Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

If an SMTP connector set the Outbound Security option to "Integrated Windows Authentication," the SMTP connector does not work in the IIS Metabase when you restore an Exchange Server 2003 server by using a Disaster Recovery mode


View products that this article applies to.

Symptoms

On a Microsoft Exchange Server 2003 Service Pack 2-based server, you set the Outbound Security option on the Advanced tab to Integrated Windows Authentication in an SMTP connector. When you restore the Exchange Server 2003 server by using a Disaster Recovery mode, the SMTP connector is not replicated to the IIS Metabase. Additionally, you may receive a message that resembles the following in the Application event log:

Event ID : 1026
Category :
General Source : MSExchangeMU
Type : Error Message : Failed to decrypt password from object 'CN=SMTPConnectorname,CN=Connections,CN=RouringGroupname,CN=Routing Groups,CN=Administrative Group name,CN=Administrative Groups,CN=Organizationname,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com'. Error code is 80090005 (Bad Data.).
The address space of the connector does not appear in the metabase under LM/SMTPSVC/1/domain and mails going through this connector can't be delivered.

↑ Back to the top


Resolution

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

To resolve this problem, follow these steps:
  1. On the Advanced tab, set the Outbound Security option to Anonymous access on the SMTP connector.
  2. Remove the msExchEncryptedPassword attribute from the following path in Active Directory directory service by using the Adsiedit.msc tool:
    CN=SMTPConnectorname,CN=Connections,CN=RouringGroupname,CN=Routing
    Groups,CN=Administrative Group name,CN=Administrative
    Groups,CN=Organizationname,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=domain,DC=com
  3. Set the Outbound Security option to the Integrated windows authentication option again, add the account name and the password, and then save the change in Active Directory.
  4. Double-check that the msExchEncryptedPassword attribute is now recreated on the path in Active Directory.
  5. Double-check that the RoutePassword sub-attribute has been re-created in the IIS Metabase by using the Metabase Explorer tool.

    Note In order to force the replication to the Metabase instead of waiting for 15 minutes, add a second SMTP address space in the connector, and then remove it.

MORE INFORMATION

The Metabase Explorer tool is included in the IIS 6.0 Resource Kit Tools. To obtain the IIS 6.0 Resource Kit Tools, visit the following Microsoft Web site:

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


Keywords: KB948801, kbtshoot, kbexpertiseinter, kbexchsetup, kbprb

↑ Back to the top

Article Info
Article ID : 948801
Revision : 1
Created on : 3/17/2008
Published on : 3/17/2008
Exists online : False
Views : 411