grevels
asked on
Problem with office users connecting to exchange
I am installing a new active directory / exchange 2016 server for one of my clients. They have at the moment Kerio for their email on the old server that this one will be replacing. Just as a history for it they did have before the kerio an sbs 2008 server which had exchange 2007 on it. The problem I am having at the moment is I have setup the exchange server just like I have done for other customers but for some reason when I try to connect outlook on the computers that are on the domain it will find the email with the autodiscovery and when it searches for it then it puts up a box for credentials. Which these being on the domain and logged in as that person should not do but either way I have even tried to put their credentials in with local domain\username and username@local domain in the username field and it keeps popping up. when I do this I make sure the computer is pointing to the correct email server. If it helps they have outlook 2016 and they get it with office 365. I did get one user to work correctly I had disabled and deleted the mailbox from exchange then remade the mailbox. Her computer continued asking till I rebooted it then it worked just fine. I then disabled and recreated the other users mailboxes but they still have the problem even after a restart. Also to note that on the computer with the person that it is working correctly with I logged into somebody that it was not working right on and even on that computer it still asks that person for login credentials. So I am not sure if it is a problem on the computers or on the exchange. I will say that when I use microsoft remote connectivity analyzer and do the outlook connectivity it gives all green checks except for on the ssl cert it gives me a triangle with an ! in it with this stated below
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 8 ms.
Could this be a problem in it.
Thanks for any help anything can give me on this
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 8 ms.
Could this be a problem in it.
Thanks for any help anything can give me on this
Do you have a third party certificate.
If yes the check all the url for autodiscover, webservices, oab, owa, ecp,
If yes the check all the url for autodiscover, webservices, oab, owa, ecp,
ASKER
I do have a third party wildcard certificate on it from godaddy. When you said about certificate problem I remembered that I forgot to put the godaddy intermediate certificate on the server so I did that and I am still having the same problem. I also checked on the computers that they are enabled to download the ca root updates and they are fully up to date on the windows updates. One thing I have realized is that outlook from an internal or external computer will not connect. But there are 2 users that it does work just fine internally and externally. One was a brand new user that was not in the kerio or back with the SBS server. The other somehow just started working. But the rest of the users do not seem to want to allow outlook to connect to their mailboxes. Also I checked all the urls in the virtual directories section on the exchange server and all the urls are correct. Any other suggestions
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
autodiscover is setup correctly because it works just fine with https://exrca.com but I was talking to someone and they mentioned that when users first connect to exchange they use dns autodiscover but after that they get a pointer of some sort in active directory so it does not use autodiscover again. this Company had used Exchange 2007 before they went to Kerio which does not use any of this stuff for it. Now I am trying to put exchange 2016 in place without having the exchange 2007 anymore. He said there is a script that can be run to point all past users to the new exchange server from the old. Does anybody know that script to run to do this?
Thank you for all the help so far
Thank you for all the help so far
Try the registry key.
I don't know what script is being referred to. Autodiscover is used by Outlook about every 15 minutes always. They may be referring to a SCP, but that's still part of autodiscover.
I don't know what script is being referred to. Autodiscover is used by Outlook about every 15 minutes always. They may be referring to a SCP, but that's still part of autodiscover.
ASKER
Ok I thought it could not be this because a new user did not have this problem and the one user I got working did not have this problem so I kept looking. But after looking at everything I finally figured I would try this fix and it was exactly the problem. So you were correct it is that it was looking at office 365 instead of the exchange server. Could you tell me why the new user and this other user would work but not the rest? If not sure then no big deal just like to know why this is.
But either way thank you all for the help in trying to figure this out
But either way thank you all for the help in trying to figure this out
Take a look at this previous question on EE.
https://www.experts-exchange.com/questions/26410465/Update-Root-Certificates.html