Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Re-enabled AD account has only partial Exchange connectivity

Posted on 2013-01-22
6
Medium Priority
?
289 Views
Last Modified: 2013-02-14
I have an account that can access OWA and a previously configured Outlook client.  New Outlook client setups are failing Auto Discover. Auto Discover works for the rest of the organization.

Previous admins worked on this server.  From what I've been told a user left the organization and the account was disabled.  When the user returned the account was re-enabled.  That really should be the jist of what happened.  I'm not aware of additional actions or configs for this user account.

Mail was forwarded to another employee.  I don't think the forward caused corruption.

The user's original workstation is running an Outlook 2007 client without issue, but I want to migrate the user to a new workstation.

I'm using the Exchange Console's tool: Remote Connectivity Analyzer.  I'm not learning anything new from the tool.  I determined that Auto Discover was failing.  I wish the tool could give more hints as to *why* it's failing.

Has anyone seen this before?
Thanks,
-K
0
Comment
Question by:kengreg
  • 4
6 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38808574
Is it just for this user ?
Is the issue reproducible on another machine

- Rancy
0
 
LVL 6

Expert Comment

by:vmdude
ID: 38808883
What error is the Remote Connectivity Analyser throwing up for auto discover?
If it's just this user you can manually enter the exchange profile. I know not ideal but if that works you will know that the problem is defiantly with auto discover and not some strange issue just with that user.
0
 

Author Comment

by:kengreg
ID: 38809423
Yes, the error is reproducible when I move to another machine in an attempt to setup a new Exchange profile.  The error is the same on multiple machines, "The name could not be matched to a name in the address list".  I ran the Remote Connectivity Analyser based on Microsoft's recommendation:  http://technet.microsoft.com/en-us/library/dd439366(v=exchg.80).aspx

No, unfortunately, there are no combinations of email address, username, domain name\username, or alias that will allow me to manually configure the Outlook client.  It seems like the address list was never updated with the information that the user was re-enabled.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:kengreg
ID: 38809497
Okay, here's more on the Remote Connectivity Analyser error report:

Testing TCP port 443 on host autodiscover.domainname.com to ensure it's listening and open. The specified port is either blocked, not listening, or not producing the expected response.

I get this error despite the fact that OWA works over HTTPS.

Here's a similar case, although the admin is running Exchange 2010 and I'm running 2007.
http://forums.whirlpool.net.au/archive/1846061
It's a very long thread and he's not entirely sure what resolved the issue at the end.  He reassigned IP addresses or some such.

Again, autodiscover works for the rest of the users in the organization.  My user has been with the company for a very long time and had a last name change at some point.  I tried all combinations of new and old last names and syntax.
0
 

Accepted Solution

by:
kengreg earned 0 total points
ID: 38872323
The autodiscover issue was resolved.

At first I tried disconnecting (temporarily deleting) the user's mailbox and creating a new AD account, then re-attaching the mail.  It seemed like my best option.  Even that didn't work.

Unfortunately there were multiple GALS on this server at one time. Members of the employees OU were configured to use a custom address list.  This address list recently stopped updating.

Going back, this domain once had two separate "hosted" OUs with separate Recipient Policies, separate SMTP addresses, and separate address books.  Exchange attributes were used to differentiate the main business OU and a smaller business OU.

Although I used the attributes correctly on new AD accounts, Exchange somehow stopped taking the attributes into account when updating the address lists.

New AD accounts were likely trying to populate the default global address list, as the re-enabled account probably tried to populate the default global address list as well.

I had others involved on this.  We got this to work by removing at least one reference to the custom GAL in Exchange attributes.  You could say that we gave up, and allowed the default GAL to work again.

When I posted my original question I was trying to keep it simple.  The question wasn't really solvable on EE without a mention that this domain had multiple GALs.

Thanks for taking a look,
Ken
0
 

Author Closing Comment

by:kengreg
ID: 38888366
I know it's not protocol for me to answer my own questions on EE, but this turned out to be a complicated issue.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question