Outlook promlems under migration from exchange 2007 to 2013

I have during the hollidays migrated an exchange 2007 to exchange 2013 server, Everything was going fine until I connect the outlook 2013 client to the mailxox that was moves to the exchange 2013 server

Every time I starts outlook 2013 on the client, outlook prompt for password, but if I press cancel outlook open the client and the mail works, also when I swift to the calendar outlook prompt for password.

We have also some users that have a second mailbox attached, and when I connect that outlook also prompt for password.

I hope you guys out there can help me, what am I missing?

Best regards
Jan Nielsen
Jan NielsenIT-coordinatorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tom CieslikIT EngineerCommented:
Check 2 factors.
Autodiscover
Certificate.

I thin you don't have autodiscover in your local domain and public DNS because was not required in Exchange 2007 so this would be first check, then double check if your new certificate pointing to new server name and is correctly installed in your IIS and is bind to port 443 SSL underr mail server name
Jan NielsenIT-coordinatorAuthor Commented:
Hi Tom

I have a certificate that include Exc2007, Exc2013, mail and autodiscover and it's working fine.

autodiscover is configured in our public DNS because we are using it for our mobilephones, tablets ect.

but we have not autodiscover configured in our local domain, is it in our DNS you mean, and could that be the reason.

I have tried putting the autodiscover in a local hostfile on the client, pointing at the internal exc2013 server, and it still don't work
Tom CieslikIT EngineerCommented:
No, local host file

just create autodiscover A record in your local DNS pointing to your mail server under your public name address in forward lookup zone

Make sure your certificate is bind to your new server SSL port 443 in IIS manager under Defalut Website
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Jan NielsenIT-coordinatorAuthor Commented:
If I look in my IIS manager under default website under bindings I see https binding to 443 to the SSL certificate and with an "*"under IP address.

I have created an A record in our local DNS pointing to our mailserver, with the public name in the forware lookup zone, but stille have the priblem, with the windows security logon box showing up, when opening the outlook client
FOXActive Directory/Exchange EngineerCommented:
Did you restart the webapppool on the exchange 2013 server?
powershell command   -  Restart-WebAppPool MSExchangeAutodiscoverAppPool

ref link:  https://support.microsoft.com/en-us/help/3097392/outlook-logon-fails-after-mailbox-moves-from-exchange-2010-to-exchange
Tom CieslikIT EngineerCommented:
1. I was asking you to create new zone with public name

for example:
your local domain is dmain.local
you domain name is domain.com and server name is mail
your public MX pointing to maildomain.com with IP 207.205.205.200
Your local IP for mail server is 192.168.1.200

so in DNS,,, go and create new zone

domain.com
Create A record for mail pointing to 192.168.1.200
create autodiscover A host pointing to 192.168.1.200

2. As of your IIS
you should have 3 records and all 3 should have bind your new certificate

https   autodiscover.domain.com    443  *
https   mail.domain.local                   443  *
https   mail.domain.com                   443  *

After that,,, restart IIS admin, restart Exchange services,,, refresh DNS  ipconfig /flushdns on mail server and workstation
Jan NielsenIT-coordinatorAuthor Commented:
Hi Tom

I have done exactly what you wrote, create a new zone in my DNS "mydomain.com" with 2 A records pointing at out exchangeserver, one with "autodiscover" and one with "mail"

And if I ping autodiscover.MyDomain.com or mail.MyDomain.com, I get answer from my Exc2013 server (192.168.100.x)

As you told about my IIS I have create 3 records as you described, binding to the new certificate.

I have restarted  exc2013 server, restarted our DC and our client, bur I sorry to say that I stille get the "Windows security" login box when I open outlook 2013.
Tom CieslikIT EngineerCommented:
If you have an older version of Outlook 2013, change the Logon network security setting to Anonymous Authentication to fix this issue. To do this, follow these steps:

Exit Outlook.
Open Control Panel, and then do one of the following:
 
In Windows 10, Windows 8.1, or Windows 7, click Start, type control panel in the search box, and then press Enter.
In Windows 8, swipe in from the right side to open the charms, tap or click Search, and then type control panel in the search box. Or, type control panel at the Start screen, and then tap or click Control Panel in the search results.
In Control Panel, locate and double-click Mail.
Click Show Profiles, select your Outlook profile, and then click Properties.
Click E-mail Accounts.
Select your email account, and then click Change.
In the Change Account dialog box, click More Settings.
In the Microsoft Exchange dialog box, select the Security tab.
On the Login network security list, select Anonymous Authentication, and then click OK.
Click Next, click Finish, and then click Close on the Account Settings dialog box.
Click Close on the Mail Setup dialog box, and then click OK to close the Mail control panel.
Jan NielsenIT-coordinatorAuthor Commented:
Hi Tom

I have now tried the "Anonymous Authentication", but with same result, still get the "Windows security" login box when I open outlook 2013.
Tom CieslikIT EngineerCommented:
What about your OWA,,, can you login using OWA with no errors ?
Jan NielsenIT-coordinatorAuthor Commented:
Yes thats works fine no errors, certificate OK
Tom CieslikIT EngineerCommented:
Did you try to create new Outlook profile ?
FOXActive Directory/Exchange EngineerCommented:
Jan it seems you done everything on the server side.

1. On one workstation in question go to Control Panel》Credential Manager》Windows Credentials....remove all the vaults if there are any.  

2. Start outlook. If you get the pop up enter the credentials and password and put a check in "Remember Credentials"
Jan NielsenIT-coordinatorAuthor Commented:
Hi Tom

Yes I have tried to create a new outlook profile :-)
Jan NielsenIT-coordinatorAuthor Commented:
Hi Fox

I have been in the credential manager and delete all vaults, and tried to start outlook and type and save password, but when I restart outlook it asks for windows credentials again, so no luck there :-)
Saif ShaikhServer engineer Commented:
Outlook client might be connecting to public folders which was deleted.

Try this,,

There is an attribute in ADSIEDIT in the mailbox database properties. So open ADSIEDIT-- Configuration Partition.--Microsoft Exchange-- Administrative Group--- Exchange Administrative Group - Databases- Mailbox Database-- Go to properties of  this and you will find below attribute.

msExchHomePublicMDB

If there is a delete entry of old public folder database then click on clear. This will clear the entire value. This is what is required so that outlook client do not prompt for password.
Jan NielsenIT-coordinatorAuthor Commented:
Hi Saif

I can not find that record in ADSIEDIT, I can find "ms-Exeh-Home-Public-MDB" under schema in ADSIEDIT, I can not find it with the path you described.
Saif ShaikhServer engineer Commented:
Yes that the attribute.

Is there any value of deleted pf if yes then clear it.
Jan NielsenIT-coordinatorAuthor Commented:
Hi Saif

No there is not any vlaue with that name
Jan NielsenIT-coordinatorAuthor Commented:
Hi

As I told earliere I'm ongoing with the migration from exc2007 to exc2013, and have by an occation discovered that if the old server (Exc2007) is turned off, then the "Windows security" login windows do not popup.

Could this be a configuration issue or shoud I just wait until all mailboxes ar moved and the old server is turned off?
Saif ShaikhServer engineer Commented:
As I said users might be connecting to public folders on old server.

On the outlook client where the issue is can you click on connection status and see where exactly is is failing.

so as soon as you get a outlook prompt don't click cancel on it instead press the ctrl key on keyboard and on the extreme right hand side of the desktop in the taskbar you see outlook application, right click on the outlook and click connection status.

See whats the behaviour in connection status.
Jan NielsenIT-coordinatorAuthor Commented:
Hi Saif

Yes you are right, it tries to connect to public folders on the old server, can I do anything about that?

Outlook-2007-error.JPG
Saif ShaikhServer engineer Commented:
On the new exchange server on each mailbox database go to properties and click on client settings.

Check whether it is set to use the old public folder database of old server. If yes then change it to point to new one. You cannot set a new public folder database for 2016 server since we now don't have a PF database from exchange 2013 onwards we have pf mailbox.

Below will solve the issue: You need to be in the configuration partition and not schema partition of ADSIEDIT.

There is an attribute in ADSIEDIT in the mailbox database properties. So open ADSIEDIT-- Configuration Partition.--Microsoft Exchange-- Administrative Group--- Exchange Administrative Group - Databases- Mailbox Database-- Go to properties of  this and you will find below attribute.

msExchHomePublicMDB
Saif ShaikhServer engineer Commented:
There is an attribute in ADSIEDIT in the mailbox database properties. So open ADSIEDIT-- Configuration Partition.--Microsoft Exchange-- Administrative Group--- Exchange Administrative Group - Databases- Mailbox Database-- Go to properties of  this and you will find below attribute.

msExchHomePublicMDB

The value is either on the properties of Databases- Mailbox Database

OR

The value is either on the properties of Mailbox Database object.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Saif ShaikhServer engineer Commented:
I'm sending you screenshot, please refer the same and see where I went into the properties on the mailbox database in ADSIEDIT.msc
msexchhomepublicmdb.jpg
Saif ShaikhServer engineer Commented:
Clear the value and if you have multiple domain controllers then force replication across all DC.

From elevated cmd on DC run command: repadmin /syncall /AdeP
Jan NielsenIT-coordinatorAuthor Commented:
Hi Saif

I have tried to open ADSI at my DC, and onder action connect to "Configuration" under "Select a well known nameing context", and can not find the path as you described, maby I'm doing something wrong.

I can find somthing similar under services, (see attatched file) but guess thats not right, could you please guide me to find the right spot?

I'm running exchange 2013 now

 InkedPublic-folder_LI.jpg
Saif ShaikhServer engineer Commented:
I think you are at the right place, just wanted to know the affected user resides on which database "Mailbox Database1" , "Mailbox Database2" , "Mailbox Database3" ,"Mailbox Database4"

Also check the same value "msExchHomePublicMDB" on all databases one by one.

If you are not using public folders on exchange 2007 can you remove the public folder database from exchange 2007.
Jan NielsenIT-coordinatorAuthor Commented:
I have checked the value "msExchHomeOublicMDB" all 4 "Mailbox Databases" and all is "not set"

We do not use public filders on exchange 2007, is it safe to remove the public folder database? And how do I do that?

We have just moved about 50% off the users to the new server, would it have any impact moving the rest?
Jan NielsenIT-coordinatorAuthor Commented:
Hi Guys

All your ansvers was helpful, but my solution was the value in "msExchHomePublicMDB" on all my 4 databases was set to old server, and when I deleted them all worked fine :-)

Tkanks for your help, and Saif, I have marked your reply as "my solution"

Have a nice day :-)
Saif ShaikhServer engineer Commented:
Glad to help you on the outlook credentials prompt issue. Exchange guys make a note of this issue, might be helpful for all and it happens only if you are migrating from old exchange versions to exchange 2013 and later.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.