Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 511
  • Last Modified:

Outlook 2007 Fails to Connecto to Excahnge 2010 After Removing First Adminisitrative Group

Exchange 2010 SP1 Rollup 3v3 Running on Server 2008 R2
Outlook 2007

I have previously removed "First administrative Group" a legacy admin group from exchange 2003.
This Broke public folders. I rebuilt the Public folder Object in ADSIEdit and all was working fine for about 24 Hours.
Then Outlook Clients stop being able to connect.

OWA works fine and I have full access to the Public folders via OWA.

When Setting up a new outlook Client  it says it can connnect just fine however fails to connect with the message:

"Cannot open your default e-mail folders. You must connect to Microsoft Excahnge with the current profile befor you can synchonzie your folders with your offline folder file.



I have verified the user has the correct LegacyExchangeDN



See Attached Screen shots for more details.


If you need specific info please ask.
Client-Connection-Error-1.png
Client-Connection-Error-.png
0
WhatWhyIT
Asked:
WhatWhyIT
  • 19
  • 12
1 Solution
 
SuperTacoCommented:
You're supposed to leave teh first administrative group intact after deactivating Exchange 2000/2003.  have you tried setting up the mailboxes manually using OA?
0
 
WhatWhyITAuthor Commented:
Yes.

They setup fine and it appears to work however fails when launching outlook.
0
 
WhatWhyITAuthor Commented:
From what I have gathered it has something todo with the information stores withing ADSIEdit under the CN=Servers,CN=servername,CN=InformationStore
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
WhatWhyITAuthor Commented:
Also Noted this error.

I Setup a new mail store did a local move of a mail box to the new store and retested.

No change.

OWA still works normally.

Could this be a permissions issue within IIS???
Client-Connection-Error-2.png
0
 
SuperTacoCommented:
It could be.  It looks like the same error you get when the OAB can't be downloaded.  if you're able to browse OWA I doubt it.  
0
 
WhatWhyITAuthor Commented:
We can send/recieve mail fine via OWA and there are no messages stacking up in any que's on the server.

0
 
SuperTacoCommented:
0
 
WhatWhyITAuthor Commented:
The Excahnge RPC Service is running.

I have seen the first two but not the third.

I have used Wireshark to confirm the Outlook is speaking to the correct IP address.

And yes this was working for about 24 hours after I removed said group.

I had been working on implementing ActiveSync for mobile devices in our envirment whenit all broke.
The last change I made adding an autodiscover svc record to our offisite web hosting company.

Have since removed the svc record.

It was about 2 hours after adding that record I became aware of the problem.

0
 
SuperTacoCommented:
Auto discover wouldn't cause anything like that.  If auto discover wasn't working, then you would have issues getting the account set up.  it sounds like Outlook can't connect to he informatino store itself.  
0
 
WhatWhyITAuthor Commented:
I agree it seems that the store is inaccessable via the outlook Client.


Client-Connection-Error-3.png
Client-Connection-Error-4.png
0
 
SuperTacoCommented:
Do you have a system state DC backup you can use to restore the old Administrative group?  Is IPv^ enaled anywhere?
0
 
WhatWhyITAuthor Commented:
I do have a system state backup. I removed the group on Wednesday morning though. and This issue didnt appear until Thursday just before lunch.

I would prefer to not goto backup at this point. And based onthe time lapse from the group removal to the issue I do not know if that would even resolve it.
0
 
WhatWhyITAuthor Commented:
I am trying a network card driver update...
0
 
WhatWhyITAuthor Commented:
Just noted a RPC over HTTP error hadn't seen that befor. RPC Error
0
 
SuperTacoCommented:
OK, your server may have lost it's DNS suffix.  Try messing around with that.
0
 
SuperTacoCommented:
I should mention it's in the NIC properties.
0
 
WhatWhyITAuthor Commented:
Network Card driver update - Didnt affect it.
Resolved the RPC over http issue (I had tried outlook anywhere connectivity) no change.

Open to idea(Other than restore mainly because I do not think it would fix it)
0
 
WhatWhyITAuthor Commented:
I used "Active Directory Module for windows powershell" did a:
Get-ADObject -Filter * -IncludeDeletedItems > C:\Result.txt

And after doing a find on the document only two hits are returned for "First Administrative Group"(Both in one record)

DistinguishedName : CN=Offline Address Book - First Administrative Group,CN=Mic
                    rosoft Exchange System Objects,DC=MyDomain,DC=org
Name              : Offline Address Book - First Administrative Group
ObjectClass       : publicFolder
ObjectGUID        : d72f6e06-05f0-4917-b259-b9eedd3eb522
0
 
SuperTacoCommented:
Did you move your OAB when you decommissioned Exchange?
0
 
WhatWhyITAuthor Commented:
Yes it had been moved.
0
 
SuperTacoCommented:
Ok so there's no remnants of the old Administrative Group in Exchange,but here appears to be some in AD.  Take a good backup and knock them out.  if I were you at this point I would call up M$.  
0
 
WhatWhyITAuthor Commented:
That was a search only of the deleted items. I see nothing in ADSIEdit refering to the legacy exchange server. (Though I haven't looked at every key)
0
 
SuperTacoCommented:
Ok sprry , I misunderstood you.  We may be able to bring that storage group back.  there's a utility I've had to use when one of my junior guys killed someone's AD.  ADRestore.Net.  Try using that utility.  Bring back to first storage group.  If it doesn't work you can just delete it again.  
0
 
WhatWhyITAuthor Commented:
I expanded the search -Filter  {name -like "*exchange*"}



Deleted           :
DistinguishedName : OU=Microsoft Exchange Security Groups,DC=MyDomain,DC=org
Name              : Microsoft Exchange Security Groups
ObjectClass       : organizationalUnit
ObjectGUID        : f54bda2a-455b-4803-8683-1cd36e2632c9

Deleted           :
DistinguishedName : CN=Exchange Servers,OU=Microsoft Exchange Security Groups,D
                    C=MyDomain,DC=org
Name              : Exchange Servers
ObjectClass       : group
ObjectGUID        : 0ec5e2f9-9354-4150-a5c2-b211bbcf2856

Deleted           :
DistinguishedName : CN=Exchange Organization Administrators,OU=Microsoft Exchan
                    ge Security Groups,DC=MyDomain,DC=org
Name              : Exchange Organization Administrators
ObjectClass       : group
ObjectGUID        : d0556ceb-ce4e-4d4c-b8c2-1eeb5be90399

Deleted           :
DistinguishedName : CN=Exchange Recipient Administrators,OU=Microsoft Exchange
                    Security Groups,DC=MyDomain,DC=org
Name              : Exchange Recipient Administrators
ObjectClass       : group
ObjectGUID        : 94e59ac0-b0a2-4a8c-aae8-aa40fc204f32

Deleted           :
DistinguishedName : CN=Exchange View-Only Administrators,OU=Microsoft Exchange
                    Security Groups,DC=MyDomain,DC=org
Name              : Exchange View-Only Administrators
ObjectClass       : group
ObjectGUID        : 65006916-61b1-4641-8706-8a7ab01e43ce

Deleted           :
DistinguishedName : CN=Exchange Public Folder Administrators,OU=Microsoft Excha
                    nge Security Groups,DC=MyDomain,DC=org
Name              : Exchange Public Folder Administrators
ObjectClass       : group
ObjectGUID        : 721ba893-cfad-4719-8540-f3f24edd8519

Deleted           :
DistinguishedName : CN=ExchangeLegacyInterop,OU=Microsoft Exchange Security Gro
                    ups,DC=MyDomain,DC=org
Name              : ExchangeLegacyInterop
ObjectClass       : group
ObjectGUID        : b9e6934a-d1f8-4492-bacb-976b134ec749

Deleted           :
DistinguishedName : CN=Exchange All Hosted Organizations,OU=Microsoft Exchange
                    Security Groups,DC=MyDomain,DC=org
Name              : Exchange All Hosted Organizations
ObjectClass       : group
ObjectGUID        : 951b0e56-46f9-47b7-b298-6c31a3753cbb

Deleted           :
DistinguishedName : CN=Exchange Windows Permissions,OU=Microsoft Exchange Secur
                    ity Groups,DC=MyDomain,DC=org
Name              : Exchange Windows Permissions
ObjectClass       : group
ObjectGUID        : b726bac9-105d-4f99-b0d6-132c6c7fb3bb

Deleted           :
DistinguishedName : CN=Exchange Trusted Subsystem,OU=Microsoft Exchange Securit
                    y Groups,DC=MyDomain,DC=org
Name              : Exchange Trusted Subsystem
ObjectClass       : group
ObjectGUID        : 7623603e-cf9b-4218-b583-ec8bef943214

Deleted           :
DistinguishedName : CN=Microsoft Exchange System Objects,DC=MyDomain,DC=org
Name              : Microsoft Exchange System Objects
ObjectClass       : msExchSystemObjectsContainer
ObjectGUID        : f1b7d07c-69f0-41bd-8fa8-f93e3269e26d

Deleted           :
DistinguishedName : CN=Exchange Domain Servers,CN=Users,DC=MyDomain,DC=org
Name              : Exchange Domain Servers
ObjectClass       : group
ObjectGUID        : e655d148-eaf6-42da-9c5c-18d1fa9da8fa

Deleted           :
DistinguishedName : CN=Exchange Enterprise Servers,CN=Users,DC=MyDomain,DC=org
Name              : Exchange Enterprise Servers
ObjectClass       : group
ObjectGUID        : cd2e32c0-91e8-45df-8d2f-1b212869a320

Deleted           :
DistinguishedName : CN=EXCHANGE,OU=Servers,OU=Hospital Computers,DC=MyDomain,DC=or
                    g
Name              : EXCHANGE
ObjectClass       : computer
ObjectGUID        : 3076fdea-436a-4825-b7af-afb6bea4f293

Deleted           :
DistinguishedName : CN=Exchange Install Domain Servers,CN=Microsoft Exchange Sy
                    stem Objects,DC=MyDomain,DC=org
Name              : Exchange Install Domain Servers
ObjectClass       : group
ObjectGUID        : 68a99eee-0de9-4861-b947-3a8296e3bc57

Deleted           :
DistinguishedName : DC=Exchange,DC=MyDomain.org,CN=MicrosoftDNS,CN=System,DC=MyDomain
                    ,DC=org
Name              : Exchange
ObjectClass       : dnsNode
ObjectGUID        : 82d183e6-2de8-4c4a-b2f7-a8608b1abb98



Though no dates when they were actually deleted
0
 
SuperTacoCommented:
those are all of the groups you need to make Exchange work.  You may have to bring those back with that utility I told you about
0
 
WhatWhyITAuthor Commented:
Awesome tool good to know about that one yet none of the above info shows in it.
0
 
SuperTacoCommented:
Crap.  Looks like we're down to system state of Microsoft
0
 
WhatWhyITAuthor Commented:
Did a nother search just removed -IncluddeletedItems

DistinguishedName   Name                ObjectClass         ObjectGUID        
-----------------   ----                -----------         ----------        
OU=Microsoft Exc... Microsoft Exchan... organizationalUnit  f54bda2a-455b-48...
CN=Exchange Serv... Exchange Servers    group               0ec5e2f9-9354-41...
CN=Exchange Orga... Exchange Organiz... group               d0556ceb-ce4e-4d...
CN=Exchange Reci... Exchange Recipie... group               94e59ac0-b0a2-4a...
CN=Exchange View... Exchange View-On... group               65006916-61b1-46...
CN=Exchange Publ... Exchange Public ... group               721ba893-cfad-47...
CN=ExchangeLegac... ExchangeLegacyIn... group               b9e6934a-d1f8-44...
CN=Exchange All ... Exchange All Hos... group               951b0e56-46f9-47...
CN=Exchange Wind... Exchange Windows... group               b726bac9-105d-4f...
CN=Exchange Trus... Exchange Trusted... group               7623603e-cf9b-42...
CN=Microsoft Exc... Microsoft Exchan... msExchSystemObje... f1b7d07c-69f0-41...
CN=Exchange Doma... Exchange Domain ... group               e655d148-eaf6-42...
CN=Exchange Ente... Exchange Enterpr... group               cd2e32c0-91e8-45...
CN=EXCHANGE,OU=S... EXCHANGE            computer            3076fdea-436a-48...
CN=Exchange Inst... Exchange Install... group               68a99eee-0de9-48...
DC=Exchange,DC=w... Exchange            dnsNode             82d183e6-2de8-4c...


All those still exist..
0
 
WhatWhyITAuthor Commented:
Even comparing GUID's they are all still there
0
 
WhatWhyITAuthor Commented:
The problem is fixed -
It was one of two things.
A: Sp1 UpdateRollup 4 v2
or:
The creation of the registry key
HKLM\System\CurrentControlSet\services\MSExchangeIS\ParameterSystem
DWord - "Mapi RPC Endpoint Registration"  with a value of "2"

0
 
WhatWhyITAuthor Commented:
I ended up solving it myself. Or What I did had no affect it and it resolved itself.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 19
  • 12
Tackle projects and never again get stuck behind a technical roadblock.
Join Now