Solved

"Bookmark is not valid" error in Outlook/Exchange

Posted on 2010-11-18
34
3,742 Views
Last Modified: 2012-05-10
I have a person who cannot print in Outlook 2007 (connected to Exchange Server 2007 over LAN).  Here are the facts:

1. User can receive and send email.
2. Status line in Outlook says "Connected to Microsoft Exchange".
3. When she prints to any printer, she gets an error that she cannot print because she is not connected to exchange.
4. If she clicks the Address Book icon, she gets an error "The bookmark is not valid".
5. If I set her account up on another PC, and try to set up Outlook,  I get a success checkmark on "Establish network connection".  I get a success checkmark on "Search for <user_email_address> server settings."  But on "Log on to server" I get "The action cannot be completed.  The bookmark is not valid"
6. On that *same* machine, if I set up any other user, it succeeds with no problem.

Any idea on how to troubleshoot this?  It appears to be user-related rather than workstation-related.  Any way to use EMS to query the defective user against a known good user and see what the difference is?
0
Comment
Question by:DaveWWW
  • 13
  • 11
  • 10
34 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 34167135
By any chance is this user property set to "hide from global address list"

if not is she showing in the GAL ?
0
 

Author Comment

by:DaveWWW
ID: 34167161
In EMC, her account is NOT set to hide from address lists.

She does show up in the GAL.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34167192
do you have the possibility to reboot the domain controller ?

you have SBS right one server DC and exchange ?
0
 

Author Comment

by:DaveWWW
ID: 34167224
Yes, when the server is rebooted, it's everything - DC, Exchange, etc.

The server has been rebooted three times since the problem occurred, twice to complete WIndows updates, and once before we started all the address book work a couple of nights ago.  System uptime is less than 48 hours.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34167312
if it is not too much to ask reboot it one more time.

if it doesn't work it looks like a permission issue  
0
 

Author Comment

by:DaveWWW
ID: 34167333
I'll be able to reboot in about 1 hour.
0
 

Author Comment

by:DaveWWW
ID: 34168179
Rebooted.  Same errors result.
0
 

Author Comment

by:DaveWWW
ID: 34170021
My own research indicates that rebooting the SBS2008 machine is supposed to remedy this issue.  It still gives the Bookmark not valid error.  Anyone know why this doesn't seem to work in this case?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34170955
Hi Dave,

yes reboot solve the issue 90% of the time and when it doesn't it is usually a permission issue of the user.

we can try to solve this the easy way which is

delete the user
create another user
import back the emails
0
 

Author Comment

by:DaveWWW
ID: 34171968
Assuming I remove/add the user through the SBS console, will it allow me to add a user with the same user name as the one I just deleted?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34171993
yes you can do this no problem


i have 2 scenarios in head the first one being

1. go to the user and export his mailbox to a pst and save the PST
2. delete it from ADUC and create a new one with the same username DO NOT create a mailbox for it
3. go to EMC -> recipient config -> disconnected mailboxes you will find the mailbox of the user you have delete it right click and reconnect it to the new one.

If this doesn't work then the issue is from the mailbox it self we will need to create a new mailbox to the new user and import back the PST

lets' try this first
 
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34172376
Or give the users AD account read rights on the address list through ADSIEdit
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34172385
You aren't using roaming profiles are you?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34172410
By default the 'Authenicated Users' group should get 'Read' and 'Open address list' permissions on the global address list. Confirm these permissions exist and as a test add the user account with those permissions and see if the outlook issue is resolved.

The other dirty method is to add the user to 'Domain Admins' test Outlook to confirm it is working then remove them from 'Domain Admins' again. I don't recommend that method though.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34172435
Also ensure 'Authenticated Users' has these permissions in ADSIEdit on the OAB:
'Download Offline Address Book' and 'List Contents'

You can try giving your failing user account those permissions too.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34172452
MegaNuk3 hey thanks for the input.

if you have read the thread it is only one user having this issue.

Would you agree with me that just recreating the user is a faster approach ?

0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34172500
Depends how the ntfs and other permissions in the domain are done. If there are loads of single entries instead of groups everywhere then recreating the user account will cause a few headaches. If groups are used for ntfs permissions then recreating should be quite painless.

That's why I want to know if roaming profiles are in use. We could be going from machine to machine loading the same rubbish for this user
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:DaveWWW
ID: 34182973
Hello, and thanks for the input - Sorry I've been offline for the past day or so.  The facility is closed so I cannot get access to the user's PC.  I will be on site there in about 24 hours.

Roaming profiles are not in use.  As Akhater says, currently there is only one user with an issue.  There *were* two, but a roboot of the server seems to have cleared up the issue  for the other user - she says she is experiencing no problems at all now.  So it seems to be a single user having problems.

I have run ADSI Edit, but cannot locate the parameters mentioned by MegaNuk3.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34183560
I still beleive create a new user is the easiest way
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
ID: 34183637
ADSIEdit locations:
CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=OrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com

Select you OAB in the right pane of this one:
CN=Offline Address Lists,CN=Address Lists Container,CN=OrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com

If giving the user direct permissions to these locations doesn't resolve the "bookmark is not valid" (you may have to wait a while for them to kick in) then it is time to do what Akhater says and recreate the user and mailbox.
0
 

Author Comment

by:DaveWWW
ID: 34206436
Unfortunately, I cannot export the account in question to a pst because I get the "not connected to Microsoft Exchange" error when I attempt to export.  I tried exporting using EMS on the Exchange server, but I get a fatal error that I can only do this from a 32 bit machine. :-(
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34207402
Did you try my ADSIEdit permissions?

You can download the 32bit version of exchange 2007 and use this to install the management tools (EMS) and then you can run export-mailbox
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34209325
Dave just use outlook to export
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34214211
Giving the user account direct permissions to the global address list in ADSIEdit should solve this. It has worked for me before (many years ago on Exchange 2003).

You can connect with LDP.exe and bind as a non-admin user that is working and drill down to the OUs I mentioned and see what the working user can see. Then do the same thing with LDP.exe and bind as the "bookmark invalid" user and you will probably find that they cannot drill down to that OU or view the properties of the objects in it.
0
 

Author Comment

by:DaveWWW
ID: 34217692
Akhater, When I attempt export from Outlook, I get a "you are not connected to Exchange Server" error.  I was trying EMS because of that.

MegaNuk3, I have tried to locate this in ADSIEdit, but cannot:

CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=OrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com

0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34217748
Replace OrgName with your Exchange org name, don't try and connect directly to it. Open Configuration and drill down.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34218866
can the user access his emails from outlook ? any OST by any chance (offline mode) ?

i
0
 

Author Comment

by:DaveWWW
ID: 34219350
Akhater, there is no .ost (wasn't in cached mode).  The user can access emails on her own PC, and can send/receive.  But that's it.  Cannot print, cannot access the address book, etc.  And if I try to install the account on another PC, it says it cannot connect to the exchange server even though it is connected and can browse that server, giving the "bookmark is not valid" error.

MegaNuk3, In ADSIEdit, I see only this on the left pane:

ADSI Edit
  - Configuration [servername, etc...]
     -CN=Configuration, DC=name etc.....
       CN=DisplaySpecifiers
       CN=ExtendedRights
       CN=ForestUpdates
       CN=LostAndFoundConfig
       CN=NDTS Quotas
       CN=Partitions
       CN=Physical Locations
       CN=Services
       CN=Sites
       CN=WellKnown Security Principles

I can't find CN=Default Global Address List

0
 

Author Comment

by:DaveWWW
ID: 34219373
Never mind ... found it
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34219541
create an OST for him
0
 

Author Comment

by:DaveWWW
ID: 34249545
I have solved it - though a bit of a bandaid solution:

In ADSI Edit, I went to:
CN=Services >> Microsoft Exchange >> <domain> >> Address Lists Container >> All Global Address Lists >> Default Global Address Lists

I went into Properties/Security of CN=Default Global Address Lists and added the specific user in question, giving them full control (not an issue in this very small company).  And it worked.

Likely doing a remove/re-add user as suggested by Akhater would amount to the same thing, but it is VERY nice to have this resolved.

Thanks for all the help.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34250871
Don't you mean to say "meganuk3 solved it"? ;-)
0
 

Author Comment

by:DaveWWW
ID: 34259228
Yes - re-reading the replies, you were the on e who suggested modifying the read/write properties for address lists through ADSI Edit. :-)  
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34259281
Thanks for the points. Glad that solution worked. It worked for me many years ago when I saw this error on Exchange 2003. Glad to see it is still valid for Exchange 2007.

Can the user now print from Outlook too?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now