Link to home
Create AccountLog in
Avatar of sglee
sglee

asked on

Outlook 2003 can't connect to Exchange 2010

User generated imageUser generated imageUser generated imageHi,
  All of sudden, this XP workstation can't connect to SBS2011/Exch 2010 when no other user is having this problem. It says "Disconnected" at the bottom of Outlook 2003.
  So for now I connected the user to Terminal Server using remote desktop and had the user check his email in OUTLOOK within Terminal Session.

  When I open Event Viewer, I see this error numerous times: "Windows cannot determine the user or computer name. (The RPC protocol sequence is not supported. ).
Group Policy processing aborted".
  When I open firewall.cpl, I get an error like above. When I open Services.msc, I see "Windows Firewall" missing.
  Other than than, this computer can access share folders from SBS2011, print, surf the internet ... has no problem whatsoever.

  Please help.

Thanks.
Avatar of WORKS2020
WORKS2020
Flag of United States of America image

try removing and adding the machine from the domain
Avatar of sglee
sglee

ASKER

@Work2011
After excuting the script, "Rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf", firewall is running correctly now. However it did not fix OUTLOOK issue.
Did you delete the email account in Outlook and try again, may want to create a new profile in Outlook if it doesn't work.

If you're using cache mode close outlook and delete the .ost file.

All else fails uninstall outlook, restart, reinstall and test.

Does nslookup resolve the server name to ip?
Avatar of sglee

ASKER

@supports
I successfully detached the workstation from the domain. After restarting the computer, when I try to attach it to the domain, I get an error "The RPC protocol sequence is not supported".
Avatar of sglee

ASKER

I have a feeling that this has been caused by the virus or malware.
I do not have a proof other than I noticed that the browser redirected the traffic to the advertising site. Let me run a couple of anti-virus programs and I will post result tomorrow AM.
my recommendation try spybot
http://www.safer-networking.org/
Malwarebytes is my recommendation. Free and very affective cleaning bugs.
Hi,  Funnily enough I have the same issue since yesterday on an XP SP2 client running Outlook 2007.  Happens to new mail profile / new user profile.  I've tried SFC /scannow, chkdsk, repair install office, fix then disable windows firewall, checked name resolution.  I also found System Restores failed and XP SP 3 wouldn't install :(   I'm going to go onsite and run a repair install of windows.
ASKER CERTIFIED SOLUTION
Avatar of Member_2_4984608
Member_2_4984608

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
my recommendation try spybot
http://www.safer-networking.org/

Not a chance mate, Spybot is puny these days compared to the malware.
Avatar of sglee

ASKER

@marcustech
This morning, I just installed another PC for the user because I was not going anywhere with this troubleshooting last night. .

It is weird. From the surface the computer was ok. no malware popups, the computer was not necessarily slow. it did not prevent me from installing any programs like AVG, PC Tools Spydoctor or Microsoft Security Essentials. But when scanning HD using these programs did not detect anything.

I was able to detach the computer from the domain, but I could not make it join the domain again.

I have the infected computer with me today and I will try to run ComboFix and tdsskiller this morning.
please clarify if you had problems with the additional computer you put on the network, thanks.

At this point it's better to verify hardware is not faulty and reimage the workstation. From a cost analysis stand point spending over 3 hours troubleshooting when you can reimage in the same or less amount of time is something to consider. Of course this is only true if you're having problems with the one workstation. If you're having problems with an additional workstation there's obviously other issues.
Same here, it took me quite a while to become convinced it was malware, because AV reported switched on and OK, no suspicious processes, no google redirects, DNS OK...  In my instance TDSSKiller reported no infection, GMER and aswMBR both identified rootkit infection.

On the other hand alureon and zero access rootkits are just streets ahead of the antivirus.  You can sit there scanning with AVG and Spydoctor all day without getting anywhere, you have to use tools specifically targeted at tricky rootkits. TDSSKiller, GMER and aswMBR are 3, Combofix has proved effective for me before, also Sophos offer a supposed 'anti-rootkit utility' that I haven't been able to test live yet.
WORKS2011, not everyone works in an environment where they can deploy fresh images like smarties, in fact 95% of our small business clients don't have this kind of environment.
marcustech you can take the CD's that came with the workstation and rebuild in less time. What's your point, are you saying 95% of your small business doesn't have the operating systems to the workstations they're using? You can rebuild an entire XP workstation with manufacture CD's (OS and drivers) in three to four hours if not less.

Sorry the word reimage stumped you.
That would be re-installing as opposed to re-imaging then.  And none of the workstations we've bought in the past 3 years have come with CDs :(
Avatar of sglee

ASKER

@marcustech
I just ran Tdsskiller and it found Virus.Win32.ZAccess.aml. Service: MRxSmb. Malware object, High Risk.
No wonder why this computer could not find Exchange Server. This explains why I could not join the domain after detaching it from the network.
I used Tdsskiller and ComboFix to fix another user's PC a while ago, but it was a different symtom all together - "URL Re-direction" in a very subtle way.
Avatar of sglee

ASKER

@WORKS2011
I have not heard from any other user on the same network. So it is an isolated incident which is a good thing.
I agree with you about "hours spent for troubleshooting". My limit in troubleshooting is about 2 hours and 3 hours is max. After that it is not worth my time. Because XP install takes 40 minutes, Domain Join, printer install, App install ... takes 1.5 hours. In 2.5 hours I can give the user effectively BRAND NEW PC. So I chose that route this morning. I always keep XP / Win7 PCs ready to be installed on the site.
Virus.Win32.ZAccess.aml. Service: MRxSmb

Yeah, that'd do it I guess...
Avatar of sglee

ASKER

ComboFix foudn the same: "Your are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection." ---> How true that is. This virus is a bitch. I have not see anything like this, allowing you to access the internet, shared folders off the file server, print ... but prevents you from connecting to Exchange Server and joining Domain, being able to run http://connect. WEIRD!
Avatar of sglee

ASKER

After scanning with Tdsskiller & ComboFix, I can join the computer to the domain now.
Thank you for your help.