Tag Archives: exchange 2007

Users on Exchange 2013 can’t open public folders or shared mailboxes on an Exchange 2007/ 2010

This posting is ~9 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

When moving users to Exchange 2013 it can happen, that they can’t access public folders housed on the old Exchange 2010 or 2007 server. The same can happen to shared mailboxes (mailboxes with Full Access permissions). The users are constantly prompted for credentials or they get this message:

Cannot expand the folder. Microsoft Exchange is not available. Either there are network problems or the Exchange server is down for maintenance.

This can be a huge problem during a migration. Microsoft described this in KB2834139. This error is caused by a misconfigured Outlook security setting, called “Logon network security”. If you experience this issue, check the “Logon network security” setting. If it’s set to “Anonymous Authentication”, then you experience the in KB2834139 described problem. Otherwise you have another problem. Check the “Logon network security” settings in your Outlook client. I took this screenshots from a Outlook 2013, but it looks the same in Outlook 2010. With this setting you will have a problem:

outlook_settings_login_security_2

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

With one of these settings, it will work.

outlook_settings_login_security_1

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

outlook_settings_login_security_3

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

You can change the setting and try the access to a public folder or shared mailbox. If you can access the public folder or shared mailbox, then you have to change some settings on the Exchange Server 2013 Client Access Server (CAS).

Open an Exchange Management Shell:

[PS] C:\windows\system32>Get-OutlookAnywhere -Server exchange2.testing.local | select *external*,*internal*

ExternalHostname : mail.terlisten-consulting.de
ExternalClientAuthenticationMethod : Negotiate
ExternalClientsRequireSsl : False
InternalHostname : exchange2.testing.local
InternalClientAuthenticationMethod : Negotiate
InternalClientsRequireSsl : False

[PS] C:\windows\system32>Get-OutlookAnywhere -Server exchange2.testing.local | Set-OutlookAnywhere -ExternalClientAuthenticationMethod NTLM
[PS] C:\windows\system32>Get-OutlookAnywhere -Server exchange2.testing.local | Set-OutlookAnywhere -InternalClientAuthenticationMethod NTLM

[PS] C:\windows\system32>Get-OutlookAnywhere -Server exchange2.testing.local | select *external*,*internal*

ExternalHostname : mail.terlisten-consulting.de
ExternalClientAuthenticationMethod : NTLM
ExternalClientsRequireSsl : False
InternalHostname : exchange2.testing.local
InternalClientAuthenticationMethod : NTLM
InternalClientsRequireSsl : False

I would recommend to execute “iisreset” after changing the settings. Please note, that this interrupts the client access for a short moment! After a restart of the Outlook client or during the next Autodiscover, the client should get the correct settings and the access to the public folders and shared mailboxes should work.

Exchange 2013: Event ID 2937 MSExchange ADAccess after public folder migration

This posting is ~9 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

I got a couple of warnings (source MSExchange ADAccess, Event ID 2937) after removing a Exchange 2007 server at the end of a Exchange 2007 > 2013 migration. The details of the warning told me, that there was a faulty value set to a attribute of the mailbox database object. Because the public folder migration was part of the migration, the error message seemed plausible.

Process w3wp.exe (PID=4652). Object [CN=Mailbox Database E2K13,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Testing,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=testing,DC=local. Property [PublicFolderDatabase] is set to value [testing.local/Configuration/Deleted Objects/Public Folder Database DEL:4a45b7c2-10fc-42df-bdaa-82ae8a12e66e], it is pointing to the Deleted Objects container in Active Directory. This property should be fixed as soon as possible.

A quick check with ADSI Edit confirmed the message. To be honest: I made a mistake and searched for the attribute PublicFolderDatabase in the database object, but in the end I found the wrong entry as a value of the msExchHomePublicMDB attribute in the database object. It must be set to the distinguished name of the mailbox database that houses the public folder mailboxes. If you don’t have any public folders in your Exchange 2013 org, then you have to clear the value!

The solution

Start ADSI Edit (Start > Run > adsiedit.msc) and right click the “ADSI Edit”. Select “Connect to…”.

event_2937_3

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

Open the configuration context.

event_2937_4

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

Navigate to the database object, which is mentioned in the warning.

event_2937_2

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

Right click the database object and select “Properties” from the context menu. You can limit the number of attributes if you hit the “Filter” button and select “Show only attributed that have values”. Scroll down to the msExchHomePublicMDB attribute. Double click it and enter the complete CN of the mailbox database, that houses the public folder mailboxes (this is new with Exchange 2013!). If you have not public folders in your Exchange org, than you can clear the value!

event_2937_1

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

Click “OK” and restart the Exchange Information Store service. After the restart, no new 2937 events should be logged.

EDIT

If you get the message “Your Administrator has made a change and requires you to restart Outlook” (or in german “Der Microsoft Exchange Administrator hat eine Änderung durchgeführt, die einen Neustart von Outlook erfordert”), check if event id 2937 is logged on the Exchange servers. I had several migrations where a removed public folder DB caused Outlook to throw the error message.