Access Denied on RDP on file server & Cannot access MS-Exchange via Outlook

By jeff ·
We recently needed to down our servers ??? 2003 R2 SBS & file server 2003 R2. The file server (also a domain controller) was downed for some time and then lost its NIC which we replaced after removing the dead NICs drivers. The file server is up and running but since then:

1. We get Access denied when attempting to RDP to the file server. The file system & shares are available on the network ??? we just can???t remote desktop to it. The file server (not SBS/exchange server) has Kerberos Errors:
KRB_AP_ERR_MODIFIED error from the server host/ The target name used was DNS/
KRB_AP_ERR_MODIFIED error from the server host/ The target name used was exchangeMDB/

No passwords were changed on either server. The SBS domain controller has replication errors which we expected whilst the file server (alternate domain controller) was out of action. RDP to the SBS works perfectly.

2. Outlook shows Exchange (on the SBS) as offline although the MS-Exchange store is mounted & no errors on info store or Exchange startup or event viewer. On the same PCs that Outlook show Exchange as being offline, we can use OWA to access the users mailbox, proving the info store is accessible.

Does Active Directory or DNS keeps a record of the NIC hardware that was replaced, which is causing these problems problem or whether it???s because ADs on both servers failed replication beyond the tombstone period?

I???m wondering whether these problems are related and best resolution steps.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

I believe you just need to do a little cleanup

by robo_dev In reply to Access Denied on RDP on f ...

Check the settings for the order of DNS resolution in the TCP/IP properties on the mail server.

I would bet these are messed up, or got changed with a new adapter.

if DNS is all messed up, the whole Kerberos ticket-granting process breaks.

With a new adapter mac address, you need to flush all places where DNS could be cached, such as the server, the client, etc.

Do a ipconfig /flushdns followed by ipconfig /registerdns

For RDP, there are also certificates stored on the client side in the PC registry. It may or may not help to reset the certificates on the client side.


delete registry keys named Certificate, X500 Certificate and X509 Certificate ID values. (These keys will get auto generated after system restart with system default values, which is actually needed)

But....the more likely root cause is if the DNS settings or cached DNS info is messed up, since certificates only work if they can validate who the host is.

Collapse -

i agree with robo_dev

by markp24 In reply to Access Denied on RDP on f ...


definitly agree with what Robo said,

Collapse -

Have you checked firewall settings on the file server?

by Charles Bundy In reply to Access Denied on RDP on f ...

Whilst there may be some DNS issues (see thoughts below) I'd start with the RDP port (3389) and work my way back.

WRT to Outlook: As the SBS would be authoritative FSMO and you don't mention any HW/SW changes to that box I'd look client side first. Did you try 'work online'? I also assume that box supplies DNS & DHCP, thus I'd be surprised at DNS problems.

PS: I did find this related (tho not exact) link.

Related Discussions

Related Forums