Solved

Outlook Clients are connecting to the wrong Exchange Server

Posted on 2014-11-07
11
231 Views
Last Modified: 2014-12-03
We have a large complex domain with several sites.  Each site is connected via VPN and also has its own domain, DNS and mail server to support the users at the site.  In addition, with the exception of one site with two facilities, each site has its own mail domain name but from an AD perspective, they are sites within the same forest.

We recently started to have an issue were in one site, our outlook clients were connected to the email server in another site.  We can manually change the proxy settings and outlook will function but when you close Outlook and reopen it, it goes to the other  site.  Now we are having the issue at another site as well.  When the problem occurs, all of the clients get set to the mail server at the top of the primary site.  We have a combination of Exchange 2010 and 2013 along with Server 2008R2 and 2012.

DNS looks to be correct - but we just can grasp what his happening.  Some details:

Site 1 - mail.site1name.com (internal resolution to site1server.domain.local
Site 2 - mail.site1name.com (internal resolution to site2server.domain.local - second facility under this site)
Site 3 - mail.site3name.com (internal resolution to site3sever.domain.local
site 4 - mail.site4name.com (internal resolution to site4server.domain.local)

each site has an autodiscover.siteXname.com entry in the DNS for that site as well.  This entry does resolve to the internal mail server at that site - so, autodiscover.site4name.com -> site4server.domain.local

Problem:

user at site 3 configures outlook for msstd:site3server.site3name.com.  All is good until the user closes outlook.  As soon as they open outlook again, the configuration switches to mail.site1name.com.  For users to function, they have to manually correct this and then they can access their email.  This was working just fine, but some event changed how this was functioning for one site and now it is happening at another.  We can't put our finger on what could have caused this, but we do need to fix it.

Any assistance would be greatly appreciated.
0
Comment
Question by:averyln
  • 5
  • 2
  • 2
  • +2
11 Comments
 
LVL 8

Expert Comment

by:Tim Edwards
ID: 40428821
We have the same setup as you. This did happen in our Forest when one organization decided to turn on Outlook Anywhere. I do not know if that is what happened in yours but you can check. The fix was a GPO which I have attached below.

http://support.microsoft.com/kb/2426686

Import that adm, configure the RPC/HTTP Connection Flags setting to enabled and No Flags setting.  When it takes effect it will grey out the settings in Outlook.

As well you can test on individual mailbox with the following ps command:

Set-CASMailbox *edit with username* -MAPIBlockOutlookRpcHttp $True
0
 

Author Comment

by:averyln
ID: 40428906
Tim:

thanks for the quick reply.  We have had Outlook Anywhere turned well before this started happening.  It is almost like the Outlook client cannot find the local CAS and goes to the one at the top of the forest.

For example if  run
     get-clientaccessserver -identity "mail.site4name.com"

I get the error
    "The operation couldn't be performed because object 'mail.site4name.com' couldn't be found on
      DCServer.site4domain.local'.

It seems like this is an autodiscover or DNS issue, but everything looks ok from where i sit now.
0
 
LVL 8

Expert Comment

by:Tim Edwards
ID: 40429045
By holding down CTRL and right clicking on the Outlook task bar icon you can test your Email AutoConfiguration... please post the results and logs, just remove any confidential info
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40429141
Hello,

Sounds like you have the wrong external hostname set for OutlookAnywhere,

For each of your CAS server run:

Get-OutlookAnywhere -Server <servername> | select ExternalHostname

Open in new window


This value should correspond to the external hostaname that maps to that particular server. If it doesn't match, change it.

You should also check your setting for OAB, EWS, and Activesync to make sure they are correct on each server.

-JJ
0
 
LVL 7

Expert Comment

by:Murali Reddy
ID: 40429150
mail.site4name.com- confused, do you have a domain for each site?

And when giving get-clientaccessserver -identity <>, this should be the server name, not the cas array name..

coming to your problem...

What is the databases on all the sites set in their RPCClientAccessServer? Can you paste the output of "Get-MailboxDatabase |select Name, RPCClientAccessServer"

All the databases on the respective sites need to be updated with their respective RPC serevr endpoint in the same site.
Set-mailboxDatabase <MBX1Site1> -RpcClientAccessServer "CASServer/ArraySite1" etc..

Can you also test Test-OutlookConnectivity in each site?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:averyln
ID: 40430264
Tim:
  Not on site, so I will have someone check the outlook autodiscover on a client after the weekend.

Jamie:
  checked the external host and it does have the correct external name - mail.site4name.com
  checked OAB and all Databases the site exchange server can see do have OABs configured

Murali:
  my bad on the error, put the external name in instead of the server name, so that become less of an issue.

It appears the plot just got thicker.  When i ran "Get-MailboxDatabase |select Name, RPCClientAccessServer" on this server, there are three mailboxes that are shown and all of them do not have a value in the RPCClientAccessServer field.  This is troubling on a number of levels.  First, it appears this may have happened when we removed some certs from our Certificate Server at our main site.  We did this as part of a problem resolution with Radius authentication of our wireless clients at that site.  So, somehow, the removal of the extra certs that seem to have been preventing our wireless clients from accessing the network must have, although i am not sure how, impacted the RPC at this site.

Secondly, now the site with the Certificate server does not show up when you run the get-mailboxdatabase at any of the sites.  When you run the command at the site with the Certificate Server, i don't see all the sites there either and the one we are addressing here does not show up.

is it possible that the certs that were removed were/are somehow linked to exchange servers on the sits that are not present in the get-mailboxdatabase query?

I can update the RPCClientAccesServer values on these to see if they work but i won't be able to test it for a few days.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40430813
Lots of good suggestions here already.

One thing though. Are you experiencing any problems with AD replication at the problem site? DC functioning as it should? Not sure how many DCs you have at that site. But do you see any problems if you run DCDIAG from a command line?

No recent changes to AD Sites or Services MMC? Changes in subnets?
0
 

Author Comment

by:averyln
ID: 40435833
we are experiencing some replicate issues as well.  I was just made aware of this, so I am in the process of looking into that as well.  I don' think there have been any AD/Site changes, but at this point I don't think I can rule this out.  I'm going to start with the replication problem and then go from there.
0
 

Author Comment

by:averyln
ID: 40435976
Sorry, I didn't respond completely to your  last question. Each site has its own primary domain controller.  so, there are 6 DCs in the forest.
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40436353
Yep definitely check AD Sites and Services. Make sure the IP subnet for the remote site is in the correct AD site with the correct Domain Controllers.
0
 

Author Comment

by:averyln
ID: 40479904
Thanks Gareth.  were able to resolve the AD Sync issues.  So will move on to the next part of this issue and will repost.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now