Users email constant credential issues. Constant prompt for password.

Home Forums Messaging Software Exchange 2016 Users email constant credential issues. Constant prompt for password.

This topic contains 8 replies, has 3 voices, and was last updated by Blood Blood 5 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • Avatar
    Standard_IT
    Participant
    #611849

    Hello good citizens,
    I am reaching out because we are having an issue with one user. I have searched and endlessly, and found many similar issues, but nothing seems to match our situation, nor have I been able to find a solution.
    The problem occurred, when we tried to delegate mailboxes to a user. We have multiple companies and wanted to test it out, because we thought it would be a harmless test and would improve our setup. We regretfully tested it on his live accounts, and now we can’t get his accounts to work in outlook correctly.
    There is an endless prompt for his password. Oddly, when the prompt comes up, it is not linking with active directory. There is no “More options” and there is no domain listed. If we try a different email that is working – it pops up properly, and it immediately takes the credentials. Same on multiple computers.
    Furthermore, no matter how many times we attempt, his account does not lock, which further leads me to believe his email account is not properly talking to active directory. He can log in through OWA and also his phone flawlessly.
    Our setup – We have 3 companies, for the purpose of explanation, this user has [email protected], [email protected], and [email protected].
    His domain login is linked to his [email protected] Active directory account. We usually add all three accounts into outlook using all separate users from active directory. We simply created another user User1_c2 and User1_c3 for the 2nd and 3rd company.
    We went into the ECP admin console and went to edit [email protected] and [email protected] – and added [email protected] in the FULL ACCESS of the delegation page.
    It didn’t do what we had hoped, so we quickly tried to revert – simply remove that user1 from the delegation, hoping it would go back to normal. It did not. After a day or two of research and attempts at fixing his, all while he uses the OWA to get by, we decided the best course of action would be to back up his data, delete his users all together, and recreate them.
    This user is part of the IT dept, and was perfectly fine with this solution. We went forward with that. The issue continued.
    We went another step forward. We deleted his users, and then created all new users for him with a different name. let’s say it’s now in active directory we now have the user as EMPLOYEE, EMPLOYEE_C2, and EMPLOYEE_C3. Then we created the mailbox that matched his old email addresses. The issue is still occurring. Furthermore, a couple of our internal users are getting bounce backs when trying to send him emails. I can’t seem to pinpoint that issue either.
    I am wondering if there is a way to further clear out his email. We can delete his account and recreate it again, but the problem seems to stick with his email. If we create a new user with new email, there is no problem at all.
    Any advice or ideas are welcome! Please help 😊

    • This topic was modified 5 months ago by Avatar Standard_IT.
    • This topic was modified 5 months ago by Avatar Ossian.
    Avatar
    Standard_IT
    Participant
    #611880

    Sorry for the double post. I cant seem to delete one of them either.

    Avatar
    Ossian
    Moderator
    #611915

    OK, other one deleted

    For some reason they got marked as spam when you originally posted

    Blood
    Blood
    Moderator
    #611920

    I don’t use Exchange so can’t help with the technicalities of the program. However, does the SMTP error code give you any clues? Also, you mention that a couple of local mail accounts are able to send mail to the affected account – do other local mail accounts succeed, and is all external mail successfully delivered to the affected account?

    Avatar
    Standard_IT
    Participant
    #611927

    Thanks Blood,

    Any and all efforts are appreciated. Yes the error did give us some clues, and I got some tips from another forum, that pointed to x400/x500 internal routing.

    The error included:

    <span style=”font-size: 10.0pt; font-family: ‘Tahoma’,sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; color: gray; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA;”>Remote Server returned ‘550 5.1.11 RESOLVER.ADR.ExRecipNotFound; Recipient not found by Exchange Legacy encapsulated email address lookup'</span>

    I am still trying to wrap my head around it but this link below is where I am right now. It seems like we are close.

    Exchange Error: 550 5.1.1 RESOLVER.ADR.ExRecipNotFound

    Yes, there are some users that are not having any issues emailing this user.

    Yes, all external mail is successfully delivered.

    Thanks for your time! I will continue to post results as they come.
    Standard_IT

    Blood
    Blood
    Moderator
    #611965

    OMG! That looks complicated.

    5.1.1 means bad destination mail address (which you already knew) and it is a permanent failure (5.x.x), but why is it only reported when a few local users, not all, try to send mail to that mailbox? Are the local user mail accounts whose mail is successfully delivered members of the same domain or a different domain(s)?

    When mail originating from a local user fails, does it fail from all sources – desktop, phone, OWA?

    Do you have logs that can tell you what might have happened to this person’s AD account – e.g. Netwrix AD reporting tool?

    Have you gone through this article:

    https://blogs.technet.microsoft.com/exchange/2016/05/31/checklist-for-troubleshooting-outlook-connectivity-in-exchange-2013-and-2016-on-premises/

    Avatar
    Standard_IT
    Participant
    #611968

    Thanks Blood, I appreciate you taking the time!

    We actually deleted the user all together because we were thinking the same thing. we recreated the user under a different name and tried to recreate the email mailbox and link to the new user.

    We actually haven’t tested it from the cell phone – not sure if that gives an error – we will attempt that. The user is in a meeting and we have to wait for him to be available to take the next steps.

    The issue seems to be what i posted earlier, but i haven’t had a chance to attempt it yet. Another “how to” is below. I think this is going to really help us a lot. I will report back with my findings.

    How to change LegacyExchangeDNvalue for newly created mailbox

    Avatar
    Standard_IT
    Participant
    #611998

    Another Update!

    Very pleased to say that we found a solution! At the bottom of the comment, I describe more about my UPWORK experience. I got a freelancer who fixed the problem. I will stick to the solution first.

    He simply ran a command (Exchange Powershell) that showed him all the recently deleted mailboxes that were still in the cache of the exchange internal routing. He took the address and then added right as a second email in the user account. In the ECP he added the email – type was X.500 – and then he copied and pasted what he got from the command.

    One little hiccup we ran into, was the period in X.500. He troubleshot that and actually went into ADUC to the user, to the attribute editor, and ended out simply removing that period to make it X500. not sure if that could have been done in ECP, but yeah, it worked. We did it on the other 2 emails for that user, and it was flawless.

    Hope this helps someone out there. Too many times i go to forums and after reading miles and miles of troubleshooting, no one posts the solution. good luck and feel free to reach out to me with any questions!

    Standard_IT

    Upwork Experience – My first time using the site, but i used UPWORK.com – and am extremely pleased with the results.

    After posting my problem, i had 7 people who wanted to help right away. I went with one guy for $75 an hour – we shared a screen, and worked together. He went at a pace where i could understand, and even recorded and sent me the video afterwards. This took about an hour and 15 minutes. I actually posted that no matter what, i will pay 2 hours minimum to fix the problem, because we needed it don’t immediately. We are going to pay him for the 2 hours (it pays at the end of the week)

    That hour and 15 also included discussion about how we can optimize our system (to be more specific I had questions about delegation and he gave a quick and simple plan for me to test out and hopefully implement soon)

    Simple steps for him, great learning experience for me. Very happy i didn’t attempt it on my own hah, even with his step by step instruction that he had sent me before i even hired him. Very please with the UPWORK experience.

    Blood
    Blood
    Moderator
    #612003

    Excellent! This is when I’m really pleased we use a simple mail server!

    Glad you got it sorted and thanks very much for posting your solution.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.