asked on
Outlook promlems under migration from exchange 2007 to 2013
I have during the hollidays migrated an exchange 2007 to exchange 2013 server, Everything was going fine until I connect the outlook 2013 client to the mailxox that was moves to the exchange 2013 server
Every time I starts outlook 2013 on the client, outlook prompt for password, but if I press cancel outlook open the client and the mail works, also when I swift to the calendar outlook prompt for password.
We have also some users that have a second mailbox attached, and when I connect that outlook also prompt for password.
I hope you guys out there can help me, what am I missing?
Best regards
Jan Nielsen
Every time I starts outlook 2013 on the client, outlook prompt for password, but if I press cancel outlook open the client and the mail works, also when I swift to the calendar outlook prompt for password.
We have also some users that have a second mailbox attached, and when I connect that outlook also prompt for password.
I hope you guys out there can help me, what am I missing?
Best regards
Jan Nielsen
ExchangeOutlook
Last Comment
Saif Shaikh
ASKER
Hi Tom
I have a certificate that include Exc2007, Exc2013, mail and autodiscover and it's working fine.
autodiscover is configured in our public DNS because we are using it for our mobilephones, tablets ect.
but we have not autodiscover configured in our local domain, is it in our DNS you mean, and could that be the reason.
I have tried putting the autodiscover in a local hostfile on the client, pointing at the internal exc2013 server, and it still don't work
I have a certificate that include Exc2007, Exc2013, mail and autodiscover and it's working fine.
autodiscover is configured in our public DNS because we are using it for our mobilephones, tablets ect.
but we have not autodiscover configured in our local domain, is it in our DNS you mean, and could that be the reason.
I have tried putting the autodiscover in a local hostfile on the client, pointing at the internal exc2013 server, and it still don't work
No, local host file
just create autodiscover A record in your local DNS pointing to your mail server under your public name address in forward lookup zone
Make sure your certificate is bind to your new server SSL port 443 in IIS manager under Defalut Website
just create autodiscover A record in your local DNS pointing to your mail server under your public name address in forward lookup zone
Make sure your certificate is bind to your new server SSL port 443 in IIS manager under Defalut Website
ASKER
If I look in my IIS manager under default website under bindings I see https binding to 443 to the SSL certificate and with an "*"under IP address.
I have created an A record in our local DNS pointing to our mailserver, with the public name in the forware lookup zone, but stille have the priblem, with the windows security logon box showing up, when opening the outlook client
I have created an A record in our local DNS pointing to our mailserver, with the public name in the forware lookup zone, but stille have the priblem, with the windows security logon box showing up, when opening the outlook client
Did you restart the webapppool on the exchange 2013 server?
powershell command - Restart-WebAppPool MSExchangeAutodiscoverAppP
ref link: https://support.microsoft.com/en-us/help/3097392/outlook-logon-fails-after-mailbox-moves-from-exchange-2010-to-exchange
powershell command - Restart-WebAppPool MSExchangeAutodiscoverAppP
ref link: https://support.microsoft.com/en-us/help/3097392/outlook-logon-fails-after-mailbox-moves-from-exchange-2010-to-exchange
1. I was asking you to create new zone with public name
for example:
your local domain is dmain.local
you domain name is domain.com and server name is mail
your public MX pointing to maildomain.com with IP 207.205.205.200
Your local IP for mail server is 192.168.1.200
so in DNS,,, go and create new zone
domain.com
Create A record for mail pointing to 192.168.1.200
create autodiscover A host pointing to 192.168.1.200
2. As of your IIS
you should have 3 records and all 3 should have bind your new certificate
https autodiscover.domain.com 443 *
https mail.domain.local 443 *
https mail.domain.com 443 *
After that,,, restart IIS admin, restart Exchange services,,, refresh DNS ipconfig /flushdns on mail server and workstation
for example:
your local domain is dmain.local
you domain name is domain.com and server name is mail
your public MX pointing to maildomain.com with IP 207.205.205.200
Your local IP for mail server is 192.168.1.200
so in DNS,,, go and create new zone
domain.com
Create A record for mail pointing to 192.168.1.200
create autodiscover A host pointing to 192.168.1.200
2. As of your IIS
you should have 3 records and all 3 should have bind your new certificate
https autodiscover.domain.com 443 *
https mail.domain.local 443 *
https mail.domain.com 443 *
After that,,, restart IIS admin, restart Exchange services,,, refresh DNS ipconfig /flushdns on mail server and workstation
ASKER
Hi Tom
I have done exactly what you wrote, create a new zone in my DNS "mydomain.com" with 2 A records pointing at out exchangeserver, one with "autodiscover" and one with "mail"
And if I ping autodiscover.MyDomain.com or mail.MyDomain.com, I get answer from my Exc2013 server (192.168.100.x)
As you told about my IIS I have create 3 records as you described, binding to the new certificate.
I have restarted exc2013 server, restarted our DC and our client, bur I sorry to say that I stille get the "Windows security" login box when I open outlook 2013.
I have done exactly what you wrote, create a new zone in my DNS "mydomain.com" with 2 A records pointing at out exchangeserver, one with "autodiscover" and one with "mail"
And if I ping autodiscover.MyDomain.com or mail.MyDomain.com, I get answer from my Exc2013 server (192.168.100.x)
As you told about my IIS I have create 3 records as you described, binding to the new certificate.
I have restarted exc2013 server, restarted our DC and our client, bur I sorry to say that I stille get the "Windows security" login box when I open outlook 2013.
If you have an older version of Outlook 2013, change the Logon network security setting to Anonymous Authentication to fix this issue. To do this, follow these steps:
Exit Outlook.
Open Control Panel, and then do one of the following:
In Windows 10, Windows 8.1, or Windows 7, click Start, type control panel in the search box, and then press Enter.
In Windows 8, swipe in from the right side to open the charms, tap or click Search, and then type control panel in the search box. Or, type control panel at the Start screen, and then tap or click Control Panel in the search results.
In Control Panel, locate and double-click Mail.
Click Show Profiles, select your Outlook profile, and then click Properties.
Click E-mail Accounts.
Select your email account, and then click Change.
In the Change Account dialog box, click More Settings.
In the Microsoft Exchange dialog box, select the Security tab.
On the Login network security list, select Anonymous Authentication, and then click OK.
Click Next, click Finish, and then click Close on the Account Settings dialog box.
Click Close on the Mail Setup dialog box, and then click OK to close the Mail control panel.
Exit Outlook.
Open Control Panel, and then do one of the following:
In Windows 10, Windows 8.1, or Windows 7, click Start, type control panel in the search box, and then press Enter.
In Windows 8, swipe in from the right side to open the charms, tap or click Search, and then type control panel in the search box. Or, type control panel at the Start screen, and then tap or click Control Panel in the search results.
In Control Panel, locate and double-click Mail.
Click Show Profiles, select your Outlook profile, and then click Properties.
Click E-mail Accounts.
Select your email account, and then click Change.
In the Change Account dialog box, click More Settings.
In the Microsoft Exchange dialog box, select the Security tab.
On the Login network security list, select Anonymous Authentication, and then click OK.
Click Next, click Finish, and then click Close on the Account Settings dialog box.
Click Close on the Mail Setup dialog box, and then click OK to close the Mail control panel.
ASKER
Hi Tom
I have now tried the "Anonymous Authentication", but with same result, still get the "Windows security" login box when I open outlook 2013.
I have now tried the "Anonymous Authentication", but with same result, still get the "Windows security" login box when I open outlook 2013.
What about your OWA,,, can you login using OWA with no errors ?
ASKER
Yes thats works fine no errors, certificate OK
Did you try to create new Outlook profile ?
Jan it seems you done everything on the server side.
1. On one workstation in question go to Control Panel》Credential Manager》Windows Credentials....remove all the vaults if there are any.
2. Start outlook. If you get the pop up enter the credentials and password and put a check in "Remember Credentials"
1. On one workstation in question go to Control Panel》Credential Manager》Windows Credentials....remove all the vaults if there are any.
2. Start outlook. If you get the pop up enter the credentials and password and put a check in "Remember Credentials"
ASKER
Hi Tom
Yes I have tried to create a new outlook profile :-)
Yes I have tried to create a new outlook profile :-)
ASKER
Hi Fox
I have been in the credential manager and delete all vaults, and tried to start outlook and type and save password, but when I restart outlook it asks for windows credentials again, so no luck there :-)
I have been in the credential manager and delete all vaults, and tried to start outlook and type and save password, but when I restart outlook it asks for windows credentials again, so no luck there :-)
Outlook client might be connecting to public folders which was deleted.
Try this,,
There is an attribute in ADSIEDIT in the mailbox database properties. So open ADSIEDIT-- Configuration Partition.--Microsoft Exchange-- Administrative Group--- Exchange Administrative Group - Databases- Mailbox Database-- Go to properties of this and you will find below attribute.
msExchHomePublicMDB
If there is a delete entry of old public folder database then click on clear. This will clear the entire value. This is what is required so that outlook client do not prompt for password.
Try this,,
There is an attribute in ADSIEDIT in the mailbox database properties. So open ADSIEDIT-- Configuration Partition.--Microsoft Exchange-- Administrative Group--- Exchange Administrative Group - Databases- Mailbox Database-- Go to properties of this and you will find below attribute.
msExchHomePublicMDB
If there is a delete entry of old public folder database then click on clear. This will clear the entire value. This is what is required so that outlook client do not prompt for password.
ASKER
Hi Saif
I can not find that record in ADSIEDIT, I can find "ms-Exeh-Home-Public-MDB" under schema in ADSIEDIT, I can not find it with the path you described.
I can not find that record in ADSIEDIT, I can find "ms-Exeh-Home-Public-MDB" under schema in ADSIEDIT, I can not find it with the path you described.
Yes that the attribute.
Is there any value of deleted pf if yes then clear it.
Is there any value of deleted pf if yes then clear it.
ASKER
Hi Saif
No there is not any vlaue with that name
No there is not any vlaue with that name
ASKER
Hi
As I told earliere I'm ongoing with the migration from exc2007 to exc2013, and have by an occation discovered that if the old server (Exc2007) is turned off, then the "Windows security" login windows do not popup.
Could this be a configuration issue or shoud I just wait until all mailboxes ar moved and the old server is turned off?
As I told earliere I'm ongoing with the migration from exc2007 to exc2013, and have by an occation discovered that if the old server (Exc2007) is turned off, then the "Windows security" login windows do not popup.
Could this be a configuration issue or shoud I just wait until all mailboxes ar moved and the old server is turned off?
As I said users might be connecting to public folders on old server.
On the outlook client where the issue is can you click on connection status and see where exactly is is failing.
so as soon as you get a outlook prompt don't click cancel on it instead press the ctrl key on keyboard and on the extreme right hand side of the desktop in the taskbar you see outlook application, right click on the outlook and click connection status.
See whats the behaviour in connection status.
On the outlook client where the issue is can you click on connection status and see where exactly is is failing.
so as soon as you get a outlook prompt don't click cancel on it instead press the ctrl key on keyboard and on the extreme right hand side of the desktop in the taskbar you see outlook application, right click on the outlook and click connection status.
See whats the behaviour in connection status.
ASKER
Hi Saif
Yes you are right, it tries to connect to public folders on the old server, can I do anything about that?
![Outlook-2007-error.JPG]()
Yes you are right, it tries to connect to public folders on the old server, can I do anything about that?
On the new exchange server on each mailbox database go to properties and click on client settings.
Check whether it is set to use the old public folder database of old server. If yes then change it to point to new one. You cannot set a new public folder database for 2016 server since we now don't have a PF database from exchange 2013 onwards we have pf mailbox.
Below will solve the issue: You need to be in the configuration partition and not schema partition of ADSIEDIT.
There is an attribute in ADSIEDIT in the mailbox database properties. So open ADSIEDIT-- Configuration Partition.--Microsoft Exchange-- Administrative Group--- Exchange Administrative Group - Databases- Mailbox Database-- Go to properties of this and you will find below attribute.
msExchHomePublicMDB
Check whether it is set to use the old public folder database of old server. If yes then change it to point to new one. You cannot set a new public folder database for 2016 server since we now don't have a PF database from exchange 2013 onwards we have pf mailbox.
Below will solve the issue: You need to be in the configuration partition and not schema partition of ADSIEDIT.
There is an attribute in ADSIEDIT in the mailbox database properties. So open ADSIEDIT-- Configuration Partition.--Microsoft Exchange-- Administrative Group--- Exchange Administrative Group - Databases- Mailbox Database-- Go to properties of this and you will find below attribute.
msExchHomePublicMDB
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I'm sending you screenshot, please refer the same and see where I went into the properties on the mailbox database in ADSIEDIT.msc
msexchhomepublicmdb.jpg
msexchhomepublicmdb.jpg
Clear the value and if you have multiple domain controllers then force replication across all DC.
From elevated cmd on DC run command: repadmin /syncall /AdeP
From elevated cmd on DC run command: repadmin /syncall /AdeP
ASKER
Hi Saif
I have tried to open ADSI at my DC, and onder action connect to "Configuration" under "Select a well known nameing context", and can not find the path as you described, maby I'm doing something wrong.
I can find somthing similar under services, (see attatched file) but guess thats not right, could you please guide me to find the right spot?
I'm running exchange 2013 now
![InkedPublic-folder_LI.jpg]()
I have tried to open ADSI at my DC, and onder action connect to "Configuration" under "Select a well known nameing context", and can not find the path as you described, maby I'm doing something wrong.
I can find somthing similar under services, (see attatched file) but guess thats not right, could you please guide me to find the right spot?
I'm running exchange 2013 now
I think you are at the right place, just wanted to know the affected user resides on which database "Mailbox Database1" , "Mailbox Database2" , "Mailbox Database3" ,"Mailbox Database4"
Also check the same value "msExchHomePublicMDB" on all databases one by one.
If you are not using public folders on exchange 2007 can you remove the public folder database from exchange 2007.
Also check the same value "msExchHomePublicMDB" on all databases one by one.
If you are not using public folders on exchange 2007 can you remove the public folder database from exchange 2007.
ASKER
I have checked the value "msExchHomeOublicMDB" all 4 "Mailbox Databases" and all is "not set"
We do not use public filders on exchange 2007, is it safe to remove the public folder database? And how do I do that?
We have just moved about 50% off the users to the new server, would it have any impact moving the rest?
We do not use public filders on exchange 2007, is it safe to remove the public folder database? And how do I do that?
We have just moved about 50% off the users to the new server, would it have any impact moving the rest?
ASKER
Hi Guys
All your ansvers was helpful, but my solution was the value in "msExchHomePublicMDB" on all my 4 databases was set to old server, and when I deleted them all worked fine :-)
Tkanks for your help, and Saif, I have marked your reply as "my solution"
Have a nice day :-)
All your ansvers was helpful, but my solution was the value in "msExchHomePublicMDB" on all my 4 databases was set to old server, and when I deleted them all worked fine :-)
Tkanks for your help, and Saif, I have marked your reply as "my solution"
Have a nice day :-)
Glad to help you on the outlook credentials prompt issue. Exchange guys make a note of this issue, might be helpful for all and it happens only if you are migrating from old exchange versions to exchange 2013 and later.
Autodiscover
Certificate.
I thin you don't have autodiscover in your local domain and public DNS because was not required in Exchange 2007 so this would be first check, then double check if your new certificate pointing to new server name and is correctly installed in your IIS and is bind to port 443 SSL underr mail server name