Advertisement

05.02.2008 at 05:02AM PDT, ID: 23371281
[x]
Attachment Details

Unable to authenticate Outlook - Kerberos error 40960 and error 4 - related?

Asked by prodriveit in Windows 2003 Server, Exchange Email Server

Tags: Microsoft, Windows Server, 2003 Standard, DC

1 primary server, HP ML370 G3,  running win2003 and Exchange 2003
3 x Win2003 member servers at other sites also running Win2003 and Exchange 2003

Since a bizarre server crash on the primary server , Outlook clients based at the other 3 sites, cannot authentice if their mailbox is sat in the Primary server's exchange mailbox store.  (The server crashed due to a floppy diskette controller failure - this was resolved by resetting the server NVRAM and disconnecting the floppy drive).

If the primary server hosts a user's mailbox and they are at one of the other 3 sites, they are constantly prompted byOutlook to enter their username and password.  The credentials are always rejected.  This also happens with Outlook Web Access.  

The only work around I could think of was to move the affected user's mailboxes to another Exchange server which allowed them to authenticate ok.

On the first bootup after the crash, the primary server clock had been reset to 2003.  This was immediately changed to the correct date/time.  At the time the system event log had a few Kerberos SPNEGO entries stating that the other 3 member servers couldn't authenticate with the Primary because of the huge time difference.  These errors stopped appearing when the time was corrected.  All servers have the same time, within 1 minute difference.

But still Outlook cannot authenticate from other sites.  One of the site's also cannot access shared folders on the primaryServer by hostname, its only possible by IP address.  The member server can however, just the client PCs (XP Pro) cannot.

Errors/Warnings logged on the Primary server in the code snippets below.

Any help or direction would be appreciated.


Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:

Event Type:	Warning
Event Source:	LSASRV
Event Category:	SPNEGO (Negotiator) 
Event ID:	40960
Date:		29/04/2008
Time:		13:24:57
User:		N/A
Computer: 	primaryServer
Description:
The Security System detected an authentication error for the server 
 
cifs/memberServer1.domainName.group.  The failure code from authentication protocol Kerberos was 
 
"The attempted logon is invalid. This is either due to a bad username or authentication  information.
 (0xc000006d)".
 
________________________________________
 
"Event Type:	Error
Event Source:	Kerberos
Event Category:	None
Event ID:	4
Date:		29/04/2008
Time:		13:25:03
User:		N/A
Computer:	         primaryServer
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server 
 
host/primaryServer.starenergy.group.  The target name used was LDAP/primaryServer. This indicates 
 
that the password used to encrypt the kerberos service ticket is different than that on the 
 
target server. Commonly, this is due to identically named  machine accounts in the target realm 
 
(domainName.GROUP), and the client realm.   Please contact your system administrator."
[+][-]05.02.2008 at 05:10AM PDT, ID: 21485970

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.02.2008 at 05:25AM PDT, ID: 21486059

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.02.2008 at 05:31AM PDT, ID: 21486094

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.02.2008 at 06:00AM PDT, ID: 21486246

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.06.2008 at 09:11AM PDT, ID: 21508532

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Windows 2003 Server, Exchange Email Server
Tags: Microsoft, Windows Server, 2003 Standard, DC
Sign Up Now!
Solution Provided By: prodriveit
Participating Experts: 1
Solution Grade: B
 
 
[+][-]05.06.2008 at 09:23AM PDT, ID: 21508638

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.06.2008 at 07:21PM PDT, ID: 21512732

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 7-day free trial to view this Administrative Comment or ask the Experts your question.

 
[+][-]05.10.2008 at 05:52AM PDT, ID: 21538859

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 7-day free trial to view this Administrative Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628