we have a 2003 domain; exchange 2003 sp2 running; outlook 2007 clients; 2008 domain controllers; xppro sp2 clients. for several years now periodically outlook clients will not be able to find the exchange server. the number of clients having this problem is random in a domain of 4500 pcs; can be upwards of 100 out of the 4500; from the pc dns & wins resolution is fine; ad replicaton is fine; pinging & browsing from pc to exchange server is fine. a trace with wire shark monitoring traffic from pc to exchange server shows an error from a specific domain controller. shutting down this domain controller allows the clients to connect to the exchange server fine. exchange is configured to automaitcally setup directory access when this occurs. I manually changed directory access removing the offending domain controller from the exchange server directory list === did not fix the problem. set directory access on exchange server back to automatic configuration. demoting the offending dc, removing from domain, changing name to new name, adding back to domain, promoting to dc again === did not solve the problem. outlook clients still tried to connect to same dc with new name and same error in trace. error in trace === dcerpc bind_ack: call_id:1, NTLMSSP_CHALLENGE PROVIDER rejeection, reason: abstract syntax not supported. in the packet information from this error appears the name fqdn name of the domain controller. shutting down dc and/or demoting causes outlook clients to function again. dcs are vms running in blade array on esx hosts; this problem did occur on physical dcs also. I have not been able to find out what is happening that is causing the dc to reject these requests; a reimage of the pc OS will fix the problem also. however reimaing 100 pcs every time this happens is not a reasonalbe course of action. Brian P Collins

terence, thanks for the reply. for number 1: what do you mean by dst? the error shows up on the xp pc in a wireshark packet going to email server, so problem is between pc and dc? or between exchange server and dc? for number 2: outlook just gives error message can not connect to exchange server for number 3: great tip, I will look into it. thanks. for number 4: I was not able to add a new profile as the pc would stop at can not find exchange server thanks again for your time. this has been a problem now at least 4 times, where the only solution has been to run wireshark, look at packets for offending dc, and then kill the dc. thanks BrianBrian P Collins

DST is Daylight Saving Time, I believe lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com

thanks for the clarification. I will be investigating the dst question. there is the possiblity the dst patch is not up to date. also am learning about ds server settings, and how mapi profiles work and where they are stored in the registry. the info shared is at least something to look at. problem is over now, as i have killed the offending dc. however I do not want to stop chasing this one as it has happened 4 times now and I suspect is lurking again. looking into what you have suggested may shed some light. thanks for your time and comments.Brian P Collins

Hi 1. Please DST setting of client and GC. If they are difference, you will meet “NTLMSSP_CHALLENGE Provider rejection, reason: Abstract syntax not supported” 2. If outlook 2007 repeatedly requires account and password, you can read this KB. http://support.microsoft.com/kb/927612 3.We added the registry key on the client machine to point Outlook to a specific domain controller. HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider Value name: DS Server Data type: REG_SZ (string) Value data: FQDN of the global catalog server 4. Do you try to create new profile of outlook 2007?http://support.microsoft.com/kb/829918