?
Solved

Re-enabled AD account has only partial Exchange connectivity

Posted on 2013-01-22
6
Medium Priority
?
286 Views
Last Modified: 2013-02-14
I have an account that can access OWA and a previously configured Outlook client.  New Outlook client setups are failing Auto Discover. Auto Discover works for the rest of the organization.

Previous admins worked on this server.  From what I've been told a user left the organization and the account was disabled.  When the user returned the account was re-enabled.  That really should be the jist of what happened.  I'm not aware of additional actions or configs for this user account.

Mail was forwarded to another employee.  I don't think the forward caused corruption.

The user's original workstation is running an Outlook 2007 client without issue, but I want to migrate the user to a new workstation.

I'm using the Exchange Console's tool: Remote Connectivity Analyzer.  I'm not learning anything new from the tool.  I determined that Auto Discover was failing.  I wish the tool could give more hints as to *why* it's failing.

Has anyone seen this before?
Thanks,
-K
0
Comment
Question by:kengreg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38808574
Is it just for this user ?
Is the issue reproducible on another machine

- Rancy
0
 
LVL 6

Expert Comment

by:vmdude
ID: 38808883
What error is the Remote Connectivity Analyser throwing up for auto discover?
If it's just this user you can manually enter the exchange profile. I know not ideal but if that works you will know that the problem is defiantly with auto discover and not some strange issue just with that user.
0
 

Author Comment

by:kengreg
ID: 38809423
Yes, the error is reproducible when I move to another machine in an attempt to setup a new Exchange profile.  The error is the same on multiple machines, "The name could not be matched to a name in the address list".  I ran the Remote Connectivity Analyser based on Microsoft's recommendation:  http://technet.microsoft.com/en-us/library/dd439366(v=exchg.80).aspx

No, unfortunately, there are no combinations of email address, username, domain name\username, or alias that will allow me to manually configure the Outlook client.  It seems like the address list was never updated with the information that the user was re-enabled.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:kengreg
ID: 38809497
Okay, here's more on the Remote Connectivity Analyser error report:

Testing TCP port 443 on host autodiscover.domainname.com to ensure it's listening and open. The specified port is either blocked, not listening, or not producing the expected response.

I get this error despite the fact that OWA works over HTTPS.

Here's a similar case, although the admin is running Exchange 2010 and I'm running 2007.
http://forums.whirlpool.net.au/archive/1846061
It's a very long thread and he's not entirely sure what resolved the issue at the end.  He reassigned IP addresses or some such.

Again, autodiscover works for the rest of the users in the organization.  My user has been with the company for a very long time and had a last name change at some point.  I tried all combinations of new and old last names and syntax.
0
 

Accepted Solution

by:
kengreg earned 0 total points
ID: 38872323
The autodiscover issue was resolved.

At first I tried disconnecting (temporarily deleting) the user's mailbox and creating a new AD account, then re-attaching the mail.  It seemed like my best option.  Even that didn't work.

Unfortunately there were multiple GALS on this server at one time. Members of the employees OU were configured to use a custom address list.  This address list recently stopped updating.

Going back, this domain once had two separate "hosted" OUs with separate Recipient Policies, separate SMTP addresses, and separate address books.  Exchange attributes were used to differentiate the main business OU and a smaller business OU.

Although I used the attributes correctly on new AD accounts, Exchange somehow stopped taking the attributes into account when updating the address lists.

New AD accounts were likely trying to populate the default global address list, as the re-enabled account probably tried to populate the default global address list as well.

I had others involved on this.  We got this to work by removing at least one reference to the custom GAL in Exchange attributes.  You could say that we gave up, and allowed the default GAL to work again.

When I posted my original question I was trying to keep it simple.  The question wasn't really solvable on EE without a mention that this domain had multiple GALs.

Thanks for taking a look,
Ken
0
 

Author Closing Comment

by:kengreg
ID: 38888366
I know it's not protocol for me to answer my own questions on EE, but this turned out to be a complicated issue.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month15 days, 4 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question