Exchange Connections and Proxy Servers

I had come across a client whereby they were running the following:

    • Backend Exchange 2010 with the latest CU
    • Clients has Outlook 2016 with the latest updates
    • IPAD with Outlook client

Issue:

The PA had been given rights to the managements calendar only with owner permissions. Once the permissions were granted, Outlook was still not able to pick up the change in permissions. The client had restarted Outlook as well as the PC.

Troubleshooting steps:

We had logged onto the system to investigate. We looked at the permissions on the mailbox.

We then checked the permissions on the back-end servers. You can run the following commands:

Get-mailboxfolderpermission User@domain:\calendar

This then displayed all the permissions to calendar. We could see that the account had replicated on the server side.

We then elected test Outlook Web Access. By logged onto Outlook Web access and performing this test. The conclusion will advise us if the issue is on the server side or the local Outlook. After performing the test successfully with the new permissions, we now know that the issue is a local Outlook issue.

How does Outlook updates it’s permission? It uses the Autodiscover DNS Record. So we then ping the record from the system and confirm it is pointing correctly. We then checked the registry to confirm no amendments was made. The client then advised us they have a proxy onsite. We then disabled the proxy under the internet options > Connections > Proxy. After disabling the settings, we closed Outlook and re-open. Then we tested the permissions and confirmed working on the Outlook.

Therefore, the proxy server caches in the information to speed up browsing. However, it may have cached in the Autodiscover URL and hence the machine would check it is available but never connect directly to the server to actually confirm and changes.

Conclusion:

Having a proxy is great. But knowing this information, it could cause issues with Autodiscover relaying to the server and coming back with updated information vs cached information. My recommendation, have the proxy but also from time to time perhaps allow direct connections and add the proxy back. If you have large number of users, you may want to check how the proxy is configured, run some tests prior to deploying.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.