troubleshooting issues with outlook® connectivity
DESCRIPTION
Troubleshooting Issues with Outlook® Connectivity. August 30, 2012. Agenda. How Outlook® Connectivity to Office 365 W orks Troubleshooting Tools/Methods Scenarios (Total time: 1 hour). Autodiscover Outlook Profile Generation. - PowerPoint PPT PresentationTRANSCRIPT
Customer Service & Support
Troubleshooting Issues with Outlook® Connectivity
August 30, 2012
Customer Service & Support
Agenda How Outlook® Connectivity to Office 365 Works Troubleshooting Tools/Methods Scenarios
(Total time: 1 hour)
On Premises AD Forest
Exchange Online
Remote MailboxPrimary Smtp Address = [email protected] Routing Address = [email protected]
MailboxPrimary Smtp Address = [email protected] Smtp Address = [email protected]
Outlook Client
(1) Where is my mailbox?
(2) Local Exchange passes a redirect to “service.contoso.com”
(3) Outlook attempts to discover endpoint through DNS record “autodiscover.service.contoso.com”
(4) Request Authentication
(6) Profile Builds(5) Authentication Success
AutodiscoverOutlook Profile Generation
Customer Service & Support
Troubleshooting Tools/Methods Web Powershell Outlook® Networking Miscellaneous
Customer Service & Support
Web OWA
https://outlook.com/<domain> or via O365 portal(https://portal.microsoftonline.com)
Determine if user can log into their mailbox at all Determine if user’s temporary password has been changed (must
be changed before Outlook® can connect) For non-Identity Federation configurations, if able to log in, it
helps verify user credentials are ok/correct ExRCA (Exchange Remote Connectivity Analyzer):
https://www.testexchangeconnectivity.com/ “Outlook Autodiscover” & “Outlook Anywhere (RPC over HTTPS)”
tests Independent of client & network client is on
O365 portal: https://portal.microsoftonline.com Determine autodiscover CNAME record information for O365
domain Determine if user has been blocked from signing into account Another way to verify if user credentials are ok/correct (good test
if OWA login fails) in non-Identity Federation (aka SSO) configurations Take Exchange out of the picture
Customer Service & Support
Web (Cont’d) O365 DIY Troubleshooting Tool:
http://community.office365.com/en-us/tools/troubleshooting.aspx Helps narrow down & shows possible solutions for the issue Recording Explaining Tool at http://
community.office365.com/en-us/blogs/office_365_technical_blog/archive/2012/08/09/troubleshooting-issues-with-sending-and-receiving-email-in-office-365-lync-and-learn.aspx
Browser itself: Example:
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml Prompted for Org ID credentials Good response below:
<?xml version="1.0" encoding="utf-8" ?> <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response> <Error Time="00:38:55.0596225" Id="1018033456"> <ErrorCode>600</ErrorCode> <Message>Invalid Request</Message> <DebugData /> </Error> </Response> </Autodiscover>
Customer Service & Support
Powershell Get-CASMailbox
Determine if mailbox is enabled for MAPI Get-CASMailbox <user> | fl MapiEnabled
For Outlook® to connect MapiEnabled must be set to True How to correct: Set-CASMailbox <user> -MapiEnabled $True
Get-Mailbox/Get-MsolUser Determine if “soft deleted” mailboxes with duplicate
UserPrincipalName exists Get-Mailbox <user> | fl UserPrincipalName,Guid Get-Mailbox <user> -SoftDeletedMailbox | fl UserPrincipalName,Guid Get-MsolUser –UserPrincipalName <user’s UPN> -ReturnDeletedUsers | fl
Test-MAPIConnectivity Determine if mailbox can be accessed via MAPI:
Test-MAPIConnectivity <user> | fl Good response: Result = Success Bad response : Result = *FAILURE* Error listed with bad responses
Customer Service & Support
Outlook Test E-mail AutoConfiguration
Ctrl – Right-click on Outlook icon in system tray Disable “Guessmart” check boxes
Autodiscover Log Outlook Logging must be enabled via Outlook GUI or EnableLogging
registry DWORD entry http://support.microsoft.com/kb/831053
Olkdisc.log file located in %temp% Connection Status
Ctrl – Right-click on Outlook icon in system tray Manual Configuration
Follow “Method 3: Manually set up Outlook” from http://support.microsoft.com/kb/2404385
Tests MAPI connectivity to mailbox Autodiscover, OOF/Availability, & OAB will still fail if Autodiscover
was failing before
Customer Service & Support
Networking Netmon/WireShark
Outlook traffic to O365 is encrypted (RPC over HTTPS), but you can look for retransmits and/or blocked packets TCP port 443 must be allowed through networking devices
Look at DNS traffic for resolution attempts on autodiscover FQDNs Example: autodiscover-s.outlook.com
Ping Determine if autodiscover DNS record resolves
Example:C:\>ping autodiscover-s.outlook.comPinging autodiscover-s.outlook.com [157.56.240.137] with 32 bytes of data:Request timed out.Etc…
NSLookup Determine if autodiscover DNS record resolves
DNS In split-brain DNS environments, autodiscover record must also be
created on internal DNS servers
Customer Service & Support
Miscellaneous MOSDL Support Toolkit
http://support.microsoft.com/kb/960625 Performs network diagnostics and collects configuration and logging
information Example: NSLookup, ExRCA Outlook Anywhere test, etc…
Things to try Working user on same client as affected user Affected user on another client, including on a working user’s client Affected user on a client on a different network
Customer Service & Support
Scenarios Soft Deleted Mailboxes
http://support.microsoft.com/kb/2619308 ExRCA “Outlook Anywhere” test shows “HTTP 401 Unauthorized”
error when making Autodiscover XML request to https://pod51xxx.outlook.com/Autodiscover/Autodiscover.xml
Use Get-Mailbox & Get-MsolUser cmdlets to troubleshoot Example (Looking up specific user):
Get-Mailbox <user> | fl UserPrincipalName,Guid Get-Mailbox <user>-SoftDeletedMailbox | fl UserPrincipalName,Guid Get-MsolUser –UserPrincipalName <user’s UPN> -ReturnDeletedUsers | fl
O365 license removed/re-added OWA error shows “Your account has been disabled.” ExRCA “Outlook Anywhere” test shows ErrorCode of 500 with
Message of “The e-mail address cannot be found.” when making Autodiscover XML request to https://pod51xxx.outlook.com/Autodiscover/Autodiscover.xml
Can take up to 24 hours before mailbox can be accessed
Customer Service & Support
Scenarios (Cont’d) Sign-in Access Blocked
This is an intentional block on the user against any access, including Outlook® Anywhere
OWA and O365 portal shows error “Sign-in is blocked” User must be allowed sign-in access via the O365 portal(Users --
<user> -- Settings –Set Sign-In Status = Allowed) Password Reset/Expired
User has password reset (i.e. user has temp password) or it expires “HTTP 456” error when making Autodiscover XML request to
https://autodiscover-s.outlook.com/Autodiscover/Autodiscover.xml User with temporary password must log into either O365 portal
and/or directly into OWA and change their password User with expired password must contact their admin/help desk to
get a new temporary password and then change their password