.St orage.Conn ectionCach ePool.Open Mailbox(St ring serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)
Here is the user's mailbox information
Database : EXCHANGE07\Mail Database
DeletedItemFlags : RetainForCustomPeriod
UseDatabaseRetentionDefaul ts : False
RetainDeletedItemsUntilBac kup : False
DeliverToMailboxAndForward : True
RetentionHoldEnabled : False
EndDateForRetentionHold :
StartDateForRetentionHold :
ManagedFolderMailboxPolicy :
ExchangeGuid : 08ad919e-661f-46fd-9505-35 cdd4be9686
ExchangeSecurityDescriptor : System.Security.AccessCont rol.RawSec urityDescr iptor
ExchangeUserAccountControl : None
ExternalOofOptions : External
ForwardingAddress : XXX.XXX/AD Root/Services/Information Services/Helpdesk/User
RetainDeletedItemsFor : 00:00:00
IsMailboxEnabled : True
Languages : {en-US}
OfflineAddressBook :
ProhibitSendQuota : unlimited
ProhibitSendReceiveQuota : unlimited
DowngradeHighPriorityMessa gesEnabled : False
ProtocolSettings : {}
RecipientLimits : unlimited
UserAccountControl : NormalAccount, DoNotExpirePassword
IsResource : False
IsLinked : False
IsShared : False
LinkedMasterAccount :
ResourceCapacity :
ResourceCustom : {}
ResourceType :
SamAccountName : user
SCLDeleteThreshold :
SCLDeleteEnabled :
SCLRejectThreshold :
SCLRejectEnabled :
SCLQuarantineThreshold :
SCLQuarantineEnabled :
SCLJunkThreshold :
SCLJunkEnabled :
AntispamBypassEnabled : False
ServerLegacyDN : /o=Staff/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi guration/c n=Servers/ cn=EXCHANG E07
ServerName : exchange07
UseDatabaseQuotaDefaults : False
IssueWarningQuota : 500000KB
RulesQuota : 64KB
Office : Computer Services
UserPrincipalName : xxxx@xxx.xxx
UMEnabled : False
MaxSafeSenders :
MaxBlockedSenders :
Extensions : {}
AcceptMessagesOnlyFrom : {}
AcceptMessagesOnlyFromDLMe mbers : {}
AddressListMembership : {Staff, Default Global Address List, Staff, All Users}
Alias : cstevens
OrganizationalUnit : xxx.xxxx/AD Root/Campus Services/Information Services/helpdesk
CustomAttribute1 : non-student
CustomAttribute10 :
CustomAttribute11 :
CustomAttribute12 :
CustomAttribute13 :
CustomAttribute14 :
CustomAttribute15 :
CustomAttribute2 : M
CustomAttribute3 : xxxxxx
CustomAttribute4 :
CustomAttribute5 :
CustomAttribute6 :
CustomAttribute7 :
CustomAttribute8 :
CustomAttribute9 :
DisplayName : User
EmailAddresses : {X400:C=US;A= ;P=Staff;O=Exchange;S=xxxx ;G=xxxx;, smtp:user@local, SMTP:user@xxx.xxx}
GrantSendOnBehalfTo : {}
HiddenFromAddressListsEnab led : False
LegacyExchangeDN : /o=staff/ou=first administrative group/cn=recipients/cn=use r
MaxSendSize : unlimited
MaxReceiveSize : unlimited
PoliciesIncluded : {{4E23349E-DF7E-4100-A6A9- 472DCB05D1 45},{26491 CFC-9E50-4 857-861B-0 CB8DF22B5D 7}}
PoliciesExcluded : {}
EmailAddressPolicyEnabled : True
PrimarySmtpAddress : xxx@xxx.xxx
RecipientType : UserMailbox
RecipientTypeDetails : UserMailbox
RejectMessagesFrom : {}
RejectMessagesFromDLMember s : {}
RequireSenderAuthenticatio nEnabled : False
SimpleDisplayName :
UMDtmfMap : {}
WindowsEmailAddress : xxxx
IsValid : True
OriginatingServer : xxxx
ExchangeVersion : 0.1 (8.0.535.0)
Name :xxxx
DistinguishedName : CN=xxxx,OU=Computer Services,OU=Information Services,OU=Campus Services,OU=AD Root,DC=xxx,DC=xxx
Identity : xxx/AD Root/Campus Services/Information Services/helpdesk/xxx
ObjectCategory : xxx.xxx/Configuration/Sche ma/Person
ObjectClass : {top, person, organizationalPerson, user}
WhenChanged : 7/11/2008 8:44:55 AM
WhenCreated : 5/17/2005 1:27:48 PM
Any help would be much appreciated. Thank you so much!!!
OWA and Outlook works for everyone else in the company. I am able from my Outlook client add the user's mailbox and see everything. I read a similar post and the solution was to check if the user's account is locked out or disabled. His account and mailbox are not disabled and definitely connected.
We are running a mixed Exchange 2003/2007 environment with 1 server of each flavor. We previously decommissioned another Exchange 2003 server, where all our current 2007 mailboxes resided. The server was uninstalled about 5 days before this problem came up.
The user gets the following error when going into OWA:
Outlook Web Access could not connect to Microsoft Exchange. If the problem continues, contact technical support for your organization.
Request
Url: https://exchange07.xxxx.xxx:443/owa/default.aspx
User host address: xx.xx.xx.xx
Exception
Exception type: Microsoft.Exchange.Data.St
Exception message: Cannot open mailbox /o=staff/ou=first administrative group/cn=recipients/cn=jbt
Call stack
Microsoft.Exchange.Data.St
Microsoft.Exchange.Data.St
Microsoft.Exchange.Data.St
Microsoft.Exchange.Data.St
Microsoft.Exchange.Data.St
Microsoft.Exchange.Data.St
Microsoft.Exchange.Clients
Microsoft.Exchange.Clients
Microsoft.Exchange.Clients
Microsoft.Exchange.Clients
Microsoft.Exchange.Clients
Microsoft.Exchange.Clients
System.Web.HttpApplication
System.Web.HttpApplication
Inner Exception
Exception type: Microsoft.Mapi.MapiExcepti
Exception message: MapiExceptionLogonFailed: Unable to open message store. (hr=0x80040111, ec=1010) Diagnostic context: Lid: 18969 EcDoRpcExt2 called [length=483] Lid: 27161 EcDoRpcExt2 returned [ec=0x0][length=124][laten
Call stack
Microsoft.Mapi.MapiExcepti
Microsoft.Mapi.ExRpcConnec
Microsoft.Mapi.ConnectionC
Microsoft.Mapi.ConnectionC
Microsoft.Exchange.Data.St
Here is the user's mailbox information
Database : EXCHANGE07\Mail Database
DeletedItemFlags : RetainForCustomPeriod
UseDatabaseRetentionDefaul
RetainDeletedItemsUntilBac
DeliverToMailboxAndForward
RetentionHoldEnabled : False
EndDateForRetentionHold :
StartDateForRetentionHold :
ManagedFolderMailboxPolicy
ExchangeGuid : 08ad919e-661f-46fd-9505-35
ExchangeSecurityDescriptor
ExchangeUserAccountControl
ExternalOofOptions : External
ForwardingAddress : XXX.XXX/AD Root/Services/Information Services/Helpdesk/User
RetainDeletedItemsFor : 00:00:00
IsMailboxEnabled : True
Languages : {en-US}
OfflineAddressBook :
ProhibitSendQuota : unlimited
ProhibitSendReceiveQuota : unlimited
DowngradeHighPriorityMessa
ProtocolSettings : {}
RecipientLimits : unlimited
UserAccountControl : NormalAccount, DoNotExpirePassword
IsResource : False
IsLinked : False
IsShared : False
LinkedMasterAccount :
ResourceCapacity :
ResourceCustom : {}
ResourceType :
SamAccountName : user
SCLDeleteThreshold :
SCLDeleteEnabled :
SCLRejectThreshold :
SCLRejectEnabled :
SCLQuarantineThreshold :
SCLQuarantineEnabled :
SCLJunkThreshold :
SCLJunkEnabled :
AntispamBypassEnabled : False
ServerLegacyDN : /o=Staff/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi
ServerName : exchange07
UseDatabaseQuotaDefaults : False
IssueWarningQuota : 500000KB
RulesQuota : 64KB
Office : Computer Services
UserPrincipalName : xxxx@xxx.xxx
UMEnabled : False
MaxSafeSenders :
MaxBlockedSenders :
Extensions : {}
AcceptMessagesOnlyFrom : {}
AcceptMessagesOnlyFromDLMe
AddressListMembership : {Staff, Default Global Address List, Staff, All Users}
Alias : cstevens
OrganizationalUnit : xxx.xxxx/AD Root/Campus Services/Information Services/helpdesk
CustomAttribute1 : non-student
CustomAttribute10 :
CustomAttribute11 :
CustomAttribute12 :
CustomAttribute13 :
CustomAttribute14 :
CustomAttribute15 :
CustomAttribute2 : M
CustomAttribute3 : xxxxxx
CustomAttribute4 :
CustomAttribute5 :
CustomAttribute6 :
CustomAttribute7 :
CustomAttribute8 :
CustomAttribute9 :
DisplayName : User
EmailAddresses : {X400:C=US;A= ;P=Staff;O=Exchange;S=xxxx
GrantSendOnBehalfTo : {}
HiddenFromAddressListsEnab
LegacyExchangeDN : /o=staff/ou=first administrative group/cn=recipients/cn=use
MaxSendSize : unlimited
MaxReceiveSize : unlimited
PoliciesIncluded : {{4E23349E-DF7E-4100-A6A9-
PoliciesExcluded : {}
EmailAddressPolicyEnabled : True
PrimarySmtpAddress : xxx@xxx.xxx
RecipientType : UserMailbox
RecipientTypeDetails : UserMailbox
RejectMessagesFrom : {}
RejectMessagesFromDLMember
RequireSenderAuthenticatio
SimpleDisplayName :
UMDtmfMap : {}
WindowsEmailAddress : xxxx
IsValid : True
OriginatingServer : xxxx
ExchangeVersion : 0.1 (8.0.535.0)
Name :xxxx
DistinguishedName : CN=xxxx,OU=Computer Services,OU=Information Services,OU=Campus Services,OU=AD Root,DC=xxx,DC=xxx
Identity : xxx/AD Root/Campus Services/Information Services/helpdesk/xxx
ObjectCategory : xxx.xxx/Configuration/Sche
ObjectClass : {top, person, organizationalPerson, user}
WhenChanged : 7/11/2008 8:44:55 AM
WhenCreated : 5/17/2005 1:27:48 PM
Any help would be much appreciated. Thank you so much!!!
Can you reset his password and tell me what happens?
ASKER
We actually tried changing the password a few days ago and it did not fix the problem. I went ahead and tried again after I got your response. Same results unfortunately : (
Run an IPconfig /all and see if his/her DNS servers are outside servers. If it is an outside server, it will skip your DNS server and look outside your LAN for your Exchange server.
ASKER
Thanks for that suggestion. However, all his DNS servers are internal. Also, I get the same results for OWA when trying to login to his mailbox via OWA from any computer on site as well as off site. So it seems like something related to the user's AD account.
An interesting thing I noticed in the Advanced Security Settings for the user in Active Directories and Users is that the box for "Allow inheritable permissions from the parent to propogate to this object and all child objects. Include these with with explicitly defined here" keeps on getting unchecked. This user account formerly had domain admin access. It no longer does. When the user originally started having OWA access problems, I noticed that this box was unchecked. I checked it and then a day later, the box becomes unchecked again. This has happened for the last 3 days in a row. We have 4 DCs running WS2K3 Std. and all have the latest updates.
An interesting thing I noticed in the Advanced Security Settings for the user in Active Directories and Users is that the box for "Allow inheritable permissions from the parent to propogate to this object and all child objects. Include these with with explicitly defined here" keeps on getting unchecked. This user account formerly had domain admin access. It no longer does. When the user originally started having OWA access problems, I noticed that this box was unchecked. I checked it and then a day later, the box becomes unchecked again. This has happened for the last 3 days in a row. We have 4 DCs running WS2K3 Std. and all have the latest updates.
ASKER
I gave that a look and the user is actually already in a security group that have adequate permissions. For fun, I added the individual user account to no avail.
Another interesting observation in the OWA error message that may give us a hint of the problem:
Exception
Exception type: Microsoft.Exchange.Data.St orage.Conn ectionFail edTransien tException
Exception message: Cannot open mailbox /o=staff/ou=first administrative group/cn=recipients/cn=use rname.
where ou=first administrative group. This is the old Exchange 2003 administrative group where the user's mailbox was associated with before we migrated him to Exchange 2007. Shouldn't this be pointing to the new Exchange 2007 administrative called Exchange Administrative Group?
Thanks again for your help and efforts. It's much appreciated.
Another interesting observation in the OWA error message that may give us a hint of the problem:
Exception
Exception type: Microsoft.Exchange.Data.St
Exception message: Cannot open mailbox /o=staff/ou=first administrative group/cn=recipients/cn=use
where ou=first administrative group. This is the old Exchange 2003 administrative group where the user's mailbox was associated with before we migrated him to Exchange 2007. Shouldn't this be pointing to the new Exchange 2007 administrative called Exchange Administrative Group?
Thanks again for your help and efforts. It's much appreciated.
ASKER
More strange details. If I give myself permissions to the problem users mailbox, I can access via OWA the user's mailbox when using the Open Other Mailbox feature when I am logged in with my username. However, OWA still does not work if he uses his username.
have to think about this a bit. I can't understand why exchange permissions doesn' like the one user.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello,
I just got the same problem, I fixed it:
I added it's own account in Magement console for Full acces.
Now i can acces trough MAPI and OWA.
Strange but it works again.
I just got the same problem, I fixed it:
I added it's own account in Magement console for Full acces.
Now i can acces trough MAPI and OWA.
Strange but it works again.