XIMS: Directory Service to Metabase Service May Not Replicate the Default Logon Domain for Virtual Servers

Article translations Article translations
Article ID: 267936 - View products that this article applies to.
This article was previously published under Q267936
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

SYMPTOMS

Users who attempt to log on to Microsoft Outlook Web Access (OWA) without specifying the domain may not be authenticated, even though the default domain is configured in Exchange System Manager under Authentication Methods for a Hypertext Transfer Protocol (HTTP) virtual directory.

CAUSE

This problem can occur if the Directory Service to Metabase replication service does not correctly write the default logon domain to the metabase.

RESOLUTION

To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
301378 XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack
Under all other circumstances, make OWA virtual directory configuration changes from Exchange System Manager. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
264941 XCCC: Changes to Virtual Directory Settings Are Not Maintained
You can also resolve this problem by configuring the default domain from the Internet Services Manager:
  1. Open the properties of the virtual directory, click Directory Security, and then click Anonymous Access.
  2. Click Authentication Control, click Basic Authentication, and then set the default domain.
If you want this setting to be implemented when you gain access to OWA by using a front-end server, the respective virtual directory on your front-end server needs to be configured with the same default domain. Unfortunately, because of the nature of front-end servers, you must use the workaround that is described in the "Workaround" section of this article to do so.

You can use a backslash (\) as the default domain to check users' credentials against all trusted domains, instead of just a single domain that is specified.

WORKAROUND

The resolution that is described in the "Resolution" section of this article does not work for front-end servers because the local path for the Exchange virtual root is no longer valid from Internet Services Manager on the front-end server. When you attempt to gain access to the Directory Security tab, you receive the following error message:
The path does not exist or is not a directory.
To work around this problem, use one of the following methods:
  • Set the default domain for basic authentication at a higher level to force inheritance. For example, when you set the default domain at the WWW service level, or at the default website, when you apply the setting, a dialog box is displayed that states the following:
    The following child nodes also define the value of the 'Default Logon Domain' property, which overrides the value you have just set. Please select from the list below those nodes which should use the new value.
    Be sure to select the virtual directory that you want to modify, and the inheritance propagates the default domain to that level.
  • Because inheritance does not always automatically propagate, after you change a property on an individual server, directory, or file, changes to the settings at the higher level might not automatically override the lower-level individual setting (see page 344 of the Internet Information Server 5.0 documentation). In this situation, you must manually make changes to the metabase:
    cd default_drive:\inetpub\adminscripts adsutil set w3svc/1/root/Exchange/DefaultLogonDomain "default_domain_setting"

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 1.

MORE INFORMATION

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
240105 XGEN: General Information on Directory Service/Metabase Synchronization in Exchange 2000 Server

Properties

Article ID: 267936 - Last Review: October 20, 2013 - Revision: 3.4
APPLIES TO
  • Microsoft Exchange 2000 Server Standard Edition
  • Microsoft Internet Information Services 5.0
Keywords: 
kbnosurvey kbarchive kbbug kberrmsg kbfix KB267936

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com