Sign in with
Sign up | Sign in
Your question

Users lost access to NT Exchange mailboxes after applying ..

Tags:
  • Policy
  • Domain
  • Exchange
  • Windows
Last response: in Windows 2000/NT
Share
October 8, 2004 7:04:34 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Several of our XP users who have been migrated to AD W2K3 have recently lost
access to their Exchange 5.5 mailboxes.

Background:
Our exchange 5.5 sp4 server is in trusted NT domain...mailboxes hosted on
Xchng 5.5 server. AD Users have been able to access their mailboxes fine
until I pushed out a group policy.

I removed these group policies in hope of correcting this issue...but it did
not fix the issue.

Users still in NT domain can still access there mailboxes but AD users no
longer can.

FYI: AD users can still get to other NT domain network resources, such as
printers, file servers, etc...just a problem with Exchange mailbox
(authentication?)...

Did something happen with SID history/SID filtering when I applied group
policy?

If so, can I safely disable SID filtering to allow these users to again
access their (mailbox) resources in NT domain?

Anybody have any insight into this issue?

Thanks in advance

Shawn

More about : users lost access exchange mailboxes applying

October 8, 2004 9:48:39 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"shawn" <shawnl@ecar.org> wrote in message
news:eehknmWrEHA.2596@TK2MSFTNGP12.phx.gbl...
> Several of our XP users who have been migrated to AD W2K3 have recently
lost
> access to their Exchange 5.5 mailboxes.
>
> Background:
> Our exchange 5.5 sp4 server is in trusted NT domain...mailboxes hosted on
> Xchng 5.5 server. AD Users have been able to access their mailboxes fine
> until I pushed out a group policy.
>
> I removed these group policies in hope of correcting this issue...but it
did
> not fix the issue.
>
> Users still in NT domain can still access there mailboxes but AD users no
> longer can.
>
> FYI: AD users can still get to other NT domain network resources, such as
> printers, file servers, etc...just a problem with Exchange mailbox
> (authentication?)...
>
> Did something happen with SID history/SID filtering when I applied group
> policy?
>
> If so, can I safely disable SID filtering to allow these users to again
> access their (mailbox) resources in NT domain?
>
> Anybody have any insight into this issue?
>
> Thanks in advance
>
> Shawn
>
>
>

More Info:

Went ahead and diabled SID filtering on EXTERNAL trust to see if this
helped...it made no difference...

It seems to be either Exchange is not processing the NTLMSSP packets
correctly anymore...or the packet data is enrypted...or....????

Anybody have any thoughts on what next?

I may have to quickly ramp up the XCHNG 2K3 server w/ADC, join the Xchng 5.5
site, and get AD mailboxes migrated to get this to work...I'm just not sure
what the heck changed all of a sudden????????

shawn
October 11, 2004 4:44:51 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

It was the Anonymous SID/Name translation setting on the domain
controller...removing policy did not remove setting...which now makes sense
on DC...had to force to Enable...which fixed problem

Evidently exchange 5.5 on NT is using the Null session to attempt to
authenticate...
!