BackOffice Products
1833431 Members
3445 Online
110052 Solutions
New Discussion

Exchange 2003 Authentication

 
sj_2
Occasional Contributor

Exchange 2003 Authentication

I have an Exchange 2003 backend server in a Windows 2003 domain "test.local"
I have a WIndows 2003 subdomain "subdomain.test.local"

I also have a Windows 2003 domain in a seperate forest called "internal.org", there is a 2 way external non-transitive trust between this and "test.local"

The domain controllers from each domain can communicate with each other, but the Exchange server can only communicate with the DC in its own domain (test.local)

I can authenticate users in the "internal.org" domain to Exchange from the domain controller in test.local (i.e. using the non-transitive trust), BUT, if I try and authenticate using an account in the subdomain, the MAPI (or OWA) logon just hangs.
However, I do see a successful logon event on the subdomain DC.

I figure this is something to do with NTLM\Kerberos. I ideally need to be able to auth users via the local DC to Exchange, as in production there will be LOTS of DCs out on site at the end of puny links. i.e. I want Exchange to pass the auth request to its local DC (as is the case with the 2 way manual trust)

any ideas?

thanks
1 REPLY 1
Rune J. Winje
Honored Contributor

Re: Exchange 2003 Authentication

Did you run setup /domainprep in the subdomain ?

http://www.msexchange.org/tutorials/Forestprep-Domainprep-Explained.html

"You need to run DomainPrep once in each domain that contains an Exchange 2003 server and in any domain that hosts Exchange users."

Also take care to not move the groups Exchange Domain Servers and Exchange Enterprise Servers from the default Users container.


Cheers,
Rune