Exchange 2010 GAL issue with Outlook Clients - OWA works fine. RRS feed

  • Question

  • My Website panel install is working with Exchange 2010.  If I add an organization, the mail users of that organization can see the Default GAL (Everyone on the Exchange Server) in outlook.  In OWA, they see the proper GAL for their organization. 


    I have applied the two reccomended fixes, but to no avail.



    Friday, September 17, 2010 11:20 AM


All replies

  • Should I call the Microsoft Paid for support or is this tied up in the Exchange sp1 changes?  I have not applied sp1 yet.


    I am not sure if I should wait until website panel addresses SP1 or try and fix it now.



    Friday, September 17, 2010 12:16 PM
  • I am also having this issue.

    My OWA users show the correct GAL (only the hosted organizations) but when they connect with Outlook they can see all the hosted organizations!

    Does anyone have a fix for this?

    Wednesday, September 22, 2010 1:34 AM
  • Please make sure that you made all pre-deployment tasks as described here: http://help.dotnetpanel.com/DotNetPanel%20Hosted%20Exchange%20Solution/DNP%20Hosted%20Exchange%20Solution%20Pre-Deployment%20Tasks.aspx. We have updated this article to make it more clear that you have to set the ACLs on the parent and listed child containers. 

    Inesa Fain - MSFT
    • Proposed as answer by Inesa Fain Wednesday, September 22, 2010 7:53 PM
    • Unproposed as answer by Inesa Fain Friday, December 3, 2010 12:56 AM
    Wednesday, September 22, 2010 7:52 PM
  • I applied SP1 and reaplied and checked all the docs including the one above.  The removed the OUTLOOK client users from seeing all the GALs for other customers, but now they don't get a default GAL.  They can search for users, but it doesn't show any users until you search.  I am guessing this is an OAB issue?



    Thursday, September 23, 2010 2:15 PM
  • Hi,

    Sorry for the short answer.


    As I remember, you can reset permissions to default settings and set according to DNP/WSP documentation (from the scratch).


    Please carefully with ADSI! Before please prepare required backups.


    Please try to investigate / resolve all windows errors/warnings / Use Exchange Management Shell (investigate in details WSP/Exchange related items, their configuration) / Exchange Management Console as well.


    Best regards, Dmitry Fitsner Support@ExpertServices.us | WebsitePanel Installations, Support & Consulting | Enterprise Solutions Planning & Deployment & Support
    Friday, September 24, 2010 4:37 AM
  • Guys I applied SP1 to my exchange system last night and I am now experiencing the same issue with the GAL that Brant Hale discribes in his last post (users see no users in the GAL). Everything was working fine until SP1 installation. This is a critical issue for me at this point since many users are complaining they have no GAL. This seems to be SP1 Related.
    Monday, October 11, 2010 2:09 PM
  • Anyone can help with this? I have been on with MS Support  have an open ticket with WSP Team. I need help been down for two days now. I am expreiencing the same issue as described by Brant.
    Tuesday, October 12, 2010 1:15 PM
  • Omar,

    Could you please send us your e-mail address to info@websitepanel.net to work on this issue?

    Feodor Fitsner
    Tuesday, October 12, 2010 7:25 PM
  • Almost the same issue here. Could really need a solution for this. Our new hosted customer does not have a unique GAL at the moment. In my case, the customer does se one other GAL, but not all of them. If i put deny rights on that particular GAL, they just dont have any.
    I hope there is some clever minds with a solution!

    OWA works fine.
    Have not installed SP1 yet ...
    The answer from Inesa Fain, have not made any difference after applying the new rights on the other GAL's.
    • Edited by ITPartner Tuesday, October 12, 2010 9:50 PM More text
    Tuesday, October 12, 2010 9:44 PM
  • Feodor me and Charles in support have identified this issue:


    We can reproduce it. Seems like when the msExchQueryBaseDN with any value it fails to display list and all other symptoms are expierienced (including the ability to search)

    During testing we created a new organization and experienced this:


    I can create all users after the first user no issue.


    Tuesday, October 12, 2010 11:03 PM
  • Feodor - Got more information.

    In order to get the GAL to at least be searchable you need to remove all the address book segregation permissions that are applied during deployment on address book folders. When you do this and leave the msExchQueryBaseDN set the result is that the GAL is empty but the user can see only his stuff and his contacts. The GAL remains searchable (which is good) so as a work around I have asked my users to search for GAL contacts instead of depending on the list for now (cripled but operational). On the second item I described above above creating first user in organization it works fine when all the security on the Address Books is lifted.

    From what I can tell the issue here is that exchange requires some other type of permission now on the Address Lists (rather than what you have perscribed to use) since it works fine (minus the Empty GAL) when security is default. Maybe the CAS server is now using some other sort of permission to access the address book? It is the only explaination. I think what occurs is that when the restrictions are set the user itself is not having enough rights to display the list, but this also makes no sense as when the permissions are opened and MsExchQueryBASEDN is set the user can not list the GAL either (but the can is you clear msExchQueryBaseDN with no other change).

    I am waiting for a call from Charles in support this morning we are going to work with an exchange team at his location but from the looks of it MS changed the functionality of this in SP1 in a big way that breaks ALL control panels not just WebsitePanel. I have also had conversations with others (a support person at hosting controller) that confirms he has 3 SP1 servers with the same issue, anything pre-sp1 works fine.

    Omar Armenteros Virtuworks
    Wednesday, October 13, 2010 1:41 PM
    • Marked as answer by Inesa Fain Friday, December 3, 2010 12:56 AM
    Saturday, October 16, 2010 2:12 PM
  • Hi Omar,

     i trying to apply your setting in a newly created environment, with the following

    • Windows 2008 R2
    • Exchange 2010 SP1 Without Hosting Switch
    • WebsitePanel 1.2.0

    i tried following your guidance http://www.waronerrors.com/kb/global-address-list-is-empty-after-exchange-2010-sp1-installation-when-configured-for-address-list-segregation.aspx

    Ignored the Hosted Exchange Solution Pre-Deployment Tasks http://www.websitepanel.net/exchange-2007-2010-module/hosted-exchange-solution-pre-deployment-tasks as per your guidance and followed exactly your guidance

    but, it ends up that users can see Default Global Address list, is there something cahnged with Websitepanel 1.2.0?

    and i noticed in your guidance that you give authenticated users List Contents, Read all Properties and read permissions same as WebsitePanel gives to the Customer Organization Group on the Customer Address lists, which leads to exchange to choose the largest Global Address list which is the Default address list

    Appreciate quidance if there is something changed in Websitepanel 1.2.0, or i am missing something



    Tuesday, November 1, 2011 11:22 PM
  • No nothing has changed in 1.2.0. You might want to check the setting of the user for the msbasequery when it still has a value it will do this. You can check the value with ADSI Edit.
    Omar Armenteros Virtuworks
    Wednesday, November 2, 2011 1:02 PM
  • i used the following to make sure MSEXCHQUERYBASEDN is not set


    <add key=”WebsitePanel.Exchange.ClearQueryBaseDN” value=”true” />



    and i double checked the MSEXCHQUERYBASEDN  value, and it is clear.


    May be, i will give it another try but i need to make sure of the following steps:


    1-Ignored the Hosted Exchange Solution Pre-Deployment Tasks http://www.websitepanel.net/exchange-2007-2010-module/hosted-exchange-solution-pre-deployment-tasks

    2- follow your guidance http://www.waronerrors.com/kb/global-address-list-is-empty-after-exchange-2010-sp1-installation-when-configured-for-address-list-segregation.aspx


    by then Users won't see the Default GAL and will see only there OWN GAL, OAB and Mailtips will work just fine




    Wednesday, November 2, 2011 2:23 PM
  • i followed the guidancehttp://www.waronerrors.com/kb/global-address-list-is-empty-after-exchange-2010-sp1-installation-when-configured-for-address-list-segregation.aspx

    i think the settings that is missing is

    . A <not inherited> rule existing on "All Global Address Lists, Offline Address Lists" needs to be changed from "List Contents" to "List Object"


    without both of those setting i users are able to see global address list

    Can anybody confirmed



    Saturday, November 5, 2011 12:17 AM
  • Hello Dwidar,


    You shouldn't follow Omar's guidance in case your environment is fresh. It's for those who upgraded from 2010 to 2010 SP1.

    You need to follow websitepanel documentation http://websitepanel.net/exchange-2007-2010-module/hosted-exchange-solution-pre-deployment-tasks

    support@amd-telecom.net | WebsitePanel Installations, Support & Consulting | Enterprise Solutions Planning & Deployment & Support.
    Thursday, November 10, 2011 4:22 AM
  • Hi Denis,

    Should i use


    <add key=”WebsitePanel.Exchange.ClearQueryBaseDN” value=”true” />


    in the Websitepanel server configuration or not?

    I tried a fresh installation with Exchange 2010 Sp1 Rollup 5, websitepanel 1.2, wiht the following

    Results was:

    • MSEXCHQUERYBASEDN set for users.
    • Users Only Sees their GAL, not the Default Global Address list (Required Behavior)
    • No Other Lists visible in OWA, didn;t check Outlook though

    so,, i my confused, which configiration should i follow, apprecaite your guidance

    please, illustrate should i set MSEXCHQUERYBASEDN   or not





    Thursday, November 10, 2011 11:47 PM
  • Hello Dwidar,


    please read this for better understanding: http://social.msdn.microsoft.com/Forums/en-US/wspentsupport/thread/f4db8636-a3a3-4c1c-93dd-82390f9d1d8f


    and you definitely should follow http://websitepanel.net/exchange-2007-2010-module/hosted-exchange-solution-pre-deployment-tasks

    at the very beginning.

    support@amd-telecom.net | WebsitePanel Installations, Support & Consulting | Enterprise Solutions Planning & Deployment & Support.
    Friday, November 11, 2011 9:15 AM
  • Hi Denis,

    Okay, i will follow the

    http://websitepanel.net/exchange-2007-2010-module/hosted-exchange-solution-pre-deployment-tasks. from the begining.

    Should i use


    <add key=”WebsitePanel.Exchange.ClearQueryBaseDN” value=”true” />


      or not




    Saturday, November 12, 2011 3:29 PM
  • Hello Dwidar,


    Yes, you should. I recommend you to add it on each WSP Server installed on Exchange.

    support@amd-telecom.net | WebsitePanel Installations, Support & Consulting | Enterprise Solutions Planning & Deployment & Support.
    Monday, November 14, 2011 8:58 AM