Friday, November 1, 2013

Outlook Autodiscover Failed 0X800C8203 - Your Automatic Reply settings cannot be displayed because the server is currently unavailable

Recently I came across Outlook 2007 and 2010 users having issues while accessing Outlook out Of Office (OOO) and Outlook Free/Busy information. When I started troubleshooting the issue, I have verified Outlook Email Auto Configuration test and I got below error message.

Outlook Test E-mail Auto Configuration: -

Outlook Automatic Reply Response: -

I have verified other users in the same database and server all users are accessing OOO and Outlook Free/Busy information without any issues. So I have accessed user profile on different machine I got the same error message than I thought it’s not server level issues it’s something wrong on the user mailbox settings.

I decided to begin troubleshooting by running a web debugging tool on the server which allows me to capture the HTTP traffic generated by Outlook. I found the following Autodiscover response within this trace:

PS D:\Program Files\Microsoft\Exchange Server\V14\Scripts> Test-OutlookWebServices -Identity

RunspaceId : 9fe80cf8-547a-49a9-9ef8-9500e77d316a
Id         : 1123
Type       : Error
Message    : Autodiscover returned the error: 603:The Active Directory user wasn't found.

At first I was little confused because above user able to access his mailbox through Outlook and Webmail without any issues. Then I recalled Exchange Update patches Microsoft Released Mailbox AutoMapping Feature in Exchange 2010 SP1 were mailboxes will be added automatically once user assigned Mailbox Full Access Permission by Exchange management Console or Exchange Management Shell by following command.

Add-MailboxPermission –Identity “UserName” –User “RequesterName” –Accesspermission Fullaccess – InheritanceType all

Which will add the mailbox automatically on requester outlook after replication, If you don’t want it follow the below command..

Add-MailboxPermission –Identity “UserName” –User “RequesterName” –Accesspermission Fullaccess – InheritanceType all –Automapping $false

While the permissions are being applied against the object, the delegate user object is also added to the msExchDelegateListLink attribute for the owner mailbox. The delegate’s user object also has an Active Directory attribute modified. The msExchDelegateListBL is updated to include the new mailbox owner’s user object DN. Now that the user has been granted access to the mailbox we will look at what happens on the client side.

An Autodiscover request is always initiated when the Outlook client is launched to determine the mailbox settings for the user. This Autodiscover request queries Active Directory and retrieves the msExchDelegateListBL for the user as part of the process. These results are then included in the Autodiscover response XML as an alternative mailbox. The following is an example taken from a working client:

Take look at the above msExchDelegateListBL attributes response, here would see DelegateBL attribute showing the Owner Mailbox Distinguish Name (DN). Now let look at the above delegate mailbox status then I found this user account was disabled and account does not have mailbox in Exchange Environment.
What do you think happens when Active Directory returns this msExchDelegateListBL and there is a user object within the list that no longer has a mailbox? If you answered Autodiscover returns a 603 error, then you are correct. Once this list is retrieved, the server and legacyExchangeDN for the mailboxes must be retrieved. These attributes are no longer present on a user object after the mailbox has been removed. Therefore Active Directory cannot find the mailbox and returns the user not found error.

Than how do I need to check? Yes, we can, Microsoft introduced Active Directory Power shell Module through we can check and do the necessary changes.

Import-Module ActiveDirectory

PS C:\Windows\system32> Get-adUser -Identity "waynekern" -Properties msExchDelegateListBL

DistinguishedName    : CN=Kern\, Wayne,OU=Users,DC=EXCHDC,DC=learnexchange,DC=com
Enabled              : True
GivenName            : Wayne
msExchDelegateListBL : {CN=Kern\, Wayne,OU=Disabled Accounts,OU=Accounts,DC=learnexchange,DC=com}
Name                 : Kern, Wayne
ObjectClass          : user
ObjectGUID           : 244638bb-4ab5-4118-ae8a-ac204dbd7f6e
SamAccountName       : waynekern
SID                  : S-1-5-21-1454471165-1960408961-725345543-2167388
Surname              : Kern
UserPrincipalName    :

Now we will make sure GUID match with user account,

PS C:\Windows\system32> Get-ADUser 244638bb-4ab5-4118-ae8a-ac204dbd7f6e

DistinguishedName : CN=Kern\, Wayne,OU=Users,OU=Site,DC=EXCHDC,DC=learnexchange,DC=com
Enabled           : True
GivenName         : Wayne
Name              : Kern, Wayne
ObjectClass       : user
ObjectGUID        : 244638bb-4ab5-4118-ae8a-ac204dbd7f6e
SamAccountName    : waynekern
SID               : S-1-5-21-1454471165-1960408961-725345543-2167388
Surname           : Kern
UserPrincipalName :

Resolution: -

Now that we have identified the missing mailbox causing our issue we need to remove it from this backlink. A backlink attribute is read-only so we cannot modify it directly on this user object. Instead we must modify the msExchDelegateListLink  for the object identified within the backlink or the original mailbox owner. We can do this from the same Powershell session or ADSIEDIT.

            1.    ADSIEDIT
            2.    Active Directory Command Shell


Open ADSIEDIT connect “Default Naming Context” and Navigate to user Organizational Unit, Select the user account properties and followed by select “Attribute Editor” scroll down to “msExchangeDelegatelistLink” clear the match values .

Active Directory Command Shell: -

Stat ---->Administrative Tools ----->Active Directory PowerShell Module.

Set-ADUser  -Identity “waynekern “ -Clear msExchDelegateListLink

Once Active Directory Replication has been completed you can Run Get-adUser -Identity "waynekern" -Properties msExchDelegateListBL.

Now it will show null values.

Now Replication has been completed it’s good time to test the Outlook Webservice health status again user mailbox. Run the below command and find the autodiscover ID, We have received Autodiscover test success.

Test-OutlookWebServices -Identity "" |fl

Id      : 1122
Type    : Success
Message : Autodiscover was tested successfully.