This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 27%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA3%3C/text%3E%3C/svg%3E)
Hi everyone, I'm running into an issue with Outlook connectivity after mailbox moves from Exchange 2010 to Exchange 2016. Hoping someone can clarify where I've gone wrong. Basically the new Exchange 2016 server is isolated by strict firewall policy internally and only allows connections from clients on ports TCP:80,443. Once a mailbox is moved from Exchange 2010 to 2016, I had expected the mailbox to connect to Exchange 2016 using mapi over http which doesn't require the additional ports for rpc/tcp. Unfortunately I am seeing intermittent issues where Outlook will continue to try rpc/tcp connections to Exchange 2016 after the mailbox move and fail.
Note, there are no firewall restrictions in place between Exchange servers or Exchange servers and domain controllers.
Originally it was a single Exchange server environment, as soon as we get fully migrated to Exchange 2016 and the coexistence phase is complete, it will be again. We're using different namespaces for Exchange 2010 vs 2016. Autodiscover for the most part isn't configured, I am relying only on the (service connection point) SCP to redirect Outlook clients to where they need to go. No SRV, A record, or otherwise exist for Autodiscover. All Outlook clients reside on the LAN or connect over VPN, no external connectivity for Outlook Anywhere is permitted.
Example naming convention
Exchange 2010: mail2010.domain.local, mail2010.domain.com
Exchange 2016: mail2016.domain.local, mail2016.domain.com
The .com url used for the purposes of a certificate and resolves internally (DNS).
Get-ClientAccessService
Name: mail2010
fqdn: mail2010.domain.local
OutlookAnywhereEnabled: True
AutodiscoverInternalURi: https://mail2016.domain.com/autodiscover/autodiscover.xml <--- Points to new server
Name: mail2016
fqdn: mail2016.domain.local
OutlookAnywhereEnabled: True
AutodiscoverInternalURi: https://mail2016.domain.com/autodiscover/autodiscover.xml
Example output of impacted mailbox.
Although I don't know if this matters, the authentication mechanism for the Outlook Anywhere virtual directory on Exchange 2016 was changed to NTLM. Understand it must be set to NTLM in the coexistence phase with 2010. This is for instances when Exchange 2016 will proxy connections to Exchange 2010 as far as I understand. I don't know that it ever would, all Outlook clients should have a direct connection available to both Exchange servers on the internal network.
Here is an example of a mailbox that was moved and the resulting error in Outlook..
However sometimes it works just fine, here is another user that is connected and happy in the same environment.
Regards,
Adam Tyler
I suspect its this issue:
https://support.microsoft.com/en-us/topic/outlook-logon-fails-after-mailbox-moves-from-exchange-2010-to-exchange-2013-or-exchange-2016-bd3f59ed-c521-4349-5c00-c49717b5e04d
If you see it again, simply:
Restart-WebAppPool MSExchangeAutodiscoverAppPool
You can do this anytime, clients wont be affected.
@Andy David - MVP Thanks for the tip, interesting.
One other thing I noticed about the mailbox that failed just after posting this, it just so happened to be hidden from the GAL. Other mailboxes that moved successfully were not. I'm testing now after unhidden from GAL, will see if that works. Then I will try AppPool trick.
Regards,
Adam Tyler
Nope, Unhiding from GAL made no difference. I even moved the mailbox back to 2010 database just to confirm the old Outlook profile came back and started working and it did. Moved the mailbox back to 2016 with user shown in GAL and ran into the same issue.
Running this on the Exchange 2016 server fixed it.
Restart-WebAppPool MSExchangeAutodiscoverAppPool
Took one restart of Outlook after running this command and it came up and worked as expected. Thanks @Andy David - MVP !