I was having some problems today connection Outlook 2007 to an Exchange 2003 SP2 box today.
Here is the Error message that was being recieved:
The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.
After a couple of hours playing around I managed to narrow this down to Outlook 2007 now authenticating with kerberos and not being able to find the Service Prinical Name for the global catalog server.
Authentication via Outlook 2003 (NTLM) was perfect, as was HTTPS (OWA) this was just affecting Kerberos.
Here is how I fixed it:
1) Install Windows Server 2003 Support tools:SUPPTOOLS.MSI
2)Run setspn -L ExchangeServerName you will see something like this:
Registered ServicePrincipalNames for CN=,CN=Computers,DC=example,DC=com:
exchangeAB/
exchangeAB/.example.com
exchangeMDB/
exchangeMDB/.example.com
exchangeRFR/
exchangeRFR/.example.com
SMTPSVC/
SMTPSVC/.example.com
HOST/
HOST/.example.com
exchangeAB/
exchangeAB/
The above line is the one we are interested in. We need to change it:
setspn -D exchangeAB/ExchangeServerName ExchangeServerName
setspn -D exchangeAB/ExchangeServerName.example.com ExchangeServerName
Then re-add the details:
setspn -A exchangeAB/GlobalCatalogServerName GlobalCatalogServerName
setspn -A exchangeAB/GlobalCatalogServerName.example.com GlobalCatalogServerName
The output from setspn should now be:
Registered ServicePrincipalNames for CN=,CN=Computers,DC=example,DC=com:
exchangeMDB/
exchangeMDB/.example.com
exchangeRFR/
exchangeRFR/.example.com
SMTPSVC/
SMTPSVC/.example.com
HOST/
HOST/.example.com
Note the ExchangeAB SPNs are gone as they are now pointing to the domain controller (GC)
Reference List:
http://support.microsoft.com/kb/927612/en-us
1 comment:
Good information here. Thanks for sharing it.
Post a Comment