Tuesday, November 19, 2013

Free/Busy Information not Showing for Some Users

Today I was working with one customer for the Outlook Free/Busy information issue where I observed very interesting things, So I thought to share with you for future references.

Issue: -
Not able to see Free/Busy information for particular users.

Error Message: -


Issue Statement: -
                  
                   Microsoft Introduced Calendar Assistance in Outlook 2003/2007/2010 and 2013 which will user to get the users free/busy information without access permission of the users mailbox. When outlook opened it will utilize SCP (Service Connection Point) by Autodiscover service to identify and validate users and server information/settings to connect Mailbox server. Basically all the client access servers will have Autodiscoverurl to propagate server settings which is known as SCP by the EWS API.

                   When outlook connect Microsoft Exchange Client Access Server the first outlook send the XML file which contained User Name, Password, Email address , AD Site information’s to Client Access Server (Load balancer if you have HLB/NLB) then CAS Server transfer the connections status to “Connection Manager” which will validate given information with Global Catalog servers, Based on response connection manager will respond to CAS server then CAS server allow clients to connects with Mailbox server.

                   When we requesting for Free/Busy information CAS server will communicate with Mailbox servers by utilizing SCP connections with the following phases,

    3.    SRV  - autodiscover.learnexchange.com

AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Exchange-A}

Following diagram illustrates SCP Lookup Phases,


In our cause Autodiscover return proper response with status 200 by running the “Test E-Mail AutoConfiguration” but am not receiving user free/busy information, I just quite curious to know the reason, than I checked the same by login to Webmail and Outlook Online Mode both showing the same result L.

Where is the issue? I recalled the outlook command switch that “Outlook /Cleanfreebusy” will clear the outlook corrupted free/busy cache, I ran the same command but still I was not able to see the particular user free/busy information.

I am literally pulling out my hair ^o) ^o), Finally I went to Exchange Command Shell to get the Calendar Permission and Testing the Autodiscover of the particular user,

Autodiscover Test: - I ran the Test-OutlookWebServices command and got Successful result.

Test-OutlookWebServices -TargetAddress "terrikarsten@learnexchange.com" |fl

Id      : 1122
Type    : Success
Message : Autodiscover was tested successfully.

Gathering Calendar Permission: -  I ran the Get-MailboxFolderPermission against Calendar Folder and found Access Permission set as “None”.

Get-MailboxFolderPermission -Identity terrikarsten@learnexchange.com:\calendar

FolderName   : Calendar
User         : Default
AccessRights : {None}
Identity     : Default
IsValid      : True

Which is not the default settings of Calendar for the regular mailboxes by default set in place of “AvailabilityOnly”.

Resolution: -

As we see above diagnose shows that Calendar should have “AvailabilityOnly” permission to get the free/busy information of user, So now we have to assign the permission to calendar. We can assign the permission by the following methods.

   1.    Microsoft Exchange Management Shell.

   2.    Microsoft Outlook.

The easiest way to assign the permission is Microsoft Outlook (I always prefer) by the following directions,

Open Outlook navigate it to Folder List select “Calendar” Right Click go to Properties


Select Permission Tab and change the “Default” User Permission from “None” to “Free/Busy Time” save the changes and close.


We have to wait for some time to replicate the changes. After 15 min (By default Replication Interval) checked the same now we able to see the user free/busy information.


Thanks
Keep Visit

Friday, November 1, 2013

Outlook Autodiscover Failed 0X800C8203 - Your Automatic Reply settings cannot be displayed because the server is currently unavailable


Recently I came across Outlook 2007 and 2010 users having issues while accessing Outlook out Of Office (OOO) and Outlook Free/Busy information. When I started troubleshooting the issue, I have verified Outlook Email Auto Configuration test and I got below error message.


Outlook Test E-mail Auto Configuration: -


Outlook Automatic Reply Response: -


I have verified other users in the same database and server all users are accessing OOO and Outlook Free/Busy information without any issues. So I have accessed user profile on different machine I got the same error message than I thought it’s not server level issues it’s something wrong on the user mailbox settings.

I decided to begin troubleshooting by running a web debugging tool on the server which allows me to capture the HTTP traffic generated by Outlook. I found the following Autodiscover response within this trace:

PS D:\Program Files\Microsoft\Exchange Server\V14\Scripts> Test-OutlookWebServices -Identity WayneKern@learnexchange.com

RunspaceId : 9fe80cf8-547a-49a9-9ef8-9500e77d316a
Id         : 1123
Type       : Error
Message    : Autodiscover returned the error: 603:The Active Directory user wasn't found.


At first I was little confused because above user able to access his mailbox through Outlook and Webmail without any issues. Then I recalled Exchange Update patches Microsoft Released Mailbox AutoMapping Feature in Exchange 2010 SP1 were mailboxes will be added automatically once user assigned Mailbox Full Access Permission by Exchange management Console or Exchange Management Shell by following command.

Add-MailboxPermission –Identity “UserName” –User “RequesterName” –Accesspermission Fullaccess – InheritanceType all


Which will add the mailbox automatically on requester outlook after replication, If you don’t want it follow the below command..

Add-MailboxPermission –Identity “UserName” –User “RequesterName” –Accesspermission Fullaccess – InheritanceType all –Automapping $false

While the permissions are being applied against the object, the delegate user object is also added to the msExchDelegateListLink attribute for the owner mailbox. The delegate’s user object also has an Active Directory attribute modified. The msExchDelegateListBL is updated to include the new mailbox owner’s user object DN. Now that the user has been granted access to the mailbox we will look at what happens on the client side.

An Autodiscover request is always initiated when the Outlook client is launched to determine the mailbox settings for the user. This Autodiscover request queries Active Directory and retrieves the msExchDelegateListBL for the user as part of the process. These results are then included in the Autodiscover response XML as an alternative mailbox. The following is an example taken from a working client:

Take look at the above msExchDelegateListBL attributes response, here would see DelegateBL attribute showing the Owner Mailbox Distinguish Name (DN). Now let look at the above delegate mailbox status then I found this user account was disabled and account does not have mailbox in Exchange Environment.
What do you think happens when Active Directory returns this msExchDelegateListBL and there is a user object within the list that no longer has a mailbox? If you answered Autodiscover returns a 603 error, then you are correct. Once this list is retrieved, the server and legacyExchangeDN for the mailboxes must be retrieved. These attributes are no longer present on a user object after the mailbox has been removed. Therefore Active Directory cannot find the mailbox and returns the user not found error.

Than how do I need to check? Yes, we can, Microsoft introduced Active Directory Power shell Module through we can check and do the necessary changes.

Import-Module ActiveDirectory

PS C:\Windows\system32> Get-adUser -Identity "waynekern" -Properties msExchDelegateListBL

DistinguishedName    : CN=Kern\, Wayne,OU=Users,DC=EXCHDC,DC=learnexchange,DC=com
Enabled              : True
GivenName            : Wayne
msExchDelegateListBL : {CN=Kern\, Wayne,OU=Disabled Accounts,OU=Accounts,DC=learnexchange,DC=com}
Name                 : Kern, Wayne
ObjectClass          : user
ObjectGUID           : 244638bb-4ab5-4118-ae8a-ac204dbd7f6e
SamAccountName       : waynekern
SID                  : S-1-5-21-1454471165-1960408961-725345543-2167388
Surname              : Kern
UserPrincipalName    : waynekern@learnexchange.com


Now we will make sure GUID match with user account,


PS C:\Windows\system32> Get-ADUser 244638bb-4ab5-4118-ae8a-ac204dbd7f6e

DistinguishedName : CN=Kern\, Wayne,OU=Users,OU=Site,DC=EXCHDC,DC=learnexchange,DC=com
Enabled           : True
GivenName         : Wayne
Name              : Kern, Wayne
ObjectClass       : user
ObjectGUID        : 244638bb-4ab5-4118-ae8a-ac204dbd7f6e
SamAccountName    : waynekern
SID               : S-1-5-21-1454471165-1960408961-725345543-2167388
Surname           : Kern
UserPrincipalName : waynekern@learnexchange.com

Resolution: -

Now that we have identified the missing mailbox causing our issue we need to remove it from this backlink. A backlink attribute is read-only so we cannot modify it directly on this user object. Instead we must modify the msExchDelegateListLink  for the object identified within the backlink or the original mailbox owner. We can do this from the same Powershell session or ADSIEDIT.

            1.    ADSIEDIT
            2.    Active Directory Command Shell


ADSIEDIT: -


Open ADSIEDIT connect “Default Naming Context” and Navigate to user Organizational Unit, Select the user account properties and followed by select “Attribute Editor” scroll down to “msExchangeDelegatelistLink” clear the match values .



Active Directory Command Shell: -

Stat ---->Administrative Tools ----->Active Directory PowerShell Module.

Set-ADUser  -Identity “waynekern “ -Clear msExchDelegateListLink

Once Active Directory Replication has been completed you can Run Get-adUser -Identity "waynekern" -Properties msExchDelegateListBL.

Now it will show null values.

Now Replication has been completed it’s good time to test the Outlook Webservice health status again user mailbox. Run the below command and find the autodiscover ID, We have received Autodiscover test success.

Test-OutlookWebServices -Identity "waynekern@learnexchange.com" |fl

Id      : 1122
Type    : Success
Message : Autodiscover was tested successfully.