Outlook Profile issues - Exchange migration SBS/2010 to 2013 to 2019 currently - Production Impacted
Hello everyone - This is actually my first time posting from the team. I appreciate any and all suggestions and guidance and will answer any questions as quickly as possible.
We have a client who was running an SBS server with exchange 2010. I was enlisted to migrate them from 2010 to 2013 and then ending up on 2019. This involved the upgrade and introduction of a number of other servers. Here is the background.... During the migration from SBS/2010 the server failed and booted into recovery after a reboot. We didn't spend much time on repairing as only a handful of mailboxes were impacted. We pulled them from restores and did uploads to newly created accounts on the 2013 server. I of course had to do a good bit of cleanup in ADSI after the failures and during the installation of exchange 2019. As of this past weekend all the mailboxes were moved from 2013 to 2019. Everything was updated and tested to assure functionality. Now here is the confusing part --- rather than change all the current firewall rules and etc, we just switched the IP addresses. Once the moves were complete I changed the IP on 2013, did a DNS flush/register DNS, reboot and did the same on the 2019 server, with it now having the static IP of the previous 2013 server. Monday 7 am everyone comes in and there are random results across the board. The folks who had email setup on their phone since the 2013 migration just started working no problems. The better number of users were prompted to close and then open outlook, which happened without issue. However any new mobile/active-sync connections are unsuccessful unless with manually setting the server info. The same goes for internal and external outlook profiles but only for a number of folks. The machines I've seen have issues so far are Windows 7 with office 2016 home and business. However it's been reported that there are other variations. The remainder of the users are now faced with using only web mail. The old profile won't work and attempts at a new profile also don't work. It runs through all the authentication settings no issues but continues to prompt for credentials while loading profile The account never loads and in turn eventually fails. All the DNS stuff externally and internally are and have been the same. There is a valid SSL certificate and current A and CNAME records pointing to the correct auto discover, mail, and other addresses. I've done some playing around with the host file on a local PC and got better mapping results but the same issue with credentials constantly prompting.
I was starting to go down the worm hole of authentication but now believe it to be an auto discover issue? If I run the connectivity analyzer it fails, but I've never had much faith in it. It's told me setups in the past have failed that actually functioned properly. However the auto discover address it's looking for isn't what's actually being used. I'v checked for dead external DNS records and found nothing. The don't have a wild card SSL so everything points back to mail.domain.com and has always been the case, prior to me stepping in. I've read all types of articles and have nobody else in my organization with 2019 experience. I don't doubt there is a problem with the auto discover, i'm just not sure where. On the other hand though I think there is something else i'm missing here. It makes no sense that 80-95% of users were fine, but those last few are not. The fact that they can access web mail gives the thought that most things are in place and functioning.
Again any help is greatly appreciated and I hope I've provided enough information to get any help on the right track. I'll check back again first thing in the morning to see if there are any questions.
Thanks.
We have a client who was running an SBS server with exchange 2010. I was enlisted to migrate them from 2010 to 2013 and then ending up on 2019. This involved the upgrade and introduction of a number of other servers. Here is the background.... During the migration from SBS/2010 the server failed and booted into recovery after a reboot. We didn't spend much time on repairing as only a handful of mailboxes were impacted. We pulled them from restores and did uploads to newly created accounts on the 2013 server. I of course had to do a good bit of cleanup in ADSI after the failures and during the installation of exchange 2019. As of this past weekend all the mailboxes were moved from 2013 to 2019. Everything was updated and tested to assure functionality. Now here is the confusing part --- rather than change all the current firewall rules and etc, we just switched the IP addresses. Once the moves were complete I changed the IP on 2013, did a DNS flush/register DNS, reboot and did the same on the 2019 server, with it now having the static IP of the previous 2013 server. Monday 7 am everyone comes in and there are random results across the board. The folks who had email setup on their phone since the 2013 migration just started working no problems. The better number of users were prompted to close and then open outlook, which happened without issue. However any new mobile/active-sync connections are unsuccessful unless with manually setting the server info. The same goes for internal and external outlook profiles but only for a number of folks. The machines I've seen have issues so far are Windows 7 with office 2016 home and business. However it's been reported that there are other variations. The remainder of the users are now faced with using only web mail. The old profile won't work and attempts at a new profile also don't work. It runs through all the authentication settings no issues but continues to prompt for credentials while loading profile The account never loads and in turn eventually fails. All the DNS stuff externally and internally are and have been the same. There is a valid SSL certificate and current A and CNAME records pointing to the correct auto discover, mail, and other addresses. I've done some playing around with the host file on a local PC and got better mapping results but the same issue with credentials constantly prompting.
I was starting to go down the worm hole of authentication but now believe it to be an auto discover issue? If I run the connectivity analyzer it fails, but I've never had much faith in it. It's told me setups in the past have failed that actually functioned properly. However the auto discover address it's looking for isn't what's actually being used. I'v checked for dead external DNS records and found nothing. The don't have a wild card SSL so everything points back to mail.domain.com and has always been the case, prior to me stepping in. I've read all types of articles and have nobody else in my organization with 2019 experience. I don't doubt there is a problem with the auto discover, i'm just not sure where. On the other hand though I think there is something else i'm missing here. It makes no sense that 80-95% of users were fine, but those last few are not. The fact that they can access web mail gives the thought that most things are in place and functioning.
Again any help is greatly appreciated and I hope I've provided enough information to get any help on the right track. I'll check back again first thing in the morning to see if there are any questions.
Thanks.
Check your Exchange Service Connection Point. Make sure it's using the correct URI.
Is Split DNS reconfigured for the newer Exchange if anything changed? If not, is the URI DNS A record's IP updated to the newer Exchange?
Is Split DNS reconfigured for the newer Exchange if anything changed? If not, is the URI DNS A record's IP updated to the newer Exchange?
In addition to what Philip suggested, if you didn't already check the SRV record in DNS under _TCP
check that the autodiscover SRV record is pointed to correct server.
check that the autodiscover SRV record is pointed to correct server.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Please download and run - https://support.microsoft.com/en-us/help/4098558/scan-outlook-by-using-microsoft-support-and-recovery-assistant