Outlook Anywhere rejects correct login and writes Event 4625 in Security log

Hi,

I have an issue where one of our users cannot login to his Exchange account. He is connecting via Outlook Anywhere and using the correct credentials, but his login is refused.  In the security event log there are multiple event 4625 "an account failed to log on" errors.  An example is attached.  I have setup a test Outlook profile from another external location and that works fine for me.  When I deliberately enter the wrong credentials in my test environment the 4625 error looks different!  See Additional info below.

OS is SBS 2008.  Exchange 2007 SP 2 Roll-up 2.

Any suggestions welcome!
An account failed to log on.

Subject:
	Security ID:		NETWORK SERVICE
	Account Name:		SERVER$
	Account Domain:		MYDOMAIN
	Logon ID:		0x3e4

Logon Type:			8

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		username_here
	Account Domain:		mydomain

Failure Information:
	Failure Reason:		Unknown user name or bad password.
	Status:			0xc000006d
	Sub Status:		0xc000006a

Process Information:
	Caller Process ID:	0x2718
	Caller Process Name:	C:\Windows\System32\inetsrv\w3wp.exe

Network Information:
	Workstation Name:	SERVER
	Source Network Address:	xxx.xxx.xxx.xxx
	Source Port:		50440

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	Negotiate
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

Open in new window

knobbylowboyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

knobbylowboyAuthor Commented:
Additional info:
This is what the 4625 event looks like when I enter the wrong credentials intentionally in my working test environment.
An account failed to log on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		username-here
	Account Domain:		mydomain

Failure Information:
	Failure Reason:		Unknown user name or bad password.
	Status:			0xc000006d
	Sub Status:		0xc000006a

Process Information:
	Caller Process ID:	0x0
	Caller Process Name:	-

Network Information:
	Workstation Name:	WORKSTATION03
	Source Network Address:	xxx.xxx.xxx.xxx
	Source Port:		55199

Detailed Authentication Information:
	Logon Process:		NtLmSsp 
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

Open in new window

0
Glen KnightCommented:
Is the user a member of a built in administrative group?
Could you check this setting here: http://alanhardisty.wordpress.com/2010/03/05/activesync-not-working-on-exchange-2010-when-inherit-permissions-not-set/

Does it work OK for other users?
0
knobbylowboyAuthor Commented:
They are a member of the Domain Admins & Enterprise Admins. It works fine for other users.  And it works fine when I use his credentials in my test setup.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Glen KnightCommented:
Can you check the blog post I posted above.
There is a known issue and this should help to resolve it.
0
knobbylowboyAuthor Commented:
Thanks demazter.  I have followed the recommendations in the post; I removed him from any Admin roles, plus I checked the "Include Inheritable Permissions From This Object’s Parent" option.

He's on an airplane right now.  Hopefully when he touches down we'll see an improvement!  I'll let you know.
0
mattibuttCommented:
maybe he is playing wid you by not entering the right password lol
0
knobbylowboyAuthor Commented:
Quite bizarre, but having the user change from Basic to NTLM authentication did the trick.  Thanks for your help guys.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.