Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

A CAS user account is locked out when you use the New-TestCasConnectivityUser.PS1 script to create test mailboxes


View products that this article applies to.

Symptoms

When you use the New-TestCasConnectivityUser.PS1 script to create test mailboxes for OWA, ActiveSync, and Exchange Web Services connectivity monitoring, the CAS user account that is created by running the script is locked out (depending on your Group Policy settings) after multiple invalid logon attempts by the Default Application Pool on the Microsoft Exchange server that hosts the RPC and RPC with Certs virtual directory.

You may also see invalid logon events in the security log that resemble the following:

Audit Failure 3/30/2010 5:45:10 PM Microsoft Windows security auditing. 4625 Logon

An account failed to log on.

Subject:

Security ID: IIS APPPOOL\DefaultAppPool
Account Name: DefaultAppPool
Account Domain: IIS APPPOOL
Logon ID: 0x233a07c

Logon Type: 8

Account For Which Logon Failed:
Security ID: NULL
SID Account Name: extest_3844154d03764
Account Domain: <domain>

Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a

Process Information:
Caller Process ID: 0x12cc
Caller Process Name: C:\Windows\System32\inetsrv\w3wp.exe

Network Information:
Workstation Name: 190319-HUB1
Source Network Address: fe80::dcf0:3733:ee84:5825
Source Port: 49150

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

↑ Back to the top


Cause

By default, ASP.NET impersonation is not enabled on the RPC and RPC with Certs virtual directories for Exchange Server. This behavior is by design.

↑ Back to the top


Resolution

This issue is resolved in Exchange Server 2010 Service Pack 1. For information about how to obtain Service Pack 1 for Exchange Server 2010, go to the following Microsoft Download Center website:�

↑ Back to the top


More information

In addition to the Test-CASConnectivityUser.PS1 script, you can use the Exchange Remote Connectivity Analyzer (ExRCA). To use ExRCA, go to the following Microsoft website:For more information about the Exchange Remote Connectivity Analyzer, go to the following Microsoft TechNet website:

↑ Back to the top


Keywords: KB2744091

↑ Back to the top

Article Info
Article ID : 2744091
Revision : 1
Created on : 12/21/2012
Published on : 12/21/2012
Exists online : False
Views : 532