Exchange 2003 to 2010 Migration

I have migrated Exchange from 2003 to 2010.  Everything has been working ok, until I took the 2003 server offline.   Now about half of the users (total 85) get a prompt to login when launching Outlook 2007.  They can send and receive mail even if they cancel the login prompt.

Any ideas what could cause this?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JamesSenior Cloud Infrastructure EngineerCommented:
You may have to delete and recreate their outlook profiles. Try on maybe one user's PC, delete and recreate their outlook profile and see does this resolve the issue. They won't loose any of their emails. Is the user's outlook profiles in cache mode?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jim0816Author Commented:
Everyone is in cache mode.  I will try on one PC.  My next reply may not be until tomorrow.   Thanks for the quick response.
Please check if the URL for the OABUrl is correct.

It should be https and not http.  Eg: https://cas.domain.local is correct and not http://cas.domain.local.  

Below is the path:
Exchange Management Console -> Server Configuration -> Client Access Server -> Offline Address Distribution tab.


Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

jim0816Author Commented:
I tried recreating the outlook profile and still got the same prompts.  Also, I did find the local URL for OAB was http and change to https. but that had no effect either.  

I am not sure if it is related, but I am also seeing pre-authentication errors in the DC (Windows 2003) security log for each user and it shows the mail server IP as the client address (Event ID 675,  failure code 0x19).

Check your permissions on the following in IIS......Primarily the autodiscover

Default Web Site - Anonymous authentication only
/Public - Basic & Windows Integrated
/Oab - Integrated authentication only
/Autodiscover - Basic and Integrated
/Ews - Integrated authentication only

In the outlook icon in the systray, CTRL and right click and click test autodiscover, and also click test connection status.
Report back what they say
jim0816Author Commented:

When I try to view the permissions for /public, I get "There was an error whileperforming the operation. Details: Filename \\?\c:\program files\microsoft\exchange server\v14\clientaccess\owa\web.config; line number 37; error: Configuration section not allowed to be set below application."

default permissions & OAB are ok.  Autodiscoer has what you listed plus anonymous. EWS also has anonymous enabled.

Outlook connection status shows connection established.

Auto configuration shows 2 different server names for the OOF and OAB URLs.  OOF is

OAB is"long GUID"

I sanitized the actual server names and domain, but servername = local name of exchange server and is how the server externally resolves.  

I suspect the problem lies with name resolution.  When users are prompted to login, the prompt specifies "".  
So when you test autoconfig under the log, do you see the following;

autodiscover to succeeded 0x00000?

jim0816Author Commented:
it shows autodiscover to succeeded (0x00000000)
I will get back with you when I get back to the office
jim0816Author Commented:

Thanks for the reply.  None of those have helped resolve the problem, speicifically the kernel mode authentication and autodiscover.  (The SP does not apply).  

This problem is still unresolved and I would like to leave the question open, if possible.
jim0816Author Commented:
Time to eat a little crow.  I went back to the first recommendation and tried it again.  Now recreating the profile is resolving the problem.  Thanks to all who responded and apologies to JBond2010.
Suliman Abu KharroubIT Consultant Commented:
welcome :-)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.