Tuesday, August 24, 2010

Can't log on to migrated mailbox

I'm working at a client, migrating from Exchange 2007 to 2010.  We're well into the mailbox migration portion of the project and it's been going very well.  However, today after migrating a bunch of service account mailboxes, users who had access to one of the mailboxes couldn't log on to it via Outlook anymore.  They kept getting the error message:
Cannot display the folder. Microsoft Exchange is not available. Either there are network problems or the Exchange computer is down for maintenance.
I tried accessing the same mailbox from both inside and outside the network and got the same error.  Even creating a new Outlook profile didn't help.  However, OWA worked fine.

After doing some digging, I saw this interesting error message on one of the 2010 CAS servers whenever I tried to access the problem mailbox:
Unhandled Exception "Multiple objects with legacy DN /o=COMPANYNAME/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=investors were found."
Stack trace: at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.FindByLegacyExchangeDN(String legacyExchangeDN)
at Microsoft.Exchange.Autodiscover.Providers.Outlook.OutlookAutoDiscoverProvider.GetADRecipientForRequestedUser(ADRecipientSession adRecipientSession, ADRecipient callerRecipient)
Did some more digging and found lots of references to the legacyExchangeDN being set to ADCDisabledMail (from legacy Exchange 5.5 ADC), but that wasn't my issue.  Tried searching for other AD objects with the same legacyExchangeDN, but nothing else popped up.  Finally found another mailbox with the same X500 email address in its ProxyAddresses.  I changed the X500 address of the other mailbox and the troubled mailbox could be opened without any further issue!
 
Why this didn't pop up in Exchange 2007?  Who knows.  But its something to look out for.

UPDATE (11-Oct-2011):  A Technet forum user called "Hotfix" posted a Powershell command that can be used to find users with an X500 address that points to an existing mailbox.  Hotfix wanted to post it here as a comment, but couldn't for some reason.  Here it is below:

# Gather all mailboxes.
$AllMailboxes = Get-Mailbox -ResultSize:Unlimited
# Check the LegacyExchangeDN of each mailbox.
$AllMailboxes | Foreach {
# Build the X500 address pattern match by pre-pending "X500:" in front of the mailbox LegacyExchangeDN.
$X500Address = "X500:" + $_.LegacyExchangeDN
# Perform a search for any recipient object with that X500 address. NOTE: This is not Exchange 2010 PowerShell remoting friendly.
$X500Check = Get-Recipient -Filter {EmailAddresses -eq $X500Address}
# If there was a match found, write it to the screen. This can be modified to be any type of desired output.
If ($X500Check) {
Write-Host $X500Check.PrimarySmtpAddress " - " $X500Address
}
}

1 comment:

  1. Thanks for this article.
    I had almost the exact same error situation on my migration. For those interested, my issues were caused by a setting I made on the CAS server to enable Quest tools to work:

    Set-RpcClientAccess –Server Exchange_server_name –EncryptionRequired $False

    The clients Outlook profile properties (in the advanced section) was set to encrypt client/server data transfers. I unchecked that box and the problem went away. After I was done with Quest I ran:
    Set-RpcClientAccess –Server Exchange_server_name –EncryptionRequired $True

    ...and changed the outlook client to encrypt again.

    ReplyDelete