Solved

Re-enabled AD account has only partial Exchange connectivity

Posted on 2013-01-22
6
271 Views
Last Modified: 2013-02-14
I have an account that can access OWA and a previously configured Outlook client.  New Outlook client setups are failing Auto Discover. Auto Discover works for the rest of the organization.

Previous admins worked on this server.  From what I've been told a user left the organization and the account was disabled.  When the user returned the account was re-enabled.  That really should be the jist of what happened.  I'm not aware of additional actions or configs for this user account.

Mail was forwarded to another employee.  I don't think the forward caused corruption.

The user's original workstation is running an Outlook 2007 client without issue, but I want to migrate the user to a new workstation.

I'm using the Exchange Console's tool: Remote Connectivity Analyzer.  I'm not learning anything new from the tool.  I determined that Auto Discover was failing.  I wish the tool could give more hints as to *why* it's failing.

Has anyone seen this before?
Thanks,
-K
0
Comment
Question by:kengreg
  • 4
6 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38808574
Is it just for this user ?
Is the issue reproducible on another machine

- Rancy
0
 
LVL 6

Expert Comment

by:vmdude
ID: 38808883
What error is the Remote Connectivity Analyser throwing up for auto discover?
If it's just this user you can manually enter the exchange profile. I know not ideal but if that works you will know that the problem is defiantly with auto discover and not some strange issue just with that user.
0
 

Author Comment

by:kengreg
ID: 38809423
Yes, the error is reproducible when I move to another machine in an attempt to setup a new Exchange profile.  The error is the same on multiple machines, "The name could not be matched to a name in the address list".  I ran the Remote Connectivity Analyser based on Microsoft's recommendation:  http://technet.microsoft.com/en-us/library/dd439366(v=exchg.80).aspx

No, unfortunately, there are no combinations of email address, username, domain name\username, or alias that will allow me to manually configure the Outlook client.  It seems like the address list was never updated with the information that the user was re-enabled.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:kengreg
ID: 38809497
Okay, here's more on the Remote Connectivity Analyser error report:

Testing TCP port 443 on host autodiscover.domainname.com to ensure it's listening and open. The specified port is either blocked, not listening, or not producing the expected response.

I get this error despite the fact that OWA works over HTTPS.

Here's a similar case, although the admin is running Exchange 2010 and I'm running 2007.
http://forums.whirlpool.net.au/archive/1846061
It's a very long thread and he's not entirely sure what resolved the issue at the end.  He reassigned IP addresses or some such.

Again, autodiscover works for the rest of the users in the organization.  My user has been with the company for a very long time and had a last name change at some point.  I tried all combinations of new and old last names and syntax.
0
 

Accepted Solution

by:
kengreg earned 0 total points
ID: 38872323
The autodiscover issue was resolved.

At first I tried disconnecting (temporarily deleting) the user's mailbox and creating a new AD account, then re-attaching the mail.  It seemed like my best option.  Even that didn't work.

Unfortunately there were multiple GALS on this server at one time. Members of the employees OU were configured to use a custom address list.  This address list recently stopped updating.

Going back, this domain once had two separate "hosted" OUs with separate Recipient Policies, separate SMTP addresses, and separate address books.  Exchange attributes were used to differentiate the main business OU and a smaller business OU.

Although I used the attributes correctly on new AD accounts, Exchange somehow stopped taking the attributes into account when updating the address lists.

New AD accounts were likely trying to populate the default global address list, as the re-enabled account probably tried to populate the default global address list as well.

I had others involved on this.  We got this to work by removing at least one reference to the custom GAL in Exchange attributes.  You could say that we gave up, and allowed the default GAL to work again.

When I posted my original question I was trying to keep it simple.  The question wasn't really solvable on EE without a mention that this domain had multiple GALs.

Thanks for taking a look,
Ken
0
 

Author Closing Comment

by:kengreg
ID: 38888366
I know it's not protocol for me to answer my own questions on EE, but this turned out to be a complicated issue.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now