RPC/HTTPS stopped working

hi,
i have an exchange 2003 cluster, win 2003 enterprise, with rpc server on a different dc.

i have a forest with two domains, two way transitive trusts, DFS, DNS...etc
123.local (root of forest) and abc.local (added later to forest)
exchange and rpc servers are on the abc.local domain

EVERYTHING WAS WORKING FINE.  trusts, dns, AD, RPC/HTTP, OWA, OMA....everything smooth.

all of a sudden 123.local accounts cannot connect ioutlook to exchange via rpc. abc.local is fine.

123.local and abc.local accounts both have access to exchange (via vpn or locally), OWA is fine for both domains, access to shares across domains is fine, everthing is fine except 123.local accounts cannot authenticate to the directory via rpc.

i.e., i can setup a 123.local account in outlook with rpc and it prompts for un and pw, if i use the 123.local account credentials, it simply asks me for them over and over again to no avail. from that same session  i can choose to use an abc.local account's credentials and it resolves the 123.local account name.
then open outlook with /rpcdiag and i am first prompted to authenticate to the directory. if i use 123.local account credentials, no go. if i use abc.local account (any abc.local account), it connects, and then asks for the mail credentials for which i have to enter the actual 123.local account name and password and everything connects.

of course it asks for credentials a few minutes later and again every few minutes. if i didn't have the /rpcdiag window open, there is no way i can tell which type of authenticatation it needs, directory or mail. and of course, with a working rpc/http connection, it should only ask me once.

again, all abc.local accounts can use rpc just fine.

i am stumped. please help!
directory-credentials.JPG
mail-credentials.JPG
final-connect.JPG
LVL 1
mehrdadalaeiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

keamoCommented:
Is it possible your certificate expired?
0
keamoCommented:
If your RPC/HTTPS Exchange server is available from the internet, you can try this url.....

https://www.testexchangeconnectivity.com/

It gives some basic diagnostics.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mehrdadalaeiAuthor Commented:
beautiful. with the test link we found at which point the system failed.

we had already reboot some servers and restarted services and tried everything except a force fail over to the passive cluster server and it worked. moved the cluster groups back and it still works.

i have no idea why.

thank you keamo for the quick reponse
0
mehrdadalaeiAuthor Commented:
keamo thank you. this was driving us crazy over here.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.