Solved

We are having a few issues after migrating Exchange from 2010 to 2013.

Posted on 2014-10-15
12
380 Views
Last Modified: 2014-10-22
1. Main issue is that we cannot add secondary mailboxes to an account or additional profiles.
2. Running through testing we see that the ExRCA.com
      An error message was returned from the Autodiscover service
      XML response:
      <?xml version="1.0"?>
      <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
      <Response>
      <Error Time="17:24:48.2529679" Id="2716901415">
      <ErrorCode>500</ErrorCode>
      <Message>The email address can't be found.</Message>
svc records and autodiscover dns records are all there and check out along with the wildcard cert

3. When trying to download OAB if gives an error.
      The error is 0x80200049 the operation failed

We have rebuilt the oab and autodiscover virtual directory following proper directions
we have recreated the oab and assigned it and it appears to be there we can access the web url for it same with the autodiscover url.

Any help would be appreciated. James
0
Comment
Question by:auctionpay
  • 9
  • 3
12 Comments
 
LVL 1

Author Comment

by:auctionpay
ID: 40382643
additional info:

when sending from a secondary profile that was already existed the message immediately errors out with the response.

This message could not be sent. Try sending the message again later, or contact your network administrator.  Error is [0x80070005-00000000-00000000].
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40383116
Internally Autodiscover and SRV records are not used if the clients are members of the domain.
The clients query the domain for Autodiscover information. If that isn't set correctly then the client will fail to connect.

My instinct is that you haven't set the URLs correctly.

http://semb.ee/hostnames2013

Furthermore, as you are using a wildcard certificate, you should probably look at setting these two values as well:

Get-OutlookProvider "EXCH" | Set-OutlookProvider -CertPrincipalName "msstd:*.example.com"
Get-OutlookProvider "EXPR" | Set-OutlookProvider -CertPrincipalName "msstd:*.example.com"

Simon.
0
 
LVL 1

Author Comment

by:auctionpay
ID: 40383319
that was done previously
Get-OutlookProvider give this
Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                        msstd:*.ourdomain.com     1
EXPR                                                        msstd:*.ourdomain.com     1
WEB                                                         msstd:*.ourdomain.com     1

I have gone through all the steps mentioned in the site. We have one 2010 CAS server that has not been removed yet so I had run the scrips for the individual cas server.
I am still having issues.
The outlook auto test always worked and still does
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:auctionpay
ID: 40383371
Okay uninstalled last 2010 cas server just to eliminate it still no luck.
0
 
LVL 1

Author Comment

by:auctionpay
ID: 40383541
issue number 2 is resolved

Main issue is still unresolved
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40383869
If you are getting the same errors as you originally posted, then Autodiscover isn't working.
Autodiscover is mandatory with Exchange 2013 deployments.

When you run an Autodiscover test in Outlook, does it return the correct URLs?
Do you have more than the Exchange web sites on the CAS role holder? Bindings correct?

Simon.
0
 
LVL 1

Author Comment

by:auctionpay
ID: 40384460
Yes when I run auto discover it runs correctly for all test that I know.
I found a way to get outlook to add the mailbox to a second profile if I let it do the autodiscover/autoconfig for the logged in user then change the name on the account and resolve the name again. You can't send as that person until I go and perform Get-Mailbox "other mailbox" | Add-ADPermission -User "user" -ExtendedRights "Send As" even though the account has send as according to ECA and they could before the migration.
0
 
LVL 1

Assisted Solution

by:auctionpay
auctionpay earned 0 total points
ID: 40384794
Where I stand now. It looks like the main cause of my issues is 2 fold. Exchange 2013 changes how "Send as" works. Now instead of "Send as" it is "Send on behalf of" you have to go back in and add the "Send as" to get rid of issue 3. Issue 1 looks to be related to issue 3 in the fact that when adding a secondary mail box it looks at the OAB on your machine and cannot. If it does its autodiscover and the name is changed it has already resolved the CAS and received its GUID and can just check permissions then on full control. If you do not have "Send as" permissions at this point you will not be able to send from this profile.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40385554
"Exchange 2013 changes how "Send as" works. Now instead of "Send as" it is "Send on behalf of" you have to go back in and add the "Send as" to get rid of issue 3"

Nothing has changed.
Send As and Send on Behalf of have always been different. The permissions are different and are handled differently. It hasn't changed since SP2 for Exchange 2003, when Full Mailbox Access and the Send As permission were seperated.

If a user has Full Mailbox Access, then Autodiscover should add the account automatically in Outlook without any additional work being required - although only if permission is granted to a user, not to a group.

Simon.
0
 
LVL 1

Assisted Solution

by:auctionpay
auctionpay earned 0 total points
ID: 40387570
Simon,
In Exchange the permission setting have changed
manage send asIt is not send on behalf of,
Yes that capability has been around to set send on behalf of. However that is not the way it was before migration. Just something that had to be tracked down and changed.
Autodiscover and OAB for secondary profiles are needed. If you do not have a current copy of the OAB on your system you will be prompted to connect with your primary account before you can add a secondary. That way the OAB can be downloaded and it can identify what permissions you have for what mailbox. You can connect to the server all day long and not add a different profile until you have a good copy of OAB on your system or you spoof your credentials. The way I did before I got OAB and the GC working together.
I was able to identify the root cause of out OAB issue and it had to do with Domain Controller issues and thus OAB was not generating correctly or linking to peoples profiles.
My issues are now resolved.
James
0
 
LVL 1

Accepted Solution

by:
auctionpay earned 0 total points
ID: 40387971
My problems have all been resolved. OAB was working for most people as of yesterday the last thing was that it was showing up/downloadable by half of the users. Found that default BITS limit in GPO was blocking it. Everytime that I or someone else was trying to download would fail because Maximum number BITS jobs for each user was reached increasing this aloud amount and doing a gpupdate allowed the OAB to download and everything is looking good.

James
0
 
LVL 1

Author Closing Comment

by:auctionpay
ID: 40396484
There was no real comment provided by anyone else. I was just updating my post as I was working through the issue I could go through and write out all the steps for each issue but I think I have provided enough that people can work through the issues I was having.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question