HPE Community
BackOffice Products
1833431 Members
3445 Online
110052 Solutions
New Discussion

Exchange 2003 Authentication

 
sj_2
Occasional Contributor

‎10-10-2005 07:28 PM

‎10-10-2005 07:28 PM

Exchange 2003 Authentication

I have an Exchange 2003 backend server in a Windows 2003 domain "test.local"
I have a WIndows 2003 subdomain "subdomain.test.local"

I also have a Windows 2003 domain in a seperate forest called "internal.org", there is a 2 way external non-transitive trust between this and "test.local"

The domain controllers from each domain can communicate with each other, but the Exchange server can only communicate with the DC in its own domain (test.local)

I can authenticate users in the "internal.org" domain to Exchange from the domain controller in test.local (i.e. using the non-transitive trust), BUT, if I try and authenticate using an account in the subdomain, the MAPI (or OWA) logon just hangs.
However, I do see a successful logon event on the subdomain DC.

I figure this is something to do with NTLM\Kerberos. I ideally need to be able to auth users via the local DC to Exchange, as in production there will be LOTS of DCs out on site at the end of puny links. i.e. I want Exchange to pass the auth request to its local DC (as is the case with the 2 way manual trust)

any ideas?

thanks
0 Kudos
1 REPLY 1
Rune J. Winje
Honored Contributor

‎11-18-2005 05:45 AM

‎11-18-2005 05:45 AM

Re: Exchange 2003 Authentication

Did you run setup /domainprep in the subdomain ?

http://www.msexchange.org/tutorials/Forestprep-Domainprep-Explained.html

"You need to run DomainPrep once in each domain that contains an Exchange 2003 server and in any domain that hosts Exchange users."

Also take care to not move the groups Exchange Domain Servers and Exchange Enterprise Servers from the default Users container.


Cheers,
Rune
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.