Some computers have been processed by Migration Manager Resource Updating Manager (RUM) and moved to the target domain. While the target domain already has accounts and mailboxes created for these users, they are still logging into the source domain with their source credentials. Upon launching Outlook, users no longer have the same Outlook 2007 profile settings. The following pop up messages may be encountered by migrated users when they launch Outlook 2007 on their machines:
The Microsoft Exchange Administrator has made a change that requires you quit and restart Outlook
Your mailbox has been temporarily moved on Microsoft Exchange server. A temporary mailbox exists, but might not have all of your previous data. You can connect to the temporary mailbox or work offline with all of your old data. If you choose to work with your old data, you cannot send or receive e-mail messages
Further examination shows that the source mail profile is now pointing to the target Exchange 2007/2010 server while CPUU/ was never executed. How to explain and fix this behavior?
The issue is caused by the fact that computers are joining the target domain located in the new forest with an Exchange 2007/2010 organization. In this case the source users log in to their machines, that are already in the target domain and Outlook 2007 Autodiscover finds the Service Connection Point (SCP) containing the target Autodiscover URL. As a result, the Microsoft Exchange 2007/2010 Autodiscover process initiates and reconfigures the Outlook profile to point to the target Exchange 2007/2010 server.
To prevent this from happening it is recommended to follow migration process where computers are not joining the target domain until the users mailboxes have been switched and CPUU/ has been executed.
Configuring Microsoft Outlook 2007 registry parameters in such a way that it WOULD NOT FIND AND CONNECT to the TARGET Exchange 2007 Autodiscover URL running on the target CAS server. Since Outlook default order of searching for such URL is as follows (please see the attached Microsoft White Paper Outlook Automatic Account Configuration.doc):
-Look for SCP objects or SCP pointer objects that correspond to users e-mail address, and find the correct Autodiscover server to connect to; then connect and retrieve settings.
-If previous step fails, attempt DNS discovery of Autodiscover XML (allowing for 10 redirects).
a. HTTPS POST:https://DOMAIN/autodiscover/autodiscover.xml
b. HTTPS POST:https://autodiscover.DOMAIN/autodiscover/autodiscover.xml
c. HTTP GET: http://autodiscover.DOMAIN/autodiscover/autodiscover.xml (only to follow redirects, not to get settings)
d. DNS SRV lookup: _autodiscover._tcp.DOMAIN (only to follow the redirect the SRV record points to)
-If previous step fails, attempt local XML discovery and use XML found on the local machine if applicable.
The following Outlook 2007 registry parameters described in the Microsoft KB956297 - Outlook 2007 unexpectedly connects to an on-premise Exchange Server 2007 server mailbox instead of an Exchange Online server mailbox - http://support.microsoft.com/kb/956297 can be configured following these steps:
1. Install Microsoft Office Outlook 2007 Service Pack 1 (SP1).
2. Install the hotfix that is described in the following Microsoft Knowledge Base article 948716: Description of the Outlook 2007 hotfix package: February 7, 2008 - http://support.microsoft.com/kb/948716.
3. Modify the following parameters in the registry depending on which step introduces target Autodiscover URL: one of the ExcludeHttpRedirect,ExcludeHttpsAutoDiscoverDomain, ExcludeHttpsRootDomain, ExcludeScpLookup DWORD parameters need to be set to the value 1 under HKEY_CURRENT_USER\Software\MicrosoftOffice\12. 0\Outlook\AutoDiscover
For example: Source accounts Primary SMTP domain is @companyA.com and the target Exchange namespace is @companyB.com. Outlook 2007 Autodiscover will then only be able to pick @companyB.com target domain namespace from SCP object in the target AD and then connect to https://autodiscover.companyB.com first before ever reaching https://autodiscover.companyA.com since SCP is tried first. Therefore setting ExcludeScpLookup=1 is going to either direct Outlook 2007 to the proper source domain AutodiscoverURL (if source is running Exchange 2007) or just work with no Autodiscover URL (if source is running Exchange pre-2007).
Important: It was determined during testing that DisableAutoStartup and ZeroConfigExchange registry parameters from HKCU\Software\Microsoft\Office\12.0\Outlook\AutoDiscover HAVE NO AFFECT on the current issue. They are simply changing Outlook behavior with regards to the new MAPI profile configuration when the Add new E-mail Account wizard comes up. If a MAPI profile is already configured Autodiscover cross-forest mailbox move logic is utilized which is based purely on an XML it receives via the AutoDiscover process.
1. Close Outlook 2007
2. Open regedit
3. Open HKCU\Software\Microsoft\Office12.0\Outlook\Autodiscover
4. Add a new DWORD: PreferLocalXML = 1
5. Add a new REG_SZ: Right-part of SMTP address for you source mail for example source.domain.com = path of a new file (XML) that you are going to create for example C:/Program Files (x86)/Microsoft Office/Office12/Outlook/AutoDiscover/source.domain.com.XML
6. Add a new REG_SZ: Right-part of SMTP address for you target mail for example target.domain.com = path of a new file (XML) that you are going to create for example C:/Program Files (x86)/Microsoft Office/Office12/Outlook/AutoDiscover/target.domain.com.XML
7. Create C:/Program Files (x86)/Microsoft Office/Office12/Outlook/AutoDiscover/source.domain.com.XML file.
8. Create C:/Program Files (x86)/Microsoft Office/Office12/Outlook/AutoDiscover/target.domain.com.XML file.
An example of XML file is attached to the article.
Note that, for Outlook 2010, EWS and ECP URLs have been added to the template. Without these, the meeting room finder and some other Outlook functionality will not work. Instead of using static URLs, a redirector (RedirectUrl) can be used in the autodiscover.xml file. This approach can deliver better results but is more complex to configure.
It was also reported by the field engineers that the following registry modifications (from withdrawn article http://support.microsoft.com/kb/956297 ) with all the values listed set to 1 resolves this issue:
The following procedure has been used by some of the MS and Quest consultants:
General idea of this approach is - the Exchange cmd-let “Export-AutodiscoverConfig” is available to export the autodiscover settings from an Exchange organization to a different forest, e.g. user forest. Via the following Exchange Management commands the settings from the target Exchange forest will be exported to the source forest.
Export-AutoDiscoverConfig -TargetForestDomainController DomainController -MultipleExchangeDeployments $true -TargetForestCredential $targetcredentials
Note: When you export the target Autodiscovery settings to the source the old source settings will not be overwritten, so users who are not in the “migrated” group will still have access to a valid source SCP. The new, imported Autodiscover SCP is closer to the root level in the configuration partition, that means it is found first by Outlook when you have the permissions to read it. If you don't have permissions, you will not be able to read it and you fall back to the standard Autodiscover SCP deeper in the services tree.
The following method has also been used by consultants for controlling AutoDiscover with the use of GPO: http://support.microsoft.com/kb/2612922
1. In order to determine if Autodiscover URL resolves properly please hold Ctrl and then right click on the Outlook Icon and select Test E-mail AutoConfiguration .... Uncheck Use Guessmart and Secure Guessmart Authentication as they have not much value in the corporate domain environment and then click Test. The resulted screen will show what settings have been discovered by Outlook 2007. Log and XML TABs will contain the discovery steps and XML for the mailbox configuration if any.
2. Additional logging can be enabled in Outlook 2007 as follows: Tools | Options | Other | Advanced Options...| Enable logging (troubleshooting). When performing Autodiscovery as described in #1 the log is created under %temp% directory.