jmichaelpalermo4
asked on
Exchange 2010: The action cannot be completed. the name cannot be matched to a name in the address list.
Hello -
Running Exchange 2010 SP1. At random about a week ago, we've been unable to add any new Outlook profiles. When we do, we get the error listed in the title: The action cannot be completed. the name cannot be matched to a name in the address list.
After hours of searching, all the 'usual suspects' are turning up empty (typically showinaddressbook attribute, check/uncheck 'hide from GAL', etc...). I'm just flat out of ideas here - this issue is across the board (all accounts) rather than just one or two. Please help! Even some suggestions on where to look or how to debug this would be something!
Running Exchange 2010 SP1. At random about a week ago, we've been unable to add any new Outlook profiles. When we do, we get the error listed in the title: The action cannot be completed. the name cannot be matched to a name in the address list.
After hours of searching, all the 'usual suspects' are turning up empty (typically showinaddressbook attribute, check/uncheck 'hide from GAL', etc...). I'm just flat out of ideas here - this issue is across the board (all accounts) rather than just one or two. Please help! Even some suggestions on where to look or how to debug this would be something!
Last Comment
ASKER
Just one - CN=All Address Lists,CN=Address Lists Container,...<rest of domain info here>
I was looking for solutions and found the following KV, have you checked it before ?
Troubleshooting Check Name errors
Troubleshooting Check Name errors
KB of course, not KV !
ASKER
That's a good article to work through, although it is for earlier versions of Exchange. I'll check into it and report back.
If you are running more than one DC (and don't we all), also verify that AD replication is working 100%.
ASKER
MWAdmin - what are your thoughts on that? How could an AD Replication issue cause this?
Because Exchange server will search for an object in AD/GC when validating a mapi profile.
This can be a problem in case of replication error.
a simple repadmin /replsummary will give you the informations about a bad synchronization.
This can be a problem in case of replication error.
a simple repadmin /replsummary will give you the informations about a bad synchronization.
I have also had similar issues to you caused by a DC not replicating due to a bad disk. As posted by gerald26 a simple repadmin /replsummary will provide the information. If you are using win2k3 DC's use replmon.
Thanks
Thanks
ASKER
I've run through the "Troubleshooting Check Name errors" document posed by Gerald26 to no avail. One item of note: there's a step in the document that says:
If Ldp.exe reports that there are "no children," the Global Address List object may not have the appropriate permissions. A user must be able to see at least one Global Address List object and its members.
When I browsed the tree using LDP.exe (a new tool for me), it did show "No Children" under the global address list object. However, I checked the user's permissions to the GAL (using adsiedit.msc...NOT a new tool for me) and it seems like everything is set okay.
Any ideas of next steps on this? I'd really love to see if I could debug or somehow watch what Exchange is doing when trying to authenticate the user. Then I could see where the permissions failure (or something else) was occurring.
Please - I'm all ears!
If Ldp.exe reports that there are "no children," the Global Address List object may not have the appropriate permissions. A user must be able to see at least one Global Address List object and its members.
When I browsed the tree using LDP.exe (a new tool for me), it did show "No Children" under the global address list object. However, I checked the user's permissions to the GAL (using adsiedit.msc...NOT a new tool for me) and it seems like everything is set okay.
Any ideas of next steps on this? I'd really love to see if I could debug or somehow watch what Exchange is doing when trying to authenticate the user. Then I could see where the permissions failure (or something else) was occurring.
Please - I'm all ears!
LDP is a bit raw and tricky to use, you might have made a lil mistake using it.
I see you want to go deeper, Lets try again differently and confirm user can not browse the address list and even list its attributes.
First, please confirm that user has good rights set on "list content" security of GAL
As a domain admin, use ADSIEDIT and jump on GAL, check property, Security, ADVANCED Parameters, Effective Permission. Select user, and check the result displays that List Content Checkbox is checked.
Now we are sure that the user can see it, there is no reason you have 'no children error'
Lets make it appear :
I think you have copied/pasted the values of addresslist in showInAddressBook attribute of a test user in a notepad, dont close it.
We are going to use DSQUERY command to check it out. To make it simple, we will need to have full LOCAL admin rights on a member server, but just standard user rights in AD (because i don't know if DStools can be installed or launched from a 7 client)
Step 1: Add user to LOCAL administrators group on a MEMBER server
Step 2: Login with this user on this member server
Step 3: open a dos prompt and copy tools from a dc to a temporary folder
mkdir c:\temp
xcopy \\dcname\c$\windows\system
cd c:\temp\dstools
c:
Let's say the GAL you found in user attribut is CN=Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=organisation,
Step 4 : you will want to type this command:
note the quotes " " because there are spaces in path, note the * after DSquery and -attr to get all attributes
Note that you must change dc=domain,dc=local and also CN=organisation
Repeat with all addresslist found in showInAddressBook user attibute
Step 5: remove user from administrators group on MEMBER server and clean temp
Step 6 : comment the result
Sorry if I detail too much, this might be useless, but before going farther and farther, we must be 100% sure about security.
PS: I know there might be quicker ways to do it but this one works :p
I see you want to go deeper, Lets try again differently and confirm user can not browse the address list and even list its attributes.
First, please confirm that user has good rights set on "list content" security of GAL
As a domain admin, use ADSIEDIT and jump on GAL, check property, Security, ADVANCED Parameters, Effective Permission. Select user, and check the result displays that List Content Checkbox is checked.
Now we are sure that the user can see it, there is no reason you have 'no children error'
Lets make it appear :
I think you have copied/pasted the values of addresslist in showInAddressBook attribute of a test user in a notepad, dont close it.
We are going to use DSQUERY command to check it out. To make it simple, we will need to have full LOCAL admin rights on a member server, but just standard user rights in AD (because i don't know if DStools can be installed or launched from a 7 client)
Step 1: Add user to LOCAL administrators group on a MEMBER server
Step 2: Login with this user on this member server
Step 3: open a dos prompt and copy tools from a dc to a temporary folder
mkdir c:\temp
xcopy \\dcname\c$\windows\system
cd c:\temp\dstools
c:
Let's say the GAL you found in user attribut is CN=Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=organisation,
Step 4 : you will want to type this command:
dsquery * "CN=Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=organisation,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local" -attr *
note the quotes " " because there are spaces in path, note the * after DSquery and -attr to get all attributes
Note that you must change dc=domain,dc=local and also CN=organisation
Repeat with all addresslist found in showInAddressBook user attibute
Step 5: remove user from administrators group on MEMBER server and clean temp
Step 6 : comment the result
Sorry if I detail too much, this might be useless, but before going farther and farther, we must be 100% sure about security.
PS: I know there might be quicker ways to do it but this one works :p
ASKER
Gerald26 - sorry for the delay. I have yet to go through the process you've outlined (our accounts are locked down via GPO for all the member servers, so it's going to take some time to do that). I will be doing that shortly. Some more information for you to ponder while I figure this out --
1. We're running the Exchange server for multiple groups (creating multiple address lists / GALs).
2. The lookup succeeds for at least one of the groups of addresses, but not others
3. The Exchange accounts can be added internally without an issue for all address lists, but not through Outlook Anywhere (how most our accounts are supported).
How does Exchange sift through the address lists to find an address? How is the process different for Outlook Anywhere clients?
I know these are some "deep understanding of Exchange" questions...
1. We're running the Exchange server for multiple groups (creating multiple address lists / GALs).
2. The lookup succeeds for at least one of the groups of addresses, but not others
3. The Exchange accounts can be added internally without an issue for all address lists, but not through Outlook Anywhere (how most our accounts are supported).
How does Exchange sift through the address lists to find an address? How is the process different for Outlook Anywhere clients?
I know these are some "deep understanding of Exchange" questions...
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Mysteriously resolved...
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Right click it and display properties
Check adressbookroots. how many lines are there ?