The issue: My users are unable to authenticate over OWA (and Outlook Exchange client cannot connect) when a specific DC shuts down. All other DCs can be running, but still no authentication takes place. My Environment: I have six DCs all configured as GCs. DC1 (call it JY) in subnet1 (call it 106), DC2 (JE) in subnet2 (120) - these two subnets in building1 (C) with no firewall restrictions. DC3 (ADS), DC4 (ADS2), DC5 (lib2), and DC6 (lib) on the same subnet3 in building2 (L) Subnet1 and subnet2 both cancommunicate with subnet3directly over ports 389 and 3269 and various other AD ports just fine. AD replication across all subnets not reporting any event log errors in any DC. FSMO role owners: DC5 has PDC and RID; DC6 has Schema, Domain role, Infrastructure Single domain, single site, all subnets connected by gigabit connections. On Exchange 2003 server Directory Access tab, only DC6 is appearing inthe All Domain Controllers, Configuration, Domain Controller and Global Catalog servers drop-down. Exchange server in subnet1 Steps taken to resolve this issue: Turned on DSAccess Topology logging to minimum. Event 2080 shows in-site DCs detection working. DC6 CDG 7 7 1 0 1 1 7 1 DC4 CDG 7 7 1 0 0 1 7 1 DC3CDG 7 7 1 0 0 1 7 1 DC2 CDG 7 7 1 0 0 1 7 1 DC1 CDG 7 7 1 0 0 1 7 1 DC5 CDG 7 7 1 0 0 1 7 1 Used policytest.txt and confirmed the SACL is not set for any of the DCs except DC6. Verified the 'Manage auditing and security logs' has the 'Exchange Enterprise Servers' group is listed in the Domain Controllers Local Policy under the User Rights Assignments on all DCs including DC6. All had the Exchange Server computer account listed. Set the RUS to rebuild (RUS is using DC6 for both Enterprise and domain) and RUS is set to 'always run'. Used ADSIEdit to confirm that the FORESTPREP value is 6903 and domainprep is 6936. Confirmed on all DCs indepedently. Goal: Due to renovation projects, DC1 and DC2 will always be available, but all other DCs may be down for several hours at a time. Exchange users must be able to authenticate against DC1 and DC2 and all Exchange services may running. As a side note, if DCs 3-6 shutdown, Exchange services haven't been shutting down. So Exchange is recognizing DC1 and DC2 as GCs. Any assistance you can provide will be greatly appreciated!!!!!!!!!!!!!!

Outlook clients use specfic GC's when they connect. If that GC is not available then it can cause this is issue with those using outlook. This doesn't explain the OWA users though. Unless the exchange server is set to specifically communicate with the GC that is going down. Which from your post doesn't sound like that has happened. For the outlook clients you can set a reg key to tell them which server is the preferred GC server to use. Check this out. http://support.microsoft.com/kb/319206/en-us You should consider setting seperate site in AD and defining them by subnet. That way each local subnet user will see the GC in their specfic subnet as the preferred GC automatically based on subnet. Is OWA running on the same exchange server as the mailbox store?