Link to home
Start Free TrialLog in
Avatar of MitchS47

asked on

Possible Autodiscover issue

Outlook anywhere is working fine for all users except one.  I assume this to be some sort of persission issue but I have compared all AD, exchange, and IIS settings/permissions and there are no differences.  attached is the exchange connectivity test.  one is succesfull (note the warning is about auto discove not being on the public website) and the other just fails with it reporting the outlook anywhere in not enabled.  the only difference is the users.

I have done lots of searches but all do not reflect my issue. Thanks in advance.

Exhange 2010, windows server 2008 r2
Avatar of Exchange_Geek
Flag of India image

Two settings

ONE - check if the affected user has inherited permissions check box enabled on its security tab in Active Directory Users and Computers.

TWO - check if the account has SELF rights given full access on itself.

Avatar of MitchS47


inherited permission all the way up through from user the OU heirarchy.

self does not have full.  But all are the same as for the good user.reapplied permissions but issue presist.
Avatar of NetoMeter Screencasts

1. Let's start with the certificate - what kind of a certificate are you using?
2. What about OWA? Does the user get a warning message, when opening OWA?
3. How does the remote user resolve the public name of exchange server and the autodiscover name?  
4. What happens, when you try to configure manually Outlook Anywhere?


The cert is a UCC with all apropriate SAN. Not getting any cert errors.
Yes, OWA works fine for all users.
Yes, both internal and external DNS resolve names properly.
If you configure Outlook manually, it tries to connect and then goes to disconnected.  when you go back into settings all entries related to Outlook anywhere (i.e. connect to exchange over http) are gone.

just to recap.  I have eleminated anything to do with outlook by using the testexchangeconnectivity website.  the test is successful for all users except for one.

I beleive that this has to have something to do with this particual user account.

Thanks all for the help!

As u said that everything is working for other users, so plz just check whether Outlook Anywhere is enabled for the problematic user or not using following command:

Get-CASMailbox | FL MAPIBlockOutlookRpcHttp

Replace with the email address of your problematic user.

If it returns false then make it true using

Set-CASMailbox -MAPIBlockOutlookRpcHttp:$true

Laeeq Qazi
Ran the command and user is/was set to true.

Avatar of laeeqqazi
Flag of Pakistan image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you,  Laeeq!

cant begin to tell you how many hours i searched for this answer.  all my searches returned countles articles about certs, oulookanywhere being eabled, DNS stuff, etc.


question.. only if you have time.  is there a command that will return the outlook anywhere status of all users?  I may have another account that needs to be enabled.
You are welcome Mitch.

Honestly I just got the clue from the error message, which you were getting from RCA website, which clearly mentioning that Outlook anywhere might be disabled for the user.

Here is the command to get all the users with OAW disabled.

get-CASMailbox  -resultSize Unlimited |where {$_.MAPIBlockOutlookRpcHttp -eq $true} |fl DispalyName, PrimarySmtpAddress

Laeeq Qazi