Aaron Eccles
asked on
Outlook Login Fails After Exchange Mailbox move (2010 to 2016)
I currently have coexistence setup with Exchange 2010 and 2016. When I move a mailbox to 2016, existing profiles in outlook (Outlook 2010 SP2 or Outlook 2016) fail to login. If I create a new profile, I get endless prompts for credentials even though the user/pass is correct and the workstation is joined and logged into the domain.
Per this MS article:
https://support.microsoft.com/en-gb/help/3097392/outlook-logon-fails-after-mailbox-moves-from-exchange-2010-to-exchange
Running this command: Restart-WebAppPool MSExchangeAutodiscoverAppP
In addition, as an alternative to running that command, I can build a new profile and make the user a domain admin. This resolves the continuous prompting and I can remove domain admin privileges immediately after the first login in. While this is not a viable option, it does lead me to believe that there is some form of permissions issue.
Is anyone aware of the root cause of this issue? I've reviewed countless articles regarding coexistence, failed mailbox moves, and checked, double checked and triple checked all of my DNS records, URLs, and virtual directory permissions. That said, I would be happy to check them again if anyone can zone in the best places to look.
Thanks a lot
Per this MS article:
https://support.microsoft.com/en-gb/help/3097392/outlook-logon-fails-after-mailbox-moves-from-exchange-2010-to-exchange
Running this command: Restart-WebAppPool MSExchangeAutodiscoverAppP
In addition, as an alternative to running that command, I can build a new profile and make the user a domain admin. This resolves the continuous prompting and I can remove domain admin privileges immediately after the first login in. While this is not a viable option, it does lead me to believe that there is some form of permissions issue.
Is anyone aware of the root cause of this issue? I've reviewed countless articles regarding coexistence, failed mailbox moves, and checked, double checked and triple checked all of my DNS records, URLs, and virtual directory permissions. That said, I would be happy to check them again if anyone can zone in the best places to look.
Thanks a lot
It's a caching issue and "works as intended". Depending on your CU, the cache is either 2 hours or 4 hours. Domain admins are not cached, because they are not supposed to have mailboxes (no highly privileged account should have a mailbox).
You already know the answer - move users in batches and restart the app pool after you've completed the batch. This is easier if you are doing everything in PowerShell, and not switching back-and-forth between the GUI and PowerShell.
You already know the answer - move users in batches and restart the app pool after you've completed the batch. This is easier if you are doing everything in PowerShell, and not switching back-and-forth between the GUI and PowerShell.
ASKER
Michael,
In regard to it working as intended, I'm curious then about the prompt that the user receives saying that a restart of Outlook is needed. When they follow these instructions they would then be locked out of email until that 2 or 4 hour period. It's surprising that this is "as intended" and there is no work around. Am I correct in assuming that the "caching" is on the Exchange 2016 server, and that is why a restart of the pool resolves the issue?
Many thanks
Aaron
In regard to it working as intended, I'm curious then about the prompt that the user receives saying that a restart of Outlook is needed. When they follow these instructions they would then be locked out of email until that 2 or 4 hour period. It's surprising that this is "as intended" and there is no work around. Am I correct in assuming that the "caching" is on the Exchange 2016 server, and that is why a restart of the pool resolves the issue?
Many thanks
Aaron
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the incredibly knowledgeable responses - greatly appreciated.
Your autodiscover records should always be on the NEWER version of the exchange server, from the reading it looks like it's looking by default on exchange 2010, so, since the mailbox is not there, PROMPT IT ... forever