Join Log in
Score:0
AmazingRealist avatar Server

Outlook 2016 cannot logon to Exchange 2016 after upgrading Office from 2010 to 2016

cn flag
AmazingRealist

The environment:

Single domain, two Windows Server 2012 R2 domain controllers, one Exchange 2016 CU23 server and Windows 10 21H2 clients. Environment is offline, NTLM is disabled and clients authenticate via Kerberos.

The problem:

After upgrading Office 2010 standard to Office 2016 standard, Outlook 2016 cannot logon to Exchange. The error message when opening outlook is:

Outlook cannot log on. Verify that you are connected to the network and are using the proper server and mailbox name. The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.

Clients that are still on Office 2010 in the same environment can still connect to Exchange. Testing with the same mailbox, it works on 2010 but not 2016.

What I've tried/checked:

  • Verified autodiscover works, the autodiscover URL can be browsed, the built-in autodiscover test in outlook works and returns the correct data.

  • The Outlook Connection Status box is empty.

  • OWA works.

  • MapiHttpDisabled according to this Microsoft article, tried setting both 0 and 1.

  • Checked traffic on the client with Wireshark. After a successful autodiscover, no more traffic is generated, the last packet in the network log is an [RST, ACK] from port 389 on the DC (this entry is also present on a working system).

  • Verified RPC ports on DCs and Exchange servers are open with portqry.exe and Test-NetConnection.

  • Clean install of a new client machine so no Office 2010 files/registry settings might be interfering.

  • Compared DNS records, exchange certificates, Active Directory accounts and IIS authentication with another environment where this is working. The other environment is almost exactly the same as the one described above, but I've yet to find any differences.

  • Recreating the mail profile via the control panel, after autodiscover the profile creation fails with the same error message as above.

  • Checked firewall log for dropped packets.

  • Checked various event viewer logs.

  • Enabled and checked failed request tracing logs in IIS.

  • Checked logs under Exchange Server\V15\Logging\ and Exchange Server\V15\TransportRoles\, admittedly i don't know exactly which log would be best to check here, but i've run Get-ChildItem to find logs with a LastWriteTime corresponding with login attempts but i haven't found anything obvious in these logs yet.

  • Browsing to https://exchange-server.domain.com/mapi/<emsmdb|nspi>/?MailboxId=<id>@domain.com works on a client where Outlook cannot logon.

I've probably left something out that I've tried, been troubleshooting this for 3 weeks now. As mentioned i have another environment where this scenario is working that i can compare with, so any suggestions on things that i might've not compared yet are appreciated. I'll gladly supply any more information that might be necessary.

121
1 + 6
cn flag
Greg Askew
The Authentication Policies and verifying Modern Authentication needs to be checked. Outlook 2016 with Modern Authentication disabled should be the the next thing to test. https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/enable-modern-auth-in-exchange-server-on-premises?view=exchserver-2019 https://learn.microsoft.com/en-us/exchange/troubleshoot/administration/modern-authentication-configuration
0
Reply
AmazingRealist avatar
cn flag
AmazingRealist
Tried now with `AlwaysUseMSOAuthForAutoDiscover = 0`, same error message and verified same behavior in Wireshark.
0
Reply
cn flag
Greg Askew
I believe the relevant registry value is: `Key: HKCU\Software\Microsoft\Office\16.0\Common\Identity\ Value: EnableADAL DWORD:00000000`
0
Reply
AmazingRealist avatar
cn flag
AmazingRealist
I'm 80% sure I've tried that, but I'll give it a go Monday when I'm back at work.
0
Reply
Kael avatar
pl flag
Kael
Have you checked the setting in this link: https://learn.microsoft.com/en-us/exchange/troubleshoot/client-connectivity/outlook-connection-issue-caused-by-rpc-encryption-requirement
0
Reply
AmazingRealist avatar
cn flag
AmazingRealist
@GregAskew, tried `EnableADAL = 0`, no success. @Kael, yes I've seen that link before, the symptoms sections sounds promising but sadly no difference. Since i can't create a profile i tried with `Set-RpcClientAccess -EncryptionRequired:$false -Server <server>`.
0
Reply
Score:0
AmazingRealist avatar Server
cn flag
AmazingRealist

Finally, after a month of troubleshooting, i found the solution.

As mentioned in the question, i had another system where this was working, but couldn't find any difference. The other system has a router since it's spread over three networks, while the one that was not working is just a single network and therefore has never had a router.

So they key difference between the two was that nothing was responding when pinging the default gateway on the system where it wasn't working. I just installed a simple router without any more config than setting the interface ip just so ping would work, and voila, Outlook 2016 can now log on!

I'm guessing it's doing some self connectivity test before starting that Outlook 2010 didn't do, weird that i couldn't see this in Wireshark though.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.