Outlook 2013 connectivity through Exchange 2013 to Exchange 2010 during Migration

Howdy all,

We are currently running an Exchange 2010 environment. Single server on 2008 R2. One MBX DB, one PUB DB. OAB generation is Web only, Pub disabled. External and Internal URL of webmail.company.com.au. Multi-SAN Certificate by Public CA.

Mixture of Outlook 2010 and 2013.

We are implementing a migration to Exchange 2013. We have a demo virtual environment for testing, and have progressed our live environment up to being ready to migrate mailboxes. So far the demo environment doesn't seem to experience the same issues.

So far 2013 is setup with all of the same settings, same External and Internal URLs so that we can utilize the same certificate. We hope to change the cert at the same time we split Exchange out to 2 2013 servers (which is after an AD domain migration).

Now the problem is occurring when testing Outlook connectivity via manual Host entry, pointing webmail.company.com.au to the 2013 server. Access to shared mailboxes mapped with the 2010 AutoMapping is broken, as well as access to Public Folders. The Connection Status window shows at least 3 connections to 2010 server via RPC/TCP. At first access to both works fine, but after some time (can't be sure on how long) it breaks, and you get an error.

"Cannot expand the folder. The set of folders cannot be opened. Your profile is not configured. (/o=COMPANY/ou=Exchange Administrative Group (ABCDEFGH12IJKLM)/cn=Configuration/cn=Servers/cn=webmail.company.com.au)"

This error has occurred for 5 people I have tested with, including me, with various mapped shared mailboxes.

In the Connection Status window, you do see a flicker of connections that state Connecting and Disconnecting, changing from 2010 server hostname to webmail.company.com.au, with a Type of Exchange Referral, increasing the ID to be up to ~300 before disappearing.

I can supply you with any outputs you need, like Get-OutlookAnywhere:

[PS] C:\Windows\system32>Get-OutlookAnywhere


RunspaceId                         : 7abfc9c7-4926-4667-9ea5-c0078de7bcdd
ServerName                         : EX2010
SSLOffloading                      : False
ExternalHostname                   : webmail.company.com.au
InternalHostname                   :
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Ntlm}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : False
MetabasePath                       : IIS://EX2010.COMPANY.local/W3SVC/1/ROOT/Rpc
Path                               : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 14.3 (Build 123.4)
Server                             : EX2010
AdminDisplayName                   :
ExchangeVersion                    : 0.10 (14.0.100.0)
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web
                                     Site),CN=HTTP,CN=Protocols,CN=EX2010,CN=Servers,CN=Exchange Administrative
                                     Group (ABCDEFGH12IJKLM),CN=Administrative Groups,CN=COMPANY,CN=Microsoft
                                     Exchange,CN=Services,CN=Configuration,DC=COMPANY,DC=local
Identity                           : EX2010\Rpc (Default Web Site)
Guid                               : 1a65be5f-f469-438f-88c0-0c0c5a92a9d3
ObjectCategory                     : COMPANY.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 30/07/2015 3:49:39 PM
WhenCreated                        : 15/09/2011 10:35:57 AM
WhenChangedUTC                     : 30/07/2015 5:49:39 AM
WhenCreatedUTC                     : 15/09/2011 12:35:57 AM
OrganizationId                     :
Id                                 : EX2010\Rpc (Default Web Site)
OriginatingServer                  : DC02.COMPANY.local
IsValid                            : True
ObjectState                        : Changed

RunspaceId                         : 7abfc9c7-4926-4667-9ea5-c0078de7bcdd
ServerName                         : EX2013
SSLOffloading                      : True
ExternalHostname                   : webmail.company.com.au
InternalHostname                   : webmail.company.com.au
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Ntlm}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://EX2013.COMPANY.local/W3SVC/1/ROOT/Rpc
Path                               : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.0 (Build 1076.9)
Server                             : EX2013
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (15.0.0.0)
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web
                                     Site),CN=HTTP,CN=Protocols,CN=EX2013,CN=Servers,CN=Exchange Administrative
                                     Group (ABCDEFGH12IJKLM),CN=Administrative Groups,CN=COMPANY,CN=Microsoft
                                     Exchange,CN=Services,CN=Configuration,DC=COMPANY,DC=local
Identity                           : EX2013\Rpc (Default Web Site)
Guid                               : d29caa24-5264-4fa3-8927-4bcd5b8aaa87
ObjectCategory                     : COMPANY.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 30/07/2015 3:50:50 PM
WhenCreated                        : 23/06/2015 5:04:50 PM
WhenChangedUTC                     : 30/07/2015 5:50:50 AM
WhenCreatedUTC                     : 23/06/2015 7:04:50 AM
OrganizationId                     :
Id                                 : EX2013\Rpc (Default Web Site)
OriginatingServer                  : DC02.COMPANY.local
IsValid                            : True
ObjectState                        : Changed
Thanks in advance!
July 31st, 2015 3:37am

Try setting IISAuthenticationMethods to NTLM,Basic on the Exchange 2010 servers.
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2015 12:19pm

Done.

[PS] C:\Windows\system32>Get-OutlookAnywhere | fl Identity, ServerName, SSLOffloading, *Hostname, *AuthenticationMethod*, *RequireSsl, AdminDisplayVersion, ExchangeVersion


Identity                           : EX2010\Rpc (Default Web Site)
ServerName                         : EX2010
SSLOffloading                      : False
ExternalHostname                   : webmail.company.com.au
InternalHostname                   :
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm}
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : False
AdminDisplayVersion                : Version 14.3 (Build 123.4)
ExchangeVersion                    : 0.10 (14.0.100.0)

Identity                           : EX2013\Rpc (Default Web Site)
ServerName                         : EX2013
SSLOffloading                      : True
ExternalHostname                   : webmail.company.com.au
InternalHostname                   : webmail.company.com.au
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Ntlm}
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
AdminDisplayVersion                : Version 15.0 (Build 1076.9)
ExchangeVersion                    : 0.20 (15.0.0.0)

IISRESET afterwards?

August 2nd, 2015 9:11pm

Hi,

Please try to follow the below link:

https://support.microsoft.com/en-us/kb/2918951

In addiction, I have noticed you can't access shared mailbox.

So we should check the automapping feature, please do the following steps:

1. Open Active Directory Users and Computers.

2. In Users, right-click the Shared mailbox > Properties.

3. In Attribute Editor tab, pick up msExchDelegateListLink attribute.

4. Make sure the value is pointed to the user account who has full access permission to this shared mailbox.

If you can not find the msExchDelegateListLink attribute value about User B, please remove full access permission and re-add the full access permission .

You can run the following command to add the full access permission and enable automapping:

Add-MailboxPermission -Identity A -User 'B' -AccessRight FullAccess -InheritanceType All -Automapping $true

Regards,

David 
Free Windows Admin Tool Kit Click here and download it now
August 3rd, 2015 3:34am

Howdy,

thanks guys for the posts. I found the problem.

 

 

 

 

 

 

 

And i'll tell you :) I can see you shaking your fist already ...

Partially my fault. I didn't include some details because I didn't believe it was related/necessary. And yes i've seen others get bitten by the same mistake!

We don't actually have 1 MBX DB. We have 2. The second is one for mailboxes for people no longer employed.

I was noticing some additional symptoms to my problem. When opening Outlook and things ran fine, I could expand Public Folders and Shared Mailboxes fine for the most part. Until I got to one particular mailbox, which is when I get the error. Looking into this mailbox made me think. This mailbox resides on the 2nd MBX DB. So I looked further.

When 2010 was popular, it was considered best practice to create a CAS Array, even if you had 1 CAS role. So we did. This array had the Fqdn webmail.company.com.au.

Since this was created, the 2nd MBX DB was also created. This means that the RpcClientAccessServer field against this DB was filled with the CAS Array Fqdn.

So when Outlook accesses this mailbox on this DB, it connects via RPC to this server address, which during migration is being pointed to the 2013 server.

The solution is to first check the existence of a CAS Array:

[PS] C:\Windows\system32>Get-ClientAccessArray

Name                Site                 Fqdn                           Members
----                ----                 ----                           -------
company-CAS-Array      Default-First-Sit... webmail.company.com.au            {EX2010, EX2013}

Then check the RpcClientAccessServer field on each MBX DB:

[PS] C:\Windows\system32>Get-MailboxDatabase | ft Name, Server, Rpc*

Name                                                  Server                                               RpcClientAccessServer
----                                                  ------                                               ---------------------
DB-MBX                                           EX2010                                         EX2010.Company.local
DB-MBX-EXSTAFF                                   EX2010                                         webmail.company.com.au

If the above is true, before migrating to Exchange 2013, remove the CAS Array:

[PS] C:\Windows\system32>Remove-ClientAccessArray "company-CAS-Array"

Confirm
Are you sure you want to perform this action?
Removing the Client Access array "company-CAS-Array".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"):

Then revert the RpcClientAccessServer field on any MBX DB referencing it:

[PS] C:\Windows\system32>Set-MailboxDatabase "DB-MBX-EXSTAFF" -RpcClientAccessServer "EX2010.Company.local"

After which, when Outlook launches and first accesses this mailbox, Autodiscover will give it this new CAS address, and connect successfully.

This should be added into the EX2010 to EX2013 Migration Guide.


  • Edited by TheManInOz 23 hours 20 minutes ago
  • Marked as answer by TheManInOz 23 hours 20 minutes ago
August 3rd, 2015 4:07am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics