We help IT Professionals succeed at work.

Outlook over RPC

aucklandnz
aucklandnz asked
on
639 Views
Last Modified: 2012-06-27
Hi All,

For the past few days users who connect to our exchange using outlook over RPC are complaining that outlook keeps on asking for a password, and once you input the password it keeps asking again. after couple of hours they can connect with no problems and after an hour or 2 problem persists again.  When you go to OWA it works fine. Users connecting to exchange locally have no problems. My laptop is configured to connect over RPC and even tho im on local LAN it still asks me for password, once i input password it asks me again and again.

any idea ?
Comment
Watch Question

sounds like the times might be out across the machines? Are you times syncronized?

Author

Commented:
but it happens to all machines at once then all of them can access and again i get a call from same users at once that its down again
here is a RPC troubleshooting guide to work through.
http://technet.microsoft.com/en-us/magazine/2007.07.howitworks.aspx

Anything in the event logs?

Author

Commented:
The mailbox server [exchange.mydomain.local] has its [vir] virtual directory set to require SSL.  Exchange ActiveSync cannot access the server if SSL is set to be required.  For information about how to correctly configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).
not following..

Were you setting up for activesync when this occurred?

Author

Commented:
no, it was just only one event related to exchange

sorry
any Kerbose messages in system on the server or workstations?

Author

Commented:
no event about Kerbose
 it still happens few times a day. When Outlook dosent work OWA is still  working so its not certificate.
and when it happens it happens to all mobile users at the same time.

did you follow the troubleshooting guide?

Author

Commented:
yes i did...no luck


it is down now again and when i try to RDC to exchange server i get 2 different errors
(see attachement for one error)

second error :

The system cannot log you on due to the following error:
The Network Address is invalid.
Please try again later or consult you system administrator

when i go physically to the server i can log in with no problems


thanks
error1.jpg

Author

Commented:
when i resterted IIS users can log in again

Thanks
try this from the console:
netdiag /v /f > c:\netdiag.txt
and post results please..

Author

Commented:
this is netdiag from the server that gives me the following error:

The system cannot log you on due to the following error:
The Network Address is invalid.
Please try again later or consult you system administrator



Usage: netdiag [/Options]>
   /q - Quiet output (errors only)
   /v - Verbose output
   /l - Log output to NetDiag.log
   /debug - Even more verbose.
   /d:<DomainName> - Find a DC in the specified domain.
   /fix - fix trivial problems.
   /DcAccountEnum - Enumerate DC machine accounts.
   /test:<test name>  - tests only this test. Non - skippable tests will still be run
   Valid tests are :-
        Ndis - Netcard queries Test
        IpConfig - IP config Test
        Member - Domain membership Test
        NetBTTransports - NetBT transports Test
        Autonet - Autonet address Test
        IpLoopBk - IP loopback ping Test
        DefGw - Default gateway Test
        NbtNm - NetBT name Test
        WINS - WINS service Test
        Winsock - Winsock Test
        DNS - DNS Test
        Browser - Redir and Browser Test
        DsGetDc - DC discovery Test
        DcList - DC list Test
        Trust - Trust relationship Test
        Kerberos - Kerberos Test
        Ldap - LDAP Test
        Route - Routing table Test
        Netstat - Netstat information Test
        Bindings - Bindings Test
        WAN - WAN configuration Test
        Modem - Modem diagnostics Test
        Netware - Netware Test
        IPX - IPX Test
        IPSec - IP Security Test
   /skip:<TestName> - skip the named test.  Valid tests are:
        IpConfig - IP config Test
        Autonet - Autonet address Test
        IpLoopBk - IP loopback ping Test
        DefGw - Default gateway Test
        NbtNm - NetBT name Test
        WINS - WINS service Test
        Winsock - Winsock Test
        DNS - DNS Test
        Browser - Redir and Browser Test
        DsGetDc - DC discovery Test
        DcList - DC list Test
        Trust - Trust relationship Test
        Kerberos - Kerberos Test
        Ldap - LDAP Test
        Route - Routing table Test
        Netstat - Netstat information Test
        Bindings - Bindings Test
        WAN - WAN configuration Test
        Modem - Modem diagnostics Test
        Netware - Netware Test
        IPX - IPX Test
        IPSec - IP Security Test

Author

Commented:
i have this event aswell

Event Type:      Error
Event Source:      Winlogon
Event Category:      None
Event ID:      1219
Date:            6/07/2009
Time:            11:02:21 a.m.
User:            N/A
Computer:      BLACK
Description:
Logon rejected for mydomain\administrator. Unable to obtain Terminal Server User Configuration. Error: The network address is invalid.
 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: ab 06 00 00               ...    
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
I run command on exchange server but at this stage usewrs can connect to outlook

when i tried to run netdiag on my other server that was giving me the network invalid message i m getting 'netdiag' is not recogniszed as an internal or external command....
Install Windows Support Tools off the CD..
http://support.microsoft.com/kb/892777

Author

Commented:
i run dcdiag /v /fix

what i have noticed that trust relationship is failed . i think we are narrowing down the problem
is the account locked out?

Author

Commented:
no

Author

Commented:
i have this event
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1053
Date:            4/07/2009
Time:            11:59:52 p.m.
User:            NT AUTHORITY\SYSTEM
Computer:      BROWN
Description:
Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Do you know how to restart the trust relationship by resetting the passwords with netdom?

Author

Commented:
no i do not... would you be able to help me with it ?

thanks

Author

Commented:
Just to add

I have 3 x 2003 windows servers (SP2)
1 Domain Contoller, 1 Exchange and 1 file server
Thats exactly what I'm thinking, although were you trying to get access to a machine over the trust link?

Author

Commented:
sorry im a bit confused ?

"over the trust link"?

i can log in when i go physically to the machine but i cannot log in when i try RDC to it .

Author

Commented:
im just looking at the link on how to to reset password using netdom.

step 3 says
Remove the Kerberos ticket cache on the domain controller where you receive the errors. You can do this by restarting the computer or by using the KLIST, Kerbtest, or KerbTray tools


the thing is i didnt receive any errors on my domain controller, only on my oter server that are not DCs
yes, but is it in your domain or the trusted domain?

If it is in your domain, have you tried removing and reinserting it back into the domain?

Author

Commented:
should i do it by joining workgroupo and thn joing domain again ?

if i will do it on the server that is running my exchange ....would it effect mail server  ?
definitely...


Have you disabled ssl yet?

Where is this trust you mentioned?

Author

Commented:
i havent done anything just yet. im worry that if i will re-join my MS exchange server to my domain it will effect emails.

when i run netdiag /v on my exchange server while users cant connect im getting trust relationship faild so i guess the trust is on DC
it may be defunt, but without posting the logs, I cant tell..

Author

Commented:
which logs should i post ?

Author

Commented:
i rejoined the domain on opne of the servers and it fixed the problem

thanks for all your inputs
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.