December 19, 2018 at 8:58 am #611849
Hello good citizens,
I am reaching out because we are having an issue with one user. I have searched and endlessly, and found many similar issues, but nothing seems to match our situation, nor have I been able to find a solution.
The problem occurred, when we tried to delegate mailboxes to a user. We have multiple companies and wanted to test it out, because we thought it would be a harmless test and would improve our setup. We regretfully tested it on his live accounts, and now we can’t get his accounts to work in outlook correctly.
There is an endless prompt for his password. Oddly, when the prompt comes up, it is not linking with active directory. There is no “More options” and there is no domain listed. If we try a different email that is working – it pops up properly, and it immediately takes the credentials. Same on multiple computers.
Furthermore, no matter how many times we attempt, his account does not lock, which further leads me to believe his email account is not properly talking to active directory. He can log in through OWA and also his phone flawlessly.
Our setup – We have 3 companies, for the purpose of explanation, this user has [email protected], [email protected], and [email protected].
His domain login is linked to his [email protected] Active directory account. We usually add all three accounts into outlook using all separate users from active directory. We simply created another user User1_c2 and User1_c3 for the 2nd and 3rd company.
We went into the ECP admin console and went to edit [email protected] and [email protected] – and added [email protected] in the FULL ACCESS of the delegation page.
It didn’t do what we had hoped, so we quickly tried to revert – simply remove that user1 from the delegation, hoping it would go back to normal. It did not. After a day or two of research and attempts at fixing his, all while he uses the OWA to get by, we decided the best course of action would be to back up his data, delete his users all together, and recreate them.
This user is part of the IT dept, and was perfectly fine with this solution. We went forward with that. The issue continued.
We went another step forward. We deleted his users, and then created all new users for him with a different name. let’s say it’s now in active directory we now have the user as EMPLOYEE, EMPLOYEE_C2, and EMPLOYEE_C3. Then we created the mailbox that matched his old email addresses. The issue is still occurring. Furthermore, a couple of our internal users are getting bounce backs when trying to send him emails. I can’t seem to pinpoint that issue either.
I am wondering if there is a way to further clear out his email. We can delete his account and recreate it again, but the problem seems to stick with his email. If we create a new user with new email, there is no problem at all.
Any advice or ideas are welcome! Please help 😊December 19, 2018 at 2:53 pm #611880
Sorry for the double post. I cant seem to delete one of them either.
OssianModeratorDecember 20, 2018 at 2:56 am #611915
OK, other one deleted
For some reason they got marked as spam when you originally postedDecember 20, 2018 at 4:21 am #611920
I don’t use Exchange so can’t help with the technicalities of the program. However, does the SMTP error code give you any clues? Also, you mention that a couple of local mail accounts are able to send mail to the affected account – do other local mail accounts succeed, and is all external mail successfully delivered to the affected account?December 20, 2018 at 7:03 am #611927
Any and all efforts are appreciated. Yes the error did give us some clues, and I got some tips from another forum, that pointed to x400/x500 internal routing.
The error included:
<span style=”font-size: 10.0pt; font-family: ‘Tahoma’,sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; color: gray; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA;”>Remote Server returned ‘550 5.1.11 RESOLVER.ADR.ExRecipNotFound; Recipient not found by Exchange Legacy encapsulated email address lookup'</span>
I am still trying to wrap my head around it but this link below is where I am right now. It seems like we are close.
Yes, there are some users that are not having any issues emailing this user.
Yes, all external mail is successfully delivered.
Thanks for your time! I will continue to post results as they come.
Standard_ITDecember 20, 2018 at 10:50 am #611965
OMG! That looks complicated.
5.1.1 means bad destination mail address (which you already knew) and it is a permanent failure (5.x.x), but why is it only reported when a few local users, not all, try to send mail to that mailbox? Are the local user mail accounts whose mail is successfully delivered members of the same domain or a different domain(s)?
When mail originating from a local user fails, does it fail from all sources – desktop, phone, OWA?
Do you have logs that can tell you what might have happened to this person’s AD account – e.g. Netwrix AD reporting tool?
Have you gone through this article:December 20, 2018 at 11:28 am #611968
Thanks Blood, I appreciate you taking the time!
We actually deleted the user all together because we were thinking the same thing. we recreated the user under a different name and tried to recreate the email mailbox and link to the new user.
We actually haven’t tested it from the cell phone – not sure if that gives an error – we will attempt that. The user is in a meeting and we have to wait for him to be available to take the next steps.
The issue seems to be what i posted earlier, but i haven’t had a chance to attempt it yet. Another “how to” is below. I think this is going to really help us a lot. I will report back with my findings.December 21, 2018 at 8:38 am #611998
Very pleased to say that we found a solution! At the bottom of the comment, I describe more about my UPWORK experience. I got a freelancer who fixed the problem. I will stick to the solution first.
He simply ran a command (Exchange Powershell) that showed him all the recently deleted mailboxes that were still in the cache of the exchange internal routing. He took the address and then added right as a second email in the user account. In the ECP he added the email – type was X.500 – and then he copied and pasted what he got from the command.
One little hiccup we ran into, was the period in X.500. He troubleshot that and actually went into ADUC to the user, to the attribute editor, and ended out simply removing that period to make it X500. not sure if that could have been done in ECP, but yeah, it worked. We did it on the other 2 emails for that user, and it was flawless.
Hope this helps someone out there. Too many times i go to forums and after reading miles and miles of troubleshooting, no one posts the solution. good luck and feel free to reach out to me with any questions!
Upwork Experience – My first time using the site, but i used UPWORK.com – and am extremely pleased with the results.
After posting my problem, i had 7 people who wanted to help right away. I went with one guy for $75 an hour – we shared a screen, and worked together. He went at a pace where i could understand, and even recorded and sent me the video afterwards. This took about an hour and 15 minutes. I actually posted that no matter what, i will pay 2 hours minimum to fix the problem, because we needed it don’t immediately. We are going to pay him for the 2 hours (it pays at the end of the week)
That hour and 15 also included discussion about how we can optimize our system (to be more specific I had questions about delegation and he gave a quick and simple plan for me to test out and hopefully implement soon)
Simple steps for him, great learning experience for me. Very happy i didn’t attempt it on my own hah, even with his step by step instruction that he had sent me before i even hired him. Very please with the UPWORK experience.
You must be logged in to reply to this topic.