Exchange 2007 User cannot access mailbox across VPN unless elevated to domain admin

I recently disjoined and rebuilt my last Windows Server 2003 domain controller, upgrading the OS to 2008 R2. My domain functional level remains 2003.I have approximately 10/1000 users in my domain who cannot open their mailbox via Outlook 2003 from a standalone PC while connected via VPN; unless added to the domain admins group. I have granted them full rights to their mailbox via Exchange Management Shell by using:

add-adpermission -user "user" -accessrights genericall
add-mailboxpermission -user "user" -accessrights fullaccess -inheritancetype all

I have rebuilt the outlook profile multiple times, deleted:

Extend.dat – Located in C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\Outlook\.

Frmcache.dat – Located in C:\Documents and Settings\<username>\Application Data\Microsoft\Forms\.

Views.dat – Located in C:\Documents and Settings\<username>\Application Data\Microsoft\Outlook\.

Outcmd.dat – Located in C:\Documents and Settings\<username>\Application Data\Microsoft\Outlook\.

I can open their mailbox when connected via a LAN system joined to the domain and also when granting myself full rights to their mailbox and logging in on the other side of the VPN (I am operating as a domain admin).

Nothing seems to work unless I add them to the Domain Admins group, Please help!
witfogAsked:
Who is Participating?
 
witfogAuthor Commented:
We found the solution. We had to:

1. Disable the mailbox
2. Delete the user object in AD
3. Re-create the user object
4. Reconnect disconnected mailbox and user object.
5. Re-create outlook profile enabling Exchange proxy settings and connect to Exchange over HTTP.
0
 
apache09Commented:
Of these 10 Users
What OS do they have installed?
XP /Vista/ Win 7?

Im guessing they are all laptop users?

If Vista and Win 7 have you check that UAC is not interfearing?
Or that windows Firewall isnt turned on for some reason.
Coulod even be their antivirus thats not allowing the connection

Have you tried to have one of these users use a PC\laptop you know works via VPN?

Do all these users have the same ISP?
If they do you might want to check with the ISP. There are some that dont provide full support for VPN.


0
 
Rodney BarnhardtServer AdministratorCommented:
How are they VPNing in? Do these by chance have wireless data cards, particularly from Verizon, with the software installed. We are seeing a problem on systems once this software is installed. It is like name resolution does not work, or the software is redirecting the request to external DNS servers. Just a thought.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
witfogAuthor Commented:
The VPN is a hardware IPSEC VPN. I have a point to point VPN established.

Name resolution is working perfectly, I am also able to telnet to port 25 on the mail servers.

OS: Windows XP all on clients. Windows firewall is not turned on.

Antivirus isn't blocking the connection, I can login to other mailboxes across the VPN, just not a select few.

There are approximately 500 offices all on different IPs and different ISPs, only a few mailboxes are having this issue, not the entire office.

This really seems like an account permission issue or a schema issue after the last domain controller upgrade.
0
 
e_aravindCommented:
Did you get the exchange-server rebooted few times? to get the correct AD server(the only serer)

What is the Outlook configured with "Cached Exchange Mode" or Online mode?
Can you confirm if the OWA is working fine for those mailboxes using the VPN clients?
0
 
witfogAuthor Commented:
Sorry for not being specific before. We have three DCs at a single site, lots of VPN sites coming in.

I tried configuring both cached exchange mode and online mode, neither allow access.

I believe OWA works fine but I will double check.
0
 
witfogAuthor Commented:
Solution found.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.