Autodiscovery and account lockout
Hi, we are having a peculiar issue. We have Windows XP clients with Outlook 2007 that connects to a hosted Exchange server/system on the Internet. We have confirmed that email flow works fine but whenever we setup an entry in our DNS to point autodiscover.xyz.com to the IP address of the appropriate autodiscovery server in our hosted Exchange environment, our users would get locked out of their local domain accounts. I have 2 ideas about what is happening: 1) Autodiscovery is attempting to login to the local domain before logging in to the hosted Exchange server. 2) Our email domain (xyz.com) is the same as our local AD domain (xyz.com). This confuses the system even though DNS points autodiscover.xyz.com to the hosted Exchange environment. Has anyone experienced this issue before? I think if we have the users use the same password for their local AD login and their Exchange server login, the lockouts would stop. Is there anything we can do in AD for the local domain to prevent authenticating locally prior to authenticating to the hosted Exchange environment?
July 14th, 2010 4:44pm

1. This should be no problem because there is no login to Exchange, per se. All Exchange authentication is domain authentication. 2. That wouldn't be a problem. They are not related. If they're getting locked out, it could be due to a password problem. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "Kwee" wrote in message news:b01d8edc-bea4-48b0-8962-011443df045c... Hi, we are having a peculiar issue. We have Windows XP clients with Outlook 2007 that connects to a hosted Exchange server/system on the Internet. We have confirmed that email flow works fine but whenever we setup an entry in our DNS to point autodiscover.xyz.com to the IP address of the appropriate autodiscovery server in our hosted Exchange environment, our users would get locked out of their local domain accounts. I have 2 ideas about what is happening: 1) Autodiscovery is attempting to login to the local domain before logging in to the hosted Exchange server. 2) Our email domain (xyz.com) is the same as our local AD domain (xyz.com). This confuses the system even though DNS points autodiscover.xyz.com to the hosted Exchange environment. Has anyone experienced this issue before? I think if we have the users use the same password for their local AD login and their Exchange server login, the lockouts would stop. Is there anything we can do in AD for the local domain to prevent authenticating locally prior to authenticating to the hosted Exchange environment? Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2010 6:32pm

I am having this same issue...did you ever find a solution??
May 25th, 2011 6:35pm

I am experiencing the very same issue, with the same configurations (AD domain abc.com matches Internet domain abc.com). I can confirm that synchronizing the passwords between local AD and Exchange does work, but aggregated across a a large domain of users, it becomes a burdensome task. I've had the same sort of "I don't see why it's not working" response from MS support here. [http://social.technet.microsoft.com/Forums/en-US/officeitpro/thread/b3d36dd0-1002-4ccd-9cd9-a649a91c27ec/] I hope that this gets some attention. Jonathan
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2011 11:46pm

Jonathan, I am SOOOO glad I ran across your other post. I am experiencing the IDENTICAL problem to you. Ours just started happening when we upgraded to exchange '07 with our hosted provider. I set the users domain and exchange passwords to match and I am not getting anymore bad password counts. I am going to save this thread and your other and reply to both if i find a solution from Microsoft. Already have a ticket open.
August 11th, 2011 1:45pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics