"Bookmark is not valid" error in Outlook/Exchange
I have a person who cannot print in Outlook 2007 (connected to Exchange Server 2007 over LAN). Here are the facts:
1. User can receive and send email.
2. Status line in Outlook says "Connected to Microsoft Exchange".
3. When she prints to any printer, she gets an error that she cannot print because she is not connected to exchange.
4. If she clicks the Address Book icon, she gets an error "The bookmark is not valid".
5. If I set her account up on another PC, and try to set up Outlook, I get a success checkmark on "Establish network connection". I get a success checkmark on "Search for <user_email_address> server settings." But on "Log on to server" I get "The action cannot be completed. The bookmark is not valid"
6. On that *same* machine, if I set up any other user, it succeeds with no problem.
Any idea on how to troubleshoot this? It appears to be user-related rather than workstation-related. Any way to use EMS to query the defective user against a known good user and see what the difference is?
1. User can receive and send email.
2. Status line in Outlook says "Connected to Microsoft Exchange".
3. When she prints to any printer, she gets an error that she cannot print because she is not connected to exchange.
4. If she clicks the Address Book icon, she gets an error "The bookmark is not valid".
5. If I set her account up on another PC, and try to set up Outlook, I get a success checkmark on "Establish network connection". I get a success checkmark on "Search for <user_email_address> server settings." But on "Log on to server" I get "The action cannot be completed. The bookmark is not valid"
6. On that *same* machine, if I set up any other user, it succeeds with no problem.
Any idea on how to troubleshoot this? It appears to be user-related rather than workstation-related. Any way to use EMS to query the defective user against a known good user and see what the difference is?
ASKER
In EMC, her account is NOT set to hide from address lists.
She does show up in the GAL.
She does show up in the GAL.
do you have the possibility to reboot the domain controller ?
you have SBS right one server DC and exchange ?
you have SBS right one server DC and exchange ?
ASKER
Yes, when the server is rebooted, it's everything - DC, Exchange, etc.
The server has been rebooted three times since the problem occurred, twice to complete WIndows updates, and once before we started all the address book work a couple of nights ago. System uptime is less than 48 hours.
The server has been rebooted three times since the problem occurred, twice to complete WIndows updates, and once before we started all the address book work a couple of nights ago. System uptime is less than 48 hours.
if it is not too much to ask reboot it one more time.
if it doesn't work it looks like a permission issue
if it doesn't work it looks like a permission issue
ASKER
I'll be able to reboot in about 1 hour.
ASKER
Rebooted. Same errors result.
ASKER
My own research indicates that rebooting the SBS2008 machine is supposed to remedy this issue. It still gives the Bookmark not valid error. Anyone know why this doesn't seem to work in this case?
Hi Dave,
yes reboot solve the issue 90% of the time and when it doesn't it is usually a permission issue of the user.
we can try to solve this the easy way which is
delete the user
create another user
import back the emails
yes reboot solve the issue 90% of the time and when it doesn't it is usually a permission issue of the user.
we can try to solve this the easy way which is
delete the user
create another user
import back the emails
ASKER
Assuming I remove/add the user through the SBS console, will it allow me to add a user with the same user name as the one I just deleted?
yes you can do this no problem
i have 2 scenarios in head the first one being
1. go to the user and export his mailbox to a pst and save the PST
2. delete it from ADUC and create a new one with the same username DO NOT create a mailbox for it
3. go to EMC -> recipient config -> disconnected mailboxes you will find the mailbox of the user you have delete it right click and reconnect it to the new one.
If this doesn't work then the issue is from the mailbox it self we will need to create a new mailbox to the new user and import back the PST
lets' try this first
i have 2 scenarios in head the first one being
1. go to the user and export his mailbox to a pst and save the PST
2. delete it from ADUC and create a new one with the same username DO NOT create a mailbox for it
3. go to EMC -> recipient config -> disconnected mailboxes you will find the mailbox of the user you have delete it right click and reconnect it to the new one.
If this doesn't work then the issue is from the mailbox it self we will need to create a new mailbox to the new user and import back the PST
lets' try this first
Or give the users AD account read rights on the address list through ADSIEdit
You aren't using roaming profiles are you?
By default the 'Authenicated Users' group should get 'Read' and 'Open address list' permissions on the global address list. Confirm these permissions exist and as a test add the user account with those permissions and see if the outlook issue is resolved.
The other dirty method is to add the user to 'Domain Admins' test Outlook to confirm it is working then remove them from 'Domain Admins' again. I don't recommend that method though.
The other dirty method is to add the user to 'Domain Admins' test Outlook to confirm it is working then remove them from 'Domain Admins' again. I don't recommend that method though.
Also ensure 'Authenticated Users' has these permissions in ADSIEdit on the OAB:
'Download Offline Address Book' and 'List Contents'
You can try giving your failing user account those permissions too.
'Download Offline Address Book' and 'List Contents'
You can try giving your failing user account those permissions too.
MegaNuk3 hey thanks for the input.
if you have read the thread it is only one user having this issue.
Would you agree with me that just recreating the user is a faster approach ?
if you have read the thread it is only one user having this issue.
Would you agree with me that just recreating the user is a faster approach ?
Depends how the ntfs and other permissions in the domain are done. If there are loads of single entries instead of groups everywhere then recreating the user account will cause a few headaches. If groups are used for ntfs permissions then recreating should be quite painless.
That's why I want to know if roaming profiles are in use. We could be going from machine to machine loading the same rubbish for this user
That's why I want to know if roaming profiles are in use. We could be going from machine to machine loading the same rubbish for this user
ASKER
Hello, and thanks for the input - Sorry I've been offline for the past day or so. The facility is closed so I cannot get access to the user's PC. I will be on site there in about 24 hours.
Roaming profiles are not in use. As Akhater says, currently there is only one user with an issue. There *were* two, but a roboot of the server seems to have cleared up the issue for the other user - she says she is experiencing no problems at all now. So it seems to be a single user having problems.
I have run ADSI Edit, but cannot locate the parameters mentioned by MegaNuk3.
Roaming profiles are not in use. As Akhater says, currently there is only one user with an issue. There *were* two, but a roboot of the server seems to have cleared up the issue for the other user - she says she is experiencing no problems at all now. So it seems to be a single user having problems.
I have run ADSI Edit, but cannot locate the parameters mentioned by MegaNuk3.
I still beleive create a new user is the easiest way
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Unfortunately, I cannot export the account in question to a pst because I get the "not connected to Microsoft Exchange" error when I attempt to export. I tried exporting using EMS on the Exchange server, but I get a fatal error that I can only do this from a 32 bit machine. :-(
Did you try my ADSIEdit permissions?
You can download the 32bit version of exchange 2007 and use this to install the management tools (EMS) and then you can run export-mailbox
You can download the 32bit version of exchange 2007 and use this to install the management tools (EMS) and then you can run export-mailbox
Dave just use outlook to export
Giving the user account direct permissions to the global address list in ADSIEdit should solve this. It has worked for me before (many years ago on Exchange 2003).
You can connect with LDP.exe and bind as a non-admin user that is working and drill down to the OUs I mentioned and see what the working user can see. Then do the same thing with LDP.exe and bind as the "bookmark invalid" user and you will probably find that they cannot drill down to that OU or view the properties of the objects in it.
You can connect with LDP.exe and bind as a non-admin user that is working and drill down to the OUs I mentioned and see what the working user can see. Then do the same thing with LDP.exe and bind as the "bookmark invalid" user and you will probably find that they cannot drill down to that OU or view the properties of the objects in it.
ASKER
Akhater, When I attempt export from Outlook, I get a "you are not connected to Exchange Server" error. I was trying EMS because of that.
MegaNuk3, I have tried to locate this in ADSIEdit, but cannot:
CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=OrgName,CN=Mi
MegaNuk3, I have tried to locate this in ADSIEdit, but cannot:
CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=OrgName,CN=Mi
Replace OrgName with your Exchange org name, don't try and connect directly to it. Open Configuration and drill down.
can the user access his emails from outlook ? any OST by any chance (offline mode) ?
i
i
ASKER
Akhater, there is no .ost (wasn't in cached mode). The user can access emails on her own PC, and can send/receive. But that's it. Cannot print, cannot access the address book, etc. And if I try to install the account on another PC, it says it cannot connect to the exchange server even though it is connected and can browse that server, giving the "bookmark is not valid" error.
MegaNuk3, In ADSIEdit, I see only this on the left pane:
ADSI Edit
- Configuration [servername, etc...]
-CN=Configuration, DC=name etc.....
CN=DisplaySpecifiers
CN=ExtendedRights
CN=ForestUpdates
CN=LostAndFoundConfig
CN=NDTS Quotas
CN=Partitions
CN=Physical Locations
CN=Services
CN=Sites
CN=WellKnown Security Principles
I can't find CN=Default Global Address List
MegaNuk3, In ADSIEdit, I see only this on the left pane:
ADSI Edit
- Configuration [servername, etc...]
-CN=Configuration, DC=name etc.....
CN=DisplaySpecifiers
CN=ExtendedRights
CN=ForestUpdates
CN=LostAndFoundConfig
CN=NDTS Quotas
CN=Partitions
CN=Physical Locations
CN=Services
CN=Sites
CN=WellKnown Security Principles
I can't find CN=Default Global Address List
ASKER
Never mind ... found it
create an OST for him
ASKER
I have solved it - though a bit of a bandaid solution:
In ADSI Edit, I went to:
CN=Services >> Microsoft Exchange >> <domain> >> Address Lists Container >> All Global Address Lists >> Default Global Address Lists
I went into Properties/Security of CN=Default Global Address Lists and added the specific user in question, giving them full control (not an issue in this very small company). And it worked.
Likely doing a remove/re-add user as suggested by Akhater would amount to the same thing, but it is VERY nice to have this resolved.
Thanks for all the help.
In ADSI Edit, I went to:
CN=Services >> Microsoft Exchange >> <domain> >> Address Lists Container >> All Global Address Lists >> Default Global Address Lists
I went into Properties/Security of CN=Default Global Address Lists and added the specific user in question, giving them full control (not an issue in this very small company). And it worked.
Likely doing a remove/re-add user as suggested by Akhater would amount to the same thing, but it is VERY nice to have this resolved.
Thanks for all the help.
Don't you mean to say "meganuk3 solved it"? ;-)
ASKER
Yes - re-reading the replies, you were the on e who suggested modifying the read/write properties for address lists through ADSI Edit. :-)
Thanks for the points. Glad that solution worked. It worked for me many years ago when I saw this error on Exchange 2003. Glad to see it is still valid for Exchange 2007.
Can the user now print from Outlook too?
Can the user now print from Outlook too?
if not is she showing in the GAL ?