Announcement

Collapse
No announcement yet.

SPN entry missing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SPN entry missing

    W2K3 boxes DCs/GCs
    2x Exchange 2K3 STD
    native mode

    Hi all,

    I've got a pretty anoying problem. On site2 I have an Exch2. When setting up users on Outlook 2007 I keep getting an authentication popup (problem with Kerberos I understand). I found a workaround by enforcing NTLM, which I do not want to roll out. However I came across this MS KB927612.

    Basically when I ran from support tools prompt:
    setspn -L Exch2 --> I do not get an entry for exchangeAB to the local site2 Global Catalog server

    setspn -L Exch1 --> I do get an entry for exchangeAB to the local site1 GC server.

    Therefore i believe the problem lies here, where Exch2 isn't "talking" to GC for authentication.

    I could not find anything on this site or internet which says that I cannot point exchangeAB attribute to site2 GC; but I just don't want to mess with the settings, i.e., point to site2 GC and then breaks everything on site1.

    Can anyone help?

    cheers

  • #2
    Re: SPN entry missing

    First - I am not aware of any authentication issues with Outlook 2007 connecting to Exchange 2003. Has something been changed from the default configuration of the server?

    Exchange will only talk to global catalogs, if it cannot find one then Exchange will fill up its event logs and usually fail to start. Therefore if Exchange is running it is finding GCs.

    I would start by running the Exchange Best Practises tool (http://www.exbpa.com/) to confirm there are no problems with the configuration. Resolve the issues it flags.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: SPN entry missing

      Sembee thanks for your reply.

      Please see this thread
      I don't know whether something has been changed, because we look after the netword for this client but they have an IT manager who likes to change things and don't tell us anything.
      I will run exbpa and get the report

      Comment


      • #4
        Re: SPN entry missing

        I am also experiencing the same issue more or less same.

        Checkout here
        http://forums.petri.com/showthread.php?t=30018

        Let me know if you get something. I will be researching again on the same today. Waiting for any inputs.
        Thanks & Regards
        v-2nas

        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
        Sr. Wintel Eng. (Investment Bank)
        Independent IT Consultant and Architect
        Blog: http://www.exchadtech.blogspot.com

        Show your appreciation for my help by giving reputation points

        Comment


        • #5
          Re: SPN entry missing

          Another interesting point:

          I've run netdiag on the Exchange server and the LDAP test reads:
          LDAP test....: passed
          [Warning] Failed to query SPN registration on DC 'DC1.mydomain.com'

          However DC1 is on a different site. I believe it should query DC2 which is in the same site as the exchange

          Another intersting point:
          If I try to use the autodiscover feature on Outlook 2007, it throws an expried certificate from snakeoil.dom

          Any thoguths guys???
          Last edited by pardal51; 20th November 2008, 12:20.

          Comment


          • #6
            Re: SPN entry missing

            Originally posted by Sembee View Post
            First - I am not aware of any authentication issues with Outlook 2007 connecting to Exchange 2003. Has something been changed from the default configuration of the server?

            Exchange will only talk to global catalogs, if it cannot find one then Exchange will fill up its event logs and usually fail to start. Therefore if Exchange is running it is finding GCs.

            I would start by running the Exchange Best Practises tool (http://www.exbpa.com/) to confirm there are no problems with the configuration. Resolve the issues it flags.

            Simon.
            Hi Sembee,
            I've run EXBPA and there are some critical issues:

            the ones to "ignore" for the moment:
            - Large page file;
            - Older exchmem.dll on \system32
            - HeapDeCommitFreeBlock Threshold

            However 2 certificates have expired. I am not sure whether this can be interfering with Outlook 2007 clients when creating their profiles. Forgot to mention that these outlook profiles are being created on a terminal server. As I don't have much experience with exch I am not fiddling much with the settings and the "older" guys are adamant that the ssl certificate has something to do with it.

            I am really struggling with this one.

            Comment


            • #7
              Re: SPN entry missing

              any thoughts???

              Comment

              Working...
              X