?
Solved

HELP!  Exchange Server Issues...suddenly asking users for passwords and cannot add new users.

Posted on 2012-08-31
36
Medium Priority
?
759 Views
Last Modified: 2012-09-21
Please help.  I have a windows 2003 Exchange Server that suddenly started giving me errors and I can't figure it out.  New users aren't being recognized and mailboxes are being recognized.  Also today users who have been using Outlook with no issues on our network are suddenly being prompted for a network user name and password and their outlook says Offline.  When putting the user name and password in nothing happens and cannot bring their Outlook online and in sync with the server.

Prior to this the Server has been running just fine for over a year with no issues

 A couple of days ago I went to add a couple of new users w/ exchange mailboxes to the network using the mail server and when I go to configure their account in Outlook on their Windows XP workstation I'm suddenly getting prompted for a user name and password.  When I put in their user name and password nothing happens.  

When I go to OWA and sign them in I'm able to log in but only once.  As soon as I log off and try to get back in again nothing happens. It just goes back to the OWA login screen and the user and password box is blank again.

When I go to add or change permissions on my primary server (Windows 2000 Server)  it doesn't replicate the changes to the rest of the network.  My wiring and network switches are working fine and I can ping all the servers and other computers but my changes aren't being replicated.

Just today I'm getting calls from everyone saying that the are getting prompted for their network user name and password when they open up MS Outlook.  This is a new issue and I know it's related to the servers not replicating.  The people calling me are users who have been using Outlook with my exchange server for a year with no issues.   Can someone please help.

My set up is as follows

I have a MS Exchange Server 2003 w/ SP2 on Windows 2003 R2 as the exchange server which replaced an old windows 2000 Server that was running Windows 2000 exchange.  The Windows 2000 server is still on the network and it's being used for a program called Print Boss but not exchange.  It's still listed as a PDC.

I have another Windows 2000 Server.  This  Server was our first PDC server and still is our Primary Domain Controller. It' controlls our DNS, DHCP and File and Print Server.

I added another Windows 2003 R2 Server 6 months back and made it a domain controller also since my Windows 2000 Servers are aging and I'm slowly moving data to this server.

Everything was working great up into the last week or so when things just started acting funky.

Please let me know what other details you require to help me resolve this issue.  Thanks in advance.
0
Comment
Question by:jungliss28
  • 20
  • 15
36 Comments
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 38354571
I don't really have an answer, but I'd have a look at the list of services on the server, and see if any that are set to Automatic have stopped.  You will find a few, because some will start and then stop because they have nothing useful to do at that time.  But if there are any that refuse to even start when you right click them, then you may have a problem.  Particularly things like netlogon and kerberos, I think, are important in this respect.  Also, check the Event Logs (most importantly, the System and Security ones).

Unless you already tried all this?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38354580
Hope the certs arent expired and no server is down (DC\GC) and all Exchange services are started ?

- Rancy
0
 

Author Comment

by:jungliss28
ID: 38354718
All services that are set to automatic are started and running.  All 4 of my servers are up.  I noticed that the clocks aren't syncing either now.  I'm getting a bunch of Time Server errors saying the time is incorrect.  My old mail server (windows 2000) is the one that manages the time.  When I checked it, it was behind by 10 minutes.  I manually changed the time and after logging off and back in again it changed back to being 10 minutes behind.  Not sure if this has anything to do with what's going on.  

How do I check to see if any of my certs are expired?  Which server would hold my certs?  

Thank you in advance for assisting me.  Exchange is not my strong point.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 52

Accepted Solution

by:
Manpreet SIngh Khatra earned 2000 total points
ID: 38354747
I manually changed the time and after logging off and back in again it changed back to being 10 minutes behind.  Not sure if this has anything to do with what's going on - From where does it Sync time and not sure if its VM ?

I guess the issue is more with Time sycn as if thats the case entire environment and Outlook issues will surely popup :(

What is the time difference between all DC's \ Exchange and Client machines ?

- Rancy
0
 

Author Comment

by:jungliss28
ID: 38354814
Here is how they stand as of now:

Win2000 Server: Old Mail Server MMBMAIL:  Time: 11:34

Win2000 Server: Current PDC Server MMBMAIN: Time 11:40

Win2003 Server:  Current Exchange Server MTCMAIL: Time 11:34

Win2003 Server:  Additional PDC Server MTCPDC1: Time: 11:34

One thing to note is: When I signed into MMBMAIL the old mail server the time was 11:38 but when I logged into another server and switched back to MMBMAIL the clock changed to 11:34 from first being 11:38.

One the command prompt when I type in net time I get this:

C:\Documents and Settings\Administrator.MMBDOM>net time
Current time at \\MMBMAIL is 8/31/2012 11:34 AM


MMBMAIN the current PDC server is a DHCP, DNS, File server and also manages our printers.  Its clock was 6 minutes ahead even when I change the clock it goes back to being 6 minutes ahead.

I hope this information helps.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38354837
MMBMAIN: This server is the culprit ..... Can you try to Sync the Exchange with Additional PDC ?

How come all servers have one time and Primary PDC is different ?
Which all servers are GC ? Which server has FSMO roles ?

- Rancy
0
 

Author Comment

by:jungliss28
ID: 38354873
Actually MMBMAIN is the only server with the correct time.  When I checked the actual time it was 11:40.  The other servers are the ones that are 6 minutes behind it seems.  

Where would I go to find out what servers are GC and have FSMO roles?  I'm apologize in advance if I sound ignorant.  It's been a very long time since I worked on these servers.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38354889
netdom query fsmo - run the command from the command prompt.

to check which server is GC run the command
nltest /DSGETDC "Server Name" /GC

- Rancy
0
 

Author Comment

by:jungliss28
ID: 38354909
Okay I figured out the GC Servers.  The only two Global Catalog Servers are MMBMAIN and MMBMAIL.  These are the two old Windows 2000 Server I have running.

I also noticed when I went to expand the Local Site Name in AD Sites and Services that MTCMail our current mail server wasn't listed on there.  

The only ones on there was

MMBMAIN    Check box checked for GC
]MMBMAIL    Check box checked for GC
MTCPDC1

Is this normal or should the new mail server not be on the list?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38354924
Is this normal or should the new mail server not be on the list? - If its a GC it should be on the list for sure :)

When was it introduced ?

- Rancy
0
 

Author Comment

by:jungliss28
ID: 38354929
Running the command on the new exchange server MMBMail.

This is what I get for FSMO:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

H:\>netdom query fsmo

Schema owner                   mmbmain.MMBDOM.LOCAL

Domain role owner           mmbmain.MMBDOM.LOCAL

PDC role                            MTCPDC1.MMBDOM.LOCAL

RID pool manager             MTCPDC1.MMBDOM.LOCAL

Infrastructure owner        MTCPDC1.MMBDOM.LOCAL

The command completed successfully.
0
 

Author Comment

by:jungliss28
ID: 38354956
How would I know if MTCMail (new exchange 2003 server) is supposed to be a GC or not?    This is what I got when I ran the nltest command>



H:\>nltest /dsgetdc: /gc
           DC: \\mmbmail.MMBDOM.LOCAL
      Address: \\192.168.0.4
     Dom Guid: 6ee0dbc7-a072-45f0-bada-be20abcf9db4
     Dom Name: MMBDOM.LOCAL
  Forest Name: MMBDOM.LOCAL
 Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
        Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLO
SE_SITE
The command completed successfully

H:\>
0
 

Author Comment

by:jungliss28
ID: 38354973
Is this normal or should the new mail server not be on the list? - If its a GC it should be on the list for sure :)   ---- How would I know if it has to be on the list?  


When was it introduced ? ----  It was introduced about a year ago.  Before that MMBMAIL was the only exchange server and MMBMAIN was the only server we had on the LAN.  Both windows 2000 Servers.

We added 2 new Windows 2003 servers to the network and migrated all the mailboxes to MTCMail (win2003 Server w/ win2003 Exchange)
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38355041
If the new server is member server as recommended always it wont be visible by all these commands.

- Rancy
0
 

Author Comment

by:jungliss28
ID: 38355067
I don't understand what you mean.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38355168
You asked if it should be listed ... only DC\GC are listed with the commands i gave.
0
 

Author Comment

by:jungliss28
ID: 38355198
Rancy, thank you.   That makes sense now.  I'm just a little slow when it comes to this so please forgive me.

 Just to follow up.  I manually changed all the clocks on the other servers to match MMBMAIN.  They all seem to be holding so far but I'm still getting calls from users about being prompted for their user name and password when they are inside the network and using Outlook.  

I'm gathering up some error logs from all the servers.  Is there any specific error I need to look out for?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38355255
Hope no issues with the replication :)

Any Error EventID on the Exchange or DC ....

- Rancy
0
 

Author Comment

by:jungliss28
ID: 38355263
Errors From MMBMAIL Current Mail Server Win2003 w/ Win2003 exchange


MSExchangeIS Mailbox
Event ID: 1025

An error occurred on database "First Storage Group\Mailbox Store (MTCMAIL)".
 Function name or description of problem: Restrict/SetSearchCriteria
Error: -1102 Warning: fail to apply search optimization to folder (FID 1-4F6C5D)   Retrying without optimization.


Source: MSExchangeAL
Event ID: 8063

Could not read the root entry on directory 'mmbmain.MMBDOM.LOCAL'. Cannot access configuration information.  DC=MMBDOM,DC=LOCAL


Source: WinHttpAutoProxySvc
Event ID: 12517

The WinHTTP Web Proxy Auto-Discovery Service suspended operation.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38355288
Look Exchange will surely have a lot of problems as it depends a lot on AD and DNS :)
0
 

Author Comment

by:jungliss28
ID: 38355333
From MMBMAIN Primary DC Win200 Server

Source: W32time
Event ID: 63

The time service cannot provide secure (signed) time to client 192.168.0.182 because the attempt to validate its computer account failed with error 1317. Falling back to insecure (unsigned) time for this client.

Got a lot of these errors from different IP's.


Source: w32time
Event ID: 11

The NTP server  didn't respond

 
Source:  MRxSmb
Event ID 3034

The redirector was unable to initialize security context or query context attributes.

Source: Server
Event ID: 2501

The server service was unable to map error code 1722.
0
 

Author Comment

by:jungliss28
ID: 38355352
Look Exchange will surely have a lot of problems as it depends a lot on AD and DNS :)


Is there anything I should try or look out for that can help resolve this issue.  

I copied these errors early this month to a notepad.  Nobody at that time was complaining about any issues so I figured everything was okay.  Would any of these errors help solve this issue.  

From: MTCMAIL Server Current exchange server:


Event ID: 9188
Category: General
Source: MSExchangeSA
Computer: MTCMAIL


Description:

Microsoft Exchange System Attendant failed to read the membership of group 'cn=Exchange Domain Servers,cn=Users,dc=MMBDOM,dc=LOCAL'. Error code '8007203a'.

Please check whether the local computer is a member of the group. If it is not, stop all the Microsoft Exchange services, add the local computer into the group manually and restart all the services.

----

The Exchange store 'First Storage Group\Mailbox Store (MTCMAIL)' is limited to 25 GB. The current physical size of this database (the .edb file and the .stm file) is 20 GB. If the physical size of this database minus its logical free space exceeds the limit of 25 GB, the database will be dismounted on a regular basis.


OALGen skipped some entries in the offline address list '\Global Address List'.  To see which entries are affected, event logging for the OAL Generator must be set to at least medium.
- Default Offline Address List


The Microsoft Exchange Site Replication Service could not initialize its Exchange database (EDB) and returned error 1.  The Site Replication Service will wait in a semi-running state so the database can be restored from backup and the SRS can mount it.


LDAP Bind was unsuccessful on directory MTCPDC1.MMBDOM.LOCAL for distinguished name ''. Directory returned error:[0x52] Local Error.  



Microsoft Exchange System Attendant failed to read the membership of group 'cn=Exchange Domain Servers,cn=Users,dc=MMBDOM,dc=LOCAL'. Error code '8007203b'.

Please check whether the local computer is a member of the group. If it is not, stop all the Microsoft Exchange services, add the local computer into the group manually and restart all the services.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38355385
Please crop a bit information when posting some secure stuff .... my recomendation

Who does own the 182 IP ?
Which "NTP server" do you sync time with is that responding ??

- Rancy
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38355427
Exchange will surely throw all errors with time sync out of order ...

- Rancy
0
 

Author Comment

by:jungliss28
ID: 38355461
It appears that the exchange server is syncing with the MTCPDC1 server.

From Event log on MTCMAIL SERVER
The time service is now synchronizing the system time with the time source MTCPDC1.MMBDom.LOCAL (ntp.d|192.168.0.141:123->192.168.0.100:123).

The 182 IP is a local workstation IP address.  I got a few of this same error but with different IP's.

NOTE: When I go to the command prompt from MTCMAIL and do net time it says the time sever is MMBMAIL.


H:\>net time
Current time at \\MMBMAIL is 8/31/2012 1:59 PM

The command completed successfully.
0
 

Author Comment

by:jungliss28
ID: 38355471
Please crop a bit information when posting some secure stuff .... my recommendation

Yes I completely agree.  I changed all the names before posting it up.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38355476
There is an error you shared

Source: w32time
Event ID: 11

The NTP server  didn't respond

Which server does MMBMAIN sync time from ??

- Rancy
0
 

Author Comment

by:jungliss28
ID: 38355501
I also noticed on the event logs on the new exchange server MTCMAIL that the The WinHTTP Web Proxy Auto-Discovery Service service keeps stopping and starting almost every 30 minutes.  Just FYI incase it helps any.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38355502
:) ... sorry i didnt knew good :)
0
 

Author Comment

by:jungliss28
ID: 38355512
Which server does MMBMAIN sync time from ??

Looks like MMBMAIL

From MMBMAIN Running command net time:


Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

H:\>net time
Current time at \\MMBMAIL is 8/31/2012 2:11 PM

The command completed successfully.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38361597
Hello jungliss28 :)

Is the issue resolved or still there .... do let me know as i am available now.

- Rancy
0
 

Author Comment

by:jungliss28
ID: 38361624
So far from my side it's looking okay after I changed all the clocks to match the MMBMain Server.   I'll find out tomorrow once everyone gets back in the office to be sure.  It's a little weird that the Time Server is MMBMAIL but the only correct time was on MMBmain and once I set everything to match the time on MMBMain the errors on the event log stopped.  

Just FYI, it wasn't all users who had the issues where Outlook suddenly started asking for problems.  I would say about 70% of the staff was having the issue so a good amount of people.  Since today is a holiday everyone is off but I'll let you know tomorrow how things look.

Rancy I really appreciate you taking the time to help me out.  

Jungliss
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38361638
It's a little weird that the Time Server is MMBMAIL but the only correct time was on MMBmain and once I set everything to match the time on MMBMain the errors on the event log stopped - Good and hope in the last 4 days or so the Clocks have kept their headsup and be in sync :)

I would say about 70% of the staff was having the issue so a good amount of people - Humm maybe some who didnt have the issue were connecting to otehr GC or using OWA\Phones ?

Rancy I really appreciate you taking the time to help me out - Thats what i am here for to try and help with whatever i know some Socializing as well :) ........ maybe something will help me too in some way someday :)

I do appreciate your patience as well ..... as i know what kind of situation you might have been with almost the entire firmon you to get things working to Normal.

- Rancy
0
 

Author Comment

by:jungliss28
ID: 38361967
Thanks again Rancy.  I'll keep you posted once I get in tomorrow.  

Thanks!

Jungliss
0
 

Author Comment

by:jungliss28
ID: 38368019
Okay Rancy it's doing it again.  The exchange server is throwing a lot more errors now.

Here are a few:

Could not open LDAP session to directory 'mmbmain.MMBDOM.LOCAL' using local service credentials. Cannot access Address List configuration information.  Make sure the server 'mmbmain.MMBDOM.LOCAL' is running.  DC=MMBDOM,DC=LOCAL


LDAP Bind was unsuccessful on directory mmbmain.MMBDOM.LOCAL for distinguished name ''. Directory returned error:[0x51] Server Down.  DC=MMBDOM,DC=LOCAL

OALGen skipped some entries in the offline address list '\Global Address List'.  To see which entries are affected, event logging for the OAL Generator must be set to at least medium.
- Default Offline Address List

Here is a screen shot:

Is there anything I can do.  Users are once again being prompted for user names when opening up Outlook and some users cannot get into the sever with an error saying the trust relationship between the pc and network is down.

Not sure what's going on here. Please help.  Users are going to start coming at me with knives and pitch forks.
0
 

Author Closing Comment

by:jungliss28
ID: 38421595
It looked like it was a time sync issue.  Although I'm still having issues with Exchange setting all the clocks on the servers to the same time seemed to have fixed this specific issue.  

However my clocks on the server don't seem to stay fixed for long, but that is another issue all together.  Thanks Rancy for your help.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question