Solved

User cannot connect to new 2010 Exchange woth Outlook 2010

Posted on 2011-09-12
49
488 Views
Last Modified: 2012-05-12
2 users out of 1200 cannot connect to Exchange with Outlook 2010 but can connect to webmail
Have deleted profiles and tried on multiple computers.
0
Comment
Question by:svenswenson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 24
  • 13
  • 12
49 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36525774
How are you configuring Outlook?  Cached Exchange mode?  POP3 / SMTP?  IMAP4?

What mailbox features are enabled for both of the problem accounts via the Exchange Management Console?
0
 

Author Comment

by:svenswenson
ID: 36525785
Cached mode and SMTP
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36525796
Both cached mode AND SMTP?

Usually it would be either or.

What about the Mailbox Features enabled via the EMC?
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36525822
From the Exchange Management Shell, please type the following (for each of the problem user accounts):

test-outlookwebservices -identity:problemuser@yourdomain.com
0
 

Author Comment

by:svenswenson
ID: 36525900
Outlook web is working fine.  The Outlook 2010 client is asking for a password for the exchange server and will not accept the Active Dir password
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36525908
Please can you answer the question in the above comment http:#a36525796
0
 

Author Comment

by:svenswenson
ID: 36525925
Mailbox features

Outlook Web App
Exchange ActiveSync
MAPI
POP3
IMAP4
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36525942
Ok - thanks.

Do they have their inherited permissions check box enabled?

If you open up Active Directory Users and Computers and locate one of your users that is not working, Double-Click into the account and click on the Security Tab (if this is not visible, Click on View> Advanced Features from the Menu at the top of the screen then navigate back to your user).

Once on the security tab, click on the Advanced Button and make sure that the ‘Include Inheritable Permissions From This Object’s Parent’ is ticked. Click OK twice to close the user account.
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36525981
"Outlook web is working fine.  The Outlook 2010 client is asking for a password for the exchange server and will not accept the Active Dir password"

If this is the case you should be seeing  authentication failures under the event viewer on the server
Post the failure please
0
 

Author Comment

by:svenswenson
ID: 36525984
include inheritable permissions from the object is checked
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36526012
So the users can login to OWA happily, which suggests the issue isn't password related.

Can the problem users login and configure Outlook on a known good working users PC?
0
 

Author Comment

by:svenswenson
ID: 36526033
Can the problem users login and configure Outlook on a known good working users PC?

No matter what PC they go to they fail, when others can connect on the same PC
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36526040
Okay - just to confirm - can these problem users login to OWA okay?
0
 

Author Comment

by:svenswenson
ID: 36526043
If this is the case you should be seeing  authentication failures under the event viewer on the server
Post the failure please

None found?
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36526045

Set the following registry keys to enable exchange dianostics
Set the values to 7
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeDSAccess\Diagnostics
1 General
4 Config
5 Ldap

And then try to connect the users outlook and check event logs on exchange server
0
 

Author Comment

by:svenswenson
ID: 36526048
Okay - just to confirm - can these problem users login to OWA okay? YES
0
 

Author Comment

by:svenswenson
ID: 36526056
the users that are broken were working when they were on Exchange 2007
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36526060
Can a working user see the problem users in their Global Address List?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36526072
Do you have a Broadcom network card in the Exchange Server?

If so - can you check the server manufacturer's website for a newer driver please.
0
 

Author Comment

by:svenswenson
ID: 36526074
Okay - just to confirm - can these problem users login to OWA okay? YES
0
 

Author Comment

by:svenswenson
ID: 36526121


this erver is only 2 month old and is up to date

HP NC-Series Broadcom 1Gb Multifunction
Driver for Windows Server 2008 x64 Editions

  6.2.8.0
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36526133
What is the exact server model please?
0
 

Author Comment

by:svenswenson
ID: 36526178
HP ProLiant DL360 G6
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36526201
Are you running Windows 2008 R2?
0
 

Author Comment

by:svenswenson
ID: 36526209
Are you running Windows 2008 R2?  YES
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36526251
Okay - you have the latest drivers!  Saw a similar issue relating to the NIC drivers being out of date - so that rules that out :(

0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36526368
I am assuming this is only happening on your internal network....
Have you done the exchange registry edits? It can fill your logs up quickly, but will give you much more detail.
Authentication is failing because you are repeatedly being prompted for the password, OWA might be succeeding, but its auth process starts at IIS.
Are these machines that have cached credentials enabled? If so try resetting the password on one of the non-working clients
0
 

Author Comment

by:svenswenson
ID: 36529317


Cannot find this registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeDSAccess\Diagnostics
 did you mean

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange ADAccess\Diagnostics
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36529321
Yes, sorry the other key is for exchange 2003
0
 

Author Comment

by:svenswenson
ID: 36529332
Do I enable the keys on the transport role or mailbox role or both
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36529426
0
 

Author Comment

by:svenswenson
ID: 36529663
Enablw logs for about 3 minutes while I tried Outlook but did not get any errors pertaiing to that user or omputer
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36529686
If you run outlook.exe /rpcdiag what do you see on the user who can't connect?
0
 

Author Comment

by:svenswenson
ID: 36529799
running outllok with /rpcdiag show the transport server name and status conneciting as it keeps asking for password
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36529871
on a working client does it show connecting to the same server as the failing client?
0
 

Author Comment

by:svenswenson
ID: 36530008
on a working client does it show connecting to the same server as the failing client?

a good client shows 4 items 3 with the CA server and one with the mailbox server

Server             Type         Interface   Connection Status
CA                 Mail            LAN          TCP/IP       Establsihed  
CA                 Mail            LAN          TCP/IP       Establsihed
CA                 Directory     LAN          TCP/IP       Establsihed  
Mailbox          Public F      LAN          TCP/IP       Establsihed


0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36530821
Ok, are these client connecting via http?
I wonder why the client is hitting the transport server first...should be hitting the CAS
0
 

Author Comment

by:svenswenson
ID: 36530829
I wonder why the client is hitting the transport server first...should be hitting the CAS

My explanation was fuzzy,  the transport and CAS are the same
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36530839
Change the users outlook account to  connect via http, and see if there is any change
0
 

Author Comment

by:svenswenson
ID: 36530865
Change the users outlook account to  connect via http, and see if there is any change?

don't have htat option in Control Panel item
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36530889
Its in account settings, more settings, connection, in outlook
Capture.JPG
0
 

Author Comment

by:svenswenson
ID: 36530951
under More setting- connection iin hte Outlook Anywhere I check HTTP box still no work
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36532183
If you give your account send as and full access rights to the non-working users account can you open it as an additional mailbox in your outlook ?
0
 

Author Comment

by:svenswenson
ID: 36532448
If you give your account send as and full access rights to the non-working users account can you open it as an additional mailbox in your outlook ?

When I try to add the account as an additional mailbox my Outloook hangs
0
 
LVL 13

Accepted Solution

by:
5g6tdcv4 earned 500 total points
ID: 36532465
I would either move those users to a new database, or create new user and copy mailbox data to new user
0
 

Author Comment

by:svenswenson
ID: 36532475
I will let the nightly backup run and will move those users to a new database in hte morning
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36532481
New-MailboxRepairRequest
First try the above powershell
0
 

Author Comment

by:svenswenson
ID: 36927018
Did not see you lst comment but moved users to new databases with no luck.

will try to MailboxRepairRequest
0
 

Author Closing Comment

by:svenswenson
ID: 37063278
crested new user and moved mailbox to the new user.
0

Featured Post

Office 365 Advanced Training for Admins

Special Offer:  Buy 1 course, get 2nd free!  Buy the 'Managing Office 365 Identities & Requirements' course w/ Accelerated TestPrep, and automatically receive the 'Enabling Office 365 Services' course FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question