Unable to open shared mailbox from Outlook or OWA all in a sudden ?

People,

I'm using Exchange Server 2010 SP3 deployed as follows:

HT-CAS (Windows NLB) AD Site Data_Center:
PRODMAIL01-VM
PRODMAIL02-VM

Mailbox (both stand alone no DAG) AD Site Data_Center:
PRODMAILBOX01-VM
PRODMAILBOX02-VM

Note, in AD Site Data_Center there are 2x DC/Global Catalogs servers running as well in each of the Site office and Head Office.
Clients are various people using OWA and Outlook 2010/13 as well, but today when they are trying to open up a shared mailbox for the reservations team, it is having this issue:

From OWA in all AD Sites:
 A mailbox couldn't be found for DOMAIN\Reservation.Team. If the problem continues, contact your helpdesk. 

--------------------------------------------------------------------------------

 Copy error details to clipboard
 Show details

Request
Url: https://OWA.domain.com:443/owa/auth/error.aspx
OWA version: 14.3.123.3

Open in new window


While from the Outlook 2010/13:

User can only see the mailbox content older than 6 months or it is rather outdated ?
when I tried to open this mailbox by logging in to the terminal server, the Autodiscover didn't complete the login details automatically when launching Outlook 2010 for the first time.

Any help would be greatly appreciated.

Thanks
LVL 11
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Amit KumarCommented:
Please share output of below powershell

get-mailbox Reservation.Team | fl

Open in new window

Will SzymkowskiSenior Solution ArchitectCommented:
I bet someone Disabled or Removed this mailbox. check in the disconnected section. If it is disabled then re-enable it.

Also, if this is the case, then the user is probably able to view some of the mailbox items from a few months back becasue they are using Outlook with Cached mode enabled.

I have a feeling that is the reason, if the mailbox cannot be found on the domain.

Will.
Senior IT System EngineerIT ProfessionalAuthor Commented:
But somehow th mailbox can still be found as active in EMC ?
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Will SzymkowskiSenior Solution ArchitectCommented:
This is probably a replication issue. Does this users AD Account exists on your Domain Controller? Have you checked the Disconnected Mailboxes?

Is your AD Replication working with out any errors?

Will.
Senior IT System EngineerIT ProfessionalAuthor Commented:
@Will: so how to cehck that from Exchange server ? or domain controller ?
is it DCDIAG or:

repadmin /showrepl
repadmin /replsum
repadmin /queue

Open in new window

Amit KumarCommented:
Please use

repadmin /replsum *

Open in new window

Will SzymkowskiSenior Solution ArchitectCommented:
The commands you have illustrated are the ones you use for checking replication.

DCDiag /v is also another good command to run to get the health of the Domain controller.

If you simply do a search of the account in active directory is it present?

Will.
Senior IT System EngineerIT ProfessionalAuthor Commented:
There was no error in the replication command above, but somehow I've found this error somewhere in the DCDIAG on both domain controllers in the DataCenter AD site:

PRODDC01-VM
 Starting test: NCSecDesc
    Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context:
    DC=ForestDnsZones,DC=domain,DC=com
    Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context:
    DC=DomainDnsZones,DC=domain,DC=com
    ......................... PRODDC01-VM failed test NCSecDesc

Open in new window

Will SzymkowskiSenior Solution ArchitectCommented:
That error message is specific to rodc and not running the adprep /rodc command in your domain. If you do not plan on running RODC's in your environment you can ignore this error message. See below link for details.
https://support.microsoft.com/en-us/kb/967482

However this does not help with the current issue. Can you find this object on your domain controllers?

Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Senior IT System EngineerIT ProfessionalAuthor Commented:
@Amit: here's the result:


PS C:\> repadmin /replsum *
Replication Summary Start Time: 2015-06-24 10:29:17

Beginning data collection for replication summary, this may take awhile:
  ............

Source DSA          largest delta    fails/total %%   error
 S2502K8DC01               14m:47s    0 /  25    0
 PRODDC01-VM               36m:24s    0 /  30    0
 PRODDC03-VM               33m:42s    0 /  15    0
 HQDC01                    08m:02s    0 /  10    0
 S2642K3DC01               07m:41s    0 /   5    0
 S5282K3DC01               07m:40s    0 /   5    0
 S7422K3DC02               07m:38s    0 /   5    0


Destination DSA     largest delta    fails/total %%   error
 S2502K8DC01               07m:52s    0 /  20    0
 AOCE2012DC01              08m:12s    0 /  10    0
 PRODDC01-VM               33m:45s    0 /  10    0
 PRODDC03-VM               36m:34s    0 /  10    0
 HQDC01                       :53s    0 /  10    0
 S2642K3DC01               02m:48s    0 /  10    0
 S5282K3DC01               11m:09s    0 /  10    0
 SITEOFFICEFS              11m:08s    0 /   5    0
 S7422K3DC02               14m:52s    0 /  10    0


PS C:\>

Open in new window

Senior IT System EngineerIT ProfessionalAuthor Commented:
@Will: yes I can find it on the AD console as well as the Exchange console.
Amit KumarCommented:
Please check if mailbox is disconnected by below powershells:

Below powershell will scan Active Directory for disconnected mailboxes against all DBs:

Get-MailboxDatabase | Clean-MailboxDatabase

After running above one, run below mentioned for getting list of users those are disconnected or disabled.

Get-MailboxDatabase | Get-MailboxStatistics  | where {$_.disconnectdate –ne $null}

If you get mentioned mailbox in disconnected state then attach it from Exchange console with same AD user.
Senior IT System EngineerIT ProfessionalAuthor Commented:
Hi Amit, does the command above can potentially cause any outage to the existing mailbox users ?

From the deleted mailbox EMC, I can confirm that the reservation mailbox is not there.

This is an already existing mailbox since years before I join this company, so not a new mailbox.
Amit KumarCommented:
This command will not cause of any outage. Clean-mailboxdatabase will scan AD which mailbox is disconnected. If you are much sure on which DB you had reservation mailbox then you can run only that DB.

Clean-MailboxDatabase -Database <DBName>

please go through with this article for Clean-MailboxDatabase powershell https://technet.microsoft.com/en-us/library/bb124076(v=exchg.141).aspx.

It is possible if mailbox is recently disconnected so that mailbox may not be shown in EMC or EMS. But if you run clean command it will scan forcibly all disconnected mailbox and you will be able to see that mailbox in EMC if disconnected.

If you are not sure about homed DB then you can run for all DBs.
Senior IT System EngineerIT ProfessionalAuthor Commented:
Hi All,

I've found out some strange behaviour here:

using the powershell below:

[PS] C:\>Get-Mailbox reservation.team | Select *GUID* | fl

ExchangeGuid        : 724f137b-2053-4d92-aa7f-17d7a682eda0
ArchiveGuid         : 00000000-0000-0000-0000-000000000000
DisabledArchiveGuid : 00000000-0000-0000-0000-000000000000
Guid                : 9d46711b-cacb-4dc0-b926-ec824e41d0c6

Open in new window


You can see above there is a GUID in all fields, but when I open the AD account from ADUC console (DSA.msc) it is empty:
mailbox GUID
is that related ? how to make sure that the GUID is relevant because when I try copy paste it from the Powershell console it ends up as different GUID in Attribute editor AD console.
Amit KumarCommented:
Run below command and see are these in disconnected state?

Get-MailboxDatabase | Get-MailboxStatistics  | where {$_.disconnectdate –ne $null}
Senior IT System EngineerIT ProfessionalAuthor Commented:
Could this be the problem in Active Directory or in exchange server 2010 SP3 which can be resolved by applying CU 11 ?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.