You say that you joined an Exchange 55 Organisation which had multiple sites. Presumably this will mean that originally you had recipient policies that matched the original Site Addressing. Having domainprepped your AD domain and installed a RUS, new users will pick up whatever addresses the original Site Addressing stipulated. Did you put a RUS in every W2k site or is there only one? (BTW a RUS can not be on an FE server)
Now with one Front-end OWA box, all your users will need to have at least one SMTP proxy address that matches the virtual Directory local path on that box (e.g. if it is M:\exchange.domain.com\MBX then the users must have a "[EMAIL PROTECTED]" smtp address which can be primary or secondary) If you have now gone native E2k, have any of the Recipient Policies or RUS's been fiddled such that users created from Copenhagen don't get this extra smtp address? If you manually give them a matching address does it help at all? Q293368 explains it more. If I'm barking up the wrong tree and you've checked this sort of thing out, please ignore me! Regards Mark P.S. Try using DCDIAG and REPLMON from the W2K support tools to check out Chris's suggestions re: GC problems. -----Original Message----- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: 25 June 2002 15:45 To: Exchange Discussions Subject: RE: Exchange-related ?AD or IIS problem Oh my god... it's a properly phrased technical question. Someone take a picture. No quick answer is jumping out at me, but it sounds to me like possibly a problem with the GC in the local site. I hate to resort to a standard PSS troubleshooting technique... but have you tried rerunning domainprep yet? Also, just for gits and shiggles can you double and triple check that the network settings on all of the domain controllers are correct (including especially the subnet mask). And try using RPCPing between the GCs. Ok... so it's a short term suggestion while I look more. > -----Original Message----- > From: Andy Grafton [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 25, 2002 5:39 AM > To: Exchange Discussions > Subject: Exchange-related ?AD or IIS problem > > I have a problem which relates to some kind of Exchange/IIS/AD issues, > and I was wondering if anyone can help. Long post which might > eliminate a bunch of "have you tried this" questions or "its a > security issue" statements. > > The symptoms of the problem only appear when using OWA but I don't > think that OWA/Exchange itself is at fault : hence the Subject of this > mail is not "OWA Problems". > > Exchange 2000 SP2 running on 2000 server SP2. > Single domain model with multiple sites connected by a high bandwidth > VPN over the internet. Here I'll call the sites Oslo, Copenhagen and > Stockholm but there are more. Two DCs per site also running as GCs. > Single Exchange server per site, with the exception of one site. > One site has a front end Exchange server which deals with OWA for the > whole company. > > I'll explain the evidence first. > > I log into the console of a DC, Exchange server or Workstation with > ESM installed in Oslo or Stockholm, as Enterprise Admin, and create a > user using the Users and Computers MMC. No problems at all - > everything goes as you'd expect. This no-problems situation occurs at > every site except one > > Now I log the console of a DC, Exchange server or Workstation with ESM > installed in Copenhagen, as Enterprise Admin, and perform the > identical procedure. Everything works just fine, *but* that user will > not be able to see OWA : gets a 404 not found [more about that in a > moment]. Only that error, no other problems in evidence with the user > account. > > It matters not in which OU I create the user, or on which server I put > their mailbox. If I create them using a machine sited in Copenhagen, > I get the 404. I've even tried waiting a few days for the pesky > replication. > > About the 404 error from OWA: > > To work around any security issues with the front end server, I have > ended up directly browsing IIS on the servers where that mailbox is > sited using the usual link (say) \\cph-2kex01\exhange\mailbox.name > > When accessing OWA for the users whose profiles work OK (created from > any site other than Copenhagen), I get the anticipated password > challenge. If I put in their login details, I get to see their > mailbox. > > When accessing OWA for the Users created using machines at the > Copenhagen site, I don't get the password > challenge/authentication/login box or anything else. Just an almost > immediate 404 not found. > > This does not vary from Exchange server to Exchange server i.e. If I > create a user in Stockholm with a mailbox on the Stockholm mailserver > from Copenhagen I get the 404. If I create a User in Stockholm with a > mailbox on the Stockholm mailserver from Oslo then everything works > just fine. > > I've tried shifting the mailboxes between servers and it doesn't fix > the problem. > > I've tried logging in with their fully qualified usernames, and making > sure that usernames/aliases/short names are varied wildly. > > I have checked that the affected Users have HTTP access enabled in the > advanced exchange properties of the U&C MMC, that they have the right > permissions etc. etc. just in case. I can find no apparent > differences between Users created on the Copenhagen site and those > created elsewhere. > > Deleting the user account, recreating it from a "good" site and > reattaching the mailbox fixes the problem. > > I get the same errors when accessing info through the front end > server. Obviously I get the challenge/response to authenticate on the > front end server, but once authenticated it passes the details to the > Exchnage servers at the back end, and I get the same story. > > The AD domain has been in production operation for about a year. > Exchange 5.5 was in a legacy domain and brought into the AD domain > about six months ago. Users created before the introduction of > Exchange to the AD domain have no problems with OWA wherever they were > created. All users created from machines on the Copenhagen site after > the introduction of Exchange get the 404. > > We have only just noticed this now because up 'till now we haven't > been using OWA. > > My conclusions so far: > > * It is not a problem with the Exchange server(s) because the problem > is only evidenced by user creation undertaken on one site. If you > create the user at any other site, there are no problems with OWA at > all. You get the same reults whichever Exchaneg server you use for > the mailbox. > > * It is probably not a problem with permissions/security because users > created with identical characteristics from other sites work just > fine, and you can fix the problem using this route. It shouldn't be > finger trouble for the same reasons. > > * It doesn't look like a problem with replication etc. on AD, as there > are no untoward errors in any of the AD logs, or reported using > dcdiag/netdiag type utilities. > > > My questions: > > * Has anyone else had this problem? I've had a good look in the > archives, technet etc. etc. None of the many articles relating to > "404 not found" or user creation issues seem to have anything to offer > in this case, although I've tried a few of the hints and tips just in > case. > > * Could this be a problem with the DC(s) on the Copenhagen site? User > creation on that site presumably writes AD-level changes to them > first, and then the changes are replicated through to the other > servers. > > * Could the problem have been brought about by the introduction of the > first Exchnage Server to the domain? Domainprep and forestprep were > done shortly after the AD domain was created so it doesn't look like > it was the schema extensions at that stage which caused the issue. > > * What setting(s) out of the ordinary or invisible to me could be > causing the problem? Is this simply a switch somewhere like allowing > or denying the HTTP protocol in the advanced user properties? > > * Any ideas if I can fix it without account recreation? > > Any help much appreciated. > > All the best, > > Andy > > Creuna Danmark A/S > Snaregade 10 > 1205 K�benhavn K > Denmark > > Tel : +45 22 68 58 23 > Fax : +45 70 20 72 42 > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system, do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
