Outlook Clients are connecting to the wrong Exchange Server

We have a large complex domain with several sites.  Each site is connected via VPN and also has its own domain, DNS and mail server to support the users at the site.  In addition, with the exception of one site with two facilities, each site has its own mail domain name but from an AD perspective, they are sites within the same forest.

We recently started to have an issue were in one site, our outlook clients were connected to the email server in another site.  We can manually change the proxy settings and outlook will function but when you close Outlook and reopen it, it goes to the other  site.  Now we are having the issue at another site as well.  When the problem occurs, all of the clients get set to the mail server at the top of the primary site.  We have a combination of Exchange 2010 and 2013 along with Server 2008R2 and 2012.

DNS looks to be correct - but we just can grasp what his happening.  Some details:

Site 1 - mail.site1name.com (internal resolution to site1server.domain.local
Site 2 - mail.site1name.com (internal resolution to site2server.domain.local - second facility under this site)
Site 3 - mail.site3name.com (internal resolution to site3sever.domain.local
site 4 - mail.site4name.com (internal resolution to site4server.domain.local)

each site has an autodiscover.siteXname.com entry in the DNS for that site as well.  This entry does resolve to the internal mail server at that site - so, autodiscover.site4name.com -> site4server.domain.local


user at site 3 configures outlook for msstd:site3server.site3name.com.  All is good until the user closes outlook.  As soon as they open outlook again, the configuration switches to mail.site1name.com.  For users to function, they have to manually correct this and then they can access their email.  This was working just fine, but some event changed how this was functioning for one site and now it is happening at another.  We can't put our finger on what could have caused this, but we do need to fix it.

Any assistance would be greatly appreciated.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tim EdwardsIT Team Lead - Unified Communications & CollaborationCommented:
We have the same setup as you. This did happen in our Forest when one organization decided to turn on Outlook Anywhere. I do not know if that is what happened in yours but you can check. The fix was a GPO which I have attached below.


Import that adm, configure the RPC/HTTP Connection Flags setting to enabled and No Flags setting.  When it takes effect it will grey out the settings in Outlook.

As well you can test on individual mailbox with the following ps command:

Set-CASMailbox *edit with username* -MAPIBlockOutlookRpcHttp $True
averylnAuthor Commented:

thanks for the quick reply.  We have had Outlook Anywhere turned well before this started happening.  It is almost like the Outlook client cannot find the local CAS and goes to the one at the top of the forest.

For example if  run
     get-clientaccessserver -identity "mail.site4name.com"

I get the error
    "The operation couldn't be performed because object 'mail.site4name.com' couldn't be found on

It seems like this is an autodiscover or DNS issue, but everything looks ok from where i sit now.
Tim EdwardsIT Team Lead - Unified Communications & CollaborationCommented:
By holding down CTRL and right clicking on the Outlook task bar icon you can test your Email AutoConfiguration... please post the results and logs, just remove any confidential info
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Jamie McKillopIT ManagerCommented:

Sounds like you have the wrong external hostname set for OutlookAnywhere,

For each of your CAS server run:

Get-OutlookAnywhere -Server <servername> | select ExternalHostname

Open in new window

This value should correspond to the external hostaname that maps to that particular server. If it doesn't match, change it.

You should also check your setting for OAB, EWS, and Activesync to make sure they are correct on each server.

Murali ReddyExchange ExpertCommented:
mail.site4name.com- confused, do you have a domain for each site?

And when giving get-clientaccessserver -identity <>, this should be the server name, not the cas array name..

coming to your problem...

What is the databases on all the sites set in their RPCClientAccessServer? Can you paste the output of "Get-MailboxDatabase |select Name, RPCClientAccessServer"

All the databases on the respective sites need to be updated with their respective RPC serevr endpoint in the same site.
Set-mailboxDatabase <MBX1Site1> -RpcClientAccessServer "CASServer/ArraySite1" etc..

Can you also test Test-OutlookConnectivity in each site?
averylnAuthor Commented:
  Not on site, so I will have someone check the outlook autodiscover on a client after the weekend.

  checked the external host and it does have the correct external name - mail.site4name.com
  checked OAB and all Databases the site exchange server can see do have OABs configured

  my bad on the error, put the external name in instead of the server name, so that become less of an issue.

It appears the plot just got thicker.  When i ran "Get-MailboxDatabase |select Name, RPCClientAccessServer" on this server, there are three mailboxes that are shown and all of them do not have a value in the RPCClientAccessServer field.  This is troubling on a number of levels.  First, it appears this may have happened when we removed some certs from our Certificate Server at our main site.  We did this as part of a problem resolution with Radius authentication of our wireless clients at that site.  So, somehow, the removal of the extra certs that seem to have been preventing our wireless clients from accessing the network must have, although i am not sure how, impacted the RPC at this site.

Secondly, now the site with the Certificate server does not show up when you run the get-mailboxdatabase at any of the sites.  When you run the command at the site with the Certificate Server, i don't see all the sites there either and the one we are addressing here does not show up.

is it possible that the certs that were removed were/are somehow linked to exchange servers on the sits that are not present in the get-mailboxdatabase query?

I can update the RPCClientAccesServer values on these to see if they work but i won't be able to test it for a few days.
Gareth GudgerSolution ArchitectCommented:
Lots of good suggestions here already.

One thing though. Are you experiencing any problems with AD replication at the problem site? DC functioning as it should? Not sure how many DCs you have at that site. But do you see any problems if you run DCDIAG from a command line?

No recent changes to AD Sites or Services MMC? Changes in subnets?
averylnAuthor Commented:
we are experiencing some replicate issues as well.  I was just made aware of this, so I am in the process of looking into that as well.  I don' think there have been any AD/Site changes, but at this point I don't think I can rule this out.  I'm going to start with the replication problem and then go from there.
averylnAuthor Commented:
Sorry, I didn't respond completely to your  last question. Each site has its own primary domain controller.  so, there are 6 DCs in the forest.
Gareth GudgerSolution ArchitectCommented:
Yep definitely check AD Sites and Services. Make sure the IP subnet for the remote site is in the correct AD site with the correct Domain Controllers.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
averylnAuthor Commented:
Thanks Gareth.  were able to resolve the AD Sync issues.  So will move on to the next part of this issue and will repost.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.