Article ID: 948801 - Last Review: March 17, 2008 - Revision: 1.0

If an SMTP connector set the Outbound Security option to "Integrated Windows Authentication," the SMTP connector does not work in the IIS Metabase when you restore an Exchange Server 2003 server by using a Disaster Recovery mode

View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

On a Microsoft Exchange Server 2003 Service Pack 2-based server, you set the Outbound Security option on the Advanced tab to Integrated Windows Authentication in an SMTP connector. When you restore the Exchange Server 2003 server by using a Disaster Recovery mode, the SMTP connector is not replicated to the IIS Metabase. Additionally, you may receive a message that resembles the following in the Application event log:

Event ID : 1026
Category :
General Source : MSExchangeMU
Type : Error Message : Failed to decrypt password from object 'CN=SMTPConnectorname,CN=Connections,CN=RouringGroupname,CN=Routing Groups,CN=Administrative Group name,CN=Administrative Groups,CN=Organizationname,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com'. Error code is 80090005 (Bad Data.).
The address space of the connector does not appear in the metabase under LM/SMTPSVC/1/domain and mails going through this connector can't be delivered.

Back to the top

RESOLUTION

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

To resolve this problem, follow these steps:
  1. On the Advanced tab, set the Outbound Security option to Anonymous access on the SMTP connector.
  2. Remove the msExchEncryptedPassword attribute from the following path in Active Directory directory service by using the Adsiedit.msc tool: 
    CN=SMTPConnectorname,CN=Connections,CN=RouringGroupname,CN=Routing
Groups,CN=Administrative Group name,CN=Administrative
Groups,CN=Organizationname,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=domain,DC=com
  3. Set the Outbound Security option to the Integrated windows authentication option again, add the account name and the password, and then save the change in Active Directory.
  4. Double-check that the msExchEncryptedPassword attribute is now recreated on the path in Active Directory.
  5. Double-check that the RoutePassword sub-attribute has been re-created in the IIS Metabase by using the Metabase Explorer tool.

    Note In order to force the replication to the Metabase instead of waiting for 15 minutes, add a second SMTP address space in the connector, and then remove it.
Back to the top

MORE INFORMATION

The Metabase Explorer tool is included in the IIS 6.0 Resource Kit Tools. To obtain the IIS 6.0 Resource Kit Tools, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499 (http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499)
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top
APPLIES TO
  • Microsoft Exchange Server 2003 Service Pack 2, when used with:
    • Microsoft Exchange Server 2003 Standard Edition
    • Microsoft Exchange Server 2003 Enterprise Edition
Back to the top
Keywords: 
kbprb kbexchsetup kbexpertiseinter kbtshoot KB948801
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers