Remote users asked for password every time

[paulbrite]

I have just upgraded the hardware on our Exch 5.5 Server using the oportunity to also upgrade to W2K

Previously Exch ran on Nt4 SP6 which was also BDC

Followed MSKB155216 and Fueg007 previous posting to move Exch to new server with same name. New server is W2K SP4.

All is well (now!) and LAN users see no difference.

However, we have many remote users who access the network through modems and RRAS running on our W2K DC.

They are now prompted for their username, domain and password before Outlook will connect to Exchange.

I can't work out whether this is a problem with not having the BDC to authenticate, or an Exchange setting I've missed in rebuilding the server.

Is it good idea to make the new server a DC also?

Thanks for any help, Paul

 

[rubbaninja]

I think I may have an answer, I hope.

We have many remote users coming in via VPN but they also have desktops in their office (2 systems).

Ask the user if the account they logon to their machine with is the same username and password (domain too) that they use to auth to the rras server.

Our users were either logging on with a local account to their machine or they had to logon to their machines with a password for your domain that they changed months ago. Since they logon to their desktop before logging into the remote connection they pass the credentials of the account they logged into their workstation with.

The account used to logon remotely is only used for authing to your rras server.

(this is how I work) I logon as a local account, dial in, vpn in or whatnot with my domain account (of course) and I auth to everything else via prompt. This included Proxy, email, network resources, admin tools and so on.

Easy QUICK way to check is to look at the security log on your exchange server for logon failures.

When I check out my event logs I can see my laptop local account getting access denied (logon failures), like 3 in a row then I will see my domain account as a successful logon. (this is because I typed my pass).

Solution?
1. Tell your users, they will actually understand!
2. If they have old domain password issue on their machines rather than the local account scenerio they will either have to change their pass while logged in so their machines know of the password or have them bring their machines into your helpdesk to get on the network to change their password on the machine with issues.

I like option #1 followed up by maintenance of their machines when possible.

=)

I hope I didn't confuse! Bottom line, it's the account they are logging in with that's giving them a problem and not the remote access server or your bdc, pdc etc.

My fav line "It's a desktop issue, woohoo!"

Good luck!
A

 

[paulbrite]

I can see what you're saying. All of these users do indeed login to a local account on their PC. However, before the upgrade they were never asked for their Exchange credentials when accessing via dial-up (after the first time during installation)

I have now promoted the new Exchange server to a Domain Controller and all the password prompts have gone away, just like before.

As the machine is pretty hefty for the service it provides I am quite happy to leave it as a DC.