Outlook 2013 connectivity through Exchange 2013 to Exchange 2010 during Migration (Network Steve Forum)

Outlook 2013 connectivity through Exchange 2013 to Exchange 2010 during Migration

Howdy all,

We are currently running an Exchange 2010 environment. Single server on 2008 R2. One MBX DB, one PUB DB. OAB generation is Web only, Pub disabled. External and Internal URL of webmail.company.com.au. Multi-SAN Certificate by Public CA.

Mixture of Outlook 2010 and 2013.

We are implementing a migration to Exchange 2013. We have a demo virtual environment for testing, and have progressed our live environment up to being ready to migrate mailboxes. So far the demo environment doesn't seem to experience the same issues.

So far 2013 is setup with all of the same settings, same External and Internal URLs so that we can utilize the same certificate. We hope to change the cert at the same time we split Exchange out to 2 2013 servers (which is after an AD domain migration).

Now the problem is occurring when testing Outlook connectivity via manual Host entry, pointing webmail.company.com.au to the 2013 server. Access to shared mailboxes mapped with the 2010 AutoMapping is broken, as well as access to Public Folders. The Connection Status window shows at least 3 connections to 2010 server via RPC/TCP. At first access to both works fine, but after some time (can't be sure on how long) it breaks, and you get an error.

"Cannot expand the folder. The set of folders cannot be opened. Your profile is not configured. (/o=COMPANY/ou=Exchange Administrative Group (ABCDEFGH12IJKLM)/cn=Configuration/cn=Servers/cn=webmail.company.com.au)"

This error has occurred for 5 people I have tested with, including me, with various mapped shared mailboxes.

In the Connection Status window, you do see a flicker of connections that state Connecting and Disconnecting, changing from 2010 server hostname to webmail.company.com.au, with a Type of Exchange Referral, increasing the ID to be up to ~300 before disappearing.

I can supply you with any outputs you need, like Get-OutlookAnywhere:

[PS] C:\Windows\system32>Get-OutlookAnywhere


RunspaceId                         : 7abfc9c7-4926-4667-9ea5-c0078de7bcdd
ServerName                         : EX2010
SSLOffloading                      : False
ExternalHostname                   : webmail.company.com.au
InternalHostname                   :
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Ntlm}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : False
MetabasePath                       : IIS://EX2010.COMPANY.local/W3SVC/1/ROOT/Rpc
Path                               : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 14.3 (Build 123.4)
Server                             : EX2010
AdminDisplayName                   :
ExchangeVersion                    : 0.10 (14.0.100.0)
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web
                                     Site),CN=HTTP,CN=Protocols,CN=EX2010,CN=Servers,CN=Exchange Administrative
                                     Group (ABCDEFGH12IJKLM),CN=Administrative Groups,CN=COMPANY,CN=Microsoft
                                     Exchange,CN=Services,CN=Configuration,DC=COMPANY,DC=local
Identity                           : EX2010\Rpc (Default Web Site)
Guid                               : 1a65be5f-f469-438f-88c0-0c0c5a92a9d3
ObjectCategory                     : COMPANY.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 30/07/2015 3:49:39 PM
WhenCreated                        : 15/09/2011 10:35:57 AM
WhenChangedUTC                     : 30/07/2015 5:49:39 AM
WhenCreatedUTC                     : 15/09/2011 12:35:57 AM
OrganizationId                     :
Id                                 : EX2010\Rpc (Default Web Site)
OriginatingServer                  : DC02.COMPANY.local
IsValid                            : True
ObjectState                        : Changed

RunspaceId                         : 7abfc9c7-4926-4667-9ea5-c0078de7bcdd
ServerName                         : EX2013
SSLOffloading                      : True
ExternalHostname                   : webmail.company.com.au
InternalHostname                   : webmail.company.com.au
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Ntlm}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://EX2013.COMPANY.local/W3SVC/1/ROOT/Rpc
Path                               : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.0 (Build 1076.9)
Server                             : EX2013
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (15.0.0.0)
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web
                                     Site),CN=HTTP,CN=Protocols,CN=EX2013,CN=Servers,CN=Exchange Administrative
                                     Group (ABCDEFGH12IJKLM),CN=Administrative Groups,CN=COMPANY,CN=Microsoft
                                     Exchange,CN=Services,CN=Configuration,DC=COMPANY,DC=local
Identity                           : EX2013\Rpc (Default Web Site)
Guid                               : d29caa24-5264-4fa3-8927-4bcd5b8aaa87
ObjectCategory                     : COMPANY.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 30/07/2015 3:50:50 PM
WhenCreated                        : 23/06/2015 5:04:50 PM
WhenChangedUTC                     : 30/07/2015 5:50:50 AM
WhenCreatedUTC                     : 23/06/2015 7:04:50 AM
OrganizationId                     :
Id                                 : EX2013\Rpc (Default Web Site)
OriginatingServer                  : DC02.COMPANY.local
IsValid                            : True
ObjectState                        : Changed

Thanks in advance!

July 31st, 2015 3:38am

Try setting IISAuthenticationMethods to NTLM,Basic on the Exchange 2010 servers.

Free Windows Admin Tool Kit Click here and download it now

August 1st, 2015 4:18pm

Done.

[PS] C:\Windows\system32>Get-OutlookAnywhere | fl Identity, ServerName, SSLOffloading, *Hostname, *AuthenticationMethod*, *RequireSsl, AdminDisplayVersion, ExchangeVersion


Identity                           : EX2010\Rpc (Default Web Site)
ServerName                         : EX2010
SSLOffloading                      : False
ExternalHostname                   : webmail.company.com.au
InternalHostname                   :
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm}
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : False
AdminDisplayVersion                : Version 14.3 (Build 123.4)
ExchangeVersion                    : 0.10 (14.0.100.0)

Identity                           : EX2013\Rpc (Default Web Site)
ServerName                         : EX2013
SSLOffloading                      : True
ExternalHostname                   : webmail.company.com.au
InternalHostname                   : webmail.company.com.au
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Ntlm}
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
AdminDisplayVersion                : Version 15.0 (Build 1076.9)
ExchangeVersion                    : 0.20 (15.0.0.0)

IISRESET afterwards?

August 2nd, 2015 9:12pm

Hi,

Please try to follow the below link:

https://support.microsoft.com/en-us/kb/2918951

In addiction, I have noticed you can't access shared mailbox.

So we should check the automapping feature, please do the following steps:

1. Open Active Directory Users and Computers.

2. In Users, right-click the Shared mailbox > Properties.

3. In Attribute Editor tab, pick up msExchDelegateListLink attribute.

4. Make sure the value is pointed to the user account who has full access permission to this shared mailbox.

If you can not find the msExchDelegateListLink attribute value about User B, please remove full access permission and re-add the full access permission .

You can run the following command to add the full access permission and enable automapping:

Add-MailboxPermission -Identity A -User 'B' -AccessRight FullAccess -InheritanceType All -Automapping $true

Regards,

David

Edited by David Wang_Microsoft contingent staff 15 minutes ago

Free Windows Admin Tool Kit Click here and download it now

August 3rd, 2015 3:35am

This topic is archived. No further replies will be accepted.