we have a 2003 domain; exchange 2003 sp2 running; outlook 2007 clients; 2008 domain controllers; xppro sp2 clients. for several years now periodically outlook clients will not be able to find the exchange server. the number of clients having this problem is random in a domain of 4500 pcs; can be upwards of 100 out of the 4500; from the pc dns & wins resolution is fine; ad replicaton is fine; pinging & browsing from pc to exchange server is fine.
a trace with wire shark monitoring traffic from pc to exchange server shows an error from a specific domain controller. shutting down this domain controller allows the clients to connect to the exchange server fine. exchange is configured to automaitcally setup directory access when this occurs.
I manually changed directory access removing the offending domain controller from the exchange server directory list === did not fix the problem. set directory access on exchange server back to automatic configuration.
demoting the offending dc, removing from domain, changing name to new name, adding back to domain, promoting to dc again === did not solve the problem. outlook clients still tried to connect to same dc with new name and same error in trace.
error in trace ===
dcerpc bind_ack: call_id:1, NTLMSSP_CHALLENGE PROVIDER rejeection, reason: abstract syntax not supported.
in the packet information from this error appears the name fqdn name of the domain controller. shutting down dc and/or demoting causes outlook clients to function again.
dcs are vms running in blade array on esx hosts; this problem did occur on physical dcs also. I have not been able to find out what is happening that is causing the dc to reject these requests; a reimage of the pc OS will fix the problem also. however reimaing 100 pcs every time this happens is not a reasonalbe course of action.
PLEASE,PLEASE, anyone with insight or any ideas on what is happening would be greatly appreciated. thanks in advance for your help and expertise.