Outlook Anywhere rejects correct login and writes Event 4625 in Security log

Hi,

I have an issue where one of our users cannot login to his Exchange account. He is connecting via Outlook Anywhere and using the correct credentials, but his login is refused.  In the security event log there are multiple event 4625 "an account failed to log on" errors.  An example is attached.  I have setup a test Outlook profile from another external location and that works fine for me.  When I deliberately enter the wrong credentials in my test environment the 4625 error looks different!  See Additional info below.

OS is SBS 2008.  Exchange 2007 SP 2 Roll-up 2.

Any suggestions welcome!
An account failed to log on.

Subject:
	Security ID:		NETWORK SERVICE
	Account Name:		SERVER$
	Account Domain:		MYDOMAIN
	Logon ID:		0x3e4

Logon Type:			8

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		username_here
	Account Domain:		mydomain

Failure Information:
	Failure Reason:		Unknown user name or bad password.
	Status:			0xc000006d
	Sub Status:		0xc000006a

Process Information:
	Caller Process ID:	0x2718
	Caller Process Name:	C:\Windows\System32\inetsrv\w3wp.exe

Network Information:
	Workstation Name:	SERVER
	Source Network Address:	xxx.xxx.xxx.xxx
	Source Port:		50440

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	Negotiate
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

Open in new window

knobbylowboyAsked:
Who is Participating?
 
knobbylowboyConnect With a Mentor Author Commented:
Quite bizarre, but having the user change from Basic to NTLM authentication did the trick.  Thanks for your help guys.
1
 
knobbylowboyAuthor Commented:
Additional info:
This is what the 4625 event looks like when I enter the wrong credentials intentionally in my working test environment.
An account failed to log on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		username-here
	Account Domain:		mydomain

Failure Information:
	Failure Reason:		Unknown user name or bad password.
	Status:			0xc000006d
	Sub Status:		0xc000006a

Process Information:
	Caller Process ID:	0x0
	Caller Process Name:	-

Network Information:
	Workstation Name:	WORKSTATION03
	Source Network Address:	xxx.xxx.xxx.xxx
	Source Port:		55199

Detailed Authentication Information:
	Logon Process:		NtLmSsp 
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

Open in new window

0
 
Glen KnightCommented:
Is the user a member of a built in administrative group?
Could you check this setting here: http://alanhardisty.wordpress.com/2010/03/05/activesync-not-working-on-exchange-2010-when-inherit-permissions-not-set/

Does it work OK for other users?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
knobbylowboyAuthor Commented:
They are a member of the Domain Admins & Enterprise Admins. It works fine for other users.  And it works fine when I use his credentials in my test setup.
0
 
Glen KnightCommented:
Can you check the blog post I posted above.
There is a known issue and this should help to resolve it.
0
 
knobbylowboyAuthor Commented:
Thanks demazter.  I have followed the recommendations in the post; I removed him from any Admin roles, plus I checked the "Include Inheritable Permissions From This Object’s Parent" option.

He's on an airplane right now.  Hopefully when he touches down we'll see an improvement!  I'll let you know.
0
 
mattibuttCommented:
maybe he is playing wid you by not entering the right password lol
0
All Courses

From novice to tech pro — start learning today.