Exchange 2010 - Users in a restricted OU cannot login to OWA externally only - internal works

Similar Messages

• Exchange 2010 users cannot open Exchange 2013 shared mailbox

  Title says it all.
  We're in the process of migrating 1000+ mailboxes to Exchange 2013. A number of shared mailboxes have been migrated, but those users still on 2010 cannot open them.
  Is this just how it is, or is there a way around it?

  Hi,
  I tested in my lab, if the shared mailbox is on Exchange 2010, I could open this shared mailbox successfully. Then I moved this shared mailbox to Exchange 2013, after that, I couldn’t open it anymore, I got the following error:
  Besides, I tried to open a shared mailbox on Exchange 2013 which was not moved from Exchange 2010, it is the same error message.
  Based on the test, it seems that Exchange 2010 users can’t open shared mailbox on Exchange 2013. So I recommend you move those users to Exchange 2013.
  Best regards,
  Belinda Ma
  TechNet Community Support

• Exchange 2003 users are unable to send attachments larger then 8 MB to Exchange 2010 users on the same LAN

  I am migrating from Exchange 2003 to Exchange 2010.
  Users who are still on Exchange 2003 cannot send attachments any larger than around 8MB to Exchange 2010 users on the same LAN.
  Users on Exchange 2010 can send large attachments to fellow Exchange 2010 users without issue.
  I do not have any quota restrictions on Exchange 2010.
  Had a look at the Exchange 2003 Connector but could not see any reference to attachement restrictions.
  Has anyone come across this?

  Here is a note of the NDR:-
  Your message did not reach some or all of the intended recipients.
  Subject:   
  The following recipient(s) cannot be reached:
  Tracey xxxxxx on 01/12/2014 13:27
  This message is larger than the current system limit or the recipient's mailbox is full. 
  Create a shorter message body or remove attachments and try sending it again.
  <mail.xxxxxxxxx.com #5.2.3 smtp;450 5.2.3 Msg Size greater than allowed by Remote Host>

• Exchange OWA does not load OWA for Exchange 2010 users

  I have recently installed Exchange 2013 SP1 CU4 in my existing Exchange 2010 SP3 environment but when I use Exchange 2013 OWA to login Exchange 2010 users (it should automatically take the user to Exchange 2010 OWA) but I get this error message "Forbidden
  403- Access is denied". However exchange 2010 users can login to their /ecp directory from exchange 2013. Exchange 2010 users can use OWA using their exchange2010/owa URL without any problems. We do not have any http or https redirection enabled
  on any of the server. Also I have tried to uncheck the "Required SSL" settings for default web site on both Exchange servers but error is still same. Any help will be highly appreciated.

  Hi,
  According to your description, your Exchange 2013 cannot proxy OWA request to Exchange 2010 server, but ECP　request　can work properly.
  In this case, Ｉ'd like to confirm OWA and ECP settings on Exchange 2013 and 2010 servers before going further:
  Get-OWAvituraldirectory |fl identify,*url,*authentication
  Get-ECPvituraldirectory |fl identify,*url,*authentication
  Thanks,
  Angela Shi
  TechNet Community Support

• No Free/Busy Information for Exchange 2010 users in Outlook 2010 client, 2010 OWA shows this information fine

  I have looked for hours and hours on Google and this web site for this type of issue and nothing seems to help.
  Problem:
  On my new Windows 2008 R2 /Exchange 2010 server with IIS7 installed, I can use Outlook 2010 client to login and send and receive e-mail but when I try to busy search internal Exchange users I get no information (cross-hatch), but the sender of the Meeting Request
  can see their own free/busy information fine.  And OWA users can see free/busy information fine, as can Outlook 2003 client users against this Exchange 2010 server when logged in.
  I don't know if I have a certificate problem with regard to IIS7 or Exchange 2010, I did not create my own certificate , it is just what was installed by default when I installed and configured Win2K8 server, IIS7 and Exchange.
  On the Windows 7 workstations with Outlook 2010 client, I am not logging into the Exchange 2010 server DNS domain, if that makes any difference.  On these workstations I can ping "autodiscover.my.exchange.server.com" and my.exchange.server.com
  with no problem.  I even used this Microsoft KB to install a new _autodiscover dns entry, but it did not help :
  When I turn on logging on my Outlook 2010 client, I see this in my C:\Users\Administrator\AppData\Local\Temp\1\outlook logging\20131208-135658864-fb.log :
  2013/12/08 13:56:58.864: Getting ASURL
  2013/12/08 13:56:58.864: URL returned from cached autodiscover: blah blah 
  2013/12/08 13:56:58.864: Request to URL: 
  2013/12/08 13:56:58.864: Request action: 
  2013/12/08 13:56:58.864: Request XML: <?xml version="1.0"?>
  2013/12/08 13:56:59.051: Request sent
  2013/12/08 13:56:59.051: Response error code: 00000000
  2013/12/08 13:56:59.051: HTTP status code: 0
  2013/12/08 13:56:59.051: -------------------------------
  2013/12/08 13:56:59.051: There is an error in request/response.
  2013/12/08 13:56:59.051: XML response:
  2013/12/08 13:56:59.051: -------------------------------
  2013/12/08 13:56:59.051: Getting ASURL
  2013/12/08 13:56:59.644: Failed to get ASURL. Error 8004010F
  At an Exchange shell console I enter this command and get these results :
  Exchnage Management Shell :
  VERBOSE: Connecting to BPExchange2010.my.exchange.server.com
  VERBOSE: Connected to BPExchange2010.my.exchange.server.com.
  [PS] C:\Windows\system32>Test-OutlookWebServices -id:[email protected] -TargetAddress:[email protected]
  ll.com
  RunspaceId : c929eacd-d53c-49d7-8532-c4b74e61b8be
  Id         : 1019
  Type       : Information
  Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is 
  Type       : Success
  Message    : [Server] Successfully contacted the UM service at https://bpexchange2010.my.exchange.server.com/ews/exchan
               ge.asmx. The elapsed time was 234 milliseconds.
  [PS] C:\Windows\system32>
  ** Also frequently when I log into Outlook 2010 client and start to send a meeting request , I get the Security Alert dialog :
  autodiscover.my.exchange.server.com
  Information you exchange with this site cannot be viewed or changed by others.  However, there is a problem with the site's security certificate.
  Green Check Mark :  The security cerficate is from a trusted certifying authority
  Green Check Mark: The security certificate date is valid
  Red X :  The name on the security certificate is invalid or does not match the name of the site.
  Do you want to proceed ?  .  I either import the certificate or click YES, but does not help this issue.
  NOTE: Each user that shows as NO INFORMATION cross-hatch, these users have appointments and have logged into outlook before.
  When I do this autodiscover url from a Windows 7 pc with outlook 2010 I get  :
  This XML file does not appear to have any style information associated with it. The document tree is shown below.
  <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response>
  <Error Time="14:47:01.5656198" Id="401440650">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData/>
  </Error>
  </Response>
  </Autodiscover>
  Can anyone assist ?  What am I missing ?
  Thank You
  NOTE:  When will this go away.  I had to strip out a lot of helpful information to post this.  "Body text cannot contain images or links until we are able to verify your account."

  Hi,
  How many users encounter this issue, all users with Outlook 2010 or some specific users?
  According to your post, the Error code 600 indicates that your Autodiscover service is working well. as for the certificate mismatch issue, we can also following the KB below to resolve it:
  http://support.microsoft.com/kb/940726/en-us
  The Free/Busy information in Exchange 2010 is using the Availability service to
  retrieve it. Please directly access
  https://mail.mydomain.ae/EWS/Exchange.asmx in IE and see whether a proper XML file is returned.
   Or we can go to
  https://testexchangeconnectivity.com and check MS Exchange Web Services Connectivity Tests.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Exchange 2010, users in C:\Users?

  Hello,
  We appear to have a problem on our Exchange 2010 servers. We have a lot of user profiles on it for some reason. These people cannot log on to the servers so I don't understand why they have them? Not all users have profiles, probably around 5-10%.
  Any advise will be appreciated.
  Regards
  Ian Southwell

  Dear Frank,
  Even I am struggling through the same issue whereas there is no one in logon on locally access and we have deny logon locally to all user including authenticated users.
  Users profile are creating on only one server whereas on another CAS there is no profile even though CAS1 and CAS2.
  Kindly suggest.
  Sadanand Bobade
  Sadanand Bobade

• Exchange 2010 user Non-deliverable message

  Any help is appreciated. We have a user who is trying to email a vendor who she normally can but now she is getting an NDR message stating:
  The following organization rejected your message: [XXX]. <- other company's IP
  Diagnostic information for administrators:
  Generating server:
  esa1.XXX.iphmx.com  <- our server
  Recipient's email address
  [XXX] <- other company's IP #<[XXX] <- other company's IP #5.0.0 smtp;
  5.3.0 - Other mail system problem 550-'permanent failure for one or more
  recipients (recipients email address:blocked)' (delivery attempts: 0)>
  #SMTP#
  Original message headers:
  X-IronPort-AV:
  E=Sophos;i="4.84,830,1355126400";
  d="xml'?bin'?scan'208,217,72,48?xlsx'208,217,72,48,72,48?rels'208,217,72,48,72,48";a="8561738"
  Received:
  from firewall01.XXX.com (HELO  <- our company's system
  webmail.XXX.com) <- our company's system
  ([IP]) by esa1.XXX.iphmx.com <- our company's system 
  with ESMTP; 12 Mar 2013
  04:30:48 -0800
  Received: from
  TMIEXMB02.XXX.com ([IP])  <- our company's system
  by
  TMIEXCAS02.XXX.com ([IP]) with mapi id  <- our company's system
  14.02.0247.003;

  Any help is appreciated. We have a user who is trying to email a vendor who she normally can but now she is getting an NDR message stating:
  The following organization rejected your message: [XXX]. <- other company's IP
  Diagnostic information for administrators:
  Generating server:
  esa1.XXX.iphmx.com  <- our server
  Recipient's email address
  [XXX] <- other company's IP #<[XXX] <- other company's IP #5.0.0 smtp;
  5.3.0 - Other mail system problem 550-'permanent failure for one or more
  recipients (recipients email address:blocked)' (delivery attempts: 0)>
  #SMTP#
  This NDR is stating that the recipient company has blocked this email address so you will have to contact them to see if they can lift the block or why it was blocked in the first place.
  Jason Apt, Microsoft Certified Master | Exchange 2010
  My Blog

• Created mailbox for new user in Exchange 2010, user not visible in AD.

  Hi everyone!
  This morning I created a mailbox for a new user on my Exchange 2010 box.
  Everything works fantastically but I am unable to view the new user in AD except by searching.  If I run a search the results say the user exists in my Users container, and I can view the properties of the user account from the search results, but I
  am unable to actually see the user profile object in the Users container.
  I notice in EMC that the mailbox has a user icon on the mailbox icon instead of the regular standard icon - I'm not sure what this implies.
  Can anyone offer some advice as to why this happens and how to resolve it?
  Thanks!

  Hi,
  AD objects store in the Domain partition Database.
  Its replication Scope is :Domain Wide
  Its replication model is: Multi Master
  There are two possible cause.
  1. AD replication latency if you have several DCs.
  You could wait for AD replication or force replication, Click
  refresh on ADUC.
  2. You create the new user
   in other OU, not  Users.
  You could run this command to get
   the user’s DistingushedName attribution.
  Get-mailbox –identity
  [email protected] |fl
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Exchange 2010 users cant change password in OWA when Cas server is Exchange 2013 cu3

  Running Exchange 2010 and 2013 in mixed mode.  users who is still on Exchange 2010 cant change password in OWA. It worked when it was clean Exchange 2010 installation. Password change is working for users migrated to 2013
  LS

  Hi
  Please follow the below blog which will help you in solving this issue
  http://technet.microsoft.com/en-us/library/bb684904.aspx
  Note: Be careful while modifying the registry settings.
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you.
  Regards,
  Sathish

• Exchange 2010 user online archive mailbox becomes personal archive mailbox after recreated

  Hi,
  We are using Exchange 2010 SP2, one of our user online archive mailbox deleted and re-created fresh archive mailbox.
  But, then it displaying as Personal Archive Mailbox instead Online Archive Mailbox in server and user outlook. Also, no emails moving from primary mailbox to personal archive mailbox. Checked and confirm mailbox retention policy for the user mailbox, however
  there is no archive is running.
  How to resolve changing to Online Archive Mailbox and continue mailbox archive?
  Any help.
  MD

  Hi,
  How did the user delete and re-create the online archive mailbox?
  I suggest re-create online archive mailbox via following method:
  1. Befor creating Online Archive, please perform following configuration:
  Configure Exchange Online Archiving
  http://technet.microsoft.com/en-us/library/hh529915(v=exchg.141).aspx
  2. Then create Online Archive:
  Create a Personal (On-Premises) or Cloud-Based Archive for a New Mailbox
  http://technet.microsoft.com/en-us/library/dd979791(v=exchg.141).aspx
  Thanks

• Outlook 2013/ Exchange 2010 User Mailbox reached Limit and OWA is not reachable

  Hello Folks,I have a strange Outlook/ Exchange problem with one of our Users, interestingly it’s the Boss of our company….The Background:- We have 2 Domains @company-1 or @company-2- We have 1 Exchange 2010 Server Version 14.03.0224.002- Till March of this year our Emails where hosted externally, we used to download the Emails every 2 minutes from POP3 Mailboxes into Exchange- We have 18 Users- So every User had a User account on our Exchange and a Mailbox externally- Now we host our Emails our self via MX and DNS Records(mail.company.cc)- The User kept their Exchange accounts, OWA is now working too So far all works well on my little Server farm.The Catch:Usually our users have only one Email address either @company-1 or @company-2 Except our Boss and one other User, they have an Email address in both Domains They have addresses one...
  This topic first appeared in the Spiceworks Community

  Hi,
  I suggest to repair .ost file to check this issue by the following steps:
  Exit Outlook.
  In Control Panel, click or double-click Mail.
  In the Mail Setup dialog box, click E-mail Accounts.
  Click the Data Files tab, select the Exchange account, and then click
  Open File Location. A file explorer window opens to the location of the data file for the Exchange account. The
  Account Settings and Mail Setup dialog boxes will remain open, behind the file explorer window.
  Close the Account Settings and the Mail Setup dialog boxes, then return to the file explorer window.
  Important: be sure to close these two dialog boxes before you delete the file. If they aren't closed, Windows may display an error message about a conflict.
  In the file explorer window, right-click the Exchange data file and then click
  Delete. The next time you start Outlook, a new .ost file is created for the account.
  Best Regards.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Lynn-Li
  TechNet Community Support

• Outlook anywhere issue for exchange 2010 users

  Hi Guys really hoping some one can help me out here.
  I have just introduced 2 new exchange 2013 servers into our existing exchange 2010 environment. 1 CAS server and 1 mailbox server.
  The issue i'm having is that any users that are on exchange 2010 mailbox servers can't connect to their profiles in outlook via the exchange 2013 cas box. OWA works fine and users that are on exchange 2013 mailboxes also work fine.
  Authentication is set to on exchange 2013 and 2010 cas boxes to
  Exchange 2013 cas
  ExternalClientAuthenticationMethod : Ntlm
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Exchange 2010 cas
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  I was also wondering should I have a reg key on my exchange cas box of HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy\validports_autoconfigure_exchange  ???

  Thanks for the reply i have changed it to the following
  Exchange 2013 cas
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Exchange 2010 cas
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  and reset iis but still no luck authenticating with outlook on existing profiles or a new profile.

• Exchange 2010 - New-Mailbox - A positional parameter cannot be found that accepts argument '-PrimarySmtpAddress'.

  Hi,
  I am currently writing a powershell script that utilizes the new-mailbox command of EMS to create a shared mailbox.
  I am connecting to EMS via a remote PSSession object.
  When I try and specify an alternative SMTP address via the -PrimarySmtpAddress paramater I get the error
  " A positional parameter cannot be found that accepts argument '-PrimarySmtpAddress'.
  I have confirmed that the version of Exchange 2010 installed on the server should have this parameter - Version 14.3 (Build 123.4)
  An example command :-
  New-Mailbox -Shared -Name "SharedMailbox_test" -Alias "testsharedmailbox" -DisplayName "SharedMailbox_test" -UserPrincipalName "[email protected]" -OrganizationalUnit "OU=Mailboxes,OU=Accounts,DC=domain,DC=com"
  -Database "DB1" -PrimarySmtpAddress "[email protected]" -force
  Has anyone else experienced this behavior?
  Steve.
  Just a good old boy, never meaning no harm

  Hi Rich,
  That was my initial thought too, so I triple-checked my command to see if it was a simple syntax error - it wasn't.
  On further investigation I compared the list of parameters available in a DEV EMS session (on where I know the command works) against the one in PROD where the problem occurs.  Both sessions are running the same version of EMS.
  I ran the following to get a list of parameter names in both sessions :-
  $a = gcm New-Mailbox
  $a.Parameters.Keys | sort
  Here's the results :-
  DEV EMS (working)
  Prod EMS (missing)
  AccountDisabled
  ActiveSyncMailboxPolicy
  AddressBookPolicy
  Alias
  Alias
  Arbitration
  ArbitrationMailbox
  Archive
  ArchiveDatabase
  ArchiveDomain
  AsJob
  AsJob
  Confirm
  Confirm
  Database
  Database
  Debug
  Debug
  Discovery
  DisplayName
  DisplayName
  DomainController
  DomainController
  Equipment
  Equipment
  ErrorAction
  ErrorAction
  ErrorVariable
  ErrorVariable
  FirstName
  FirstName
  Force
  Force
  ImmutableId
  Initials
  Initials
  LastName
  LastName
  LinkedCredential
  LinkedDomainController
  LinkedMasterAccount
  ManagedFolderMailboxPolicy
  ManagedFolderMailboxPolicyAllowed
  ModeratedBy
  ModerationEnabled
  Name
  Name
  Office
  OrganizationalUnit
  OrganizationalUnit
  OutBuffer
  OutBuffer
  OutVariable
  OutVariable
  Password
  Phone
  PrimarySmtpAddress
  RemoteArchive
  RemotePowerShellEnabled
  ResetPasswordOnNextLogon
  ResetPasswordOnNextLogon
  ResourceCapacity
  RetentionPolicy
  RoleAssignmentPolicy
  Room
  Room
  SamAccountName
  SamAccountName
  SendModerationNotifications
  Shared
  Shared
  SharingPolicy
  ThrottlingPolicy
  UserPrincipalName
  UserPrincipalName
  Verbose
  Verbose
  WarningAction
  WarningAction
  WarningVariable
  WarningVariable
  WhatIf
  WhatIf
  It might be a permissions-based issue, but I don't own either EMS session so can't test personally.
  I will keep investigating and update here once I have some further information.
  Regards,
  Steve.
  Just a good old boy, never meaning no harm

• Users created in ABAP tool cannot login to Portal

  Hello,
  I have created a user in abap and assigned them the role SAP_J2EE_ADMIN but cannot login into Portal (Message: User authentication failed) with that user. If I login to portal as J2EE_ADMIN and search for that user I get "No element found." Is there something that needs to be done to get users into Portal? Does authentication not occur against the abap system? Also is the J2EE_ADMIN user only valid within portal and not the abap backend?
  I am using EP7.
  Thanks for any help.

  Hi Kelly,
  I changed it under System Administration>>System Configuration>>UME Configuration>>ABAP System tab. If you read ealier in this thread however, I could not restart the j2ee server after that....so change it at your own risk!
  If you do change it and cannot restart,  go into the config tool and navigate to Global server configuration >> services >> com.sap.security.core.ume.service and find the ume.r3.connection.master.client key. Change that back to it's original value. I was able to restart after that.
  Hope that helps.

• Exchange 2010 user cannot change password from OWA

  My users are not able to change their own email password from owa. But we can change the passwords from ECP or from the server without any issue. What could be the issue ?
  Biju Rajan

  Check the regional date and time is set for user OWA...Follow the below steps
  On the Client Access Server (CAS), click Start > Run and type
  regedit.exe and click OK.
  Navigate to HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA.
  Right click the MSExchange OWA key and click New >
  DWord (32-bit).
  The DWORD value name is ChangeExpiredPasswordEnabled and set the value to
  1.
  Note: The values accepted are 1 (or any non-zero value) for "Enabled" or 0 or blank / not present for "Disabled"
  After you configure this DWORD value, you must reset IIS. The recommended method to reset IIS is to use
  IISReset /noforce from a command prompt.
  Ref:http://blogs.technet.com/b/exchange/archive/2010/10/06/3411240.aspx
  Exchange Queries