How to suppress the AutoDiscover redirect warning in Outlook 2007/2010/2013

After setting up the SRV record for Autodiscover service, launching Outlook 2010 or Outlook 2013, users may get the following warning.

Allow this website to configure user@domain server settings?

http://<autodiscover url>

Your account was redirected to this website for settings.
You should only allow settings from sources you know and trust.

To solve this problem, an administrator needs to add a registry setting for users.

I will use Group Policy Preferences to deploy the registry setting for users.

1. At DC01, log in as Domain Administrator.

2. Launch "Group Policy Management Console".

3. Right-click the GPO which is assigned to the users using Outlook 2010,  select "Edit".

4. Expand "User Configuration > Preferences > Windows Settings > Registry".

5. Right-click "Registry", select "New > Registry Item".

6. Next to "Action", select "Update".

7. Next to "Hive", select "HKEY_CURRENT_USER".

8. Next to "Key Path", type "Software\Microsoft\Office\14.0\Outlook\Autodiscover\RedirectServers".

9. Next to "Value name", type "<HTTPS server to which Autodiscover can be redirected>".

Remark: The Key path is 14.0 for Outlook 2010 and 15.0 for Outlook 2013.

Example:

imail.contoso.com

10. Next to "Value type", select "Reg_SZ".

11. Click "OK".

12. Close "Group Policy Management Editor" and "Group Policy Management Console".

After assigned the GPO, launching Outlook 2010, users don't get the warning.

Remark: If your environment is more than 1 Autodiscover record, you have to add each one.

Reference:

How to suppress the AutoDiscover redirect warning in Outlook 2010 and Outlook 2013

http://support.microsoft.com/kb/2480582

You cannot suppress the Autodiscover redirect warning in Outlook 2007

http://support.microsoft.com/kb/956528

This posting is provided "AS IS" with no warranties, and confers no rights!

Using KCC updates the manual connection object

By default, KCC doesn't manage the manual connection objects which were create by an administrator.

I read the post "You Are Not Smarter Than The KCC" which talked about the advantage of using KCC generating connection object and how to the manual connection object.

I will show you the step to update the manual connection object by KCC.

1. At a domain controller, log in as Domain Administrator.

2. Launch "ADSI Edit".

3. Right-click "ADSI Edit", select "Connect to".

4. Select "Select a well known Naming Context > Configuration".

5. Click "OK".

6. Expand "Configuration > CN=Configuration,DC=<Domain>,DC=COM > CN=Sites > CN=<Site Name> > CN=Servers > CN=<Server Name> > CN=NTDS Settings".

7. At right pane, right-click the manual connection object, select "Properties".

8. Next to "options", click "Edit".

9. Type "1", click "OK".

10. Click "OK".

11. Close "ADSI Edit".

12. Either wait 15 minutes or run "repadmin /kcc" to update the result.

This posting is provided “AS IS” with no warranties, and confers no rights!

Exchange 2007 Unknown error (0x80005000)

When you click "Server Configuration" in the Exchange Management Console from a Hub-Transport server on Exchange 2007, you will get the following errors:

The following error(s) were reported while loading topology information:

Get-ActiveSyncVirtualDirectory

Failed

Error:

An error occurred while trying to access IIS (Internet Information Service) metabase. Make sure the Internet Information Service Manager component is installed and configured properly.

Unknown error (0x80005000)

Get-OabVirtualDirectory

Failed

Error:

An error occurred while trying to access IIS (Internet Information Service) metabase. Make sure the Internet Information Service Manager component is installed and configured properly.

Unknown error (0x80005000)

Get-OWAVirtualDirectory

Failed

Error:

An error occurred while trying to access IIS (Internet Information Service) metabase. Make sure the Internet Information Service Manager component is installed and configured properly.

Unknown error (0x80005000)

Because the Hub-Transport server wasn't installed the IIS management binaries.

To solve this problem, you have to install the following IIS components in the Hub Transport server.

ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Digest-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression

Reference:

http://support.microsoft.com/kb/2428673

This posting is provided “AS IS” with no warranties, and confers no rights!

Repadmin /replsum (8606) Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

In my production environment, when I perform "repadmin /replsum", I get the following error from one of my domain controller.

(8606) Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

Remark: This is the example of my production domain controllers.

Then, I perform "repadmin /showrepl".

There is a problem of ForestDnsZones in CONDC01.

I checked the Event log of Directory Services. I found there are a lot of event logs which are Event ID 1988 in CONDC02.

By default, Windows Server 2003 SP1 or later which is a domain controller is enabled "Strict Replication" to prevent to replicate the lingering objects.

For more information about "Strict Replication", please read the following web sites.

Enable Strict Replication Consistency (Windows Server 2008 or Windows Server 2008 R2)

http://technet.microsoft.com/en-us/library/cc816938(WS.10).aspx

Enable Strict replication consistency (Windows Server 2003)

http://technet.microsoft.com/en-us/library/cc784245(WS.10).aspx

Then, I followed the KB2028495 to try to fix the problem of the DC, CONDC01.

According to KB2028495, there are some Lingering objects in the Forest DNS Zones of CONDC01.

For more information about "Lingering objects", please read the following web sites.

Information about lingering objects in a Windows Server Active Directory forest

http://support.microsoft.com/kb/910205/en-us

Lingering Objects

http://blogs.dirteam.com/blogs/jorge/archive/2006/05/08/Lingering-objects.aspx

Then, I perform "repadmin /removelingeringobjects CONDC01 1fcb48fb-c7f7-4281-9fcc-10987772ae9a  DC=ForestDnsZones, DC=CORP,DC=CONTOSO,DC=COM /advisory_ mode" in CONDC02 to detect the lingering objects in CONDC01.

Example: "repadmin /removelingeringobjects <Bad DC> <GUID of DC with correct data> <Naming Context of the lingering objects partition> /advisory_mode

Remark: "1fcb48fb-c7f7-4281-9fcc-10987772ae9a" is the GUID of CONDC02.

There are a lot of Event log of Directory Services in CONDC01. The Event ID is 1946.

It means the lingering object is detected.

When the detection finished, there is an event log with the Event ID 1942 in Directory Services.

Back to CONDC02, I perform "repadmin /removelingeringobjects CONDC01 1fcb48fb-c7f7-4281-9fcc-10987772ae9a DC=ForestDnsZones, DC=CORP,DC=CONTOSO,DC=COM" to delete the lingering objects in CONDC01.

Back to CONDC01, there are a lot of Event log of Directory Services. The Event ID is 1945.

When all the lingering objects were deleted, there is an event log with the Event ID 1939 in Directory Services.

After all lingering objects were deleted, the AD replication resumed normal in my production environment.

Reference:

Clean that Active Directory forest of lingering objects

http://blogs.technet.com/b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx

Lingering objects

http://blogs.dirteam.com/blogs/jorge/archive/2006/05/08/Lingering-objects.aspx

This posting is provided “AS IS” with no warranties, and confers no rights!