Cannot connect any Outlook profiles to Exchange 2010, regardless of Outlook version

I migrated from Exchange 2k3 to 2010 and things are working, however I cannot connect any new outlook profiles to the new server regardless of outlook verson (2010, 2007, or 2003).  All of the mailboxes reside on the new server and the clients that were already configured are fine after the migration (the switched over successfully) but if I try to connect any other outlook client (new or existing) I am getting an error "Outlook cannot logon...." and then "Exchange server unavailable.  I can at least resolve the name in the profile if I use the old exchange server name, but then get the same error.  I am new to EE, so please let me know if I can improve my posting until I get the hang of this.  Thanks
FYI, Exchange 2010 SP1, 2008 R2 Standard, majoriy of Outlook clients are 2010 and a few 2003 (the 2003 have the RPC encryption setting turned on).  3rd pary cert which is working fine for activesync and webmail.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DO you know where your global catalog servers are?  Make sure that your Exchange server is setup to use a Domain Controller that is a GC, and make sure that the DNS of your Exchange server is querying (2) DNS servers that are INTERNAL DNS servers and not public DNS servers.  Also, have you created a public folder store?  The newer clients (2010) don't require it, but the older clients find themselves easier if they have a public folder store with free/busy system folder.

Can the new clients resolve their name when you enter the NEW Exchange server name?
ITLegalAuthor Commented:
Thanks for the quick reply jkeegan.  The Exchange server is actually a DC and will soon be a DNS (once the old exch is gone).  It is running DNS but currently pointing to two other internal dns servers.  I am not sure what you are saying about the GC.  Should I make sure the new Exchange server is a GC?  The public folder store is created and I have gone through the replication, offline address book, free busy stuff, etc.
Thanks again.  I look forward to working on EE in the future
Global catalogs are required for resolution of names for the global address list, so both the exchange server and the outlook client must have one of their dns servers be a global catalog. no, I definitely do not think that your exchange server should be a global catalog server, I do not recommend it being a domain controller either, if your environment can afford it not to be. In the case of small business server, of course, where the server holds all roles, this cannot be helped, but from a design perspective, if you are not running sbs, the exchange server should run exchange and that's all.

Make sure that your exchange server and windows client are pointing to valid dns servers and global catalog servers, and that the dc/gc are replicating without issues. You also need to make sure that the oab is set correctly in the exchange system manager for exchange 2010,let me know if you can't find that and I'll direct you to it. You also need to pick the oab distribution method, public folders or iis, and set that correctly as well... all of these settings affect the clients ability to resolve names from the global address list.

Finally, if a user is set to be hidden from the global address list, you usually have to unhide them in order to get outlook to resolve, and then rehide them once they've found themselves in the gal.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

ITLegalAuthor Commented:
All clients and the Exchange server are pointed to DNS servers that are GCs, I have no AD replication errors anywhere,  the ES is not a GC.  I am stumped.  I am usually able to figure something like this out.  I have an open case with Microsoft, stumped the first Exchange guy.  He escalated it and I am awaiting another call back.  
Is DNS confiured correctly for the new mail server? Do you have an MX record for the new server?
open command prompt type "nslookup" ,  hit enter
type "set type=mx" hit enter
type your domain name ie hit enter
does it return the correct server name that handles your mail? If not you have a dns issue

Is autoconfigure working correctly? CTRL and right click the outlook icon in the systray and click test autoconfiguration to see if it works
You can also CTRL and check connection status to see if it is correctly connected to Directory and mail servers.
What level is your forest?  What version of Windows are your DCs?  This might make a big difference, depending on what GC/DC the Exchange server is using for configuration.  You can check this under:

Server configuration --> ES name --> R-cl, properties --> System settings --> Active Directory Servers --> domain controller servers being used by Exchange:  are these at least Win2k3 servers?  Are they in the same site as the ES?

Global Catalog servers being used by Exchange:  same deal, is this at least Win2k3?  Is it really a GC?
ITLegalAuthor Commented:
Autoconfigure seems to be OK, the MX should not really matter yet as I am still routing external mail through the old server until this is fixed (my luck I would switch everything over and out of the blue the problem would get worse, as seems to be my luck with "magic 2010 Exchange")

The domain and forest levels are at 2003, the GCs are 2003 servers sp2 and sp1 (the one that is primary dns is sp2),  Only one AD site.

Thanks for all the suggestions.
Get that SP1 server up to SP2, and run a round of windows updates to make sure the hotfixes are all in line on your DC/GCs.  This sounds like a malfunctioning subsystem in the GC/DNS area.  I assume your DNS servers are also your DCs/GCs ?
ITLegalAuthor Commented:
yes. I am actually in the process of putting SP2 on there now
ITLegalAuthor Commented:
The best practices analyzer shows the Mailbox Role "not configured" even though the database is mounted and the mailboxes were migrated with no problems.  This is very odd.
ITLegalAuthor Commented:
It turns out changing the exchange server to a GC fixed the authentication problem although Mailbox Role still shows "not configured'.   Microsoft advised that the "not configured message can't be fixed" for whatever reason as the mailbox role is actually functioning.  Anyway, the issue is as resolved as it is going to get.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ITLegalAuthor Commented:
No further research needed
ITLegalAuthor Commented:
The problem is corrected however the best practices analyzer still shows "mailbox role not configured"
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.