During an email migration I came across this unusual issue and I thought it was worth sharing.
A bunch of Mac user’s emails were migrated from one Exchange 2010 organization into another, where for the purposes of this post the only difference is that the CAS servers in the new organization are load balanced via a Netscaler.
While reconfiguring Outlook it was discovered that some profiles were failing to connect. Further investigation revealed the following.
- Outlook 2011 was giving a ‘Logon failure’ error (see below)
- OWA in Safari was giving a ‘session timeout’ error (see below)
- OWA was working fine in Firefox and Chrome
- The issue was not with the local user profile on the Mac
- The issue was not with the Exchange account
- The issue was machine related (ie. didn’t follow the user)
For whatever reason, one of these machines was taken off the LAN and tested from a 3G connection. Lo and behold, Outlook connected and once moved back onto the LAN everything continued to work fine. This process was repeated on another couple of machines where it also fixed the problem. But without knowing what actually solved the issue, when the above procedure failed to fix the problem on another device, we were back to square one.
Can you guess what the problem was yet? While writing this it seems so obvious but things like Firefox/Chrome working in OWA were throwing me off at the time.
Due to the connection going via a Netscaler and Cookie Insert configured as the persistence method, someone suggested to check the time on one of the Mac’s experiencing the issue. I remember the time being about 2min out. After pointing this device to a local DC for NTP, Outlook and Safari both started working.
Outbound NTP on this network was blocked so obviously when connected to a 3G network the time synchronized and everything started working. On the devices where the 3G ‘fix’ didn’t work it must not have been connected for long enough or the 3G connection was too weak.
What I still don’t understand is why Firefox and Chrome worked the whole time but there you have it. Hope someone finds this useful or at least learns the lesson of why NTP should always be configured properly 🙂