Exchange 2007 User cannot access mailbox across VPN unless elevated to domain admin

Posted on 2011-10-20
Medium Priority
Last Modified: 2012-06-27
I recently disjoined and rebuilt my last Windows Server 2003 domain controller, upgrading the OS to 2008 R2. My domain functional level remains 2003.I have approximately 10/1000 users in my domain who cannot open their mailbox via Outlook 2003 from a standalone PC while connected via VPN; unless added to the domain admins group. I have granted them full rights to their mailbox via Exchange Management Shell by using:

add-adpermission -user "user" -accessrights genericall
add-mailboxpermission -user "user" -accessrights fullaccess -inheritancetype all

I have rebuilt the outlook profile multiple times, deleted:

Extend.dat – Located in C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\Outlook\.

Frmcache.dat – Located in C:\Documents and Settings\<username>\Application Data\Microsoft\Forms\.

Views.dat – Located in C:\Documents and Settings\<username>\Application Data\Microsoft\Outlook\.

Outcmd.dat – Located in C:\Documents and Settings\<username>\Application Data\Microsoft\Outlook\.

I can open their mailbox when connected via a LAN system joined to the domain and also when granting myself full rights to their mailbox and logging in on the other side of the VPN (I am operating as a domain admin).

Nothing seems to work unless I add them to the Domain Admins group, Please help!
Question by:witfog
LVL 47

Expert Comment

ID: 37004178
Of these 10 Users
What OS do they have installed?
XP /Vista/ Win 7?

Im guessing they are all laptop users?

If Vista and Win 7 have you check that UAC is not interfearing?
Or that windows Firewall isnt turned on for some reason.
Coulod even be their antivirus thats not allowing the connection

Have you tried to have one of these users use a PC\laptop you know works via VPN?

Do all these users have the same ISP?
If they do you might want to check with the ISP. There are some that dont provide full support for VPN.

LVL 32

Expert Comment

by:Rodney Barnhardt
ID: 37004452
How are they VPNing in? Do these by chance have wireless data cards, particularly from Verizon, with the software installed. We are seeing a problem on systems once this software is installed. It is like name resolution does not work, or the software is redirecting the request to external DNS servers. Just a thought.

Author Comment

ID: 37004586
The VPN is a hardware IPSEC VPN. I have a point to point VPN established.

Name resolution is working perfectly, I am also able to telnet to port 25 on the mail servers.

OS: Windows XP all on clients. Windows firewall is not turned on.

Antivirus isn't blocking the connection, I can login to other mailboxes across the VPN, just not a select few.

There are approximately 500 offices all on different IPs and different ISPs, only a few mailboxes are having this issue, not the entire office.

This really seems like an account permission issue or a schema issue after the last domain controller upgrade.
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

LVL 26

Expert Comment

ID: 37004666
Did you get the exchange-server rebooted few times? to get the correct AD server(the only serer)

What is the Outlook configured with "Cached Exchange Mode" or Online mode?
Can you confirm if the OWA is working fine for those mailboxes using the VPN clients?

Author Comment

ID: 37006014
Sorry for not being specific before. We have three DCs at a single site, lots of VPN sites coming in.

I tried configuring both cached exchange mode and online mode, neither allow access.

I believe OWA works fine but I will double check.

Accepted Solution

witfog earned 0 total points
ID: 37012267
We found the solution. We had to:

1. Disable the mailbox
2. Delete the user object in AD
3. Re-create the user object
4. Reconnect disconnected mailbox and user object.
5. Re-create outlook profile enabling Exchange proxy settings and connect to Exchange over HTTP.

Author Closing Comment

ID: 37035365
Solution found.

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
Today as you open your Outlook, you witness an error message: “Outlook is using an old copy of your Outlook Data File…”. Probably, Outlook is accessing an old OST file.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month13 days, 10 hours left to enroll

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question