Exchange powershell command: Set-OrganizationConfig -MapiHttpEnabled $false, not replicating to mailboxes.

Hello Experts. In our staging env, we have exchange 2013, with AD 2012 R2. All test mailboxes, when opening Outlook 2013, or Outlook 2016, it kept of prompting for credentials, and would not accept them. so outlook was not able to make a successful connection to exchange. i noticed Outlook was using Http to make a connection. in production, we use RPC over HTTP with NTLM, so for my individual test account in staging, i ran the following command in Exchange PS:
set-CasMailbox <user email address> -MapiHttpEnabled $false (this was set to true before), and now for my test account, outlook is connecting via RPC over HTTP with NTLM (which is what i want), and my outlook is now able to make a successful connection to Exchange.

I ran the following command in Exchange PS: set-OrganizationConfig -MapiHttpEnabled $false (before it was set to true), but when i test with other test accounts, i see their outlook still trying to make a connection with HTTP, and it is failing.

1. when i run this command at the organization level, Why is this not replicating to all the test mail accounts that we have in exchange, currently all the mail accounts(except for mine) are showing blank when i run the first powershell command against them, neither $true or $false? mine is showing $false, because i ran the 'set' command against it.
2. do i need to run the command on each seperate mailbox like i did with mine in the first step for Outlook to use RPC over HTTP with NTLM?

Please let me know, and thanks in advance
Newguy 123Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

systechadminConsultantCommented:
Kindly try to restart the CAS services and check if that works for outlook
0
Hasin Ahmed ChoudharyExchange AdministratorCommented:
There shouldn't be a problem while connecting to MAPI. In your stage ENV, do you have Load balancers?

If load balancer/firewall present, is the HTTP traffic going with encryption (port 443)? Check the SSL requirement for MAPI IIS manager.

What is Mapi Virtual directory URL? Does it points directly to server or load balancer? You may need to check firewall rule for MAPI service (port 443).
Check the Test-OutlookConnectivity test for MAPI for one mailbox.
https://technet.microsoft.com/en-us/library/mt634322(v=exchg.160).aspx

Moreover, check if outlook is not blocked to use MAPI:
https://support.microsoft.com/en-in/help/2937684/outlook-2013-or-2016-may-not-connect-using-mapi-over-https-as-expected

Regarding your query:
when i run this command at the organization level, Why is this not replicating to all the test mail accounts that we have in exchange, currently all the mail accounts(except for mine) are showing blank when i run the first powershell command against them, neither $true or $false? mine is showing $false, because i ran the 'set' command against it.

As Gaurav said, restarting CAS services may help.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Newguy 123Author Commented:
Hi hasin, outlook is not blocked to use mapi. And the test outlook connectivity test for mapi passed with no errors. Strange thing is, when i build the outlook profile, outlook is able to connect to exchange using mapi, but when I close and re-open outlook, it keeps prompting for credentials, and does not accept them.  We have a load balancer in between and firewall.

After disabeling MapiHttp at the organization level, outlook is now successfully connecting via rpc over http with NTLM.

Question: will disabeling mapiHttp at the org level in exchange effect us when we do migration to O365? We will have exchange hybrid setup. I knoew O365 uses mapi to connect to outlook.

Please let me know. Thanks
0
Hasin Ahmed ChoudharyExchange AdministratorCommented:
Question: will disabeling mapiHttp at the org level in exchange effect us when we do migration to O365? We will have exchange hybrid setup. I knoew O365 uses mapi to connect to outlook.

Yes, default protocol is MAPI, if for some reason outlook cannot connect on MAPI. Sort this out before migration to Cloud.

Thoughts: 1) What is auth method set on MAPI protocol.
                   2) Have you checked the "Required SSL" setting for MAPI on IIS?
                   3) Have you verified if a connection is getting dropped at LB or firewall?
0
Todd NelsonSystems EngineerCommented:
1. when i run this command at the organization level, Why is this not replicating to all the test mail accounts that we have in exchange, currently all the mail accounts(except for mine) are showing blank when i run the first powershell command against them, neither $true or $false? mine is showing $false, because i ran the 'set' command against it.

An organization setting does not set or change individual mailbox settings.


2. do i need to run the command on each seperate mailbox like i did with mine in the first step for Outlook to use RPC over HTTP with NTLM?

Yes.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.