Newest users can not connect to SBS 2008 / Exchange 2007 via Entourage

I am having a strange issue. My first 24 user accounts are unaffected by this issue. The problem started with account 25.

All new users can not connect via Entourage to the server. We get Error -170 in the verify. They can connect via Outlook and OWA. I have tried to connect to the same account from multiple clients. From all those clients I can add accounts for any of the first 24 users, but not users 25, 26 or 27.

SBS 2008 SR 8.  Entourage 2k4 several levels.

The same email settings work for accounts 1-24. Nothing works for 25, 26 or 27.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

How many licenses do you ahve for your SBS2008 server? I'm guessing 25, which is why you are havong a problem -- Admin + 24 users is hitting your limit. You can check the event log on the server, and you should see a bunch of messages about this.
cdebloisAuthor Commented:

All users created w/ SBS wizard and unmodified.

Only the new users see this error when connecting (img 1)

All users use the following config (img 2)

All users show the permissions shown from Exchange Mgmt Console (img 3)
cdebloisAuthor Commented:

Thank you for the reply.

We have 25 CALS + 5 original.  However, it is my understanding that SBS 2008 does not register CALS.  It works on the "honor" system.  Keep the CALS on file.  There is no licensing component and I never added the additional 25 CALS via any mechnism.

Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

OK, but you should still check the event viewer + exchange logs to see exactly what's happening when the users get bounced.
Are you configuring the Entourage users manually or letting it try automatically?
What server address is it using? Is it in the following format:
cdebloisAuthor Commented:
Sorry, correct img 2
cdebloisAuthor Commented:

Thanks.  There are no errors in the server side logs.  (At least Application and System.)  I have not ramped up the Exchange logging, because I have not yet figured out which of the long list of logs I should increase the logging level of.
try changing the server to the format I suggested earlier. Here's an MS KB about it:
cdebloisAuthor Commented:

Sorry missed that.  However, it doesn't matter how the server name is configured you get the same error.

Possible options for that box that have been tried (and suggested by other fora):


and all of the above permutations using the local name of the server.  We have our DNS server configured to provide the internal IP on requests for because this avoids the annoying dialog to confirm the identity of the server when Entourage starts.

Thanks, again.  However, I believe that I have covered all the "simple" solutions.  I have even cleared the plists on the clients, created new identities, created new Mac accounts.  All to no avail.

The settings shown in img2 work for all accounts from 1-24, just not these new accounts...  That is what led me to post in the server arena rather than the Entourage area.  Although I did cross post at Mactopia's Entourage forum.
OK, try one moe thing for diagnostics purposes, please. On one of the computers that work fine, change the account settings to use the new "bad" user accounts and see if they work. If you start getting an error, then the problem is with the user account, and has to be dealt with on the server. If you don't get an error, then the problem is on the computer itself, and something is wrong with the account config,
cdebloisAuthor Commented:

We have.  We can on ANY working client connect to one or more of the existing (1-24) mailboxes.  However, on any of those clients we get the above errors when trying to connect to accounts 25-27.  Or to rephrase:

All clients can connect to any account 1-24 via Entourage.  All clients can connect to multiple accounts 1-24.

No client can connect to accounts 25-27. (Even with new identities, or new Mac logon accounts).

Outlook and OWA connect to all accounts 1-27.

THAT is what leads me to believe I have an issue on the server.
OK, that's pretty weird. Are you sure that all users have been set up identically on the server? Do you use a user template, or do you manually select all the options? Are all the new users members of exactly the same groups as the old users?
cdebloisAuthor Commented:
All users are created using the SBS console "Add User" wizard.  Nothing is configured individually (OK we add the security groups for our file share, but that is it.)

No options are selected manually.  The working users were created when the server was built.  The new users some 4 weeks later.  Not even an update was run in between.

Yes very weird and I have many hours into this already.
Just in case, please check that all the new users are actually members of the exact same groups.

Also, try creating a completely new user, but not from SBS wizard, but form the Exchange Management console. (Under Recepient Configuration -- > Mailbox --> New Mailbox). It'll alow you to create a new user as well, but may be doing something "extra" to make it work properly. If this works, you'll need to delete the existing bad users and re-add them using this method.
cdebloisAuthor Commented:
Good thought.  No change.  Still error 170.
Wow, OK, I think that puts me out of ideas.

There is one last thing you can try, but it's pretty drastic. I'm still going back to the number of licenses, even though it's supposed to be honor based, but I know that SBS 2008 FE edition, for example, only supports a maximum of 15 CALs. To test my theory, what you could try is delete one of the "good" users (after backing up any of their filoes on the server plus their mailbox in Exchange), then reboot the server and see if one of the new users can now use Entourage. I just want to see if its an issue with the total number of users that are being supported.
cdebloisAuthor Commented:
Yep, that is drastic.  but I might just have an account that wouldn't be missed (to paraphrase Ko-Ko).  I might just try that.

Thanks again for your help.
cdebloisAuthor Commented:
All right.  Finally called MS.  The server group looked at the server for 2 seconds, had a bunch of discussion in the back ground and finally said,  "You will have to talk to the Entourage Group, goodbye."

We Entourage (who were able to actually create a live meeting session to a mac, unlike the server group) took at look at it and said, "OK, try this..."

For the new users we entered the server as:  computer.domain.local/exchange/

And it worked!  We had tried this before (btw).  But the laying on of hands is a powerful thing.

Case closed.   Apparently you have to use a different server name every now and then...  Ain't Entourage sweet.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.