Autodiscovery and account lockout
Hi, we are having a peculiar issue. We have Windows XP clients with Outlook 2007 that connects to a hosted Exchange server/system on the Internet. We have confirmed that email flow works fine but whenever we setup an entry in our DNS to point
autodiscover.xyz.com to the IP address of the appropriate autodiscovery server in our hosted Exchange environment, our users would get locked out of their local domain accounts. I have 2 ideas about what is happening:
1) Autodiscovery is attempting to login to the local domain before logging in to the hosted Exchange server.
2) Our email domain (xyz.com) is the same as our local AD domain (xyz.com). This confuses the system even though DNS points autodiscover.xyz.com to the hosted Exchange environment.
Has anyone experienced this issue before? I think if we have the users use the same password for their local AD login and their Exchange server login, the lockouts would stop. Is there anything we can do in AD for the local domain to prevent
authenticating locally prior to authenticating to the hosted Exchange environment?
July 14th, 2010 4:44pm
1. This should be no problem because there is no login to Exchange, per se. All Exchange authentication is domain authentication.
2. That wouldn't be a problem. They are not related.
If they're getting locked out, it could be due to a password problem.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"Kwee" wrote in message
news:b01d8edc-bea4-48b0-8962-011443df045c...
Hi, we are having a peculiar issue. We have Windows XP clients with Outlook 2007 that connects to a hosted Exchange server/system on the Internet. We have confirmed that email flow works fine but whenever we setup an entry in our DNS to point
autodiscover.xyz.com to the IP address of the appropriate autodiscovery server in our hosted Exchange environment, our users would get locked out of their local domain accounts. I have 2 ideas about what is happening:
1) Autodiscovery is attempting to login to the local domain before logging in to the hosted Exchange server.
2) Our email domain (xyz.com) is the same as our local AD domain (xyz.com). This confuses the system even though DNS points autodiscover.xyz.com to the hosted Exchange environment.
Has anyone experienced this issue before? I think if we have the users use the same password for their local AD login and their Exchange server login, the lockouts would stop. Is there anything we can do in AD for the local domain to prevent
authenticating locally prior to authenticating to the hosted Exchange environment?
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2010 6:32pm
I am having this same issue...did you ever find a solution??
May 25th, 2011 11:46am
I am experiencing the very same issue, with the same configurations (AD domain abc.com matches Internet domain abc.com). I can confirm that synchronizing the passwords between local AD and Exchange does work, but aggregated across a a large domain of users,
it becomes a burdensome task.
I've had the same sort of "I don't see why it's not working" response from MS support here. [http://social.technet.microsoft.com/Forums/en-US/officeitpro/thread/b3d36dd0-1002-4ccd-9cd9-a649a91c27ec/] I hope that this gets some attention.
Jonathan
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2011 4:52pm