Messages & Contacts Not Visible in Entourage 2008/Exchange 2003

[automandc]

[Cross posting from
http://www.microsoft.com/communitie...44-aaed-dbade8c1e693&cat=&lang=&cr=&sloc=&p=1 by recommendation]

I am having the same problem described here:
http://www.microsoft.com/communitie...d45-69995e294362&lang=en&cr=us&sloc=en-us&p=1]

Entourage seems to perform correctly in all instances, except that messages
and contact items are not visible in Entourage. Here is my original message
from .office.mac.entourage:

I am connecting Entourage 2008 to my corporate Exchange server (Exchange 2003
which I am told is up to date on patches). Entourage connects to the server,
and appears to sync. However, the message and contact folders remain empty
(even though the "folder size" reflects the correct size of the folders).

I can see my calendar entries in Entourage. I can also view and edit folder
permissions from Entourage and see those changes in Outlook. I can send and
post messages from Entourage. However, if I post to a folder in Entourage
and then open that post in Outlook 2003, the post is no longer visible after
I re-sync Entourage. Sent messages appear in Outlook, but not in Entourage.

The View->"Unread Only" and "Flagged Only" are NOT checked.

The only error I see in the Mac Console is the "Warning: accessing obsolete
x509Anchors" message. i have imported the SSL certificate used by our OWA
server and added that per other instructions on the web, but that doesn't
help. I do not believe this is an SSL problem, however, since I can edit
permissions and do other actions that require me to be authenticated.

I am connecting to Exchange from inside the firewall, and have set the
server to my direct mail server (not the OWA front end). I have connected
using both Kerberos and simple authentication. It appears that SSL is not
enabled as I can connect internally via HTTP using firefox (to
"http://mailserver.domain.com/exchange/mymailbox/Inbox). When I connect
using a browser to that URL, it asks me to authenticate twice, but I am not
sure that is significant.

I have tried clearing the cache from the Entourage side numerous times.
Each time it successfully rebuilds the folder tree from Exchange, but
continues to not display any messages or contacts from within the folder.

 

[William Smith]

Entourage seems to perform correctly in all instances, except that messages
and contact items are not visible in Entourage. Here is my original message
from .office.mac.entourage:

You've done an excellent job troubleshooting and describing your
problem! I can tell you done your research.

I am connecting Entourage 2008 to my corporate Exchange server (Exchange 2003
which I am told is up to date on patches). Entourage connects to the server,
and appears to sync. However, the message and contact folders remain empty
(even though the "folder size" reflects the correct size of the folders).

I can see my calendar entries in Entourage. I can also view and edit folder
permissions from Entourage and see those changes in Outlook. I can send and
post messages from Entourage. However, if I post to a folder in Entourage
and then open that post in Outlook 2003, the post is no longer visible after
I re-sync Entourage. Sent messages appear in Outlook, but not in Entourage.

The View->"Unread Only" and "Flagged Only" are NOT checked.

The only error I see in the Mac Console is the "Warning: accessing obsolete
x509Anchors" message. i have imported the SSL certificate used by our OWA
server and added that per other instructions on the web, but that doesn't
help. I do not believe this is an SSL problem, however, since I can edit
permissions and do other actions that require me to be authenticated.

You're right that this is probably not SSL. If it were then you'd be
getting certificate warnings from within Entourage.

I am connecting to Exchange from inside the firewall, and have set the
server to my direct mail server (not the OWA front end). I have connected
using both Kerberos and simple authentication. It appears that SSL is not
enabled as I can connect internally via HTTP using firefox (to
"http://mailserver.domain.com/exchange/mymailbox/Inbox). When I connect
using a browser to that URL, it asks me to authenticate twice, but I am not
sure that is significant.

You should only be authenticating once (just to the server). Each time
you authenticate you should see the name of the server just above the
name/password fields. What do these say?

What are you using for your Exchange Server address? It should just be
"mailserver.domain.com". Internally, you should need to enable SSL.

I have tried clearing the cache from the Entourage side numerous times.
Each time it successfully rebuilds the folder tree from Exchange, but
continues to not display any messages or contacts from within the folder.

Have you also tested 1.) In a new Entourage identity, 2.) Under a
different Mac OS X account, and 3.) On a different computer?

If this happens on multiple computers then I'd suggest something is
wrong with your account on the server. Exactly what, I'm not sure yet.

--

bill

William M. Smith, Microsoft Interop MVP - Mac/Windows
Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>

 

[automandc]

automandc wrote:

You've done an excellent job troubleshooting and describing your
problem! I can tell you done your research.

Thanks, I have certainly beaten my head against this enough.

You're right that this is probably not SSL. If it were then you'd be
getting certificate warnings from within Entourage.

It doesn't look like SSL is activated on the server when connecting from
within the firewall. When using OWA from outside the firewall, it is
required.

You should only be authenticating once (just to the server). Each time
you authenticate you should see the name of the server just above the
name/password fields. What do these say?

The first time it wants the password to access the unqualified server
("MAILSRV02E"), the second time it asks for the password for the fully
qualified server ("MAILSRV02E.company.com")

What are you using for your Exchange Server address? It should just be
"mailserver.domain.com". Internally, you should need to enable SSL.

I have tried: MAILSRV02E, MAILSRV02E.company.com,
owa.companyoutsidewebdomain.com

As far as I can tell, all of these work, although the first two do not
require SSL. However, I can connect to the first two and use Kerberos or
simple auth, while connecting via the OWA server requires simple auth (no
kerberos).

Have you also tested 1.) In a new Entourage identity, 2.) Under a
different Mac OS X account, and 3.) On a different computer?

I tried a new identity (no joy), new user account (nope), reinstalled Office
and tried preupdate (no) and post update (still no).

Since I am pretty much a lone mac user in an all windows shop, trying from
another computer may not be possible. I will investigate.

If this happens on multiple computers then I'd suggest something is
wrong with your account on the server. Exactly what, I'm not sure yet.

I am a rogue power user daring to use a Mac in an all windows corp (it's a
law firm). My IT folks know what I am doing, and are intrigued, but are
unlikely to go very far out of their way to help. However, if I can
specifically identify what the server is or is not doing, I may be able to
convince them to correct the problem.

Thanks again for responding,

 

[William Smith]

The first time it wants the password to access the unqualified server
("MAILSRV02E"), the second time it asks for the password for the fully
qualified server ("MAILSRV02E.company.com")

I've seen this behavior before with our SharePoint server where I work.
For some reason my admins could never understand why I thought it was a
problem that I should be authenticating to the server name and then the
server's FQDN. Windows users never see this happening but it's still
happening.

In our case, though, I was having to authenticate to our proxy server in
between the two server authentications. Regardless, this leads me to
believe that some DNS problems are getting in the way. Possibly
something like reverse lookup isn't working.

This is a wild goose chase but worth checking. If you ping the server by
name then you'll get its IP. Use the Network Utility to lookup the name
of the server by its IP. Do forward and reverse lookups agree?

I have tried: MAILSRV02E, MAILSRV02E.company.com,
owa.companyoutsidewebdomain.com

Internally, you want to use the FQDN of your back-end Exchange Server,
so stick with MAILSRV02E.company.com.

As far as I can tell, all of these work, although the first two do not
require SSL. However, I can connect to the first two and use Kerberos or
simple auth, while connecting via the OWA server requires simple auth (no
kerberos).

I think I mistyped earlier. Internally, you do *not* usually need to
enable SSL. Also, for now, stick with basic authentication and leave
Kerberos out of the mix.

If your domain account possibly in a different domain from your server?
Do you possibly have more than one account (the same name in multiple
domains)?

I tried a new identity (no joy), new user account (nope), reinstalled Office
and tried preupdate (no) and post update (still no).

I'm fairly certain this is a server configuration problem or network
problem. Do you possibly have a proxy server that you've entered on your
Mac? If so, I'm going to guess that it doesn't require authentication to
let you to the Internet. Put the FQDN of your server in your proxy
bypass settings and see if that makes a difference. Again, just grasping
at straws.

Since I am pretty much a lone mac user in an all windows shop, trying from
another computer may not be possible. I will investigate.


I am a rogue power user daring to use a Mac in an all windows corp (it's a
law firm). My IT folks know what I am doing, and are intrigued, but are
unlikely to go very far out of their way to help. However, if I can
specifically identify what the server is or is not doing, I may be able to
convince them to correct the problem.

Be sure to post the behavior you're seeing in one of the Exchange Server
groups. I bet a seasoned Exchange admin might understand what's happening.

--

bill

William M. Smith, Microsoft Interop MVP - Mac/Windows
Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>

 

[automandc]

:

I've seen this behavior before with our SharePoint server where I work.
For some reason my admins could never understand why I thought it was a
problem that I should be authenticating to the server name and then the
server's FQDN. Windows users never see this happening but it's still
happening.

In our case, though, I was having to authenticate to our proxy server in
between the two server authentications. Regardless, this leads me to
believe that some DNS problems are getting in the way. Possibly
something like reverse lookup isn't working.

This is a wild goose chase but worth checking. If you ping the server by
name then you'll get its IP. Use the Network Utility to lookup the name
of the server by its IP. Do forward and reverse lookups agree?

We have a proxy server on the network at work. I will try what you suggest
and see what happens. I tried setting up a new account in Entourage to
connect via OWA from outside the network (this time with SSL enabled) -- same
results, calendar syncs, but messages & contacts not visible. Since I am
going over the web and not inside the firewall, it makes me think the proxy
is not the problem.

I think I mistyped earlier. Internally, you do *not* usually need to
enable SSL. Also, for now, stick with basic authentication and leave
Kerberos out of the mix.

If your domain account possibly in a different domain from your server?
Do you possibly have more than one account (the same name in multiple
domains)?

Yes, this is something that has been bothering me. When I login to windows,
I use the domain XYDOMAIN (XY being the initials of our company), but
Entourage will only work if I use the company's FQDN (COMPANY.COM) as my
"realm" or domain. I do not know enough about active directory to understand
what is going on here. I have messed around with the Directory Utility.app
without a great deal of illumination or success. My machine is not bound to
the local domain (at least not on the Mac OS side, my Parallels image is),
because I don't have a net admin pass that will allow me to bind.

I'm fairly certain this is a server configuration problem or network
problem. Do you possibly have a proxy server that you've entered on your
Mac? If so, I'm going to guess that it doesn't require authentication to
let you to the Internet. Put the FQDN of your server in your proxy
bypass settings and see if that makes a difference. Again, just grasping
at straws.

I was leaning towards an Active Directory issue, but the fact that it also
doesn't work through OWA, and that I can do some things that require security
(i.e., set folder permissions, view calendar), but not others leads me away
from an authentication problem.

My next best suspicion is that there is a problem with WebDAV related to the
information described in this KB:
http://support.microsoft.com/default.aspx?scid=kb;en-us;823175
but I confess to not really understanding that article too well. Is it
possible that a necessary "verb" is not available on my exchange server? If
so, is there a way I troubleshoot the problem from a user role (since I don't
have access to the server)?

Be sure to post the behavior you're seeing in one of the Exchange Server
groups. I bet a seasoned Exchange admin might understand what's happening.

I will cross post to the exchange group on this as well.

Thanks
Tobias

 

[automandc]

automandc wrote:


This is a wild goose chase but worth checking. If you ping the server by
name then you'll get its IP. Use the Network Utility to lookup the name
of the server by its IP. Do forward and reverse lookups agree?

I tried this, and confirmed that the forward and reverse both work.

I learned just enough about tcpdump to poke around. I notice a number of
instances where the Server reports HTTP/1.1.500 Internal Server Error and
closes the connection, but I don't see any consistency as to when or why.
Using only simple authorization I also saw a number of instances of "Access
denied" that don't happen with Kerberos. However, neither problem is
ubiquitous.

In the packet dump I can see the subject lines of each individual email
message coming through. I also cracked the DB file with a hex editor, and I
can find the email subjects in there too, even though the full messages
aren't there. The server is apparently telling entourage what messages
exist, but is not downloading them.

I am pretty frustrated, but if you have any additional thoughts I'd love to
hear them!

Thanks