Solved

Outlook 2007 keeps asking for password

Posted on 2011-03-01
189
8,659 Views
Last Modified: 2012-05-11
I recently created a new 2008 R2 domain with Exchange 2010, I unjoined all PC's from our old SBS 2003 domain and rejoined them to the new domain. Since then all PC's with Outlook 2007 on them ask for passwords everytime they open Outlook. I also get an error when running send receive that points to the offline address book, and last I have 2 PC's with Outlook 2007 that when they try to open OOF they get an error saying the server is unavailable.
0
Comment
Question by:reindeerauto
  • 96
  • 88
  • +2
189 Comments
 
LVL 9

Expert Comment

by:jerrypd
ID: 35009456
did you repoint the outlook clients to the new server?
It sounds like you may have missed that step.
0
 

Author Comment

by:reindeerauto
ID: 35009517
Yes once I rejoined the PC, I repointed the clients to the new server and when it is asking for a password it is showing the new server's name at the top of the password box.
0
 
LVL 8

Expert Comment

by:firojkhan
ID: 35010005
Please create a new Outlook Profile and try
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35010006
Sounds like autodiscover is not setup properly.
0
 

Author Comment

by:reindeerauto
ID: 35010048
I have tried creating a new Outlook profile and that did not work. I have uninstalled and reinstalled Office and that works for a few days then it starts asking for the password again. I have even tried deleting the domain profile off of the PC and recreating it.

How would I check if autodiscover is set up properly?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35010087
Time to test outlook autoconfig:
With outlook open, hold down CTRL key and right click on the Outlook icon in the bottom right hand side of your screen, them on the popup menu select the "Test Autoconfiguration". Select that, enter valid credentials and select the "autodiscover" option only and test.

Look at the URLs returned by the test  and confirm you have a certificate that contains the same subject as the URLs
0
 

Author Comment

by:reindeerauto
ID: 35010182
The results tab says it was unable to determine your settings, and the log tab shows the URL's and I have them all listed on my cert. The only difference is that I have rarexchange.reindeerauto.local and the results show RAREXCHANGE.reindeerauto.local, is it case sensitive?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35010281
Are the machines and users in the same domain as the Exchange 2010 server?

Is Outlook 2007 patched to the latest levels? Do they have the Dec 2010 hotfix installed: http://support.microsoft.com/kb/983316
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35010312
Install the above hotfix on a problem machine and then if that doesn't work, post your autodiscover test log and hide your company details if you want.
0
 
LVL 5

Expert Comment

by:zippybungle2003
ID: 35012262
Run through the checklist on the site below, there are 3 or 4 things on there that may resolove this.

http://www.techieshelp.com/outlook-prompts-for-credentials/
0
 

Author Comment

by:reindeerauto
ID: 35017250
I have all updates and hotfixes installed.

I ran through the checklist Zippy and I am running Exchange 2010 but I did notice that all authentication in RPC virtual directory is disabled as well as the RPCwithcert directory.
0
 

Author Comment

by:reindeerauto
ID: 35017844
results from test AutoConfiguration

LegacyDN=
SMTP=bob@reindeerauto.local
Attempting URL https://RAREXCHANGE.reindeerauto.local/Autodiscover/Autodiscover.xml found through SCP
Autodiscover to https://RAREXCHANGE.reindeerauto.local/Autodiscover/Autodiscover.xml starting
Autodiscover to https://RAREXCHANGE.reindeerauto.local/Autodiscover/Autodiscover.xml FAILED (0x800C8203)
Autodiscover to https://reindeerauto.local/autodiscover/autodiscover.xml starting
AutoDiscover internet timeout against URL https://reindeerauto.local/autodiscover/autodiscover.xml
AutoDiscover internet timeout against URL https://reindeerauto.local/autodiscover/autodiscover.xml
Autodiscover to https://reindeerauto.local/autodiscover/autodiscover.xml FAILED (0x800C8203)
Autodiscover to https://autodiscover.reindeerauto.local/autodiscover/autodiscover.xml starting
Autodiscover to https://autodiscover.reindeerauto.local/autodiscover/autodiscover.xml FAILED (0x800C8203)
Local autodiscover for reindeerauto.local starting
Local autodiscover for reindeerauto.local FAILED (0x8004010F)
Redirect check to http://autodiscover.reindeerauto.local/autodiscover/autodiscover.xml starting
Redirect check to http://autodiscover.reindeerauto.local/autodiscover/autodiscover.xml FAILED (0x8004005)
Srv Record lookup for reindeerauto.local starting
Srv Record lookup for reindeerauto.local FAILED (0x8004010F)
AUTODISCOVER GET SETTINGS END
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35018410
Is rarexchange.reindeerauto.local on your certificate? If you ping that name does it resolve internally to the internal IP address your Exchange 2010 CAS server?
0
 

Author Comment

by:reindeerauto
ID: 35018562
Yes that is listed on my certificate and when I ping it I get the IP address of the Exchange Server.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35018796
Confirm you are getting the INTERNAL ip address back

As a test can you create a new test user with a mailbox, send it a message. Then, logon as that test user and open Outlook and see if Autodiscover works or gives you the same error.
0
 

Author Comment

by:reindeerauto
ID: 35019269
Yes it ping's to a internal ip address.

I created the new user, logged in as that user and outlook 2007 did not find user using autodiscovery.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35019356
Ok, test the autodiscovery for Outlook and see if it gets the same error when trying to access the SCP URL

Try and access the SCP URL yourself from IE and see if it prompts you for a password, after entering the test account credentials you should see the contents of the autodiscover.XML file
0
 

Author Comment

by:reindeerauto
ID: 35019496
to try the SCP URL, dont I just replace http with SCP?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35019848
0
 

Author Comment

by:reindeerauto
ID: 35019873
here is what pops up:

  <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="13:05:58.0438120" Id="952582034">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35020015
Good. That is what you want to see,
1.) did it prompt for credentials or not?
2.) Did you get a certificate error or not?
3.) was the URL from an Internet PC that is not joined to your work network?
0
 

Author Comment

by:reindeerauto
ID: 35020065
1. Yes it did prompt for credentials
2. no I did not et a certificate error
3. I ran the URL from a PC joined to the network
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35020329
From EMS try
Get-clientaccessserver | fl
And then look at the autoDiscoverInternalUri what is it set to?

Have a look at the test account with ADSIEdit and see if it has a msExchQueryBaseDN value set?
0
 

Author Comment

by:reindeerauto
ID: 35020465
the autodisoverinternaluri is:https://rarexchange.reindeerauto.local/autodiscover/autodiscover.xml

and where do I run the ADSIEdit at?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35020514
Start--> run --> adsiedit.msc

Try adding a SRV DNS record to your internal DNS:
http://support.microsoft.com/kb/940881
0
 

Author Comment

by:reindeerauto
ID: 35020718
So I created a SRV record in my reindeerauto.local/tcp as autodiscover and pointed it to rarexchange.reindeerauto.local.

Is this correct?
0
 

Author Comment

by:reindeerauto
ID: 35021094
I reran the "test email autoconfiguration" and here are the results. Lutlook 2007 is still asking for a password.

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>Bob Albertson</DisplayName>
      <LegacyDN>/o=ReindeerAuto/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Bob Albertson03b739f2</LegacyDN>
      <AutoDiscoverSMTPAddress>bob.albertson@reindeerauto.com</AutoDiscoverSMTPAddress>
      <DeploymentId>eaf9eea2-c843-4696-9fa7-b68c3b61a646</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>RAREXCHANGE.reindeerauto.local</Server>
        <ServerDN>/o=ReindeerAuto/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=RAREXCHANGE</ServerDN>
        <ServerVersion>738180DA</ServerVersion>
        <MdbDN>/o=ReindeerAuto/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=RAREXCHANGE/cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>RAREXCHANGE.reindeerauto.local</PublicFolderServer>
        <AD>RARDC2.reindeerauto.local</AD>
        <ASUrl>https://rarexchange.reindeerauto.local/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://rarexchange.reindeerauto.local/EWS/Exchange.asmx</EwsUrl>
        <EcpUrl>https://rarexchange.reindeerauto.local/ecp/</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https://rarexchange.reindeerauto.local/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://rarexchange.reindeerauto.local/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://rarexchange.reindeerauto.local/OAB/be6cb01e-4706-4fe5-83a4-1ecbbfebfb57/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.reindeerauto.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://mail.reindeerauto.com/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://mail.reindeerauto.com/ews/exchange.asmx</EwsUrl>
        <EcpUrl>https://mail.reindeerauto.com/ecp/</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https://mail.reindeerauto.com/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://mail.reindeerauto.com/ews/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.reindeerauto.com/OAB/be6cb01e-4706-4fe5-83a4-1ecbbfebfb57/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https://rarexchange.reindeerauto.local/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https://rarexchange.reindeerauto.local/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.reindeerauto.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://mail.reindeerauto.com/ews/exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
    </Account>
  </Response>
</Autodiscover>
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35021311
Start outlook with /rpcdiag
See what Outlook is connecting to when it prompts for credentials.
Does it continuously prompt for credentials?
0
 

Author Comment

by:reindeerauto
ID: 35026343
when i run the /rpcdiag it is looking at "rarexchange.reindeerauto.local", and yes it always prompts for credentials when we open outlook 2007.

Also outlook anywhere is checked, but if I uncheck it and then restart outloot 2007 it is checked again. We have one computer in the building with office 2007 that is not having this problem and the only difference is that office has not installed service pack 2 yet.
0
 

Author Comment

by:reindeerauto
ID: 35028893
I removed the Autodiscover VD and then recreated it and Autodiscover is now working.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35029518
Glad to hear you got it sorted.
0
 

Author Comment

by:reindeerauto
ID: 35055896
Ok so I removed the Autodiscover VD and recreated and it worked, now Autodiscover has stopped working again. And the whole time it worked it kept prompting for username and password again for outlook 2007 users.

Any suggestions?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35057710
Does
Outlook /rpcdiag
Show Outlook connecting over TCP/IP or HTTP?

0
 

Author Comment

by:reindeerauto
ID: 35057918
How do I tell?

I did find one thing out.

I have taken 2 different outlook 2007 clients and one autoconfigured to "user@reindeerauto.com" email address and the other was "user@reindeerauto.local".

The .com user does not get asked for a password and their Outlook Anywhere is turned off but their OOF does not work and they fail the "test e-mail autoconfiguration"

the .local user is asked for a password, their OOF works and they pass the "test e-mail autoconfiguration"
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35059240
Is the .local user prompted for the password all the time?

Try
Start--run--> outlook /rpcdiag
And see if one connects over http and the other connects over TCP/IP?
0
 

Author Comment

by:reindeerauto
ID: 35060402
Yes everytime you open outlook 2007 on the .local user they are prompted for a username and password.

I did the outlook /rpcdiag and it those TCP/IP
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35062311
Are they only prompted once and that is only when they open Outlook? Have you checked the Outlook authentication settings to see if it using Basic authentication? Try changing it to NTLM.

With the .com user, where did the Autoconfiguration fail? Adding an internal DNS zone for reindeerauto.com with a SRV record pointed at your CAS server will resolve that OOF and Autoconfiguration issue. Make sure that anything you add to the internal .com dns zone points at internal IP addresses for internal resources e.g. If you have an (A) record for mail.reindeerauto.com then this must point at the internal IP address of your Exchange CAS server.
0
 

Author Comment

by:reindeerauto
ID: 35068732
Yes they are prompted when they open outlook, but outlook anywhere is turned on and it shouldnt be since we in the LAN but it is set to basic and when I change it or uncheck outlook anywhere it automatically changes it back.

Here is the entire report.
LegacyDN=
SMTP=bob@reindeerauto.local
Attempting URL https://RAREXCHANGE.reindeerauto.local/Autodiscover/Autodiscover.xml found through SCP
Autodiscover to https://RAREXCHANGE.reindeerauto.local/Autodiscover/Autodiscover.xml starting
Autodiscover to https://RAREXCHANGE.reindeerauto.local/Autodiscover/Autodiscover.xml FAILED (0x800C8203)
Autodiscover to https://reindeerauto.local/autodiscover/autodiscover.xml starting
AutoDiscover internet timeout against URL https://reindeerauto.local/autodiscover/autodiscover.xml
AutoDiscover internet timeout against URL https://reindeerauto.local/autodiscover/autodiscover.xml
Autodiscover to https://reindeerauto.local/autodiscover/autodiscover.xml FAILED (0x800C8203)
Autodiscover to https://autodiscover.reindeerauto.local/autodiscover/autodiscover.xml starting
Autodiscover to https://autodiscover.reindeerauto.local/autodiscover/autodiscover.xml FAILED (0x800C8203)
Local autodiscover for reindeerauto.local starting
Local autodiscover for reindeerauto.local FAILED (0x8004010F)
Redirect check to http://autodiscover.reindeerauto.local/autodiscover/autodiscover.xml starting
Redirect check to http://autodiscover.reindeerauto.local/autodiscover/autodiscover.xml FAILED (0x8004005)
Srv Record lookup for reindeerauto.local starting
Srv Record lookup for reindeerauto.local FAILED (0x8004010F)
AUTODISCOVER GET SETTINGS END
0
 

Author Comment

by:reindeerauto
ID: 35068775
MegaNuk3,

I don't know a lot about DNS, should this record be an "_autodiscover SRV record pointing to RAREXCHANGE.reindeerauto.local" located in the _tcp or reindeerauto.com DNS?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35069042
Add a SRV record to both internal DNS zones and point it at a name on your cert that is internally resolvable to the IP address of your CAS server.

So if mail.reindeerauto.com is a name on your cert and it resolves internally to the internal IP address on your cert, then point the SRV records at that.

Don't worry about Outlook Anywhere configuring itself, that is Outlook picking up the settings from autodiscover, it does not mean Outlook is connecting over HTTP - outlook /rpcdiag will prove outlook is connecting over TCP/IP even though the Outlook Anywhere settings are present.
0
 

Author Comment

by:reindeerauto
ID: 35069260
I have 2 SRV records already.

_autodiscover  SRV  RAREXCHANGE.reindeerauto.local
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35069398
Ok, are those SRV records in the following INTERNAL DNS zones reindeerauto.com and reindeerauto.local and is that name rarexchange.reindeerauto.local on your certificate?
Do
Get-exchangecertificate | fl
And post the output

Can you also post the output of
Get-autodiscoverVirtualdirectory | fl
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35069470
Can you screenshot your SRV record in DNS too please
0
 

Author Comment

by:reindeerauto
ID: 35069491
Yes they are in both internal DNS zones and yes rarexchange.reindeerauto.local is on my cert.

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.reindeerauto.com, www.mail.reindeerauto.com, autodiscover.reindeerauto.com, rarexchange, rar
                     exchange.reindeerauto.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.
                     com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 2/20/2016 2:53:01 PM
NotBefore          : 2/21/2011 2:49:32 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : 0412FEAE3D8318
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=mail.reindeerauto.com, OU=Domain Control Validated, O=mail.reindeerauto.com
Thumbprint         : 7683CD77BD29CB5DC444E7B5F8F7C8D086CDA39A

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {RAREXCHANGE, RAREXCHANGE.reindeerauto.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=RAREXCHANGE
NotAfter           : 2/20/2016 3:41:35 PM
NotBefore          : 2/20/2011 3:41:35 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 1910EBC470F02689498B24913EADF4DE
Services           : SMTP
Status             : Valid
Subject            : CN=RAREXCHANGE
Thumbprint         : E42817C397B73445289636A876270155CE09D988


RunspaceId                      : 4ec9fd4a-6282-4e83-967f-6c927a2a6c5f
Name                            : Autodiscover (Default Web Site)
InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
LiveIdSpNegoAuthentication      : False
WSSecurityAuthentication        : False
LiveIdBasicAuthentication       : False
BasicAuthentication             : True
DigestAuthentication            : False
WindowsAuthentication           : True
MetabasePath                    : IIS://RAREXCHANGE.reindeerauto.local/W3SVC/1/ROOT/Autodiscover
Path                            : E:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : RAREXCHANGE
InternalUrl                     :
ExternalUrl                     :
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
DistinguishedName               : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=RAREXCHANGE,CN=Servers,CN=
                                  Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=ReindeerA
                                  uto,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=reindeerauto,DC=local
Identity                        : RAREXCHANGE\Autodiscover (Default Web Site)
Guid                            : 58f2b2fe-f3a5-4bf5-9a53-9bdad5660d6d
ObjectCategory                  : reindeerauto.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                     : 3/4/2011 2:02:44 PM
WhenCreated                     : 3/4/2011 2:02:44 PM
WhenChangedUTC                  : 3/4/2011 7:02:44 PM
WhenCreatedUTC                  : 3/4/2011 7:02:44 PM
OrganizationId                  :
OriginatingServer               : RARDC1.reindeerauto.local
IsValid                         : True
0
 

Author Comment

by:reindeerauto
ID: 35069610
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
ID: 35071809
Your screenshot of your SRV record is pointing at rarexchange.reindeerauto.com which isn't on your cert...

Let's make things simple:
 1.) Create an (A) record in your internal DNS reindeerauto.com zone called mail and point it at the Internal IP address of your CAS server.
2.) set the internal _autodiscover SRV records you have created in both zones to point at "mail.reindeerauto.com." paste in everything between the quotes
3.) test outlook autoconfig
0
 

Author Comment

by:reindeerauto
ID: 35072013
I made the changes you advised to make, and have been running the "test e-mail autoconfig" and it is still failing.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35072078
Can you post the test autoconfig please.

Can you also create a new test user with a mailbox and then logon to windows as that user and then see if outlook configures itself correctly for this user and see if it password prompts or not...
0
 

Author Comment

by:reindeerauto
ID: 35072111
0
 
LVL 31

Assisted Solution

by:MegaNuk3
MegaNuk3 earned 500 total points
ID: 35072264
Ok, now we are getting somewhere...
Go into IIS and on the AutoDiscover Virtual Directory SSL settings set "Client Certificates" = IGNORE

Then rerun the test
0
 

Author Comment

by:reindeerauto
ID: 35072758
It passed the test thank you.

But the OOF still gets the "your out of office settings cannot be displayed, because the server is currently unavailable. try again later" error.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35072903
Look at the EWS URLs returned in the autoconfig test and possibly change them to the mail.reindeerauto.com name too.
0
 
LVL 31

Assisted Solution

by:MegaNuk3
MegaNuk3 earned 500 total points
ID: 35072975
You can also check the IIS EWS virtual directory and make sure that is set to "ignore" Client certificates too.

You can also test with EMS:
Test-outlookwebservices <email address> |fl
And see what it says about the Availability service now
0
 

Author Comment

by:reindeerauto
ID: 35082072
When you say change the EWS URL's to mail.reindeerauto.com, did you mean in DNS?

I went into IIS EWS VD and set to ignore it was on accept, that fixed the OOF issue.

Should OAB be set to ignore also?

And here are the results fo the test

[PS] C:\Windows\system32>Test-outlookwebservices bob.albertson@reindeerauto.com |fl

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1019
Type       : Information
Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://RA
             REXCHANGE.reindeerauto.local/Autodiscover/Autodiscover.xml.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1006
Type       : Information
Message    : Contacted the Autodiscover service at https://RAREXCHANGE.reindeerauto.local/Autodiscover/Autodiscover.xml
             .

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1016
Type       : Information
Message    : [EXCH] The AS is configured for this user in the Autodiscover response received from https://RAREXCHANGE.r
             eindeerauto.local/Autodiscover/Autodiscover.xml.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1015
Type       : Information
Message    : [EXCH] The OAB is configured for this user in the Autodiscover response received from https://RAREXCHANGE.
             reindeerauto.local/Autodiscover/Autodiscover.xml.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1014
Type       : Information
Message    : [EXCH] The UM is configured for this user in the Autodiscover response received from https://RAREXCHANGE.r
             eindeerauto.local/Autodiscover/Autodiscover.xml.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1016
Type       : Information
Message    : [EXPR] The AS is configured for this user in the Autodiscover response received from https://RAREXCHANGE.r
             eindeerauto.local/Autodiscover/Autodiscover.xml.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1015
Type       : Information
Message    : [EXPR] The OAB is configured for this user in the Autodiscover response received from https://RAREXCHANGE.
             reindeerauto.local/Autodiscover/Autodiscover.xml.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1014
Type       : Information
Message    : [EXPR] The UM is configured for this user in the Autodiscover response received from https://RAREXCHANGE.r
             eindeerauto.local/Autodiscover/Autodiscover.xml.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1022
Type       : Success
Message    : Autodiscover was tested successfully.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1024
Type       : Success
Message    : [EXCH] Successfully contacted the AS service at https://rarexchange.reindeerauto.local/EWS/Exchange.asmx.
             The elapsed time was 882 milliseconds.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1026
Type       : Success
Message    : [EXCH] Successfully contacted the UM service at https://rarexchange.reindeerauto.local/EWS/Exchange.asmx.
             The elapsed time was 394 milliseconds.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1024
Type       : Success
Message    : [EXPR] Successfully contacted the AS service at https://mail.reindeerauto.com/ews/exchange.asmx. The elaps
             ed time was 319 milliseconds.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1026
Type       : Success
Message    : [EXPR] Successfully contacted the UM service at https://mail.reindeerauto.com/ews/exchange.asmx. The elaps
             ed time was 145 milliseconds.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1124
Type       : Success
Message    : [Server] Successfully contacted the AS service at https://rarexchange.reindeerauto.local/ews/exchange.asmx
             . The elapsed time was 130 milliseconds.

RunspaceId : 7645adf0-f741-4cd8-b62f-e2bbd673918a
Id         : 1126
Type       : Success
Message    : [Server] Successfully contacted the UM service at https://rarexchange.reindeerauto.local/ews/exchange.asmx
             . The elapsed time was 47 milliseconds.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35082304
Looking good so far - is everything working now? Yes you can set client certificates to ignore on the OAB VD.
0
 

Author Comment

by:reindeerauto
ID: 35082407
Yes I believe most everything is working correctly now, with one exception. I have a few machines that when I start Outlook 2007 I get the following with Autodiscovery, when I change to my email address it prompts for password and then it finally finishes but every time I open outlook it prompts me for a password and when I try and uncheck "outlook anywhere" or change to "NTLM" close Outlook and reopen it is rechecked and prompts for password.
login.jpg
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35082540
Test autoconfig on the failing machines
Check their DNS settings
Also try outlook /rpcdiag on them to see if they are connecting over HTTP or not
0
 

Author Comment

by:reindeerauto
ID: 35082641
This machine happens to be mine, and when i connect with my email address and not .local the  autoconfig test passed and when I did outlook /rpcdiag it showed tcp/ip.

Not sure what exactly I am looking for in DNS but it all looks correct
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35082799
What happens if you test autoconfig with the .local address?
0
 

Author Comment

by:reindeerauto
ID: 35083256
Well when I try and set it up that way it comes up with a Security Alert for "autodiscover.reindeerauto.local" and I added the screen shot. Once I get everything set up the "outlook anywhere" will not turn off but it is not prompting me for a passoword.

I ran "outlook /rpcdiag" and it said it was using tcp

I ran the "Test e-mail AutoConfiguration" and it failed

LegacyDN=
SMTP=bob@reindeerauto.local
Attempting URL https://RAREXCHANGE.reindeerauto.local/Autodiscover/Autodiscover.xml found through SCP
Autodiscover to https://RAREXCHANGE.reindeerauto.local/Autodiscover/Autodiscover.xml starting
Autodiscover to https://RAREXCHANGE.reindeerauto.local/Autodiscover/Autodiscover.xml FAILED (0x800C8203)
Autodiscover to https://reindeerauto.local/autodiscover/autodiscover.xml starting
AutoDiscover internet timeout against URL https://reindeerauto.local/autodiscover/autodiscover.xml
AutoDiscover internet timeout against URL https://reindeerauto.local/autodiscover/autodiscover.xml
Autodiscover to https://reindeerauto.local/autodiscover/autodiscover.xml FAILED (0x800C8203)
Autodiscover to https://autodiscover.reindeerauto.local/autodiscover/autodiscover.xml starting
Autodiscover to https://autodiscover.reindeerauto.local/autodiscover/autodiscover.xml FAILED (0x800C8203)
Local autodiscover for reindeerauto.local starting
Local autodiscover for reindeerauto.local FAILED (0x8004010F)
Redirect check to http://autodiscover.reindeerauto.local/autodiscover/autodiscover.xml starting
Redirect check to http://autodiscover.reindeerauto.local/autodiscover/autodiscover.xml FAILED (0x8004005)
Srv Record lookup for reindeerauto.local starting
Srv Record lookup for reindeerauto.local FAILED (0x8004010F)
AUTODISCOVER GET SETTINGS END

alert.jpg
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35085225
Post a screenshot of the SRV record in the reindeerauto.local DNS zone please. Did you create it like I said?
0
 

Author Comment

by:reindeerauto
ID: 35085807
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35085941
It's in the wrong place it should be under reindeerauto.local\_tcp

Left click on reindeerauto.local also it is selected and then create another SRV record, hopefully it will end up in the correct location this time.

If it does end up in the correct location then test the autoconfig again
0
 

Author Comment

by:reindeerauto
ID: 35086082
Ok I made the change and it still fails the test.
Untitled.jpg
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35086158
Add a full stop after mail.reindeerauto.com so it is mail.reindeerauto.com.
0
 

Author Comment

by:reindeerauto
ID: 35086522
I did that.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35086916
Does the autoconfig still fail to Lookup a SRV record at the bottom of the test?
0
 

Author Comment

by:reindeerauto
ID: 35086930
If I change it from "bob@reindeerauto.local" to bob.albertson it passes.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35086997
Bob.albertson@reindeerauto.local or bob.albertson@reindeerauto.com?

Basically when you logon to a computer you have never logged onto before Outlook should configure itself and all you should have to do is press Next --> Next --> finish and then Outlook should work.

Can you test that with a new test account and mailbox please?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35087512
You can also try the following to reset the SCP (Service Connection Point) by going into EMS and doing:
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverInternalURi "https://mail.reindeerauto.com/autodiscover/autodiscover.xml"

Then try the autoconfig test and hopefully it will find the SCP at the top of the test and not error on that.
0
 

Author Comment

by:reindeerauto
ID: 35095447
I tested the login question with a new account on my PC and it did the same thing "user@reindeerauto.local" and will not connect with autodiscover.

I formatted my PC and reinstalled and still the same thing "bob@reindeerauto.local" so not sure why some discover correctly and others do not when configuring outlook for the first time.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35095768
Did you try reset the SCP?
0
 

Author Comment

by:reindeerauto
ID: 35095800
I will try that now. do I type in the entire command including the url
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35097116
Yep, the whole command with the URL and the quotes all on one line.
0
 

Author Comment

by:reindeerauto
ID: 35097315
Here is the error I got with that command.

[PS] C:\Windows\system32>Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverInternalURi "https://mail.reindeer
auto.com/autodiscover/autodiscover.xml"

A positional parameter cannot be found that accepts argument 'https://mail.reindeerauto.com/autodiscover/autodiscover.x
ml'.
    + CategoryInfo          : InvalidArgument: (:) [Set-ClientAccessServer], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Set-ClientAccessServer

[PS] C:\Windows\system32>
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35097548
Try
Set-clientaccessserver -server rarexchange -autodiscoverInternalUri "https://mail.reindeerauto.com/autodiscover/autodiscover.xml"

All on one line
0
 

Author Comment

by:reindeerauto
ID: 35097596

[PS] C:\Windows\system32>Set-clientaccessserver -server rarexchange -autodiscoverInternalUri "https://mail.reindeerauto.
com/autodiscover/autodiscover.xml"
A positional parameter cannot be found that accepts argument 'rarexchange'.
    + CategoryInfo          : InvalidArgument: (:) [Set-ClientAccessServer], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Set-ClientAccessServer
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35097685
Try
Set-clientaccessserver -Identity rarexchange.reindeerauto.local -autodiscoverInternalUri "https://mail.reindeerauto.com/autodiscover/autodiscover.xml"

All on one line
0
 

Author Comment

by:reindeerauto
ID: 35097775
Here is the error from that one, I have tried every variation that I can find and nothing seems to work.


[PS] C:\Windows\system32>Set-clientaccessserver -Identity rarexchange.reindeerauto.local -autodiscoverInternalUri "https
://mail.reindeerauto.com/autodiscover/autodiscover.xml"
A positional parameter cannot be found that accepts argument '-autodiscoverInternalUri'.
    + CategoryInfo          : InvalidArgument: (:) [Set-ClientAccessServer], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Set-ClientAccessServer

[
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35097852
This should work now

Try
Set-clientaccessserver -Identity rarexchange.reindeerauto.local -autodiscoverServiceInternalUri "https://mail.reindeerauto.com/autodiscover/autodiscover.xml"

All on one line
0
 

Author Comment

by:reindeerauto
ID: 35098042
I seems to have run, it came straight back to the [PS] C:\Windows\system32> prompt
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35098120
Do
Get-clientaccessserver | fl *autodiscover*
and see if it shows the correct autodiscoverserviceinternaluri and if it does then do the autoconfig test...
0
 

Author Comment

by:reindeerauto
ID: 35098188
No it still fails.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35098236
Can you paste it please?
0
 

Author Comment

by:reindeerauto
ID: 35109929
Ok I uninstalled office 2007 and installed office 2010 and it worked correctly. The only issue I am having with it is the Offline address book is taking forever to download which probably means it's locked up.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35110025
How long have you left it for? Does it log any errors in the 'Sync Issues' folder?
0
 

Author Comment

by:reindeerauto
ID: 35110103
It has been about 5 min, and I do not see the "Sync Issues" folder in Outlook 2010
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35110361
You need to click on the "Folder List" button at the bottom of the Navigation pane
0
 

Author Comment

by:reindeerauto
ID: 35110635
There are no Sync Issues.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35111071
Is it still stuck? Is it stuck for anyone who tries to download the OAB?

Do EMS:
Get-OABVirtualDirectory |fl *URL*
And post the result.
0
 

Author Comment

by:reindeerauto
ID: 35111120
I .
[PS] C:\Windows\system32>Get-OABVirtualDirectory |fl *URL*


InternalUrl : https://rarexchange.reindeerauto.local/OAB
ExternalUrl : https://mail.reindeerauto.com/OAB



[PS] C:\Windows\system32>
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35111419
Ok let's change the internalURL
Set-OABVirtualDirectory -internalURL "https://mail.reindeerauto.com/OAB"

when you ping rarexchange.reindeerauto.local from a PC does it reply with the same IP address as when you ping mail.reindeerauto.com?

After making the URL change, restart Outlook and see if can download the OAB
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35111607
Go to here on your exchange server
 C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB

Open properties onthe web.config in the OAB folder, and give Authenticated Users both the read and read and execute permissions. Run a iisreset /noforce on the CAS server

Also make sure Authenticated users at least have read permissions on the OAB folder too
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:reindeerauto
ID: 35111911
I made the change and it still just hangs.

I get the same IP reply from both.
0
 

Author Comment

by:reindeerauto
ID: 35111954
Ok I followed the patch but I have no web.config in the OAB folder, there is a oab.xml but thats it.

I gave Authenticated users read permissions of the OAB folder.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35112364
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35112371
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35112403
what may also be worth doing is going into the EMC turning off web distribution of your OAB, pressing OK and then waiting 15 minutes... Then turn web distribution on again. then right click on the offline address list in the EMC and choose "Update"
wait 15 minutes
then restart the Microsoft Exchange File Distribution Service on your server (it should be running)

wait 15 minutes
close and re-open outlook and see if it can download the OAB.

If it still hangs, try EMC-->Toolbox-->Best Practice Analyser --> Health Check and see if that reports any OAB errors like folder permissions etc.
0
 

Author Comment

by:reindeerauto
ID: 35127749
The first link asked me for credentials and then gave me a forbidden error, the second link brought up a page of code and the third asked for credentials and then brought up a page of code.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35131137
Ok, did the 2nd link prompt for credentials or not?

On your client machine Ensure internet Explorer is set to 'Bypass proxy for local addresses' and also add the cas name/internally resolvable cert names to the proxy exceptions list in IE (Tools-->Internet Options-->Connections-->LAN settings-->Advanced-->Exceptions)

So in your case, add mail.reindeerauto.com and rarexchange.reindeerauto.local to the Proxy exceptions
0
 

Author Comment

by:reindeerauto
ID: 35240177
Mega,

Everything seems to be working except for I cannot get the global address book to finish a download on my machine, I have office 2010.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35240202
Does it error or stall?
0
 

Author Comment

by:reindeerauto
ID: 35240702
Just stalls I let it run all weekend and never finished
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35240737
0
 

Author Comment

by:reindeerauto
ID: 35240895
Mega,

Can this be done in a live environment without disrupting business, or should it be done after hours?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35241184
You can change the OAB URL and turn off the HTTPS requirement during business hours as outlook will only try and download the OAB once every 24 hours. I am not asking you to do all 9 steps of my article. Just the part where you change the internal OAB URL and OAB VD SSL requirement (the first bullet point under additional info section)
0
 

Author Comment

by:reindeerauto
ID: 35242564
I saw that in the first part you suggested "Untick 'Enable Web-based Distribution' ", should that be turned off?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35242636
You don't need to do all the steps, but you can if you want. Web distribution gets turned back on later.
0
 

Author Comment

by:reindeerauto
ID: 35242842
I followed the first bullet on your list and it still just hangs.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35243082
Hmmm, did you restart Outlook after making the change so it picks up the new URL of http:// instead of https://?
0
 

Author Comment

by:reindeerauto
ID: 35243156
Yes and I ran the "test email autoconfiguration" and it show what I have in Exchange OAB "http://mail.reindeerauto.com/oab"
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35243609
Ok and did you Untick the "Require SSL" on the OAB VD?
0
 

Author Comment

by:reindeerauto
ID: 35243761
It was not ticked, and "ignore" client certificates is ticked.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35243966
If you explore your OAB VD (right click on OAB VD-> explore) is there a GUID folder in there which contains a OAB.XML and .lzx files
0
 

Author Comment

by:reindeerauto
ID: 35244103
Yes there is.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35245242
Do a search for *.OAB on that machine and delete this files if they exist. If that doesnt work try a new outlook profile
0
 

Author Comment

by:reindeerauto
ID: 35261821
Ok I removed and recreated the outlook profile and the address book updated, however all day at the bottom of outlook it has read "all folders are up to date, updating address book".
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35263304
Hmmm and if you do "download address book" in Outlook, does it hang/stall?
0
 

Author Comment

by:reindeerauto
ID: 35278674
Yes it still hangs/stalls
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35279805
Ok, if you have the Jan 2011 update installed for Outlook 2010 remove it and try the OAB download again

Removing the update should also make outlook detect the users email address instead of the UPN for new profiles too.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35280313
Do you have Kb2405793 installed? Consider installing kb2475877
0
 

Author Comment

by:reindeerauto
ID: 35281629
I do not have Kb2405793, and I installed Kb2475877
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35281888
When did you install the latter one? Today or before? And outlook is still hanging after install?
0
 

Author Comment

by:reindeerauto
ID: 35281950
I installed it today, and yes it is still hanging.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35282479
OK here is the next plan of action:
1.) create a new test user with a mailbox
2.) logon to the problem Outlook 2010 machine
3.) confirm Outlook configures itself properly with no additional typing
4.) open Outlook wait till the profile syncs, confirm if it finishes or not
5.) try download the OAB and confirm if it hangs or stalls
0
 

Author Comment

by:reindeerauto
ID: 35294961
I did the above and still the same results, it hangs/stalls.

I looked in the event viewer and found some event ID 9328 and 9126 below is the details.
OABGen encountered error 80070070 while calculating the offline address book for address list '\Global Address List'.  This offline address book won't be available for client download.
- \Default Offline Address Book.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35295406
Have you run out of disk space on your OAB generating server? Check c: drive
0
 

Author Comment

by:reindeerauto
ID: 35295444
I was just looking at that now, C is full
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35295566
Look in c:\temp for stuff to delete

Or c:\inetpub\logs\logfiles see if any of those directories are huge
0
 

Author Comment

by:reindeerauto
ID: 35295688
I restarted the server due to the page file and looked in those folder and removed what I could but it only gave me 3.4 available Gig.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35295902
That should be more than enough to generate the OAB.
Try
Get-offlineaddressbook | update-offlineaddressbook
0
 

Author Comment

by:reindeerauto
ID: 35296362
I ran the above and am trying to download the address book again and it is still hanging.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35296602
If you logon to another machine does the problem follow you?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35296750
How many Outlook 2010 machines do you have and are they all experiencing the hang/stall when you try and download the OAB?

Are the Outlook 2007 clients affected?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35296783
If only one client is affected then enable Outlook logging and we'll see if it logs anything useful:
http://support.microsoft.com/kb/300479
0
 

Author Comment

by:reindeerauto
ID: 35296978
Well it seems that it is only me, so I have enabled logging.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35297306
Only you or only you connecting with Outlook 2010?
0
 

Author Comment

by:reindeerauto
ID: 35297986
seems to be only my machine? I tried using the test user this morning on my machine and it did not work.

I logged into a machine with Office 2010 as me that I tested with a user that worked and it did work for me.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35298259
On your computer go to c:\users\<your username>\appdata\local\Microsoft\outlook\offline address book
Then rename the <GUID> folder, reopen outlook and try the download of the OAB again and see if a new <GUID> folder gets created in that area
0
 

Author Comment

by:reindeerauto
ID: 35298487
Followed those directions and it just hangs at "Copying offline address book template file."
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35298548
Did you restart Outlook? And has it created a new <GUID> subfolder? Give it a few mins it can take a while to download the OAB for the first time. My fingers are crossed
0
 

Author Comment

by:reindeerauto
ID: 35317449
It did creat a new subfolder, which is empty. I did restart outlook and it just hangs, so far about 6 hours today.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35317995
Is that outlook logging doing anything useful? Maybe copy that folder off another machine and then see if outlook can manage to keep it up to date.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35322741
From what I have been reading on the Internet this morning, if you have only one machine that won't update no matter who logs on, then the best course of action is to remove that PC from the domain, delete the computer account for it from ADUC and then re-add it back to the domain and then reboot and test the OAB download.

Are you willing to try the above?
0
 

Author Comment

by:reindeerauto
ID: 35326388
I will try it first thing tomorrow and see what happens.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35326469
Ok - fingers crossed
0
 

Author Comment

by:reindeerauto
ID: 35332547
I removed it from the domain, deleted the PC from the domain and then re-joined the domain.

The thing still hangs
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35332611
Grrrr, this is annoying.

Try this:
Close Outlook, go into control Panel --> mail -->profiles then select your profile and put a space on the end of the server name then press check names so it underlines again. Next next finish. Open outlook and try the OAB download.

If the above doesn't work:
Give your AD account 'Full Control' on the ClientAccess\OAB folder on the CAS server and see if that wakes Outlook up.
0
 

Author Comment

by:reindeerauto
ID: 35332826
when you click mail/profiles (show profiles), it does not give you the option to do that. It does not show a "server name".

If I go into email accounts it shows "microsoft exchange"
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35334767
Go into the Exchange Account settings
0
 

Author Comment

by:reindeerauto
ID: 35336094
That did not work it still hangs.

And I am an administrator.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35339712
Have you considered uninstalling outlook 2010 and installing outlook 2007 to verify if the problem exists there?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35339758
Or before reinstalling Outlook have a look at using OABInteg to see if that sheds any light on the issue:
http://archive.msdn.microsoft.com/oabinteg/Release/ProjectReleases.aspx?ReleaseId=726

There is a usage doc on that web site, but here is another one:
http://www.msexchange.org/articles/Offline-Address-Book-Integrity-OABInteg-Utility-Explained.html
0
 

Author Comment

by:reindeerauto
ID: 35351772
I had 2007 previous when this problem was happening so I uninstalled 2007 and installed 2010 and still having the issue.

I ran the OABinteg not sure if I did it correct but here are the results

OABInteg (Offline Address Book Integrity Checker)
Version : 1, 0, 0, 1
OABInteg
Microsoft Corporation, Copyright (C) 2005
=====================================================

c:\OABinteg.txt has been opened for writing.

Program started at: 11:03:05 AM
Running OABInteg on: RAREXCHANGEUnable to obtain username.
Trying to connect to: GC://ehvms01

Failure ADsOpenObject
ADSI Error: hr = 0x8007203a
LDAP_SERVER_DOWN - ERROR_DS_SERVER_DOWN: Cannot contact the LDAP server...

Failure in function: HrGetRootDSEData on line number: 165

Performing cleanup.
Exiting application.


C:\Users\administrator.REINDEERAUTO\Desktop>
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35352061
Ignore OABInteg as it only checks PF distribution.

Try this command and post the result:

C:\Windows\System32\inetsrv>appcmd.exe list config /section:WindowsAuthentication

All on one line
0
 

Author Comment

by:reindeerauto
ID: 35352173
C:\Windows\System32\inetsrv>appcmd.exe list config /section:WindowsAuthenticatio
n
<system.webServer>
  <security>
    <authentication>
      <windowsAuthentication enabled="false" useKernelMode="false">
        <providers>
          <add value="Negotiate" />
          <add value="NTLM" />
        </providers>
        <extendedProtection>
        </extendedProtection>
      </windowsAuthentication>
    </authentication>
  </security>
</system.webServer>

C:\Windows\System32\inetsrv>
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35352421
Ok, that looks good.
What does
C:\Windows\System32\inetsrv>appcmd.exe list config "Default Web Site/OAB" /section:WindowsAuthentication

Result in?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35352461
Also can you do:
Set-eventloglevel "<ex server name>\msexchangeSA\OAL Generator" -level Medium

Then run
Get-offlineaddressbook | update-offlineaddressbook
And watch the application event log for errors & warnings. Restart msexchangeFDS and watch event log again.
0
 

Author Comment

by:reindeerauto
ID: 35352514
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.REINDEERAUTO>cd\

C:\>cd windows

C:\Windows>cd system32/inetsrv

C:\Windows\System32\inetsrv>appcmd.exe list config "Default Web Site/OAB" /secti
on:WindowsAuthentication
<system.webServer>
  <security>
    <authentication>
      <windowsAuthentication enabled="true" useKernelMode="true">
        <providers>
          <add value="Negotiate" />
          <add value="NTLM" />
        </providers>
        <extendedProtection tokenChecking="None">
        </extendedProtection>
      </windowsAuthentication>
    </authentication>
  </security>
</system.webServer>

C:\Windows\System32\inetsrv>
0
 

Author Comment

by:reindeerauto
ID: 35352585
Here is the only error in Application errors.
 Error
0
 

Author Comment

by:reindeerauto
ID: 35352599
Is exchangeFDS the File distribution?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35352796
Yes FDS is File Distribution

Go into IIs click on the OAB then authentication, select windows auth, then right click on it --> advanced settings and UNTICk "enable kernel mode..." ok

Try download the OAB then. If that fails do an iisreset on the server, confirm the kernel mode auth is still off and then try the OAB download again
0
 

Author Comment

by:reindeerauto
ID: 35353370
The tick mark is grayed out.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35354482
Try using %windir%\system32\inetsrv\appcmd unlock config -section:WindowsAuthentication

And then try Untick that box.
0
 

Author Comment

by:reindeerauto
ID: 35368938
here is what I put in the command line with the results and the tick is still grayed out.

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.REINDEERAUTO>%windir%\system32\inetsrv\appcmd unlock conf
ig -section:WindowsAuthentication
Unlocked section "system.webServer/security/authentication/windowsAuthentication
" at configuration path "MACHINE/WEBROOT/APPHOST".

C:\Users\administrator.REINDEERAUTO>
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35369446
Try:
C:\Windows\System32\inetsrv>appcmd.exe set config "Default Web Site/OAB" /section:WindowsAuthentication -useKernelMode="false"
0
 

Author Comment

by:reindeerauto
ID: 35374190
I ran the command and got the following error.

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.REINDEERAUTO>cd c:\windows\system32\inetsrv

c:\Windows\System32\inetsrv>appcmd.exe set config "Default Web Site/OAB" /sectio
n:WindowsAuthentication -useKernelMode="false"
ERROR ( message:Unknown attribute "useKernelMode=false".  Replace with -? for he
lp. )

c:\Windows\System32\inetsrv>
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35374205
C:\Windows\System32\inetsrv>appcmd.exe set config "Default Web Site/OAB" /section:WindowsAuthentication -useKernelMode:false /commit:apphost

You may need an iisreset after that and them confirm the kernel mode box is unticked.

You can also use
Appcmd list config "default web site/OAB" -section:WindowsAuthentication

To confirm the useKernelMode="false"

Do an iisreset and then attempt to download the OAB on your Outlook 2010 machine.
0
 

Author Comment

by:reindeerauto
ID: 35374886
The box is now unticked and it is still hanging.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35374951
Can you confirm if you have any file level AV on the server that the OAB directories are excluded from scanning.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35374991
Try outlook /cleanprofile
Then try download the OAB again
0
 

Author Comment

by:reindeerauto
ID: 35375189
I do not have any file level AV, plus I have other users with 2010 that have no issues.

I do not know where to do the command "outlook /cleanprofile"
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35375254
Close outlook
Then on your machine do
Start-->Run-->Type "outlook /cleanprofile" without the quotes
Then press enter

Then when outlook opens try to download the OAB
0
 

Author Comment

by:reindeerauto
ID: 35375639
It says the command line is not valid
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35375715
Looks like it is no longer supported under outlook 2010...

Close outlook, go into
%userprofile%\appdata\local\Microsoft\outlook
 Create a new folder in there and move all the .OAB files and any files that begin with "~" into the folder

Open outlook and try and download the OAB
0
 

Author Comment

by:reindeerauto
ID: 35375749
I do not have any files that begin with "~"
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35375783
Not even in the subfolders of "\Offline Address Books"?
0
 

Author Comment

by:reindeerauto
ID: 35375834
nope have one that starts with "be" but that is it.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35376493
Can you screenshot that folder and the offline address books folder and subfolder please? Sort on date with newest at the top.

Can you also open regedit on your machine and see if there is anything under the following key:
Hkey_current_user\software\Microsoft\exchange\exchange Provider\OABs?
If there is, export the subkeys under the OABs key and then delete them and restart outlook and try the OAB again
0
 

Author Comment

by:reindeerauto
ID: 35376728
OAB
I delete the subkey and retried and it just hangs.
outlook.jpg
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35376830
Can you open the be... Folder and screenshot it's contents please.
0
 

Author Comment

by:reindeerauto
ID: 35376846
its empty.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35376901
Delete it and then restart Outlook, down load OAB and see if the folder gets updated and see if the reg keys update too...

Can you also try logging onto Windows as that test account ( with mailbox ) and confirm the same thing occurs?


If it does, then I am afraid it's time to manually deploy the OAB files to Outlook and see if it can keep them up to date:
http://technet.microsoft.com/en-us/library/ff969354.aspx
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35376979
One more thing to try before you do the manual OAB procedure...

When outlook creates the empty <GUID> subfolder can you create an empty text file in there and rename it to OAB.XML and then restart Outlook and try the OAB download.

If that fails, then it is definitely time to perform a manual OAB update... Sorry...
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35738202
Thanks for the points. Did you manage to get outlook to download the OAB in the end?
0
 

Author Comment

by:reindeerauto
ID: 35738234
You deserved them wish I could have done more, you were very helpful.

It still says updating address book all the time at the bottom of Outlook, but any new employee's I add to the network are showing up in the global address book so to me it's working.

Thanks again for the help.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35739748
If you want, feel free to open a new question about your Outlook OAB download issue to see if any experts have any fresh ideas on how to resolve it.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions