Sudden Issues with Outlook users being asked for credentials with Exchange 2003

Hi there,  I have a pretty complicated problem that I need help with.  

Here is the scenerio.   I have 8 locations 7 with Windows 2003 Std Server, 1 with Windows 2008 Std Server.  The head office is running 2003 with Exchange 2003.  All the branches are connected together via a VPN.   They are all DC's. This has been working for many years with little problems.

Suddenly yesterday 3 of the locations started asking for login credentials for Outlook/Exchange.  The credential box that came up had the username prefilled in as domain/username.  No matter what I did not work.  If I logged on as administrator at the remote location email worked.   After messing around i discovered that logging in as servername/username  allowed the users to login in.

Today I came in and I have a Windows 7 system at a location that did not have any issues not able to connect to Exchange,  the user is using Outlook 2010.  If I go into account settings and "repair"  and try to put the username in again it cannot resolve the name.  If I change the server from servername.domainname to the IP of the server it seems to resolve but Outlook 2010 automatically changes it back to servername.domainname and it cannot connect.

I can ping the server using the full servername.domainname address.   It seems obvious that the two issues are related, but I am not sure why the other users have not experienced issues yet at this location, and why other locations are working OK as well.

Please any help would be appreciated!

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sounds like an Active Directory replication/communication issue. Run repadmin from a DC in a site having issues: repadmin /showreps and see if any errors come up.
NewellnetAuthor Commented:
I am getting a "target principle name incorrect" on each server name.  It is reporting a 0x80090322 error.  It says it started Oct. 15.
Please see this link for a possible resolution :

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

NewellnetAuthor Commented:
I tried running netdom resetpwd /server:server_name /userd:domain_name\administrator /passwordd:administrator_password and I got an error claiming my target username is incorrect.   I used "administrator"  as the username.  

This problem started Friday October 15 at 11:58 pm.   This is a live server so I may have to continue it this evening.   Any thoughts on why the netdom command did not work?

Did you stop and disable the KDC service as well?

"On domain controllers that are experiencing this issue, disable the Kerberos Key Distribution Center service (KDC).  To do so: Click Start, point to  Programs, click Administrative Tools, and then click Services.
Double-click KDC, set the startup type to Disabled, and then restart the computer."

Also, did you make sure this server is not the PDC emulator?
NewellnetAuthor Commented:
Yes,  did the above.

Disabled it,  reboot,  run the command.  

Server1 is the pdc  and I run the command on server4
Looks like you should go ahead and restart the server you were on:
" Even if you  attempt to reset the secure channel using the Netdom  utility, and the command does not complete successfully, proceed with  the restart process"

So I would disable the KDC service on server1 and server4, and reboot both. But I imagine you may have to do this on the remaining DCs as well if they still don't replicate properly.
NewellnetAuthor Commented:
It did say the command completed succesfully but had an error stating the invalid username.   I then did restart both servers after the fact and it is not working.     At this point I can tell you that Server 2,3,4,6 are not working properly.  I am sure that the other ones are not either but have not come up with the error yet.

I will work in this this evening after 5:00 EST when I can restart the servers at will.

In the meantime I would also poke around the application and system event logs on these DCs to look for any clues. I have a feeling this is somehow related to a DNS failure(s) somewhere..
NewellnetAuthor Commented:
I think it is a DNS issue as well but why all of the sudden?   I am working on it now I will post what I come with.  

NewellnetAuthor Commented:
OK,  The 3 servers that were causing Outlook to ask for credetials seems to be solved.  The 3 servers that seemed to have no problems looks to have huge AD problems.  They seem to be limping along so I am going to save that for another night as it is late now.

Thanks for your help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.