Chris asks: > ... but > have you tried rerunning domainprep yet?
Just did so, waited for replication, and no change. > Also, just for gits > and shiggles can you double and triple check that the network > settings on all of the domain controllers are correct > (including especially the subnet mask). They're OK. > And try using RPCPing > between the GCs. Binds OK. Thanks for the thoughts. I didn't know the one about rerunning domainprep. I'll try Mark's SMTP address fix and see what happens, but other work and going home calls right now. All the best, Andy > > Ok... so it's a short term suggestion while I look more. > > > -----Original Message----- > > From: Andy Grafton [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, June 25, 2002 5:39 AM > > To: Exchange Discussions > > Subject: Exchange-related ?AD or IIS problem > > > > I have a problem which relates to some kind of > Exchange/IIS/AD issues, > > and I was wondering if anyone can help. Long post which might > > eliminate a bunch of "have you tried this" questions or "its a > > security issue" statements. > > > > The symptoms of the problem only appear when using OWA but I don't > > think that OWA/Exchange itself is at fault : hence the > Subject of this > > mail is not "OWA Problems". > > > > Exchange 2000 SP2 running on 2000 server SP2. > > Single domain model with multiple sites connected by a high > bandwidth > > VPN over the internet. Here I'll call the sites Oslo, > Copenhagen and > > Stockholm but there are more. Two DCs per site also running as GCs. > > Single Exchange server per site, with the exception of one site. > > One site has a front end Exchange server which deals with > OWA for the > > whole company. > > > > I'll explain the evidence first. > > > > I log into the console of a DC, Exchange server or Workstation with > > ESM installed in Oslo or Stockholm, as Enterprise Admin, > and create a > > user using the Users and Computers MMC. No problems at all - > > everything goes as you'd expect. This no-problems > situation occurs at > > every site except one > > > > Now I log the console of a DC, Exchange server or > Workstation with ESM > > installed in Copenhagen, as Enterprise Admin, and perform the > > identical procedure. Everything works just fine, *but* > that user will > > not be able to see OWA : gets a 404 not found [more about that in a > > moment]. Only that error, no other problems in evidence > with the user > > account. > > > > It matters not in which OU I create the user, or on which > server I put > > their mailbox. If I create them using a machine sited in > Copenhagen, > > I get the 404. I've even tried waiting a few days for the pesky > > replication. > > > > About the 404 error from OWA: > > > > To work around any security issues with the front end > server, I have > > ended up directly browsing IIS on the servers where that mailbox is > > sited using the usual link (say) \\cph-2kex01\exhange\mailbox.name > > > > When accessing OWA for the users whose profiles work OK > (created from > > any site other than Copenhagen), I get the anticipated password > > challenge. If I put in their login details, I get to see their > > mailbox. > > > > When accessing OWA for the Users created using machines at the > > Copenhagen site, I don't get the password > > challenge/authentication/login box or anything else. Just > an almost > > immediate 404 not found. > > > > This does not vary from Exchange server to Exchange server > i.e. If I > > create a user in Stockholm with a mailbox on the Stockholm > mailserver > > from Copenhagen I get the 404. If I create a User in > Stockholm with a > > mailbox on the Stockholm mailserver from Oslo then everything works > > just fine. > > > > I've tried shifting the mailboxes between servers and it > doesn't fix > > the problem. > > > > I've tried logging in with their fully qualified usernames, > and making > > sure that usernames/aliases/short names are varied wildly. > > > > I have checked that the affected Users have HTTP access > enabled in the > > advanced exchange properties of the U&C MMC, that they have > the right > > permissions etc. etc. just in case. I can find no apparent > > differences between Users created on the Copenhagen site and those > > created elsewhere. > > > > Deleting the user account, recreating it from a "good" site and > > reattaching the mailbox fixes the problem. > > > > I get the same errors when accessing info through the front end > > server. Obviously I get the challenge/response to > authenticate on the > > front end server, but once authenticated it passes the > details to the > > Exchnage servers at the back end, and I get the same story. > > > > The AD domain has been in production operation for about a year. > > Exchange 5.5 was in a legacy domain and brought into the AD domain > > about six months ago. Users created before the introduction of > > Exchange to the AD domain have no problems with OWA > wherever they were > > created. All users created from machines on the Copenhagen > site after > > the introduction of Exchange get the 404. > > > > We have only just noticed this now because up 'till now we haven't > > been using OWA. > > > > My conclusions so far: > > > > * It is not a problem with the Exchange server(s) because > the problem > > is only evidenced by user creation undertaken on one site. If you > > create the user at any other site, there are no problems > with OWA at > > all. You get the same reults whichever Exchaneg server you use for > > the mailbox. > > > > * It is probably not a problem with permissions/security > because users > > created with identical characteristics from other sites work just > > fine, and you can fix the problem using this route. It > shouldn't be > > finger trouble for the same reasons. > > > > * It doesn't look like a problem with replication etc. on > AD, as there > > are no untoward errors in any of the AD logs, or reported using > > dcdiag/netdiag type utilities. > > > > > > My questions: > > > > * Has anyone else had this problem? I've had a good look in the > > archives, technet etc. etc. None of the many articles relating to > > "404 not found" or user creation issues seem to have > anything to offer > > in this case, although I've tried a few of the hints and > tips just in > > case. > > > > * Could this be a problem with the DC(s) on the Copenhagen > site? User > > creation on that site presumably writes AD-level changes to them > > first, and then the changes are replicated through to the other > > servers. > > > > * Could the problem have been brought about by the > introduction of the > > first Exchnage Server to the domain? Domainprep and > forestprep were > > done shortly after the AD domain was created so it doesn't > look like > > it was the schema extensions at that stage which caused the issue. > > > > * What setting(s) out of the ordinary or invisible to me could be > > causing the problem? Is this simply a switch somewhere > like allowing > > or denying the HTTP protocol in the advanced user properties? > > > > * Any ideas if I can fix it without account recreation? > > > > Any help much appreciated. > > > > All the best, > > > > Andy > > > > Creuna Danmark A/S > > Snaregade 10 > > 1205 K�benhavn K > > Denmark > > > > Tel : +45 22 68 58 23 > > Fax : +45 70 20 72 42 > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
