I am at a loss of where to look, here is the brief overview:
3 DC's total, 2 are local in our office, 1 is at our data center. 1 Exchange 2007 server which was located at our office and was recently moved to the data center and put on the same subnet as the DC and is set to use this DC to authenticate user accounts. All DC's are GC's. Users at office are set to authenticate against local DC's via having them listed as their DNS servers via DHCP.
Several BlackBerry users stared having issues when we moved our email server last Sunday to the data center where the could not connect. Most of these users were fixed by deleting the old account via the account settings page on ATT&T's web site and then re-creating the account. 1 user was not so lucky and keeps getting a "cannot connect to the server" error. I spent hours on the phone with blackberry the other day and could get some other accounts to authenticate to his phone but not his. -What is weird is that I can setup his account on my iphone.... What is futher wierd is that I created a fake user while testing and could not get this user to setup on his blackberry and was recieving the same error. Due to these last few observations I believed that this was a blackberry issue for sure, however as of today I am not too sure..... Today, several people said that they could not login to the their mail, most of which trying to use the OWA url. Other people were locked out, and were not users that generally got locked out. In all of these situations I was able to reset the persons pw and everything was working again, accept for my BB user. Also, when looking at all of the authentication failures on the DC at the data center, I am now seeing several auth errors for the person that was having the blackberry issue, however these errors are being generated from his laptop via a VPN connection (he is a remote user). I have gone through and reset the pw on all 3 DC's to make sure they all have the same pw and forced a replication to the other DC's however I am still seeing these issues. I still cannot get his phone setup, though I can access our companies Outlook Web Interface and login with these new credentials just fine. The only thing that I can think is that for some reason our Exchange server is somehow not passing the correct login credentials when trying to authenticate to a DC. -Any thoughts?