RPC over https cannot login

We have an issue which just seems to have happened overnight in that any users connecting over RPC to exchange 2007 type in the password and it just get rejected and the password box keeps appearing, this was all fine yesterday, I cannot see anything in the Event logs that would spark any interest
pepps11976Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Password prompt does not always mean a password/authentication failure.
The most common cause of password prompts with Outlook Anywhere (RPC over HTTPS is the Exchange 2003 name) is SSL certificate issues. Therefore I would check your SSL certificate has not expired.

Simon.
pepps11976Author Commented:
Certificate expires next month, just checked
pepps11976Author Commented:
we also have a sharepoint server on a different server doing a similar thing, where its asking for a username and password even though its on the domain, this to me points to a DC issue but not sure what

any thoughts?
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Will SzymkowskiSenior Solution ArchitectCommented:
I would also be checking your Virtual Directories and the authentication that is being used for each one. I have also seen issues like this relating to public folders as well.

Will.
pepps11976Author Commented:
Yes but nothing has changed this has been working for well over a year now with no issues
Will SzymkowskiSenior Solution ArchitectCommented:
Ok, well does this happen for all users accounts? When this happens for a user, hold crtl+right click the outlook icon in the system tray and check the connection status and see what outlook is trying to connect to. Also I would run the Test Email Auto Config using the same method hold ctrl+right click Outlook Icon.

Also, for users that this happens to, what is there Outlook client authentication set to? It should be set to Negotiate Authentication.

Will.
pepps11976Author Commented:
Im starting to think this is not Exchange Related, here are my findings

We have a Terminal Server which has also always been fine

Today users were trying to connect using Internal IP address and it kept coming back with login box saying wrong credentials (similar to Exchange) if users connected via Server Name they could login, after connecting via server name they seem to be able to connect via IP address as well

also we have a sharepoint server that users browse to which is also asking for credentials

any thoughts?.
Will SzymkowskiSenior Solution ArchitectCommented:
If you think it is related to the DC's have you checked the Security Logs to see if your account is even authenticating when you are putting in your password?

Also, for Sharepoint, if you have your set listed in the trusted sites or local intranet and under User Authentication "Automatic Logon With current username and password" should be checked off.

Will.
pepps11976Author Commented:
checked security log there does not seem to be anything untoward in there.

With sharepoint again nothing has changed there so in theory it should just work, it all seems to be an authenticating thing
pepps11976Author Commented:
ok I found the following on the exchange server

An Account failed to log on (rpc over https)

event ID 4625
Will SzymkowskiSenior Solution ArchitectCommented:
What was the reason for failed attempt? Bad Password?

Also have you checked your AD Health and Replication?

Repadmin /replsum
Repadmin /showrepl
Repadmin /bridgeheads
DCDiag /V

Will.
pepps11976Author Commented:
No its not bad password ive checked this with all users and double checked

Repadmin

Repadmin
DCDIAG

diag.txt
Will SzymkowskiSenior Solution ArchitectCommented:
You only have 1 DC in your environment?

Will.
pepps11976Author Commented:
yes I did have two but one completely died so I had to remove from Active Directory
pepps11976Author Commented:
Ok I think I may have figured this out, the dc had about 5 updates last night it's a 2003 server, I uninstalled them and everything seems to be back working, would that make sense?
Simon Butler (Sembee)ConsultantCommented:
I was about to post - one of the updates on the Windows 2003 platform released on Tuesday is the cause of this. KB3002657 is the one that is causing a problem. Windows 2003 DCs only are affected.
You can reinstall the others - just skip that one.

Simon.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.