Action Cannot Be Completed. Name Cannot Be Resolved.
Every week we get at least 5-10 support tickets created by partners who receive the error “Action cannot be completed. Name cannot be resolved.” A lot of the times partners may be setting up an additional mailbox for a user, but sometimes it can happen when resetting up the users profile. In this blog I hope to provide some insight on why this occurs.
First and foremost, if you do not receive a credential window prompt then you either have a credential conflict or an invalid outlook configuration. I would like to make it very clear…you should always, always see the credential window.
When you hit “Check Name”, Outlook does a user lookup to resolve the input username to a mailbox. Outlook will first attempt to use the users local credentials to authenticate, then any cached credentials (Windows Credential Manager), finally, if no credential entries authenticate then Outlook will prompt the user for credentials.
If a user does not receive the credential prompt and receives the error “Action cannot be completed” a quick fix is to go to More Settings, Security, and then enable the checkbox to “Always prompt for logon credentials.”
When user’s select “Remember my credentials” Outlook then creates a cached credential for windows in the credential manager
Normally, this works as expected.. the next time Outlook launches it will try the cached credential which would authenticate.
But imagine if you were trying to add a second mailbox to the users profile (Let’s say the CEO has two mailboxes for ‘two different companies’) .. how is Outlook to know that the cached credential for servertest@louie.exchangedefender.com on “cas.louie.exchangedefender.com” isn’t for the second mailbox (Let’s say servertest2@louie.exchangedefender.com)? The answer is..Outlook won’t be able to tell the difference.. The server will respond to Outlook with the message “Access denied” because the cached credentials for mailbox1 does not have permission to access mailbox2 (Think of it as trying to access mailbox2 via OWA, but using the credentials for mailbox1) and then receives the error “Action cannot be completed. Name cannot be resolved” when trying to resolve the mailbox name for mailbox2..the key point is that this failure will instantly occur and there will be no prompt for the user to provide credentials because the error “Access denied” mean “You have a valid account here, but it does not have access to this resource”.
Now let us imagine the inverse where a user gets prompted for credentials every time no matter how many times they select “Remember my credentials” or if they follow our help article “My Windows OS won’t hold the Outlook authentication info!” and manually add “*.exchangedefender.com” to the credential manager.. This is because Outlook is passing off a valid “Account” that has access to the resource (Mailbox), however, the credentials being passed off are incorrect. If Outlook tries to authenticate with invalid credentials the server will respond back with “Invalid credentials”..notice how this isn’t the same error as “Access Denied” which is why Outlook will then prompt the user for credentials. To solve this we tell users to delete all references to any exchangedefender servers in credential manager and then manually add the credentials (following the above blog post) and then adding *.exchangedefender.com to the “Local Intranet” zone in Internet Explorer. This should allow Outlook to trust our servers to hand off the credentials.
Finally, the last common scenario for the two failures (either no credential prompt or reoccurring credential prompts) is if the local users login name matches a username on the server. Remember, Outlook will first try the local logged on users credentials. Now imagine if my local login name was servertest@louie.exchangedefender.com… then any time I attempted to add an Outlook profile I would either instantly authenticate or I would always get the credential prompt. Can you guess why? Its because either the local users credentials (Either their local computer user name or an active directory account) match the servers credentials.
Active Directory:
· Username: servertest@louie.exchangedefender.com
· NT Username: servertest
· Password: 123456
Exchange:
· Username: servertest@louie.exchangedefender.com
· NT Username: servertest
· Password: abcdefg
In the above, the server would always prompt for login credentials because the credentials are mismatched. But let’s think back to our first example of adding the users second mailbox to their profile and imagine we had the same credential conflict as above, except the exchange user is servertest2… Outlook would again instantly fail because the local login credentials does match an exchange account, but does not have access to the resource (The second mailbox, servertest2).
In the case of opening multiple mailboxes in one profile the only way to get Outlook to not prompt for credentials for each mailbox is to grant full access permission from one user to another…so if you cached the credentials for one mailbox (ie., servertest) and then granted servertest full access credentials to servertest2 (second mailbox) then outlook wouldn’t receive the “Access Denied” error when trying to access servertest2 with the cached credentials of servertest.
Travis Sheldon
VP, Network Operations, ExchangeDefender
(877) 546-0316 x757
travis@ownwebnow.com
