Link to home
Start Free TrialLog in
Avatar of Jan Nielsen
Jan Nielsen

asked on

Outlook promlems under migration from exchange 2007 to 2013

I have during the hollidays migrated an exchange 2007 to exchange 2013 server, Everything was going fine until I connect the outlook 2013 client to the mailxox that was moves to the exchange 2013 server

Every time I starts outlook 2013 on the client, outlook prompt for password, but if I press cancel outlook open the client and the mail works, also when I swift to the calendar outlook prompt for password.

We have also some users that have a second mailbox attached, and when I connect that outlook also prompt for password.

I hope you guys out there can help me, what am I missing?

Best regards
Jan Nielsen
Avatar of Tom Cieslik
Tom Cieslik
Flag of United States of America image

Check 2 factors.
Autodiscover
Certificate.

I thin you don't have autodiscover in your local domain and public DNS because was not required in Exchange 2007 so this would be first check, then double check if your new certificate pointing to new server name and is correctly installed in your IIS and is bind to port 443 SSL underr mail server name
Avatar of Jan Nielsen
Jan Nielsen

ASKER

Hi Tom

I have a certificate that include Exc2007, Exc2013, mail and autodiscover and it's working fine.

autodiscover is configured in our public DNS because we are using it for our mobilephones, tablets ect.

but we have not autodiscover configured in our local domain, is it in our DNS you mean, and could that be the reason.

I have tried putting the autodiscover in a local hostfile on the client, pointing at the internal exc2013 server, and it still don't work
No, local host file

just create autodiscover A record in your local DNS pointing to your mail server under your public name address in forward lookup zone

Make sure your certificate is bind to your new server SSL port 443 in IIS manager under Defalut Website
If I look in my IIS manager under default website under bindings I see https binding to 443 to the SSL certificate and with an "*"under IP address.

I have created an A record in our local DNS pointing to our mailserver, with the public name in the forware lookup zone, but stille have the priblem, with the windows security logon box showing up, when opening the outlook client
Did you restart the webapppool on the exchange 2013 server?
powershell command   -  Restart-WebAppPool MSExchangeAutodiscoverAppPool

ref link:  https://support.microsoft.com/en-us/help/3097392/outlook-logon-fails-after-mailbox-moves-from-exchange-2010-to-exchange
1. I was asking you to create new zone with public name

for example:
your local domain is dmain.local
you domain name is domain.com and server name is mail
your public MX pointing to maildomain.com with IP 207.205.205.200
Your local IP for mail server is 192.168.1.200

so in DNS,,, go and create new zone

domain.com
Create A record for mail pointing to 192.168.1.200
create autodiscover A host pointing to 192.168.1.200

2. As of your IIS
you should have 3 records and all 3 should have bind your new certificate

https   autodiscover.domain.com    443  *
https   mail.domain.local                   443  *
https   mail.domain.com                   443  *

After that,,, restart IIS admin, restart Exchange services,,, refresh DNS  ipconfig /flushdns on mail server and workstation
Hi Tom

I have done exactly what you wrote, create a new zone in my DNS "mydomain.com" with 2 A records pointing at out exchangeserver, one with "autodiscover" and one with "mail"

And if I ping autodiscover.MyDomain.com or mail.MyDomain.com, I get answer from my Exc2013 server (192.168.100.x)

As you told about my IIS I have create 3 records as you described, binding to the new certificate.

I have restarted  exc2013 server, restarted our DC and our client, bur I sorry to say that I stille get the "Windows security" login box when I open outlook 2013.
If you have an older version of Outlook 2013, change the Logon network security setting to Anonymous Authentication to fix this issue. To do this, follow these steps:

Exit Outlook.
Open Control Panel, and then do one of the following:
 
In Windows 10, Windows 8.1, or Windows 7, click Start, type control panel in the search box, and then press Enter.
In Windows 8, swipe in from the right side to open the charms, tap or click Search, and then type control panel in the search box. Or, type control panel at the Start screen, and then tap or click Control Panel in the search results.
In Control Panel, locate and double-click Mail.
Click Show Profiles, select your Outlook profile, and then click Properties.
Click E-mail Accounts.
Select your email account, and then click Change.
In the Change Account dialog box, click More Settings.
In the Microsoft Exchange dialog box, select the Security tab.
On the Login network security list, select Anonymous Authentication, and then click OK.
Click Next, click Finish, and then click Close on the Account Settings dialog box.
Click Close on the Mail Setup dialog box, and then click OK to close the Mail control panel.
Hi Tom

I have now tried the "Anonymous Authentication", but with same result, still get the "Windows security" login box when I open outlook 2013.
What about your OWA,,, can you login using OWA with no errors ?
Yes thats works fine no errors, certificate OK
Did you try to create new Outlook profile ?
Jan it seems you done everything on the server side.

1. On one workstation in question go to Control Panel》Credential Manager》Windows Credentials....remove all the vaults if there are any.  

2. Start outlook. If you get the pop up enter the credentials and password and put a check in "Remember Credentials"
Hi Tom

Yes I have tried to create a new outlook profile :-)
Hi Fox

I have been in the credential manager and delete all vaults, and tried to start outlook and type and save password, but when I restart outlook it asks for windows credentials again, so no luck there :-)
Outlook client might be connecting to public folders which was deleted.

Try this,,

There is an attribute in ADSIEDIT in the mailbox database properties. So open ADSIEDIT-- Configuration Partition.--Microsoft Exchange-- Administrative Group--- Exchange Administrative Group - Databases- Mailbox Database-- Go to properties of  this and you will find below attribute.

msExchHomePublicMDB

If there is a delete entry of old public folder database then click on clear. This will clear the entire value. This is what is required so that outlook client do not prompt for password.
Hi Saif

I can not find that record in ADSIEDIT, I can find "ms-Exeh-Home-Public-MDB" under schema in ADSIEDIT, I can not find it with the path you described.
Yes that the attribute.

Is there any value of deleted pf if yes then clear it.
Hi Saif

No there is not any vlaue with that name
Hi

As I told earliere I'm ongoing with the migration from exc2007 to exc2013, and have by an occation discovered that if the old server (Exc2007) is turned off, then the "Windows security" login windows do not popup.

Could this be a configuration issue or shoud I just wait until all mailboxes ar moved and the old server is turned off?
As I said users might be connecting to public folders on old server.

On the outlook client where the issue is can you click on connection status and see where exactly is is failing.

so as soon as you get a outlook prompt don't click cancel on it instead press the ctrl key on keyboard and on the extreme right hand side of the desktop in the taskbar you see outlook application, right click on the outlook and click connection status.

See whats the behaviour in connection status.
Hi Saif

Yes you are right, it tries to connect to public folders on the old server, can I do anything about that?

User generated image
On the new exchange server on each mailbox database go to properties and click on client settings.

Check whether it is set to use the old public folder database of old server. If yes then change it to point to new one. You cannot set a new public folder database for 2016 server since we now don't have a PF database from exchange 2013 onwards we have pf mailbox.

Below will solve the issue: You need to be in the configuration partition and not schema partition of ADSIEDIT.

There is an attribute in ADSIEDIT in the mailbox database properties. So open ADSIEDIT-- Configuration Partition.--Microsoft Exchange-- Administrative Group--- Exchange Administrative Group - Databases- Mailbox Database-- Go to properties of  this and you will find below attribute.

msExchHomePublicMDB
ASKER CERTIFIED SOLUTION
Avatar of Saif Shaikh
Saif Shaikh
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I'm sending you screenshot, please refer the same and see where I went into the properties on the mailbox database in ADSIEDIT.msc
msexchhomepublicmdb.jpg
Clear the value and if you have multiple domain controllers then force replication across all DC.

From elevated cmd on DC run command: repadmin /syncall /AdeP
Hi Saif

I have tried to open ADSI at my DC, and onder action connect to "Configuration" under "Select a well known nameing context", and can not find the path as you described, maby I'm doing something wrong.

I can find somthing similar under services, (see attatched file) but guess thats not right, could you please guide me to find the right spot?

I'm running exchange 2013 now

 User generated image
I think you are at the right place, just wanted to know the affected user resides on which database "Mailbox Database1" , "Mailbox Database2" , "Mailbox Database3" ,"Mailbox Database4"

Also check the same value "msExchHomePublicMDB" on all databases one by one.

If you are not using public folders on exchange 2007 can you remove the public folder database from exchange 2007.
I have checked the value "msExchHomeOublicMDB" all 4 "Mailbox Databases" and all is "not set"

We do not use public filders on exchange 2007, is it safe to remove the public folder database? And how do I do that?

We have just moved about 50% off the users to the new server, would it have any impact moving the rest?
Hi Guys

All your ansvers was helpful, but my solution was the value in "msExchHomePublicMDB" on all my 4 databases was set to old server, and when I deleted them all worked fine :-)

Tkanks for your help, and Saif, I have marked your reply as "my solution"

Have a nice day :-)
Glad to help you on the outlook credentials prompt issue. Exchange guys make a note of this issue, might be helpful for all and it happens only if you are migrating from old exchange versions to exchange 2013 and later.