Re: Exchange/Outlook password problem
- From: jim.severino@xxxxxxxxx
- Date: 18 Apr 2006 18:19:33 -0700
Guys
I had the same symptom. The Event ID 529 on the Exchange server is
paired with an Event ID 680 on one of my domain controllers:
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
User: NT AUTHORITY\SYSTEM
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Bertoim
Source Workstation: LT05
Error Code: 0xC000006A
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
The Error Code above indicates that the username was correct but the
password is wrong.
We just figured it out - the users having the problem appear to have a
saved password for the Exchange server, and that password has expired.
We can rectify the problem for individual users by running "control
keymgr.dll" and removing the saved password entry for the Exchange
server. There may be a way to script or automate this but I'm not aware
of it and the scale of our issue is too small to merit it.
Some background and a possible cause: We have an email archiving system
(Symantec Enterprise Vault for Exchange, nee Veritas, nee KVS) that
presents itself to the users as an HTTP service running on IIS on the
Exchange server. We had an issue for a few weeks where some changes to
the Internet Explorer Trusted Sites setting in Group Policy meant that
when users accessed their email archive via IE, they were getting
prompted for their username and password. We suspect that at this point
some of our users checked the "save password" option in IE. This
created an entry for the Exchange server's name in their "Stored User
Names and Passwords" list. Somehow, when Outlook starts, it references
this entry. When their password expired the saved password was no
longer valid, hence the logon failure.
I hope this helps someone to sort this issue out.
jim
Stephen Corcoran wrote:
There is only one exchange server.. about 150 users.. here's the only event
log entry that i found..
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 4/6/2006
Time: 3:54:07 PM
User: NT AUTHORITY\SYSTEM
Computer: HIGSRV03
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: gsmith
Domain: tasd
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: DISADM-L01
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 10.10.21.99
Source Port: 2617
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
"Arlo Clizer" <aclizer@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:Xns979D952C431ECtrojanxl@xxxxxxxxxxxxxxxx
"Stephen Corcoran" <sbcorcor@xxxxxxxxxxx> wrote in
news:OnPwSUbWGHA.4920@xxxxxxxxxxxxxxxxxxxx:
I have a user that changed her logon password, and ever since then,
has to re-enter her username and password to get into outlook. At
first i thought it was a replication problem, but she can login
against all three of our domain controllers with no problems. It's
just outlook that asks her to re-authenticate.
we're running:
windows 2003 server, sp1 on all servers
exchange 2003 sp1
clients are windows xp, sp2, outlook 2003 sp1
any ideas? everything worked fine before she changed her password.
Only one Exchange server in the mix? Anything in the event logs?
--
R. Arlo Clizer
FAQ: http://www.exchangefaq.org
Archives: http://groups.google.com
.
- References:
- Exchange/Outlook password problem
- From: Stephen Corcoran
- Re: Exchange/Outlook password problem
- From: Arlo Clizer
- Re: Exchange/Outlook password problem
- From: Stephen Corcoran
- Exchange/Outlook password problem
- Prev by Date: Re: Exchange Backup Question; multi-homed servers
- Next by Date: Re: Exchange Backup Question; multi-homed servers
- Previous by thread: Re: Exchange/Outlook password problem
- Next by thread: Problems w/ Exchange 5.5 MTA
- Index(es):
Relevant Pages
|
