Solved

Re-enabled AD account has only partial Exchange connectivity

Posted on 2013-01-22
6
275 Views
Last Modified: 2013-02-14
I have an account that can access OWA and a previously configured Outlook client.  New Outlook client setups are failing Auto Discover. Auto Discover works for the rest of the organization.

Previous admins worked on this server.  From what I've been told a user left the organization and the account was disabled.  When the user returned the account was re-enabled.  That really should be the jist of what happened.  I'm not aware of additional actions or configs for this user account.

Mail was forwarded to another employee.  I don't think the forward caused corruption.

The user's original workstation is running an Outlook 2007 client without issue, but I want to migrate the user to a new workstation.

I'm using the Exchange Console's tool: Remote Connectivity Analyzer.  I'm not learning anything new from the tool.  I determined that Auto Discover was failing.  I wish the tool could give more hints as to *why* it's failing.

Has anyone seen this before?
Thanks,
-K
0
Comment
Question by:kengreg
  • 4
6 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38808574
Is it just for this user ?
Is the issue reproducible on another machine

- Rancy
0
 
LVL 6

Expert Comment

by:vmdude
ID: 38808883
What error is the Remote Connectivity Analyser throwing up for auto discover?
If it's just this user you can manually enter the exchange profile. I know not ideal but if that works you will know that the problem is defiantly with auto discover and not some strange issue just with that user.
0
 

Author Comment

by:kengreg
ID: 38809423
Yes, the error is reproducible when I move to another machine in an attempt to setup a new Exchange profile.  The error is the same on multiple machines, "The name could not be matched to a name in the address list".  I ran the Remote Connectivity Analyser based on Microsoft's recommendation:  http://technet.microsoft.com/en-us/library/dd439366(v=exchg.80).aspx

No, unfortunately, there are no combinations of email address, username, domain name\username, or alias that will allow me to manually configure the Outlook client.  It seems like the address list was never updated with the information that the user was re-enabled.
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 

Author Comment

by:kengreg
ID: 38809497
Okay, here's more on the Remote Connectivity Analyser error report:

Testing TCP port 443 on host autodiscover.domainname.com to ensure it's listening and open. The specified port is either blocked, not listening, or not producing the expected response.

I get this error despite the fact that OWA works over HTTPS.

Here's a similar case, although the admin is running Exchange 2010 and I'm running 2007.
http://forums.whirlpool.net.au/archive/1846061
It's a very long thread and he's not entirely sure what resolved the issue at the end.  He reassigned IP addresses or some such.

Again, autodiscover works for the rest of the users in the organization.  My user has been with the company for a very long time and had a last name change at some point.  I tried all combinations of new and old last names and syntax.
0
 

Accepted Solution

by:
kengreg earned 0 total points
ID: 38872323
The autodiscover issue was resolved.

At first I tried disconnecting (temporarily deleting) the user's mailbox and creating a new AD account, then re-attaching the mail.  It seemed like my best option.  Even that didn't work.

Unfortunately there were multiple GALS on this server at one time. Members of the employees OU were configured to use a custom address list.  This address list recently stopped updating.

Going back, this domain once had two separate "hosted" OUs with separate Recipient Policies, separate SMTP addresses, and separate address books.  Exchange attributes were used to differentiate the main business OU and a smaller business OU.

Although I used the attributes correctly on new AD accounts, Exchange somehow stopped taking the attributes into account when updating the address lists.

New AD accounts were likely trying to populate the default global address list, as the re-enabled account probably tried to populate the default global address list as well.

I had others involved on this.  We got this to work by removing at least one reference to the custom GAL in Exchange attributes.  You could say that we gave up, and allowed the default GAL to work again.

When I posted my original question I was trying to keep it simple.  The question wasn't really solvable on EE without a mention that this domain had multiple GALs.

Thanks for taking a look,
Ken
0
 

Author Closing Comment

by:kengreg
ID: 38888366
I know it's not protocol for me to answer my own questions on EE, but this turned out to be a complicated issue.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2016 OWA 3 51
A question on Active Directory LDS 4 20
Exchange server licensing 2 37
ADFS:  Step by Step to enable MFA with ADFS 16 29
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This video discusses moving either the default database or any database to a new volume.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question