After Exchange 2016 Migration Outlook will not open(Cannot connect to server)

I completed a 2010 to 2016 migration and was having some issues with outlook clients connecting externally if they had not be opened up internally after the migration. In my drug fueled haze while getting over the flu, I thought it was a good idea to remove the 2010 server out of the equation as I thought it was what was cause the issue so I complete the migration, removed the old OAB, migrated all the mailboxes including arbittration and uninstalled the 2010 server.

All DNS is setup pointing to new exchange server including the old 2010 server name. And now internal clients cannot open outlook because there is no 2010 server to let them know their profile has been moved to the 2016 server(atleast this is what I'm guessing the issue is).

Deleting the profile and recreating it fixes the issue; however, that's not feasible for the 1000 users I'll have showing up on Monday trying to access their outlook.

Is there something I'm missing here? Am I SOL without the old 2010 server still around for them to proxy over to 2016?

Most outlook clients are either the latest version of 2010 or 2016
snfinkAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
Did you updated the SCP settings? If not, you need to update it via EMS. Use Exchange Deployment assistant tool from Microsoft. That will provide you the required steps.

Autodiscover uses an Active Directory object called the service connection point (SCP) to retrieve a list of Autodiscover URLs for the forest in which Exchange is installed. When you install Exchange 2016, you need to update the SCP object to point to the Exchange 2016 server. This is necessary because Exchange 2016 servers provide additional Autodiscover information to clients to improve the discovery process.

You must update the SCP object configuration on every Exchange server in the organization.
0
snfinkAuthor Commented:
SCP has been updated and points to https://mail.domain.com/autodiscover/autodiscover.xml

Any new outlook clients internally connect with no issues. It's clients that were previously connected to exchange 2010. Their mailboxes have been migrated over to the 2016 server. When they open outlook they get the "cannot start microsoft outlook. cannot open the outlook window. the set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed." Error message.

If I delete the mail profile and restart outlook it will connect to their exchange account right away and work. However, there are too many clients for me to do this on so I'm wondering if there is a simple solution I'm missing.
0
snfinkAuthor Commented:
Outlook fails immediately with the above error. Is there a log on exchange or the PC where I can check to see if there is a reason for the failed logon attempt?
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

snfinkAuthor Commented:
I should also note logging into another computer as one of the users, outlook opens and autoconfigures with no issues. This issue only happens when a user with an existing profile whose account was migrated from 2010 to 2016 tries to open outlook.
0
RoninCommented:
Have you followed Microsoft Deployment Assistant?
Paste the results of the below commands, mask all the real info, format as CODE (execute on Exchange 2016 EMS)
Get-OabVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-WebServicesVirtualDirectory | fl server, Name,ExternalURL, InternalURL, *auth*
Get-EcpVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-ActiveSyncVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-OutlookAnywhere | fl server, Name, *hostname*, *auth*
Get-OwaVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-ClientAccessServer | fl Name,OutlookAnywhereEnabled, AutodiscoverServiceInternalUri
Get-ExchangeCertificate | fl FriendlyName, Subject, CertificateDomains, Thumbprint, Services, Issuer, *not*
Get-MapiVirtualDirectory | fl server, Name,ExternalURL,InternalURL, *auth*
Get-ClientAccessArray | fl
Get-OutlookProvider
Get-OrganizationConfig | fl *mapi*

Open in new window

Also, let see the versions of the Exchange servers:
For 2016:
Get-ExchangeServer | fl *version*

Open in new window

For 2010:
Get-Command Exsetup.exe | ForEach-Object {$_.FileVersionInfo}

Open in new window

0
snfinkAuthor Commented:
Ya, I followed the deployment assistant. I'll run all of the commands and post the info here. Aside from the last command as I have already decomissioned and removed the 2010 server. I'll have the info back in about 5min give or take.

Thanks!
0
snfinkAuthor Commented:
I should also point out that exchange still works perfectly fine on their mobile devices. It has not hiccuped once during the migration from 2010 to 2016. Only when they attempt to open outlook on their computers(domain joined).

[PS] C:\Windows\system32>Get-OabVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*


Server                        : EXCH
Name                          : OAB (Default Web Site)
ExternalUrl                   : https://mail.domain.com/OAB
InternalUrl                   : https://mail.domain.com/OAB
BasicAuthentication           : False
WindowsAuthentication         : True
OAuthAuthentication           : True
InternalAuthenticationMethods : {WindowsIntegrated, OAuth}
ExternalAuthenticationMethods : {WindowsIntegrated, OAuth}



[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | fl server, Name,ExternalURL, InternalURL, *auth*


Server                        : EXCH
Name                          : EWS (Default Web Site)
ExternalUrl                   : https://mail.domain.com/ews/exchange.asmx
InternalUrl                   : https://mail.domain.com/ews/exchange.asmx
CertificateAuthentication     :
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
OAuthAuthentication           : True
AdfsAuthentication            : False



[PS] C:\Windows\system32>Get-EcpVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*


Server                        : EXCH
Name                          : ecp (Default Web Site)
ExternalUrl                   : https://mail.domain.com/ECP
InternalUrl                   : https://mail.domain.com/ECP
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}



[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*


Server                              : EXCH
Name                                : Microsoft-Server-ActiveSync (Default Web Site)
ExternalUrl                         : https://mail.domain.com/Microsoft-Server-ActiveSync
InternalUrl                         : https://mail.domain.com/Microsoft-Server-ActiveSync
MobileClientCertificateAuthorityURL :
BasicAuthEnabled                    : True
WindowsAuthEnabled                  : False
ClientCertAuth                      : Ignore
InternalAuthenticationMethods       : {}
ExternalAuthenticationMethods       : {}



[PS] C:\Windows\system32>Get-OutlookAnywhere | fl server, Name, *hostname*, *auth*


Server                             : EXCH
Name                               : Rpc (Default Web Site)
ExternalHostname                   : mail.domain.com
InternalHostname                   : mail.domain.com
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}



[PS] C:\Windows\system32>Get-OwaVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*


Server                        : EXCH
Name                          : owa (Default Web Site)
ExternalUrl                   : https://mail.domain.com/OWA
InternalUrl                   : https://mail.domain.com/OWA
ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}



[PS] C:\Windows\system32>Get-ClientAccessServer | fl Name,OutlookAnywhereEnabled, AutodiscoverServiceInternalUri
WARNING:  The Get-ClientAccessServer cmdlet will be removed in a future version of Exchange. Use the Get-ClientAccessService cmdlet instead. If you have any
 scripts that use the Get-ClientAccessServer cmdlet, update them to use the Get-ClientAccessService cmdlet.  For more information, see
http://go.microsoft.com/fwlink/p/?LinkId=254711.


Name                           : EXCH
OutlookAnywhereEnabled         : True
AutoDiscoverServiceInternalUri : https://mail.domain.com/autodiscover/autodiscover.xml



[PS] C:\Windows\system32>Get-ExchangeCertificate | fl FriendlyName, Subject, CertificateDomains, Thumbprint, Services, Issuer, *not*


FriendlyName       : Microsoft Exchange
Subject            : CN=Exch
CertificateDomains : {Exch, Exch.domain.com}
Thumbprint         : 087B6544DB348998BDDC1EC47CDD4460DCD2FB1E
Services           : IIS, SMTP
Issuer             : CN=Exch
NotAfter           : 12/19/2022 8:11:35 PM
NotBefore          : 12/19/2017 8:11:35 PM

FriendlyName       : WMSVC-SHA2
Subject            : CN=WMSvc-SHA2-EXCH
CertificateDomains : {WMSvc-SHA2-EXCH}
Thumbprint         : C3B6AA39CDF5143EC085B6CB518A6F992DEB898E
Services           : None
Issuer             : CN=WMSvc-SHA2-EXCH
NotAfter           : 12/17/2027 5:08:33 PM
NotBefore          : 12/19/2017 5:08:33 PM

FriendlyName       : Exchange Delegation Federation
Subject            : CN=Federation
CertificateDomains : {Federation}
Thumbprint         : 7ECF199C77919F95B66D1757FD60ADD2225FD4D9
Services           : SMTP, Federation
Issuer             : CN=Federation
NotAfter           : 5/24/2022 3:55:21 PM
NotBefore          : 5/24/2017 3:55:21 PM

FriendlyName       :
Subject            : CN=*.domain.com, O=My Office, L=My Location, S=Texas, C=US
CertificateDomains : {*.domain.com, domain.com, exchange.domain.com, autodiscover.domain.com, mail.domain.com, mail1.domain.com,
                     legacy.domain.com}
Thumbprint         : 0CCBADBEF6896C19AD4F5EB992AD12ED7FCD73E0
Services           : IMAP, POP, IIS, SMTP
Issuer             : CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
NotAfter           : 7/5/2018 7:00:00 AM
NotBefore          : 6/2/2015 7:00:00 PM



[PS] C:\Windows\system32>Get-MapiVirtualDirectory | fl server, Name,ExternalURL,InternalURL, *auth*


Server                        : EXCH
Name                          : mapi (Default Web Site)
ExternalUrl                   : https://mail.domain.com/mapi
InternalUrl                   : https://mail.domain.com/mapi
IISAuthenticationMethods      : {Basic, Ntlm, Negotiate}
InternalAuthenticationMethods : {Basic, Ntlm, Negotiate}
ExternalAuthenticationMethods : {Basic, Ntlm, Negotiate}



[PS] C:\Windows\system32>Get-ClientAccessArray | fl
[PS] C:\Windows\system32>Get-OutlookProvider

Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH                          1
EXPR                          1
WEB                           1


[PS] C:\Windows\system32>Get-OrganizationConfig | fl *mapi*


MapiHttpEnabled : True



[PS] C:\Windows\system32>Get-ExchangeServer | fl *version*


AdminDisplayVersion : Version 15.1 (Build 1261.35)
ExchangeVersion     : 0.1 (8.0.535.0)

Open in new window

0
RoninCommented:
Also, get the Outlook version of the computers that can't connect.
Specifically, navigate to the location of the Outlook.exe file, access it' properties and record the version that is indicated in one of the tabs.
0
RoninCommented:
The vdirs looks good
0
snfinkAuthor Commented:
16.0.4266.1001
0
snfinkAuthor Commented:
That's good to hear...I am well and truly stumped. I feel like at this point in time I'm going to have to manually touch over 800 computers come this Monday to "repair" everyone's outlook connection.
0
RoninCommented:
Have you configured CAS array while Exchange 2010 was in use? If you did - what was its' name.
If you didn't have CAS array, were you using Outlook Anyhere? If so - what was the FQDN?
If you didn't use OA and was using RPC, what was the name of the endpoint users were connecting to?
0
snfinkAuthor Commented:
I did not as I didn't think it was needed/support with Exchange 2016 since I didn't see anything about ClientAccessArray in the Deployment Assistant and nothing was setup with just the 2010 Server. When both were up and running the get-ClientAccessArray came up empty as well as shown here(this output of those troubleshooting commands from a few days ago)

Exchange was my 2010 server and Exch is my 2016 server

Get-OabVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*


Server                        : EXCHANGE
Name                          : OAB (Default Web Site)
ExternalUrl                   :
InternalUrl                   : http://exchange.domain.com/OAB
BasicAuthentication           : False
WindowsAuthentication         : True
OAuthAuthentication           : False
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalAuthenticationMethods : {WindowsIntegrated}

Server                        : EXCH
Name                          : OAB (Default Web Site)
ExternalUrl                   : https://mail.domain.com/oab
InternalUrl                   : https://mail.domain.com/oab
BasicAuthentication           : False
WindowsAuthentication         : True
OAuthAuthentication           : True
InternalAuthenticationMethods : {WindowsIntegrated, OAuth}
ExternalAuthenticationMethods : {WindowsIntegrated, OAuth}



[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | fl server, Name,ExternalURL, InternalURL, *auth*


Server                        : EXCHANGE
Name                          : EWS (Default Web Site)
ExternalUrl                   :
InternalUrl                   : https://exchange.domain.com/EWS/Exchange.asmx
CertificateAuthentication     :
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
OAuthAuthentication           : False
AdfsAuthentication            : False

Server                        : EXCH
Name                          : EWS (Default Web Site)
ExternalUrl                   : https://mail.domain.com/EWS/Exchange.asmx
InternalUrl                   : https://mail.domain.com/EWS/Exchange.asmx
CertificateAuthentication     :
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
OAuthAuthentication           : True
AdfsAuthentication            : False



[PS] C:\Windows\system32>Get-EcpVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*


Server                        : EXCHANGE
Name                          : ecp (Default Web Site)
ExternalUrl                   :
InternalUrl                   : https://exchange.domain.com/ecp
InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
WindowsAuthentication         : True
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}

Server                        : EXCH
Name                          : ecp (Default Web Site)
ExternalUrl                   : https://mail.domain.com/ecp
InternalUrl                   : https://mail.domain.com/ecp
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}



[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*


Server                              : EXCHANGE
Name                                : Microsoft-Server-ActiveSync (Default Web Site)
ExternalUrl                         :
InternalUrl                         : https://exchange.domain.com/Microsoft-Server-ActiveSync
MobileClientCertificateAuthorityURL :
BasicAuthEnabled                    : True
WindowsAuthEnabled                  : False
ClientCertAuth                      : Ignore
InternalAuthenticationMethods       : {}
ExternalAuthenticationMethods       : {}

Server                              : EXCH
Name                                : Microsoft-Server-ActiveSync (Default Web Site)
ExternalUrl                         : https://mail.domain.com/Microsoft-Server-ActiveSync
InternalUrl                         : https://mail.domain.com/Microsoft-Server-ActiveSync
MobileClientCertificateAuthorityURL :
BasicAuthEnabled                    : True
WindowsAuthEnabled                  : False
ClientCertAuth                      : Ignore
InternalAuthenticationMethods       : {}
ExternalAuthenticationMethods       : {}



[PS] C:\Windows\system32>Get-OutlookAnywhere | fl server, Name, *hostname*, *auth*


Server                             : EXCHANGE
Name                               : Rpc (Default Web Site)
ExternalHostname                   : mail.domain.com
InternalHostname                   : exchange.domain.com
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm}

Server                             : EXCH
Name                               : Rpc (Default Web Site)
ExternalHostname                   : mail.domain.com
InternalHostname                   : mail.domain.com
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}



[PS] C:\Windows\system32>Get-OwaVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*


Server                        : EXCHANGE
Name                          : owa (Default Web Site)
ExternalUrl                   :
InternalUrl                   : https://exchange.domain.com/owa
ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
WindowsAuthentication         : True
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}

Server                        : EXCH
Name                          : owa (Default Web Site)
ExternalUrl                   : https://mail.domain.com/owa
InternalUrl                   : https://mail.domain.com/owa
ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}



[PS] C:\Windows\system32>Get-ClientAccessService | fl Name,OutlookAnywhereEnabled, AutodiscoverServiceInternalUri


Name                           : EXCHANGE
OutlookAnywhereEnabled         : True
AutoDiscoverServiceInternalUri : https://exchange.domain.com/Autodiscover/Autodiscover.xml

Name                           : EXCH
OutlookAnywhereEnabled         : True
AutoDiscoverServiceInternalUri : https://mail.domain.com/Autodiscover/Autodiscover.xml



[PS] C:\Windows\system32>Get-ExchangeCertificate | fl FriendlyName, Subject, CertificateDomains, Thumbprint, Services, Issuer, *not*


FriendlyName       : Microsoft Exchange
Subject            : CN=Exch
CertificateDomains : {Exch, Exch.domain.com}
Thumbprint         : 087B6544DB348998BDDC1EC47CDD4460DCD2FB1E
Services           : IMAP, POP, IIS, SMTP
Issuer             : CN=Exch
NotAfter           : 12/19/2022 8:11:35 PM
NotBefore          : 12/19/2017 8:11:35 PM

FriendlyName       : WMSVC-SHA2
Subject            : CN=WMSvc-SHA2-EXCH
CertificateDomains : {WMSvc-SHA2-EXCH}
Thumbprint         : C3B6AA39CDF5143EC085B6CB518A6F992DEB898E
Services           : None
Issuer             : CN=WMSvc-SHA2-EXCH
NotAfter           : 12/17/2027 5:08:33 PM
NotBefore          : 12/19/2017 5:08:33 PM

FriendlyName       : Exchange Delegation Federation
Subject            : CN=Federation
CertificateDomains : {Federation}
Thumbprint         : 7ECF199C77919F95B66D1757FD60ADD2225FD4D9
Services           : SMTP, Federation
Issuer             : CN=Federation
NotAfter           : 5/24/2022 3:55:21 PM
NotBefore          : 5/24/2017 3:55:21 PM

FriendlyName       :
Subject            : CN=*.domain.com, O=My Office, L=My Location, S=Texas, C=US
CertificateDomains : {*.domain.com, domain.com, exchange.domain.com, autodiscover.domain.com, mail.domain.com, mail1.domain.com, legacy.domain.com}
Thumbprint         : 0CCBADBEF6896C19AD4F5EB992AD12ED7FCD73E0
Services           : IIS, SMTP
Issuer             : CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
NotAfter           : 7/5/2018 7:00:00 AM
NotBefore          : 6/2/2015 7:00:00 PM



[PS] C:\Windows\system32>Get-MapiVirtualDirectory | fl server, Name,ExternalURL,InternalURL, *auth*


Server                        : EXCH
Name                          : mapi (Default Web Site)
ExternalUrl                   : https://mail.domain.com/mapi
InternalUrl                   : https://mail.domain.com/mapi
IISAuthenticationMethods      : {Basic, Ntlm, Kerberos, Negotiate}
InternalAuthenticationMethods : {Basic, Ntlm, Kerberos, Negotiate}
ExternalAuthenticationMethods : {Basic, Ntlm, Kerberos, Negotiate}



[PS] C:\Windows\system32>Get-ClientAccessArray | fl
[PS] C:\Windows\system32>Get-OutlookProvider

Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH                          1
EXPR                          1
WEB                           1


[PS] C:\Windows\system32>Get-ExchangeServer | fl *version*


AdminDisplayVersion : Version 14.3 (Build 123.4)
ExchangeVersion     : 0.1 (8.0.535.0)

AdminDisplayVersion : Version 15.1 (Build 1261.35)
ExchangeVersion     : 0.1 (8.0.535.0)



[PS] C:\Windows\system32>Get-OrganizationConfig | fl *mapi*


MapiHttpEnabled : True

Open in new window

0
RoninCommented:
I would like to confirm that any internal workstations when pinging mail.domain.com or exchange.domain.com get the internal IP of Exchange 2016 server from the AD DC.

As a not so elegant solution: (last resort)
Configure a script to execute for each machine on startup, in the script delete the registry key for Outlook. When user will start Outlook in the morning, it will prompt them to create profile, where basically they would need to click NEXT, NEXT,NEXT, FINISH. You will get a lot of calls, however that will not be a manual work.

However, can you try using this article to try to force specific Outlook auto-discover behavior?
Especially this.
0
snfinkAuthor Commented:
Yes sir, all client machines can ping mail.domain.com(new mailserver dns name), exchange.domain.com(old mail server name) autodiscover.domain.com and exch.domain.com(actual server name of exchange2016 and it resolves to internal ip address of Exchange 2016
0
AndyCommented:
0
ChrisSenior Technical ArchitectCommented:
are the autodiscover DNS records all pointing to the right place, SCP should take care of it but just in case.

We have recently migrated from 2010 to 2016, but have yet to decom the 2010 boxes and we had exactly that issue and resolution Andy has suggested fixed the issues

here is the official KB article
https://support.microsoft.com/en-gb/help/3097392/outlook-logon-fails-after-mailbox-moves-from-exchange-2010-to-exchange
0
snfinkAuthor Commented:
autodiscover cache?
IIS console, and in "application pools", need to recycle the "MSExchangeAutodisocverAppPool?

Yep, have rebooted the exchange server serveral times as well
0
RoninCommented:
Have you tired the links I provided?
0
AmitIT ArchitectCommented:
Do you have any GPO or .prf file for configuring outlook earlier?
0
snfinkAuthor Commented:
Have you tired the links I provided?

I did and there is nothing in the registry in regards to autodiscovery and I cannot test it like one of the links suggested as Outlook will not open. It's not like outlook opens and gives a message that is cannot connect to exchange. I mean when I click the shortcut to open outlook, I am immediately presented with an error message window stating "Cannot start Microsoft Outlook. Cannot open the Outlook Window. The set of folders cannot be opened. The attempt to log on to the Microsoft Exchange has failed."

All I can do at that point is click OK and the window goes away leaving no outlook window open. The ONLY way I can get outlook to open is by going into control panel -> Mail -> Show profiles and removing the profile. After that, I click on outlook, it pops up asking for a new profile name and boom they are in the inbox working again. Does not ask them to setup outlook or anything since they are on a domain joined computer it just logs them directly into their  account.
0
snfinkAuthor Commented:
Do you have any GPO or .prf file for configuring outlook earlier?

Not that I can find. If they are on a domain joined computer it does not ask them to setup their account in outlook, it just uses the logged on user account. However, deleting to profile and allowing it to recreate allows them to connect to their account that was migrated  to the 2016 server with no issues.

I did have a few users that migrated over with no problems while the 2010 server was still active so it would seem that without the 2010 server it will not allow the old profiles to know the account was migrated to 2016?
0
RoninCommented:
All I can do at that point is click OK and the window goes away leaving no outlook window open. The ONLY way I can get outlook to open is by going into control panel -> Mail -> Show profiles and removing the profile. After that, I click on outlook, it pops up asking for a new profile name and boom they are in the inbox working again. Does not ask them to setup outlook or anything since they are on a domain joined computer it just logs them directly into their  account.

Understood.
Can you remove their profile using a script through registry?
0
snfinkAuthor Commented:
I can...I was just hoping there was some setting I was missing that was causing this issue to happen. I'm about to test another account that I know will not open...should anything be showing up in an exchange log when this happens? It happens so fast that it's almost l like it doesn't even try to go anywhere.
0
AmitIT ArchitectCommented:
I advise you to open case with MS.
0
RoninCommented:
It feels like your Outlook profiles were created using some tool, that "pinned" them down to a particular server. Once you removed the 2010 server, Outlook was supposed to use autodiscover process, outlined in the previous link to query the AD for the new location of the mailbox. However this doesn't happen, due to before-mentioned configuration.
Do you know anything about it?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
snfinkAuthor Commented:
No, I've been here for 5 years and if anyone would have done that, it would have be me...which I actually did back when we were on exchange  2007 before I migrated to 2010 years ago. There was a login script that I wrote that auto configured the profiles and went through all of the office activation etc. but that server with that script was retired long ago as was the group policy. Plus we've refreshed the computers/laptops since then as well.
0
RoninCommented:
ok, but the settings in the workstations are probably still there ... aren't they?

Here's how to validate:
1. Get a clean workstation or remove any existing profiles. Start Outlook and login. Find the location of the profile in registry, based on your Outlook version (google for the appropriate article), note the settings.
2. Find the corresponding location of Outlook profile for the machine that DOESN'T work.

Compare the settings. I'm pretty sure you'll see the difference hard coded somewhere.
0
RoninCommented:
All the required information provided.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.