OWA doesn’t authenticate against the DCs in child domains correctly

Home Forums Messaging Software Exchange 2007 / 2010 / 2013 OWA doesn’t authenticate against the DCs in child domains correctly

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    xen6
    Member
    #130058

    I’ve got an AD forest set up with one parent domain and 2 child domains, all three of which are configured for 2000 Native mode. The forest schema master is on the parent domain. There is at least one 2003 SP1 domain controller on each of the three domains set up as a Global Catalog server as well. The Exchange 2007 server is on the parent domain because it must reside on the same domain as the schema master, however all the users are on the child domains.

    When connecting to the Exchange server with an Outlook client everything works as expected. When trying to connect via OWA however I get an error message right after the language and time zone selection screen.

    This only happens with users on the child domains, if I set up a user on the parent domain, it works fine.

    It seems as though the error always references one of the remaining Windows 2000 domain controllers. I’ve tried it multiple times now and the server referenced in the error will change, however it is always one of the 2000 servers.

    I’ve attached the error below, can anyone tell me how to either work around this issue or resolve it al together? Thanks!

    Request
    Url: https://webmail.domain.com:443/owa/lang.owa
    User host address: 123.123.123.123

    Exception
    Exception type: Microsoft.Exchange.Data.Directory.ADInvalidHandleCookieException
    Exception message: Active Directory operation failed on Win2K.childdomain.domain.com. Additional information: Active Directory rejected paged search cookie because a cookie handle was discarded by a domain controller or a different LDAP connection was used on subsequent page retrieval. Restart paged search. Additional information: The parameter is incorrect. Active directory response: 00000057: LdapErr: DSID-0C090591, comment: Error processing control, data 0, v893.

    Call stack
    Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
    Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate arrayCreator)
    Microsoft.Exchange.Data.Directory.ADSession.Read(ADObjectId entryId, IEnumerable
    1 properties, CreateObjectDelegate objectCtor)
    Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.Read(ADObjectId entryId)
    Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
    Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)
    Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)
    Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
    Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
    Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
    System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    Inner Exception
    Exception type: System.DirectoryServices.Protocols.DirectoryOperationException
    Exception message: The server does not support the control. The control is critical.

    Call stack
    System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
    System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
    Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)
    Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate arrayCreator)

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.