If an SMTP connector set the Outbound Security option to "Integrated Windows Authentication," the SMTP connector does not work in the IIS Metabase when you restore an Exchange Server 2003 server by using a Disaster Recovery mode

On a Microsoft Exchange Server 2003 Service Pack 2-based server, you set the Outbound Security option on the Advanced tab to Integrated Windows Authentication in an SMTP connector. When you restore the Exchange Server 2003 server by using a Disaster Recovery mode, the SMTP connector is not replicated to the IIS Metabase. Additionally, you may receive a message that resembles the following in the Application event log:

Event ID : 1026
Category :
General Source : MSExchangeMU
Type : Error Message : Failed to decrypt password from object 'CN=SMTPConnectorname,CN=Connections,CN=RouringGroupname,CN=Routing Groups,CN=Administrative Group name,CN=Administrative Groups,CN=Organizationname,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com'. Error code is 80090005 (Bad Data.).
The address space of the connector does not appear in the metabase under LM/SMTPSVC/1/domain and mails going through this connector can't be delivered.

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

To resolve this problem, follow these steps:

1. On the Advanced tab, set the Outbound Security option to Anonymous access on the SMTP connector.
2. Remove the msExchEncryptedPassword attribute from the following path in Active Directory directory service by using the Adsiedit.msc tool:

   CN=SMTPConnectorname,CN=Connections,CN=RouringGroupname,CN=Routing
   Groups,CN=Administrative Group name,CN=Administrative
   Groups,CN=Organizationname,CN=Microsoft
   Exchange,CN=Services,CN=Configuration,DC=domain,DC=com

3. Set the Outbound Security option to the Integrated windows authentication option again, add the account name and the password, and then save the change in Active Directory.
4. Double-check that the msExchEncryptedPassword attribute is now recreated on the path in Active Directory.
5. Double-check that the RoutePassword sub-attribute has been re-created in the IIS Metabase by using the Metabase Explorer tool.
   
   Note In order to force the replication to the Metabase instead of waiting for 15 minutes, add a second SMTP address space in the connector, and then remove it.

MORE INFORMATION

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.