question

EmilGustafsson-1189 avatar image
0 Votes"
EmilGustafsson-1189 asked YukiSun-MSFT commented

Intermittent Outlook login prompt after Exchange 2013CU23 > Exchange 2019 migration

Hello fellow IT-guys,

we recently spun up a new Exchange 2019 server, moved mailboxes to new databases on the EX2019 from our old EX2013CU23 server.

After that, we swapped DNS and uninstalled Exchange 2013 via control panel from old server and turned it off.

So far so good, but I'm having one weird issue:

Outlook (Various versions from Outlook 2013 to Outlook 365) sometimes, usually after starting it the first time for the day (After having it shut down for a while, like end of workday) will prompt for login.

If you close Outlook and open it again, it won't prompt and all is well in the world.

If you do not enter credentials and open Outlook, it will complain that it cannot reach the information store.

Entering credentials will successfully open Outlook.

I am sure there's some reference on the old server somewhere, but I don't know exactly where to start troubleshooting. I cannot find a log entry in the Event Viewer either on client or server that I can correlate to this.

So I'd like to have some assistance in where to start troubleshooting this.

Old artifacts in AD? Certificate missmatches? Some configuration in EX2019 I've missed?

Anything is of help!

office-exchange-server-administrationoffice-outlook-itprooffice-exchange-server-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EmilGustafsson-1189 avatar image
1 Vote"
EmilGustafsson-1189 answered YukiSun-MSFT commented

I found an orphan:ed DNS record for our old mailserver name (Not mail.domain.com, but the old NETBIOS DNS entry), I pointed oldserver.domain.local to new server IP address locally in AD.

I also swapped over the entire organisation to MAPI over HTTP.

Unsure which solved what, but it appears we're over the bump anyway.

So hard to say what solved it - but for anyone in the future, check DNS records because I definitely believe clients were connecting to old DNS entries.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @EmilGustafsson-1189

Great to know that you've sorted it out. Thanks for your vaulable sharing!


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



0 Votes 0 ·
AshokM-8240 avatar image
0 Votes"
AshokM-8240 answered EmilGustafsson-1189 commented

Hi @EmilGustafsson-1189 ,

Run Test Email autoconfiguration, to do this outlook system tray -> right click -> Test Email autoconfiguration
Type the email address and uncheck "use guessmart" & "secure guessmart authentication" and click on "Test"

If the test is success and the result has the necessary URL's.

Check the authentication for Autodiscover, MAPI, OAB, EWS virtual directories
https://docs.microsoft.com/en-us/exchange/clients/default-virtual-directory-settings?view=exchserver-2019

If the above suggestion helps, please click on "Accept Answer" and upvote it. Thanks for understanding.

· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello,

Auto Configuration works fine - I matched the Authentication settings with the link you provided, and they're the same - so I doubt that's not the problem unfortunately. :(

0 Votes 0 ·

Ok.

Outlook (Various versions from Outlook 2013 to Outlook 365) sometimes, usually after starting it the first time for the day (After having it shut down for a while, like end of workday) will prompt for login.

Does it mean outlook is closed for long time or the device itself? Just to check if network is connected before launching the outlook?

Also does the outlook profile has any shared mailboxes? If so, try removing them and see if issue persists.

0 Votes 0 ·

Does it mean outlook is closed for long time or the device itself? Just to check if network is connected before launching the outlook?


Makes no different. Some people shut their machine off, some (Myself) close programs, but not the machine. Both are affected.

We don't have shared mailboxes per definition - but we have "regular" mailboxes that multiple people have access to, being used as collaborate mailboxes.

But users whom does not have these, are also affected.

0 Votes 0 ·

Have you checked the connection status when the prompt appears? Ctrl+right click on the outlook icon on the system tray.

0 Votes 0 ·

Nope, I will do that next time it happens! I've told colleagues in the same room to not move a muscle next time it happens so I can check.
The annoyance with intermittent issues, can't troubleshoot properly :-P

0 Votes 0 ·

Just because I said that, my colleague was able to reproduce it. It is however NOT possible to check connectivity, because Outlook doesn't appear in the tray icon as it happens on the "Loading Profile" startup stage of Outlook.

We've tried replacing the Outlook profile, PST files and so on so fourth.

0 Votes 0 ·
AshokM-8240 avatar image
0 Votes"
AshokM-8240 answered EmilGustafsson-1189 commented

Have you checked the credential manager?
Any add-ins causing this issue?

Try adding ExcludeExplicitO365Endpoint registry key and see if that helps.

  • Open regedit

  • Navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover

  • Add a new DWORD entry

  • Enter the name of ExcludeExplicitO365Endpoint and value of 1.

Please note: Export/backup of registry before making changes.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Credential manager has been cleared, I've added the regedit to a couple of clients and let's see how they fair.

But I more believe there's an artifact of old mailserver somewhere in the clients.

The error "cannot find information store" is typical of an offline Exchangeserver.

0 Votes 0 ·
YukiSun-MSFT avatar image
0 Votes"
YukiSun-MSFT answered EmilGustafsson-1189 converted comment to answer

Hi @EmilGustafsson-1189,

Outlook (Various versions from Outlook 2013 to Outlook 365) sometimes, usually after starting it the first time for the day (After having it shut down for a while, like end of workday) will prompt for login.

Does it affect some particulat users only or all users are affected?
Are the users connecting to Exchange server via Outlook Anywhere or MAPI over HTTP?
Any difference if the machine is outside the organization's network?

If the login prompt issue can be reproduced on a machine every day when opening Outlook the first time for the day, it's suggested to try launching Outlook in safe mode(Press Win+R, type "outlook /safe", press Enter.) next time and see how it goes. This helps narrow down if the issue is due to any third-party add-ins on the client side. If possible, it's also recommended to test on a clean machine by configuring a problematic user account and see if it can be reproduced.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Does it affect some particulat users only or all users are affected?

All users are affected.

Are the users connecting to Exchange server via Outlook Anywhere or MAPI over HTTP?

I do not know how to check that, but here's my connection status:

81451-bild.png



Any difference if the machine is outside the organization's network?


Negative, people that work from home are experiencing same issue.
Have not heard a single complaint about mobile phones experiencing troubles though.


Will try to reproduce with safe mode.

0 Votes 0 ·
bild.png (27.4 KiB)

Hi @EmilGustafsson-1189,

From the Protocol field in the screenshot you shared, you are using Outlook Anywhere(RPC/HTTP).

Personally I'd recommend have a go by enabling MAPI over HTTP for a user and monitor for a few days to see if there would be any improvement. You can do it by running the command below:

 Set-CasMailbox <user or mailbox ID> -MapiHttpEnabled $true

See : Configure MAPI over HTTP in Exchange Server.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

Thanks for the tip, just to check:

If I run the following: get-casmailbox -identity emgu

I get:

Name ActiveSyncEnabled OWAEnabled PopEnabled ImapEnabled MapiEnabled


Emil Gustafsson True True True True True


So it seems my user is already enabled to use MapiEnabled? Or are these different things from MAPIHTTPENABLED?

0 Votes 0 ·
Show more comments

Just ran that command on my own mailbox, restarted outlook - immidietely got the login prompt :(

Also tried it on a colleague, he got the same thing.


I think this comes down to enabling WireShark before starting outlook to trying to see what in gods name it's trying to connect to.

0 Votes 0 ·
Show more comments