?
Solved

Exchange 2010 - Connection to Exchange is unavailable

Posted on 2009-12-16
70
Medium Priority
?
5,131 Views
Last Modified: 2012-05-08
A newly created Exchange 2010 environment is having issues getting local clients to connect.  I have tried autodiscover and manual.  OWA is working without issue, and so is remote Mac Mail.  

Configuration:
2 Mailbox servers in a DAG
1 CAS server
1 HUB server
2 DCs

When I try to manually set up the connection, it will resolve the name, but then say the connection to microsoft exchange is unavailable.  The same thing happens when I use autodiscover.  
0
Comment
Question by:TacoFlavoredKisses
  • 38
  • 21
  • 8
  • +1
69 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26064767
So if you manually create the outlook profile and add the CAS server as the servername then the exchange alias as the username and click check name what happens?
0
 
LVL 16

Expert Comment

by:Narayan_singh
ID: 26065181
Use https://www.testexchangeconnectivity.com/ to check the connectivity.
Post the result.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26065396
When I click check name, it pops up to say retry or cancel, but then resolves the name anyway when I cancel.  

Testing connectivity failed, but only because it doesn't like the cert we are using.  I got the current cert for free to get everything setup and tested before we purchase one.

Testing for exchange RPC:
      Testing RPC/HTTP connectivity
       RPC/HTTP test failed
       
      Test Steps
       
      Attempting to resolve the host name owa.domain.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 11.22.33.44
      Testing TCP Port 443 on host owa.domain.com to ensure it is listening and open.
       The port was opened successfully.
      Testing SSL Certificate for validity.
       The SSL Certificate failed one or more certificate validation checks.
       
      Test Steps
       
      Validating certificate name
       Successfully validated the certificate name
       
      Additional Details
       Found hostname owa.company.com in Certificate Subject Common name
      Validating certificate trust
       Certificate trust validation failed
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The certificate chain did not end in a trusted root. Root = CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 74

Expert Comment

by:Glen Knight
ID: 26065425
Are you talking about inside your network or outside of it?

If you ping the Exchange servers by name from your client machines do you get a response?
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26065444
Also tested ActiveSync and got similar results.  Everything looked good up until the SSL cert.  I did have this tested with the same site using our * cert, but found this was causing other issues.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26065461
Inside is where I am testing now.  I can ping the exchange servers by name.
0
 
LVL 16

Expert Comment

by:Narayan_singh
ID: 26065486
Outlook anywhere needs a valid certificate unless you r certificate is valid , Outlook anywhere will not work.
For Exchange 2010 it is recommended rather neccessary to have SAN/UCC certificate.

Install the certificate manully on client machine and then try to access again ( you can give a try not sure whether it will work)
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26065525
I can switch back to the star cert for now, as this will test properly.  Give me a few and I will post results
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26065608
I made some additional changes by following an article for 2007 exchange to use a single cert.
http://www.amset.info/exchange/singlenamessl.asp

Looks like since these changes trying to go back to the star cert does not test properly.
Error was:  A Web Exception occurred because an HTTP 404 - NotFound response was received from IIS7
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26065637
Just to take that part out all together I can going to purchase a single name SSL cert.  If we need to move to a SAN then we will, but it sounds like others were able to do it all with one name.
0
 
LVL 16

Expert Comment

by:Narayan_singh
ID: 26065725
The SRV record for Autodiscover needs to be configured in external DNS if you using Outlook Anywhere.

Did you try installing the certificate on the client machine and the configure outlook for rpc-https and configure it manuallu do not use autodiscover and see if it connects it may work.however services like OAB,EWS will not work unless autodiscover works.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26065800
I was doing the setting manually for now.  Will need to setup autodiscover as well.  Just got the new cert and will be testing exchange again now and posting results.
0
 
LVL 16

Expert Comment

by:Narayan_singh
ID: 26065834
See this article on how to generate the request for SAN certificate and how to enable it.

http://msexchangeteam.com/archive/2007/07/02/445698.aspx
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26065838
Activesync test now comes back OK.  Exchange RPC test came back with this:
 Testing Http Authentication Methods for URL https://owa.domain.com/rpc/rpcproxy.dll 
  Http Authentication Test failed
   Additional Details
  A Web Exception occurred because an HTTP 404 - NotFound response was received from IIS7  
 
0
 
LVL 16

Expert Comment

by:Narayan_singh
ID: 26065862
Have you installed RPC component 404 says it doesnt find RPC virtual directory.
See this artcle on how to do basic set up for outlook anywhere and how to enable RPC component.
http://technet.microsoft.com/en-us/library/bb123513.aspx

If you have already installed it ... remove t and install it again
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26065992
Very good.  That is now working.  

New results are in the code block below.

Still can not connect locally though.

RPC/HTTP connectivity 
  RPC/HTTP test completed successfully. 
   Test Steps 
   Attempting to resolve the host name owa.domain.com in DNS. 
  Host successfully resolved 
   Additional Details 
  IP(s) returned: 11.22.33.44 
 
 Testing TCP Port 443 on host owa.domain.com to ensure it is listening and open. 
  The port was opened successfully. 
 Testing SSL Certificate for validity. 
  The certificate passed all validation requirements. 
   Test Steps 
   Validating certificate name 
  Successfully validated the certificate name 
   Additional Details 
  Found hostname owa.domain.com in Certificate Subject Common name  
 
 Validating certificate trust 
  The test passed with some warnings encountered. Please expand additional details. 
   Additional Details 
  Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information.  
 
 Testing certificate date to ensure validity 
  Date Validation passed. The certificate is not expired. 
   Additional Details 
  Certificate is valid: NotBefore = 12/16/2009 7:34:08 PM, NotAfter = 12/16/2010 7:34:08 PM"  
 
 
 
 Testing Http Authentication Methods for URL https://owa.domain.com/rpc/rpcproxy.dll 
  Http Authentication Methods are correct 
   Additional Details 
  Found all expected authentication methods and no disallowed methods. Methods Found: Basic, Negotiate, NTLM  
 
 Testing SSL mutual authentication with RPC Proxy server 
  Successfully verified Mutual Authentication 
   Additional Details 
  Certificate common name owa.domain.com matches msstd:owa.domain.com  
 
 Attempting to Ping RPC Proxy owa.domain.com 
  Pinged RPC Proxy successfully 
   Additional Details 
  Completed with HTTP status 200 - OK  
 
 Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server XXXcasv01.inside.local 
  Pinged Endpoint successfully 
   Additional Details 
  RPC Status Ok (0) returned in 203 ms.  
 
 Testing NSPI Interface on Exchange Mailbox Server 
  Successfully tested NSPI Interface. 
   Test Steps 
   Attempting to ping RPC Endpoint 6004 (NSPI Proxy Interface) on server XXXcasv01.inside.local 
  Pinged Endpoint successfully 
   Additional Details 
  RPC Status Ok (0) returned in 187 ms.  
 
 Testing NSPI "Check Name" for user joeuser@domain.com against server XXXcasv01.inside.local 
  The test passed with some warnings encountered. Please expand additional details. 
   Tell me more about this issue and how to resolve it 
   Additional Details 
  NspiBind returned ecNotSupported. This typically indicates that your server requires RPC encryption. ExRCA will attempt the NSPI test again with encryption.  
 
 Testing NSPI "Check Name" for user joeuser@domain.com against server XXXcasv01.inside.local 
  Check Name succeeded 
   Additional Details 
  DisplayName: Joe User, LegDN: /o=XXXMail/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Joe User  
 
 
 
 Testing the Referral Service on Exchange Mailbox Server 
  Successfully tested the Referral Service 
   Test Steps 
   Attempting to ping RPC Endpoint 6002 (Referral Interface) on server XXXcasv01.local.local 
  Pinged Endpoint successfully 
   Additional Details 
  RPC Status Ok (0) returned in 937 ms.  
 
 Attempting to perform Referral for user /o=XXXMail/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Joe User on Server XXXcasv01.inside.local 
  Succeeded getting Referral 
   Additional Details 
  Server returned by Referral Service: ALBEXX01.inside.local  
 
 
 
 Testing the Exchange Information Store on Mailbox Server 
  Successfully tested the Information Store 
   Test Steps 
   Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server XXXcasv01.inside.local 
  Pinged Endpoint successfully 
   Additional Details 
  RPC Status Ok (0) returned in 187 ms.  
 
 Testing Logon to the Exchange Information Store 
  Successfully logged on to the Information Store

Open in new window

0
 
LVL 16

Expert Comment

by:Narayan_singh
ID: 26066092
Locally ?  how you are trying to connect ?
re-configure outlook for RPC-HTTPS and do it manually.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26066177
I am trying to do Outlook locally without the RPC, by just entering the exchange CAS server name, and then the exchange alias.
0
 
LVL 16

Expert Comment

by:Narayan_singh
ID: 26066334
Configure the outlook profile:

Define Exchange server, for Exchange Server, enter the name of the Exchange server.and the provide user name or alias.

Click More Settings.

Select the Connect to Exchange Mailbox using HTTP check box.

Type the server name for the Outlook Anywhere proxy server.

Do not enter http:// or https:// as part of the name. The appropriate entry (http:// or https://) is included automatically in the box after you enter the name, based on the authentication settings you choose.


Choose whether or not to reverse default behavior for how Outlook chooses which connection type to try to use first, LAN or Outlook Anywhere.

Select an authentication method.

The default method is Password Authentication (NTLM). Change it to Basic.

Click OK to return to the Specify Exchange Settings page and click check name.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26066396
Doing that popped up a login box, but after I put in the appropriate information it errored:
---------------------------
Microsoft Office Outlook
---------------------------
Outlook cannot log on. Verify you are connected to the network and are using the proper server and mailbox name.  The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.
---------------------------
OK  
---------------------------
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26066405
Also, I didn't see anything for reverse default behavior.
0
 
LVL 16

Expert Comment

by:Narayan_singh
ID: 26066503
type the use name in a following way

domainname\username

try with FQDNofDmoain name\username

domain\user and domain.com\user
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26066524
enter the username using the UPN name, this appears on the Account tab in Active Directory users and computers.

it will be username@domainname.local where domainname.local is the internal domain name.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26066606
Remotely, I can get this to work using RPC over HTTP, but only with basic authentication.  NTLM still fails. This is using just the server name, the normal alias, and the RPC address with SSL.

Internally I can not get it to work with any of the combinations.  

Really though internally I should not have to use RPC, correct?
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26066614
We have changed the UPN to be the same as the domain, as we will be hosting many domains.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 1500 total points
ID: 26066639
correct, it should work internally without using RPC -HTTPS
It should work straight out of the box, the only reason it wouldn't would be either a DNS issue or an Active Directory issue.

Can you post an IPCONFIG /ALL from your client and the exchange server.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26066807
CAS Server:

C:\Users\moten>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XXXCASv01
   Primary Dns Suffix  . . . . . . . : XXX.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXX.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-50-56-93-1E-56
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.6.115(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.6.1
   DNS Servers . . . . . . . . . . . : 192.168.6.100
                                       192.168.6.101
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{D39F826A-D04D-453D-860B-360D7D20F
79D}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Exchange Mailbox Server



C:\Users\moten>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XXXEXX01
   Primary Dns Suffix  . . . . . . . : XXX.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXX.local

Ethernet adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Failover Cluster Virtual Adapte
r
   Physical Address. . . . . . . . . : 1A-A9-05-40-6D-B8
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 169.254.1.234(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC382i DP Multifunction Gigabit Server
 Adapter #2
   Physical Address. . . . . . . . . : 18-A9-05-40-6D-BA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Autoconfiguration IPv4 Address. . : 169.254.176.140(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.5.22
                                       192.168.5.20
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC382i DP Multifunction Gigabit Server
 Adapter
   Physical Address. . . . . . . . . : 18-A9-05-40-6D-B8
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.5.253(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.5.1
   DNS Servers . . . . . . . . . . . : 192.168.6.100
                                       192.168.6.101
   NetBIOS over Tcpip. . . . . . . . : Enabled



Client Machine:



Windows IP Configuration

        Host Name . . . . . . . . . . . . : XPEHXXX
        Primary Dns Suffix  . . . . . . . : XXX.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : XXX.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter

        Physical Address. . . . . . . . . : 00-50-56-93-4B-D2
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.6.177
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.6.1
        DHCP Server . . . . . . . . . . . : 192.168.6.10
        DNS Servers . . . . . . . . . . . : 192.168.6.100
                                            192.168.6.101
        Primary WINS Server . . . . . . . : 192.168.5.22
        Secondary WINS Server . . . . . . : 192.168.5.50
        Lease Obtained. . . . . . . . . . : Wednesday, December 16, 2009 4:25:58
 PM
        Lease Expires . . . . . . . . . . : Thursday, December 24, 2009 4:25:58
PM
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26066846
Your servers are on different subnets?
your server is 192.168.6.x and your mailbox server is on 192.168.5.x

Can you also disable all of the network cards that are not being used.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26066891
I was slightly mistaken before.  Externally it can resolve the name, but then fails when it tries to connect to exchange.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26066899
They are on different subnets, but routing is setup between them.  I am disabling the unused cards now.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26066910
as per my previous post.
The problem is down to the subnet.
The reason it resolves is because your CAS is on the correct subnet but then when you try to login it fails because it cannot get your mailbox.

You need to change the IP address on your mailbox server, I would also disable all the other network cards.
Then restart the NETLOGON service to re-register the DNS records.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26066915
I disabled the extra NIC on the mailbox server.  The other server is a virtual machine, so the adapters are because of that
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26066921
Can you confirm the routing is working?
Can you ping one Exchange server from the other?
Can you also ping the DNS servers from both exchange servers?
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26066923
Can they not be on seperate subnets if routing between the two is working properly?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26066939
if routing is working then there is no reason why not, can you confirm routing is working?
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26066960
We have many other things that are using both subnets and working, but just to be sure I am moving the mailbox server.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26066994
When you say you have routing enabled what are you allowing over?
Outlook uses random ports to conect to the Exchange server so unless you have all ports open it will fail.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26067077
There is no access list between the two subnets, but I have moved them.  

DNS has all been updated, but still getting the error.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26067098
from the CAS server, if you browse to https://localhost/owa and then login are you able to get your mailbox?
Where are the Global Catalogue servers?
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26067168
Yes, I can login here.  Also can log into this remotely.  

Global Catalog servers are in the same subnet.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26067179
OK, on a client machine that wasn't working run IPCONFIG /FLUSHDNS and then close outlook and reopen it and try again.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26067212
Flushed DNS.  Still have the error

---------------------------
Microsoft Office Outlook
---------------------------
Outlook cannot log on. Verify you are connected to the network and are using the proper server and mailbox name.  The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.
---------------------------
OK  
---------------------------
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26067229
and if you try Outlook Web Access using the CAS servers internal name from the client machine?

Can you ping both servers by name from the client?

What version of Windows are your DNS servers and Exchange Servers running on?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26067238
Can you also remove any outlook profiles you may have configured and try and configure a new profile.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26067254
all servers in the domain are 2008 enterprise.

I can log into the Web Access using the internal name.  I can ping both servers from the client.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26067271
I do get a warning about the certificate being wrong, as it has the external name.  

I can use the external name internally as well though, as we have split dns
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26067278
OK, that's OK.

What happens when you manually configure outlook?
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26067314
manually configuring outlook using the name of the CAS server comes back with this error:

---------------------------
Microsoft Office Outlook
---------------------------
Outlook cannot log on. Verify you are connected to the network and are using the proper server and mailbox name.  The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26067344
can you try another computer?
Its definately connectivity between the client and server that's the problem.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26067695
I am pushing out another VM now to test with.  I did try it from another remote machine though and got the same result.  It resolves the name, but then fails when connecting to exchange.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26067851
One other thing.  When I do the auto configure, it pops up asking for a username and password.  It also says it is trying to authenticate to the Mailbox server.  

I wasn't sure if it should have the CAS server here.   Actually I assumed since I am logged in as that user that it would not prompt at all.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26067891
You should be using the CAS server as the servername.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26067946
I use the CAS server, but it then changes it to the mailbox server when I check the name and authenticate.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26068043
I am going to open a case with Microsoft to see what they think.  I am sure them being able to access the machines in question will be a great help.

I will let you know how I make out and what the culprit ends up being.  Thanks for all your time on this, and helping me to resolve some of the other issues.  
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26072711
6 hours on the phone with microsoft so far.  They still have not been able to resolve the issue.  Right now they are thinking it is related to something with the domain service or netlogon.  They are getting the ad team to call me back now.  
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26072748
Out of interest if you type nslookup exchangeservername what do you get back?
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26072836

C:\Documents and Settings\user>nslookup albexx01.XXX.local
*** Can't find server name for address 192.168.6.100: Non-existent domain
*** Can't find server name for address 192.168.6.101: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.6.100

Name:    albexx01.XXX.local
Address:  192.168.6.103
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26072931
Do you get the same for the other servers?

I don't see how it could be a NETLOGON issue can you run DCDIAG on your domain controllers and post the results?
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26074795
dcdiag is having errors related to netlogon.  Can't post now as MS is on the box poking around.

On the DCs there is not this error.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26074813
DCDIAG will only work on the DC's no point running it on anything else.
All very interesting.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26075098
Sorry, I meant that the dcdiag had those errors on the DC, and that the nslookup did not have errors on the DC
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26075283
can you post the DCDIAG results?
The NSLOOKUP errors are because the DNS servers don't have reverse lookup zones for the subnets.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26083090
dcdiag is clean now.  MS was able to find a replication issue between the DCs, and also an issue with NTDS.  

Outlook clients now work without issue.  Only 13 hours of MS support needed.
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26083096
For the nslookup, it works from the servers, but not the workstation.  I agree that it is the reverse lookup.  Need to set that up still.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26083142
Is there anything elsei can help with?
At least I was right in one part it was a client connectivity issue :-)
0
 
LVL 1

Author Comment

by:TacoFlavoredKisses
ID: 26083354
very very true.  I will be awarding points to you.  Thank you for all your help along the way.  I took some of what we worked on here to help with the MS case.
0
 
LVL 1

Author Closing Comment

by:TacoFlavoredKisses
ID: 31666897
Active Directory was indeed most of the problem.
0
 
LVL 3

Expert Comment

by:tamaneri
ID: 33097117
Okay, I successfully got the exchange connectivity analyzer to give me 100% successful results.


But the clients are still sitting at "Trying to Connect"....


Then it will connect for a few minutes, and then disconnect.

Really wish I understood what is going on! Any thing else I can look at to diagnose?
0
 
LVL 3

Expert Comment

by:tamaneri
ID: 33097287
My bad, didn't mean to post here! :)
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question