Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Why can't WAN Outlook 2007/2010 users connect to Exchange 2007 server after Domain Admin password change?

Posted on 2014-10-01
18
Medium Priority
?
384 Views
Last Modified: 2014-10-07
I changed the Domain Administrator password (7 sites, 8 DCs, 7 subnets) a couple of days ago, now none of my remote sites can connect to Exchange 2007 with Outlook 2007 or 2010 clients.  The primary location of the Exchange server, email flow works perfectly.  The sites are connected thru an MPLS cloud & I can remotely administer all DCs & User workstations.  I can telnet to port 25 from the remote sites (intermittently), but I cannot telnet to port 587.  We also use receive connectors for each server to allow relay.  Please help.
0
Comment
Question by:Keith Atkinson
  • 9
  • 5
  • 4
18 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40355352
So just to clarify. All the users at the main location are fine. They can still connect with Outlook no problem.

Its just the users at remote sites over an MPLS connection that can't connect to Outlook?

What is the error when they try and connect? Is it just server unavailable? What do you see from one of the remote users if you right click+hold SHIFT on the Outlook icon in the systry and select Connection Status or Test Autoconfiguration.

Changing the admin password should have no bearing.

Can these remote users connect to Outlook Web App?
0
 

Author Comment

by:Keith Atkinson
ID: 40355506
So just to clarify. All the users at the main location are fine. They can still connect with Outlook no problem.  (Correct)

Its just the users at remote sites over an MPLS connection that can't connect to Outlook? (Correct)

What is the error when they try and connect? Is it just server unavailable? What do you see from one of the remote users if you right click+hold SHIFT on the Outlook icon in the systry and select Connection Status or Test Autoconfiguration. (It drops compatiblity mode Windows XP & attempts to reconfigure the client via autodiscovery)

Can these remote users connect to Outlook Web App? (YES)
Outlook-Error.docx
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40355613
I assume the remote sites with the problem can ping the mail server by FQDN?

From the remote sites with the problem can they get to the URL you have specified for autodiscover in their web browser?

For example.... https://autodiscover.yourdomain.com/Autodiscover/autodiscover.xml
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:Keith Atkinson
ID: 40355830
Yes.  We can ping by FQDN.
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40356660
Have you tried Exchange Remote Connectivity Analyzer? If not try it to get more details of the connection error.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40356682
What about access to autodiscover via the web browser?
0
 

Author Comment

by:Keith Atkinson
ID: 40356775
I opened a case with M$ last night & worked until 2am (still no resolution). I have tried the ERCA which was inconclusive.  I did not try auto discover from the client's browser, as we experienced port connectivity issues telnetting to TCP 25, 135 & 587.  We ran several packet captures & sent data to the network team.  I have a scheduled callback @ 9am.  Please continue to offer suggestions until this matter is resolved.  Thanks!
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40356791
Just a couple of  questions;

Have verified all the exchange DNS records in your AD? Have checked the event logs both in PDC and exchange for a clue? Did you try restarting IIS in your exchange?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40356804
This almost doesn't even sound like an Exchange problem. But possibly a coincidence with a problem on the network. Maybe an issue with the MPLS network at your main site. If you do a continuous ping between sites, are you getting any packet loss?
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40356892
Now sum up the issue;

remotely administer all DCs & User workstations at remote site is fine.
connectivity issues telnetting to TCP 25, 135 & 587 still persists.

Is the exchange box behind any FWs/UTMs etc..? can you give bit more details of your network?
0
 

Author Comment

by:Keith Atkinson
ID: 40356928
I have verified the DNS records.  I have restarted Exchange IIS, as well as uninstalled Rollup 14.

We have 0% packet loss while sending continuous pings from each MPLS Branch to the main site (IP, Nebios & FQDN)

We have an MPLS network which connects each branch  (no ACL with branch communication).  It routes our "core processor" packets to the Data Center (with an ACL), but routes internet packets to our firewall cluster at the main branch.
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40356949
but routes internet packets to our firewall cluster at the main branch.

Just for a test purpose;

Do you have any mobile users, using active sync? can you check if they are able to send and receive emails?

What about your SSL?
0
 

Author Comment

by:Keith Atkinson
ID: 40356953
All exchange traffic from the internet works properly.  SSL & Activesync work with no problems routing into the network.
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40356979
So it seems to be a kind of   Exchange firewall issues.  Have you tested the  connectivity between Exchange and Active Directory  using  PortQueryUI tool?
0
 

Author Comment

by:Keith Atkinson
ID: 40356985
Zacharia - No I have not.  Can you detail please?
0
 

Author Comment

by:Keith Atkinson
ID: 40357196
I used the port query tool & queried 25, 80, 135, 443 587 from 3 sites (main, branch1, branch2) to the Exchange Server.  From the main branch, all ports replied "listening".  From the branch1 & branch2, the ports replied "filtered".  I also open 3 ports on another Server in the main branch: 80, 135, 3389.  I queried those 3 ports from the main branch, all ports replied "listening".  I queried the same 3 ports from branch1 & branch2, all ports replied "filtered".  The test I just performed eliminates the MPLS issue.  I am now 100% certain it is on the Exchange Server.  Any thoughts?
0
 

Accepted Solution

by:
Keith Atkinson earned 0 total points
ID: 40358421
We finally resolved the issue after determining a manual route was missing from the Exchange Server which routed internal traffic to the MPLS Cloud & Internet Traffic thru the SRX Juniper Firewall.  I re-added the route & and made it persistent on the Exchange Server.  I will investigate the formal solution with the route problem.  Thanks for all who contributed.
0
 

Author Closing Comment

by:Keith Atkinson
ID: 40365517
The hotfix installation required a reboot of the Servers, thus the manual route was deleted from the Exchange Server.  After thorough analysis & historic documentation, we re-added the route.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question