E
Exile_Ken
I have an issue with a laptop running Vista w SP1 that can not connect
Outlook 2007 to our Exchange 2003 server over a VPN connection. The VPN
connection is valid and Windows authentication is working as we can access
mapped drives, and other network resources. Here are the details:
When connected to the network, W2K3 AD native mode domain, Outlook connects
without an issue. Once the user is remote, they login over VPN using
CheckPoint SecureRemote client, Version 6. The firewall successfully
authenticates the VPN connection. When the user opens Internet Explorer, it
goes to the home page which is our Sharepoint Portal. The user is properly
authenticated in Sharepoint as he can only access the sites that he has
permissions for. The user can access mapped drives, (although when
connecting to the drives initially there is a prompt for domain username and
password). When the user opens Outlook 2007, he is not prompted for domain
username and password. Outlook does not connect. It shows attempting to
connect to Microsoft Exchange server, but fails and shows the status as
disconnected.
This appears to be an authentication issue. When I look in the Windows
Logs in Event Viewer there appear the same sequence of Event IDs each time
the user attempts to connect to Exchange. All four are “Warning Eventsâ€
with Event ID 40960 and a source of LsaSrv, which obviously has something to
do with Kerberos authentication. The message details are nearly identical,
with the exception of two or three characters that appear just before a
forward slash, and the name of the server it is trying to connect to. The
first message shows an attempt to connect to the mail server (the names of
the servers it is trying to connect to have been changed, but they are the
correct names):
The Security System detected an authentication error for the server
exchangeRFR/abc-mail.mydomain.com. The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)".
The second message shows an attempt to connect to the domain controller.
The Security System detected an authentication error for the server
exchangeAB/abc-dc.mydomain.com. The failure code from authentication protocol
Kerberos was "There are currently no logon servers available to service the
logon request.
(0xc000005e)".
The third message shows the same AB reference, but is attempting to connect
to the mail server.
The Security System detected an authentication error for the server
exchangeAB/abc-mail.mydomain.com. The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)".
The last event is an attempt to connect to the mail server with an MDB
reference.
The Security System detected an authentication error for the server
exchangeMDB/abc-mail.mydomain.com. The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)".
These 4 event ids appear consistently each time we try to make a connection
form Outlook to Exchange. I can successfully ping both the mail server and
DC by name. I have searched Google Groups and Technet, and looked this up on
EventID.net, and have not found a solution.
Thank you in advance for any assistance you can provide.
Ken Merrigan
Outlook 2007 to our Exchange 2003 server over a VPN connection. The VPN
connection is valid and Windows authentication is working as we can access
mapped drives, and other network resources. Here are the details:
When connected to the network, W2K3 AD native mode domain, Outlook connects
without an issue. Once the user is remote, they login over VPN using
CheckPoint SecureRemote client, Version 6. The firewall successfully
authenticates the VPN connection. When the user opens Internet Explorer, it
goes to the home page which is our Sharepoint Portal. The user is properly
authenticated in Sharepoint as he can only access the sites that he has
permissions for. The user can access mapped drives, (although when
connecting to the drives initially there is a prompt for domain username and
password). When the user opens Outlook 2007, he is not prompted for domain
username and password. Outlook does not connect. It shows attempting to
connect to Microsoft Exchange server, but fails and shows the status as
disconnected.
This appears to be an authentication issue. When I look in the Windows
Logs in Event Viewer there appear the same sequence of Event IDs each time
the user attempts to connect to Exchange. All four are “Warning Eventsâ€
with Event ID 40960 and a source of LsaSrv, which obviously has something to
do with Kerberos authentication. The message details are nearly identical,
with the exception of two or three characters that appear just before a
forward slash, and the name of the server it is trying to connect to. The
first message shows an attempt to connect to the mail server (the names of
the servers it is trying to connect to have been changed, but they are the
correct names):
The Security System detected an authentication error for the server
exchangeRFR/abc-mail.mydomain.com. The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)".
The second message shows an attempt to connect to the domain controller.
The Security System detected an authentication error for the server
exchangeAB/abc-dc.mydomain.com. The failure code from authentication protocol
Kerberos was "There are currently no logon servers available to service the
logon request.
(0xc000005e)".
The third message shows the same AB reference, but is attempting to connect
to the mail server.
The Security System detected an authentication error for the server
exchangeAB/abc-mail.mydomain.com. The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)".
The last event is an attempt to connect to the mail server with an MDB
reference.
The Security System detected an authentication error for the server
exchangeMDB/abc-mail.mydomain.com. The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)".
These 4 event ids appear consistently each time we try to make a connection
form Outlook to Exchange. I can successfully ping both the mail server and
DC by name. I have searched Google Groups and Technet, and looked this up on
EventID.net, and have not found a solution.
Thank you in advance for any assistance you can provide.
Ken Merrigan