Exchange Server 2003 SP2 Cluster hardening
Hi Everyone,
Does anyone ever experience any problem with Exchange Server 2003 Hardening? I am having problem with Exchange 2003 hardening in my environment. My 2003 Domain(Windows2003 Server with SP1)is runnning under native mode, and there are Windows 2000 Pro SP4 and Windows XP Pro clients on my network, Office version are various, most are Office 2003, but there are some Office XP and Office 2000 on the network.
There following Microsoft's security templates were used in my hardening exercise, but some strange behaviors were encountered onSOME(around 30)of the Windows 2000 Pro stations with either Office 2000, XP or 2003 installed after the Hardening Exercise. They failed to resolve the Exchange Server name for some reason(When configure Outlook profile). However, they have no problem communicating with the Exchange Cluster through PING, TELNET, NETWORK Share or even Remote Desktop. There should be no port blocking between Exchange and the clients as other clients on the same network segment have no problem accessing the server. Moreover, I checked the Host table, repaired TCP/IP using WINSOCKXP, NewSID, rejoin to Domain, Latest SP for everything installed, reinstalled Office, updated NIC driver, even reinstalled NIC driver. Unfortunately, still no luck.
One thing to mention, on those workstation, there is no problem PINGING the server via either NETBIOS and FQDN.
The same user can access their Outlook on other Win2K Pro workstations,now I am running out of idea and users are getting frustrated.
I did come accross the following Microsoft's KB, but didn't help.
http://support.microsoft.com/kb/325930
http://support.microsoft.com/kb/255843
Microsoft's Security Template
----------------------------------------------------------------------------------------------------------------------------------------------
Windows 2003 Security Template
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
Exchange 2003 Security Template
http://www.microsoft.com/technet/prodtechnol/exchange/Guides/E2k3SecHardGuide/faecb78b-8453-4192-966e-06b05d49103f.mspx?mfr=true)
Domain Level (EC-Domain.inf)
Domain Controllers (EC-Domain Controller.inf, Exchange_2003-DC_Incremental_V1_1.ing)
Exchange 2003 SP2 Back-End Cluster (EC-Member Server Baseline.inf, Exchange_2003-Cluster_Node_Base_V1_1.inf, Exchange_2003-Cluster_Node_IMAP4_V1_1.inf, Exchange_2003-Cluster_Node_POP3_V1_1.inf)
----------------------------------------------------------------------------------------------------------
------------------------------------
Error Message Prompted!!
------------------------------------------------------------------------------------------------------------------------
The name could not be resolved. The Microsoft Exchange address book was unable to logon to the Microsoft Exchange Server computer.
The server containing the global address list is no longer available. You can reconnect to a different server by restarting Outlook or retry the operation when the server is reachable.
-------------------------------------------------------------------------------------------------------------------------
Anyone with any idea will be greatly appreciated!!
April 21st, 2008 6:44pm
Moreover, some other users failed to open their Outlook profile(2000, XP, 2003)after the hardening, a new Outlook profile must be created before they can be connected back to Exchange. Users would like to know the reason behind it, which I don't have. Anyone any idea?
Thanks
Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2008 6:39am