Solved

Outlook Clients are connecting to the wrong Exchange Server

Posted on 2014-11-07
11
477 Views
Last Modified: 2014-12-03
We have a large complex domain with several sites.  Each site is connected via VPN and also has its own domain, DNS and mail server to support the users at the site.  In addition, with the exception of one site with two facilities, each site has its own mail domain name but from an AD perspective, they are sites within the same forest.

We recently started to have an issue were in one site, our outlook clients were connected to the email server in another site.  We can manually change the proxy settings and outlook will function but when you close Outlook and reopen it, it goes to the other  site.  Now we are having the issue at another site as well.  When the problem occurs, all of the clients get set to the mail server at the top of the primary site.  We have a combination of Exchange 2010 and 2013 along with Server 2008R2 and 2012.

DNS looks to be correct - but we just can grasp what his happening.  Some details:

Site 1 - mail.site1name.com (internal resolution to site1server.domain.local
Site 2 - mail.site1name.com (internal resolution to site2server.domain.local - second facility under this site)
Site 3 - mail.site3name.com (internal resolution to site3sever.domain.local
site 4 - mail.site4name.com (internal resolution to site4server.domain.local)

each site has an autodiscover.siteXname.com entry in the DNS for that site as well.  This entry does resolve to the internal mail server at that site - so, autodiscover.site4name.com -> site4server.domain.local

Problem:

user at site 3 configures outlook for msstd:site3server.site3name.com.  All is good until the user closes outlook.  As soon as they open outlook again, the configuration switches to mail.site1name.com.  For users to function, they have to manually correct this and then they can access their email.  This was working just fine, but some event changed how this was functioning for one site and now it is happening at another.  We can't put our finger on what could have caused this, but we do need to fix it.

Any assistance would be greatly appreciated.
0
Comment
Question by:averyln
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +2
11 Comments
 
LVL 10

Expert Comment

by:Tim Edwards
ID: 40428821
We have the same setup as you. This did happen in our Forest when one organization decided to turn on Outlook Anywhere. I do not know if that is what happened in yours but you can check. The fix was a GPO which I have attached below.

http://support.microsoft.com/kb/2426686

Import that adm, configure the RPC/HTTP Connection Flags setting to enabled and No Flags setting.  When it takes effect it will grey out the settings in Outlook.

As well you can test on individual mailbox with the following ps command:

Set-CASMailbox *edit with username* -MAPIBlockOutlookRpcHttp $True
0
 

Author Comment

by:averyln
ID: 40428906
Tim:

thanks for the quick reply.  We have had Outlook Anywhere turned well before this started happening.  It is almost like the Outlook client cannot find the local CAS and goes to the one at the top of the forest.

For example if  run
     get-clientaccessserver -identity "mail.site4name.com"

I get the error
    "The operation couldn't be performed because object 'mail.site4name.com' couldn't be found on
      DCServer.site4domain.local'.

It seems like this is an autodiscover or DNS issue, but everything looks ok from where i sit now.
0
 
LVL 10

Expert Comment

by:Tim Edwards
ID: 40429045
By holding down CTRL and right clicking on the Outlook task bar icon you can test your Email AutoConfiguration... please post the results and logs, just remove any confidential info
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40429141
Hello,

Sounds like you have the wrong external hostname set for OutlookAnywhere,

For each of your CAS server run:

Get-OutlookAnywhere -Server <servername> | select ExternalHostname

Open in new window


This value should correspond to the external hostaname that maps to that particular server. If it doesn't match, change it.

You should also check your setting for OAB, EWS, and Activesync to make sure they are correct on each server.

-JJ
0
 
LVL 7

Expert Comment

by:Murali Reddy
ID: 40429150
mail.site4name.com- confused, do you have a domain for each site?

And when giving get-clientaccessserver -identity <>, this should be the server name, not the cas array name..

coming to your problem...

What is the databases on all the sites set in their RPCClientAccessServer? Can you paste the output of "Get-MailboxDatabase |select Name, RPCClientAccessServer"

All the databases on the respective sites need to be updated with their respective RPC serevr endpoint in the same site.
Set-mailboxDatabase <MBX1Site1> -RpcClientAccessServer "CASServer/ArraySite1" etc..

Can you also test Test-OutlookConnectivity in each site?
0
 

Author Comment

by:averyln
ID: 40430264
Tim:
  Not on site, so I will have someone check the outlook autodiscover on a client after the weekend.

Jamie:
  checked the external host and it does have the correct external name - mail.site4name.com
  checked OAB and all Databases the site exchange server can see do have OABs configured

Murali:
  my bad on the error, put the external name in instead of the server name, so that become less of an issue.

It appears the plot just got thicker.  When i ran "Get-MailboxDatabase |select Name, RPCClientAccessServer" on this server, there are three mailboxes that are shown and all of them do not have a value in the RPCClientAccessServer field.  This is troubling on a number of levels.  First, it appears this may have happened when we removed some certs from our Certificate Server at our main site.  We did this as part of a problem resolution with Radius authentication of our wireless clients at that site.  So, somehow, the removal of the extra certs that seem to have been preventing our wireless clients from accessing the network must have, although i am not sure how, impacted the RPC at this site.

Secondly, now the site with the Certificate server does not show up when you run the get-mailboxdatabase at any of the sites.  When you run the command at the site with the Certificate Server, i don't see all the sites there either and the one we are addressing here does not show up.

is it possible that the certs that were removed were/are somehow linked to exchange servers on the sits that are not present in the get-mailboxdatabase query?

I can update the RPCClientAccesServer values on these to see if they work but i won't be able to test it for a few days.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40430813
Lots of good suggestions here already.

One thing though. Are you experiencing any problems with AD replication at the problem site? DC functioning as it should? Not sure how many DCs you have at that site. But do you see any problems if you run DCDIAG from a command line?

No recent changes to AD Sites or Services MMC? Changes in subnets?
0
 

Author Comment

by:averyln
ID: 40435833
we are experiencing some replicate issues as well.  I was just made aware of this, so I am in the process of looking into that as well.  I don' think there have been any AD/Site changes, but at this point I don't think I can rule this out.  I'm going to start with the replication problem and then go from there.
0
 

Author Comment

by:averyln
ID: 40435976
Sorry, I didn't respond completely to your  last question. Each site has its own primary domain controller.  so, there are 6 DCs in the forest.
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40436353
Yep definitely check AD Sites and Services. Make sure the IP subnet for the remote site is in the correct AD site with the correct Domain Controllers.
0
 

Author Comment

by:averyln
ID: 40479904
Thanks Gareth.  were able to resolve the AD Sync issues.  So will move on to the next part of this issue and will repost.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question