Recently
I came across Outlook 2007 and 2010 users having issues while accessing Outlook
out Of Office (OOO) and Outlook Free/Busy information. When I started
troubleshooting the issue, I have verified Outlook Email Auto Configuration
test and I got below error message.
https://autodiscover.learnexchange.com/autodiscover/autodiscover.xml
Failed (0X800C8203).
Outlook
Test E-mail Auto Configuration: -
Outlook
Automatic Reply Response: -
I have
verified other users in the same database and server all users are accessing
OOO and Outlook Free/Busy information without any issues. So I have accessed
user profile on different machine I got the same error message than I thought
it’s not server level issues it’s something wrong on the user mailbox settings.
I
decided to begin troubleshooting by running a web debugging tool on the server
which allows me to capture the HTTP traffic generated by Outlook. I found the
following Autodiscover response within this trace:
PS
D:\Program Files\Microsoft\Exchange Server\V14\Scripts> Test-OutlookWebServices -Identity WayneKern@learnexchange.com
RunspaceId
: 9fe80cf8-547a-49a9-9ef8-9500e77d316a
Id
: 1123
Type
: Error
Message
: Autodiscover returned the error: 603:The Active Directory user wasn't found.
At
first I was little confused because above user able to access his mailbox
through Outlook and Webmail without any issues. Then I recalled Exchange Update
patches Microsoft Released Mailbox AutoMapping Feature in Exchange 2010 SP1
were mailboxes will be added automatically once user assigned Mailbox Full
Access Permission by Exchange management Console or Exchange Management Shell
by following command.
Add-MailboxPermission –Identity “UserName” –User “RequesterName”
–Accesspermission Fullaccess – InheritanceType all
Which
will add the mailbox automatically on requester outlook after replication, If
you don’t want it follow the below command..
Add-MailboxPermission –Identity “UserName” –User “RequesterName”
–Accesspermission Fullaccess – InheritanceType all –Automapping $false
While
the permissions are being applied against the object, the delegate user object
is also added to the msExchDelegateListLink attribute for the owner mailbox.
The delegate’s user object also has an Active Directory attribute modified. The
msExchDelegateListBL is updated to include the new mailbox owner’s user object
DN. Now that the user has been granted access to the mailbox we will look at
what happens on the client side.
An
Autodiscover request is always initiated when the Outlook client is launched to
determine the mailbox settings for the user. This Autodiscover request queries
Active Directory and retrieves the msExchDelegateListBL for the user as part of
the process. These results are then included in the Autodiscover response XML
as an alternative mailbox. The following is an example taken from a working
client:
Take
look at the above msExchDelegateListBL attributes response, here would see
DelegateBL attribute showing the Owner Mailbox Distinguish Name (DN). Now let
look at the above delegate mailbox status then I found this user account was
disabled and account does not have mailbox in Exchange Environment.
What
do you think happens when Active Directory returns this msExchDelegateListBL
and there is a user object within the list that no longer has a mailbox? If you
answered Autodiscover returns a 603 error, then you are correct. Once this list
is retrieved, the server and legacyExchangeDN for the mailboxes must be
retrieved. These attributes are no longer present on a user object after the
mailbox has been removed. Therefore Active Directory cannot find the mailbox
and returns the user not found error.
Than
how do I need to check? Yes, we can, Microsoft introduced Active Directory
Power shell Module through we can check and do the necessary changes.
Import-Module ActiveDirectory
PS
C:\Windows\system32> Get-adUser -Identity
"waynekern" -Properties msExchDelegateListBL
DistinguishedName
: CN=Kern\, Wayne,OU=Users,DC=EXCHDC,DC=learnexchange,DC=com
Enabled
: True
GivenName
: Wayne
msExchDelegateListBL : {CN=Kern\,
Wayne,OU=Disabled Accounts,OU=Accounts,DC=learnexchange,DC=com}
Name
: Kern, Wayne
ObjectClass
: user
ObjectGUID
: 244638bb-4ab5-4118-ae8a-ac204dbd7f6e
SamAccountName
: waynekern
SID
: S-1-5-21-1454471165-1960408961-725345543-2167388
Surname
: Kern
UserPrincipalName
: waynekern@learnexchange.com
Now we
will make sure GUID match with user account,
PS
C:\Windows\system32> Get-ADUser
244638bb-4ab5-4118-ae8a-ac204dbd7f6e
DistinguishedName
: CN=Kern\, Wayne,OU=Users,OU=Site,DC=EXCHDC,DC=learnexchange,DC=com
Enabled
: True
GivenName
: Wayne
Name
: Kern, Wayne
ObjectClass
: user
ObjectGUID
: 244638bb-4ab5-4118-ae8a-ac204dbd7f6e
SamAccountName
: waynekern
SID
: S-1-5-21-1454471165-1960408961-725345543-2167388
Surname
: Kern
UserPrincipalName
: waynekern@learnexchange.com
Resolution:
-
Now
that we have identified the missing mailbox causing our issue we need to remove
it from this backlink. A backlink attribute is read-only so we cannot modify it
directly on this user object. Instead we must modify the
msExchDelegateListLink for the object identified within the backlink or
the original mailbox owner. We can do this from the same Powershell session or
ADSIEDIT.
1. ADSIEDIT
2. Active Directory Command Shell
ADSIEDIT:
-
Open
ADSIEDIT connect “Default Naming Context” and Navigate to user Organizational
Unit, Select the user account properties and followed by select “Attribute
Editor” scroll down to “msExchangeDelegatelistLink” clear the match values .
Active
Directory Command Shell: -
Stat ---->Administrative Tools ----->Active Directory
PowerShell Module.
Set-ADUser -Identity “waynekern “ -Clear
msExchDelegateListLink
Once
Active Directory Replication has been completed you can Run Get-adUser
-Identity "waynekern" -Properties msExchDelegateListBL.
Now it
will show null values.
Now
Replication has been completed it’s good time to test the Outlook Webservice
health status again user mailbox. Run the below command and find the
autodiscover ID, We have received Autodiscover test success.
Test-OutlookWebServices -Identity "waynekern@learnexchange.com"
|fl
Id
: 1122
Type
: Success
Message : Autodiscover was tested
successfully.
No comments:
Post a Comment