My issue is on a private, closed network. It started after I was running Dell's OpenManage software on my DC's to upgrade their firmware and BIOS. During this process, my DC1 crashed when the NIC drivers got upgraded. I restarted it and finished the BIOS upgrade with no issues. The 2nd (of 2) domain controllers didn't have any major issues when upgrading, but afterwards I was unable to log on to my email using Outlook 2003 to an Exchange 2003 server in our network. Any user can log on to their workstation without issue but we're now prompted for a username/password when trying to bring up Outlook. If you put in the correct info (domainname\user name and password), it won't authenticate. Below are the errors I'm getting. I apologize if it looks a little rudimentary, but my network is not joined to the internet so I can't copy and paste directly. Anyway, on the DC I get...
Event ID: 680
Type: Failure Aud
Category: Account Logon
Logon Attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: user1
Source Workstation: Wks1
Error Code: 0xC000006A
Here is the error code that shows up on the Exchange 2003 server at the exact same time:
Event ID: 529
Type: Failure Aud
Reason: Unknown user name or password
User Name: user1
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: Wks1
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: xxx.xxx.xxx.xxx
Source Port: 1535 (this number changes every time)
We're now also having an issue running a RETINA scan, I get the same event id 680 on the DC and on the scanned machine I get event id 680 but with error code 0xC0000064 and event id 529 with source port 0 every time. There will be about 6 of each error and RETINA tells me that it can't access the registry to do it's scans. Also, I can log on to ANY workstation and it won't log on to the Exchange server.
To try to rule out permission errors, I tried giving my admin account an email address, and I can't log on to Outlook with that either. Going back in the security log, it appears that Exchange was using Kerberos to authenticate in addition to NTLM when everything was working properly. I don't know if the DC crash was what started everything, but that's really the only thing that changed since before the problem started. Thank you very much for any help.
It's also worth mentioning that this issue will lock out a user after three failed attempts also to enter the username and password its requesting. Replication appears to be working fine. DNS also works perfectly as I can take down either DC and the other one will perform all of the DC and DNS functions without fail, except when it comes to logging users in to Exchange. Thanks again.
I am able to ping between any of the servers and workstations involved.