Exchange powershell command: Set-OrganizationConfig -MapiHttpEnabled $false, not replicating to mailboxes.

Hello Experts. In our staging env, we have exchange 2013, with AD 2012 R2. All test mailboxes, when opening Outlook 2013, or Outlook 2016, it kept of prompting for credentials, and would not accept them. so outlook was not able to make a successful connection to exchange. i noticed Outlook was using Http to make a connection. in production, we use RPC over HTTP with NTLM, so for my individual test account in staging, i ran the following command in Exchange PS:
set-CasMailbox <user email address> -MapiHttpEnabled $false (this was set to true before), and now for my test account, outlook is connecting via RPC over HTTP with NTLM (which is what i want), and my outlook is now able to make a successful connection to Exchange.

I ran the following command in Exchange PS: set-OrganizationConfig -MapiHttpEnabled $false (before it was set to true), but when i test with other test accounts, i see their outlook still trying to make a connection with HTTP, and it is failing.

1. when i run this command at the organization level, Why is this not replicating to all the test mail accounts that we have in exchange, currently all the mail accounts(except for mine) are showing blank when i run the first powershell command against them, neither $true or $false? mine is showing $false, because i ran the 'set' command against it.
2. do i need to run the command on each seperate mailbox like i did with mine in the first step for Outlook to use RPC over HTTP with NTLM?

Please let me know, and thanks in advance
Newguy 123Asked:
Who is Participating?
 
Hasin Ahmed ChoudharyConnect With a Mentor Exchange AdministratorCommented:
There shouldn't be a problem while connecting to MAPI. In your stage ENV, do you have Load balancers?

If load balancer/firewall present, is the HTTP traffic going with encryption (port 443)? Check the SSL requirement for MAPI IIS manager.

What is Mapi Virtual directory URL? Does it points directly to server or load balancer? You may need to check firewall rule for MAPI service (port 443).
Check the Test-OutlookConnectivity test for MAPI for one mailbox.
https://technet.microsoft.com/en-us/library/mt634322(v=exchg.160).aspx

Moreover, check if outlook is not blocked to use MAPI:
https://support.microsoft.com/en-in/help/2937684/outlook-2013-or-2016-may-not-connect-using-mapi-over-https-as-expected

Regarding your query:
when i run this command at the organization level, Why is this not replicating to all the test mail accounts that we have in exchange, currently all the mail accounts(except for mine) are showing blank when i run the first powershell command against them, neither $true or $false? mine is showing $false, because i ran the 'set' command against it.

As Gaurav said, restarting CAS services may help.
0
 
Gaurav SinghConsultantCommented:
Kindly try to restart the CAS services and check if that works for outlook
0
 
Newguy 123Connect With a Mentor Author Commented:
Hi hasin, outlook is not blocked to use mapi. And the test outlook connectivity test for mapi passed with no errors. Strange thing is, when i build the outlook profile, outlook is able to connect to exchange using mapi, but when I close and re-open outlook, it keeps prompting for credentials, and does not accept them.  We have a load balancer in between and firewall.

After disabeling MapiHttp at the organization level, outlook is now successfully connecting via rpc over http with NTLM.

Question: will disabeling mapiHttp at the org level in exchange effect us when we do migration to O365? We will have exchange hybrid setup. I knoew O365 uses mapi to connect to outlook.

Please let me know. Thanks
0
 
Hasin Ahmed ChoudharyConnect With a Mentor Exchange AdministratorCommented:
Question: will disabeling mapiHttp at the org level in exchange effect us when we do migration to O365? We will have exchange hybrid setup. I knoew O365 uses mapi to connect to outlook.

Yes, default protocol is MAPI, if for some reason outlook cannot connect on MAPI. Sort this out before migration to Cloud.

Thoughts: 1) What is auth method set on MAPI protocol.
                   2) Have you checked the "Required SSL" setting for MAPI on IIS?
                   3) Have you verified if a connection is getting dropped at LB or firewall?
0
 
Todd NelsonSystems EngineerCommented:
1. when i run this command at the organization level, Why is this not replicating to all the test mail accounts that we have in exchange, currently all the mail accounts(except for mine) are showing blank when i run the first powershell command against them, neither $true or $false? mine is showing $false, because i ran the 'set' command against it.

An organization setting does not set or change individual mailbox settings.


2. do i need to run the command on each seperate mailbox like i did with mine in the first step for Outlook to use RPC over HTTP with NTLM?

Yes.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.