Cannot setup outlook without access to default GAL

Posted on 2008-10-16
Last Modified: 2012-05-05
I have created several Default Global Address Lists in Exchange 2007 SP1.  Let's say I have 3 total named 1,2 & 3.  Now let's say I have 3 security groups also named 1, 2, & 3.  All groups have been denied read and open address list rights to all other groups..... Including the Default Global Address List.

Now I want to setup Outlook using RPC over HTTPS.  I get an error stating "can not match name to user in global address list" (or something like that) and I can't setup outlook.  If I remove the DENY permissions from the Default Global Address List then I can setup Outlook BUT they can also see all users!

I want all users in each group to ONLY see their respective GAL & I don't want outlook to give me grief when trying to setup a profile for the first time.  

Any solutions?
Question by:damien1234
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
LVL 23

Accepted Solution

Justin Durrant earned 500 total points
ID: 22737568

Author Comment

ID: 22753174
I've tried this and it simply does not work!  No matter what I do I cannot setup a new Outlook profile without getting the message "The name cannot be matched to a name in the address list"

I tried this particular solution a few months ago and it didn't work.  I think I've read the instructions about 100 times, plus all supporting articles.  I feel extremely comfortable with my understanding of the documents but I can't help but feel there is something I'm missing....

Author Comment

ID: 22753263
Ok, here is a new thought but keep the following in mind:
1) I am trying to connect using RPC over HTTPS and consequently I use "Exchange in cached mode"
2) I know for a fact that I have a problem with my OAB distribution

Is it possible that the problem is has to due with OAB not functioning correctly?  I suppose the real question is "When initially connecting via RPC over HTTPS in cached mode does Outlook try to pull user info from the OAB instead of the GAL?"  Just a thought....
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 22753651
During this whole process I lost my ability to see the GAL.  I reversed everything I did and my access was still gone.  I theorized that there was some cache in Exchange which might be causing this.  So I rebooted the Exchange server... no change... I waited a few hours and voila my access returned.  Maybe I'm just to impatient in expecting my results?  Maybe I should make all these changes and wait a good 3-4 hours before rendering judgement?
LVL 23

Expert Comment

by:Justin Durrant
ID: 22757406
Yea... it can take a bit for the GAL to regenerate.

Author Comment

ID: 22757710
So I tried a different method than you mentioned.  I simply denied access to the appropriate company GAL's so each company can only view their own.  The drawback to this is that each company can still see the title of the other 2 GAL's BUT they can't access them.  It's also more tedious to setup a 4th and 5th company.  The other method is much better overall if I could just get it to work.  I don't have time this weekend but the following I will.  I'll start out on Friday night and I should know if everything is working by Saturday morning.  If not I'll have time to fix it before the week starts.

BTW this alternate method did not work last night.... It of course works fine this morning.  I really wish I knew how long I had to wait.  

Anyway, I'll reward the points after I retry the method (for the third time) in two weeks.

Thank you very much!

Author Closing Comment

ID: 31506892
There were several factors at play which initially made this solution not work.  First was my test environment.  I was logged into a TS session with MY credentials and setup outlook with various users to access their own GAL's.  For some reason Outlook MUST have been passing on my own user credentials to exchange even when I was logging in as another user using RPC over HTTPS and Basic Authentication!  Lesson: login from a completely remote PC OR ONLY with that users credentials both in Windows and Outlook.  Second: Wait 24 hours for the GAL to be rebuilt before you come to any conclusions as to whether or not the solution works.  Three: DO NOT ADD ANYTHING TO THE ADDRESS BOOK ROOTS even though the instructions say so.  Yes, those same instructions do have a link regarding the issue.

Overall those instructions were exceptional.  And so was your help!  I doubt I ever would have waited for the GAL... I guess I'm just impatient!

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people use more than one email account and so it becomes difficult for them to manage them when they use separate accounts,  so, in this article, I have shared an easy way to add Other Mail Accounts in your Google Inbox. It helps to combine all…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question