Oh my god... it's a properly phrased technical question. Someone take a picture.
No quick answer is jumping out at me, but it sounds to me like possibly a problem with the GC in the local site. I hate to resort to a standard PSS troubleshooting technique... but have you tried rerunning domainprep yet? Also, just for gits and shiggles can you double and triple check that the network settings on all of the domain controllers are correct (including especially the subnet mask). And try using RPCPing between the GCs. Ok... so it's a short term suggestion while I look more. > -----Original Message----- > From: Andy Grafton [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 25, 2002 5:39 AM > To: Exchange Discussions > Subject: Exchange-related ?AD or IIS problem > > I have a problem which relates to some kind of Exchange/IIS/AD issues, and > I was wondering if anyone can help. Long post which might eliminate a > bunch of "have you tried this" questions or "its a security issue" > statements. > > The symptoms of the problem only appear when using OWA but I don't think > that OWA/Exchange itself is at fault : hence the Subject of this mail is > not "OWA Problems". > > Exchange 2000 SP2 running on 2000 server SP2. > Single domain model with multiple sites connected by a high bandwidth VPN > over the internet. Here I'll call the sites Oslo, Copenhagen and > Stockholm but there are more. > Two DCs per site also running as GCs. > Single Exchange server per site, with the exception of one site. > One site has a front end Exchange server which deals with OWA for the > whole company. > > I'll explain the evidence first. > > I log into the console of a DC, Exchange server or Workstation with ESM > installed in Oslo or Stockholm, as Enterprise Admin, and create a user > using the Users and Computers MMC. No problems at all - everything goes > as you'd expect. This no-problems situation occurs at every site except > one > > Now I log the console of a DC, Exchange server or Workstation with ESM > installed in Copenhagen, as Enterprise Admin, and perform the identical > procedure. Everything works just fine, *but* that user will not be able > to see OWA : gets a 404 not found [more about that in a moment]. Only > that error, no other problems in evidence with the user account. > > It matters not in which OU I create the user, or on which server I put > their mailbox. If I create them using a machine sited in Copenhagen, I > get the 404. I've even tried waiting a few days for the pesky > replication. > > About the 404 error from OWA: > > To work around any security issues with the front end server, I have ended > up directly browsing IIS on the servers where that mailbox is sited using > the usual link (say) \\cph-2kex01\exhange\mailbox.name > > When accessing OWA for the users whose profiles work OK (created from any > site other than Copenhagen), I get the anticipated password challenge. If > I put in their login details, I get to see their mailbox. > > When accessing OWA for the Users created using machines at the Copenhagen > site, I don't get the password challenge/authentication/login box or > anything else. Just an almost immediate 404 not found. > > This does not vary from Exchange server to Exchange server i.e. If I > create a user in Stockholm with a mailbox on the Stockholm mailserver from > Copenhagen I get the 404. If I create a User in Stockholm with a mailbox > on the Stockholm mailserver from Oslo then everything works just fine. > > I've tried shifting the mailboxes between servers and it doesn't fix the > problem. > > I've tried logging in with their fully qualified usernames, and making > sure that usernames/aliases/short names are varied wildly. > > I have checked that the affected Users have HTTP access enabled in the > advanced exchange properties of the U&C MMC, that they have the right > permissions etc. etc. just in case. I can find no apparent differences > between Users created on the Copenhagen site and those created elsewhere. > > Deleting the user account, recreating it from a "good" site and > reattaching the mailbox fixes the problem. > > I get the same errors when accessing info through the front end server. > Obviously I get the challenge/response to authenticate on the front end > server, but once authenticated it passes the details to the Exchnage > servers at the back end, and I get the same story. > > The AD domain has been in production operation for about a year. Exchange > 5.5 was in a legacy domain and brought into the AD domain about six months > ago. Users created before the introduction of Exchange to the AD domain > have no problems with OWA wherever they were created. All users created > from machines on the Copenhagen site after the introduction of Exchange > get the 404. > > We have only just noticed this now because up 'till now we haven't been > using OWA. > > My conclusions so far: > > * It is not a problem with the Exchange server(s) because the problem is > only evidenced by user creation undertaken on one site. If you create the > user at any other site, there are no problems with OWA at all. You get > the same reults whichever Exchaneg server you use for the mailbox. > > * It is probably not a problem with permissions/security because users > created with identical characteristics from other sites work just fine, > and you can fix the problem using this route. It shouldn't be finger > trouble for the same reasons. > > * It doesn't look like a problem with replication etc. on AD, as there are > no untoward errors in any of the AD logs, or reported using dcdiag/netdiag > type utilities. > > > My questions: > > * Has anyone else had this problem? I've had a good look in the archives, > technet etc. etc. None of the many articles relating to "404 not found" > or user creation issues seem to have anything to offer in this case, > although I've tried a few of the hints and tips just in case. > > * Could this be a problem with the DC(s) on the Copenhagen site? User > creation on that site presumably writes AD-level changes to them first, > and then the changes are replicated through to the other servers. > > * Could the problem have been brought about by the introduction of the > first Exchnage Server to the domain? Domainprep and forestprep were done > shortly after the AD domain was created so it doesn't look like it was the > schema extensions at that stage which caused the issue. > > * What setting(s) out of the ordinary or invisible to me could be causing > the problem? Is this simply a switch somewhere like allowing or denying > the HTTP protocol in the advanced user properties? > > * Any ideas if I can fix it without account recreation? > > Any help much appreciated. > > All the best, > > Andy > > Creuna Danmark A/S > Snaregade 10 > 1205 K�benhavn K > Denmark > > Tel : +45 22 68 58 23 > Fax : +45 70 20 72 42 > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
