Outlook 2007 or 2010 takes long during login on Exchange 2010

Outlook 2007 or 2010 takes long during login on Exchange 2010 (Outlook Anywhere).  We've been testing from different locations but it's always slow.  Once logged on it's fast.  If someone has an idea please feel free to share it

Thank you
Who is Participating?
Will SzymkowskiSenior Solution ArchitectCommented:
Take a look at this PAQ as it give good troubleshooting steps and should help fix your issue...
George SasIT EngineerCommented:
Is this happening for ALL your users or one particular user ?
Is this happening on all the clients or only on some ?
How big are the mailboxes ?
How big are the archive files ?
Where are the archive files located ? Tried disconnecting archive files ?
What about if you create a brand new Outlook Profile ?
quadrumaneAuthor Commented:
It happens to all users from any remote site (not in local or from OWA)  The mailboxes are limited to 3GB but most users have smaller mailboxes (300MB)  No archive.

I've been trying all suggested steps at the PAQ, including disabling kernel auth.  But users were no longer able to connect from Outlook so I put it back to true (value) Autodiscover stopped, I restarded it and now it's working again.  It seems to take a little less time but I now get this repeated event:

Process Microsoft.Exchange.RpcClientAccess.Service.exe (PID=4336). Object [mydomain.com/Users/Administrator]. Property [PreviousDatabase] is set to value [mydomain.com/Configuration/Deleted Objects/Mailbox Database - mydomain.com
DEL:ee6afc96-44c3-4f73-9834-368a292d650d], it is pointing to the Deleted Objects container in Active Directory. This property should be fixed as soon as possible.

{edited by MEE}
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

George SasIT EngineerCommented:
Ok .. so ALL your clients connect to the exchange trough RPC over HTTP ??
How many clients are we talking about ?
How is your setup configured ? Do you have a CAS server or all in one role ??
Please give some details about setup please.

Did you manually (hardcore) deleted any objects in AD recently ?
From the error I can see the RPC client service is trying to access a deleted object in the AD ..
Have you tried to recycle the exchange services ?
quadrumaneAuthor Commented:
(note: is it possible to remove a text from what I just posted, I was not suppose to include the client domain name)

Yes, we were running Exchange 2007.  A Mailbox server has been lost after a SAN crashed (yes it can happens)  we decided to get the database back on Exchange 2010 (we used PST files to get the latest updated emails for several users and LucID Digiscope to recover the remaining mailboxes from a backup)

We have no problem with the new mailbox server Exchange 2010.   Why Exchange 2010 ?  We had to act fast add we had HA in mind  (DAG will be added soon)  We could have a debate on whether we should have upgraded or not.  But it's done now.  

Another Exchange 2010 server has been deployed with HUB and CAS roles.  Exchange 2007 HUB-CAS server has been uninstalled.

The old mailbox server reference, no longer available of course, has been deleted with ADSIEDIT.  I followed the instructions to the letter to delete the reference.  

About 100 users are connected to the server.  We had no trouble at all with Exchange 2007.

I don't know about recycling exchange services.

We don't need the public folders but if it can help I could add new public folder.  But first I have to remove the old reference.
George SasIT EngineerCommented:
Ok , so you have one mailbox server and one HUB-CAS.

Did you tried to take a look at the load on the HUB-CAS server ? Disk Queue etc ?
Checked the event logs on the CAS and MBX servers ? Any problems there.
Did you used the old outlook profiles or created new ones ? (had simmilar problems after migrating from 2003 to 2010 and using old outlook profiles)

Any events on the client computers ?

I would start digging in the log files , I am sure somewhere the clients are trying to get in touch with your old exchange server or some deleted AD object.
Recycling exchange services = restart the services

Try to create a fresh new user and make a fresh outlook profile on one machine for him , open outlook and see how it goes.
Try to import a PST file in his mailbox and check after that.
Try to run the outlook without RPC over HTTP and see if you have better performance.
It might also be your autodiscover service that does not work as intended and points to the wrong server / url / ip . Might be DNS problem or cached objects in the outlook profile.
Can be many things but you have to start from one point : look into error logs and see what they point you to.
quadrumaneAuthor Commented:
Correct we have one mailbox and one HUB-CAS

1 - The HUB-CAS is not reporting any further errors.  

2 - The Mailbox is nor reporting any error

3 - No I don't use the old profiles.  All all profiles have been deleted.  New profiles have been created.

4 - We mostly used PST files to import data into the new Exchange mailbox

5 -  We disabled all the mailboxes (the old server was no longer available) Then all mailboxes have been created.

6 - The servers have been rebooted several times (so all services recycled)

7 - What log files are you referring at ?  

8 - It's not faster with new mailboxes

9 - it' faster in local

But on both DCs I've got this event:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
quadrumaneAuthor Commented:
About the KDC event, one of the DC (new) was not set to Eastern time.  It has been fixed.
George SasIT EngineerCommented:
Ok so your issiue seems to be only with RPC clients.
If you DISABLE the RPC over HTTP , will the outlook work as intended ?
Best oractice says you have to run Outlook with CACHED MODE when running rpc. Are you ?
In any case running rpc over http will be slower.
Do you have an SSL installed ?
When you disable the encryption on the outlook clients you also have to disable the encryption on the exchange database.

To disable the required encryption between Outlook and Exchange, follow these steps:

   1. On the server that is running Exchange 2010, run the following command in the Exchange Management Shell:

      Set-RpcClientAccess –Server Exchange_server_name –EncryptionRequired $False

      Note The Exchange_server_name placeholder represents the name of an Exchange Server 2010-based server that has the Client Access Server role.

      You must run this cmdlet for all Exchange 2010 Client Access servers.

   2. Rerun this command for each Exchange 2010-based server that has the Client Access Server role.

   3. After your Outlook clients are updated with the setting to enable encrypted RPC communication with Exchange (see steps provided below), you can re-enable the RPC encryption requirement on your Exchange 2010 servers that have the Client Access Server role.

      To re-enable the RPC encryption requirement on your Exchange 2010-based servers that have the Client Access Server role, run the following command in the Exchange Management Shell:
      Set-RpcClientAccess –Server Exchange_server_name –EncryptionRequired $True

      Note The Exchange_server_name placeholder represents the name of an Exchange 2010-based server that has the Client Access Server role.

      This cmdlet must be run for all Exchange 2010 Client Access servers.
quadrumaneAuthor Commented:
Yes Outlook is a bit slower when running rpc over http.  But we have several other Exchange servers (different networks) and it's never that slow.  

All outlook 2007 and 2010 clients are already encrypted.  I guess on Exchange 2010 encryption is enabled by default.  

Antispam was not enabled.  I've seen a lot a retrying send in the queue (spam) Recipient filtering is now enabled.  I don't see any option to keep bounced emails (spam)  from being sent out.    We've been backscattered.  

Thanks again
George SasIT EngineerCommented:
You said you only have only ONE mailbox server and ONE HUB/CAS ... now suddenly you have other exchange servers ????
In order to figure this out I need to know this kind of things...
Where is your CAS located ? On the same subnet where you have the problem or other subnet ?
Fast link / slow link ? ... if the setup is more complex please let me know.
About the errors tried to look on one of the client computers in the event log ?

If you CTRL+Right Click / Left Click the small outlook icon docked on your right side of the taskbar you can choose to see Connection Status ... any errors there ?
quadrumaneAuthor Commented:
No I mean we'e running others servers for other clients.  Each client is at a different location.  
quadrumaneAuthor Commented:
The HUB-CAS and mailbox are on the same subnet (LAN)  

- The internet is 20Mbits fiber.  
- 2 firewalls Sonicwall NSA-3500 in HA to protect the network.  
- Vmware (ESX 4)
- SAN is a MD3000i.  
- Each Exchange server runs on 2 vCPU with 8GB RAM.  

The setup is quite basic.  

Not a single error in the event viewer on the client computers.  No errors reported on Outlook.  

Time to connect is about 2 minutes.  

I have to add another HUB-CAS (NLB) I'll see if it speeds up RPC over HTTP
George SasIT EngineerCommented:
Don't need to add one more and I won't recommend using the NLB feature if you are only using a non mangeable switch as Microsoft NLB could flood your upstream switches , I would go for round robin.


Still , taking 2 minutes to connect it's like forever for the users ...
Tried using the Cached mode on the outlook ?
Do you have any DNS issues ? Disabled the RPC over HTTP on fast link and let it enabled only on slow connections ?
Your problem might also be the Autodiscover that does not work properly or not configured properly.
Is windows firewall enabled on clients ? Try disable that if its on and see if its faster.
quadrumaneAuthor Commented:
Snapshots from outlook /rpcdiag
quadrumaneAuthor Commented:
Snapshots from outlook /rpcdiag
quadrumaneAuthor Commented:
The fist snapshot is taken from a different Exchange system (another network, different AD)  where the users are connected in seconds.

The second snapshot is taken from the system we have trouble with.  
George SasIT EngineerCommented:
Yes , as you can see , on the first snapshot your users are connecting via the LOCAL area network , while on the second they connect trough HTTPS. (RPC over HTTP) Therefore the delay.
That's why I said DISABLE the RPC over HTTP when connected to local network.
quadrumaneAuthor Commented:
Thank I was testing.  Almost all users access their Outlook email account remotely.  When using OWA it's fast, with Outlook 2007 it takes between 2 to 3 minutes.  With Outlook 2010 it takes about 30 seconds.  

I just don't understand why it's so long with Outlook 2007 SP2.  

Maybe because the public folders have been removed ?
George SasIT EngineerCommented:
Never tested without PF , you can just add a dummy PF database to check.
quadrumaneAuthor Commented:
On Outlook 2010 it's fast.  But not on Outlook 2007.  So ierhaps it's time to upgrade.
George SasIT EngineerCommented:
and you are running cached mode on both ?
quadrumaneAuthor Commented:
yes I do
quadrumaneAuthor Commented:
Some of the advices you have posted should have solved this problem..  This is why I will accept some of the solutions you've posted.  Thanks
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.