Exchange – ‘Not all the required authentication methods were found’

KB ID 0001180 

Problem

I had to visit a client who had recently gone through an Exchange migration, now his external mail clients were having a nightmare staying connected to Outlook Anywhere. I ran the Exchange connectivity tester and got this;

Additional details
Not all the required authentication methods were  found
Methods Found: Basic
Methods Required: NTLM

 

Solution

Looks like an open and shut case, someone forgot to enable Windows Authentication on the ‘rpc’ virtual directory in Exchange, and when I looked, it wasn’t so I enabled it, like so;

Now I was feeling smug, and enjoying a coffee before I left site, when it went off again? As it happens, not only do you need to set it correctly in IIS, but if someone has set it incorrectly in Exchange, then Exchange wins! As you can see by my query below;

[box]

[PS] C:\Windows\system32>Get-OutlookAnywhere


RunspaceId                      : a268959b-a2c9-435a-883e-97acef3ec828
ServerName                      : PNLMAIL03
SSLOffloading                   : False
ExternalHostname                : webmail.petenetlive.co.uk
ClientAuthenticationMethod      : Ntlm
IISAuthenticationMethods        : {Basic} << OOPS! :(
XropUrl                         :
MetabasePath                    : IIS://PNLMAIL03.PNL.local/W3SVC/1/ROOT/Rpc
Path                            : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : PNLMAIL03
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
Name                            : PNLMAIL03
DistinguishedName               : CN=PNLMAIL03,CN=HTTP,CN=Protocols,CN=PNLMAIL03,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=PeteNetLive,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=PNL,DC=local
Identity                        : PNLMAIL03\PNLMAIL03
Guid                            : 3403795b-af71-4687-ba81-da4c876ed7bc
ObjectCategory                  : PNL.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                     : 01/10/2015 13:34:26
WhenCreated                     : 14/06/2013 09:27:03
WhenChangedUTC                  : 01/10/2015 12:34:26
WhenCreatedUTC                  : 14/06/2013 08:27:03
OrganizationId                  :
OriginatingServer               : PNLDC01.PNL.local
IsValid                         : True

RunspaceId                      : a268959b-a2c9-435a-883e-97acef3ec828
ServerName                      : PNLMAIL02
SSLOffloading                   : False
ExternalHostname                : webmail.petenetlive.co.uk
ClientAuthenticationMethod      : Ntlm
IISAuthenticationMethods        : {Basic}
XropUrl                         :
MetabasePath                    : IIS://PNLMAIL02.PNL.local/W3SVC/1/ROOT/Rpc
Path                            : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : PNLMAIL02
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
Name                            : PNLMAIL02
DistinguishedName               : CN=PNLMAIL02,CN=HTTP,CN=Protocols,CN=PNLMAIL02,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=PeteNetLive,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=PNL,DC=local
Identity                        : PNLMAIL02\PNLMAIL02
Guid                            : 40ea303b-9c68-47ab-84fd-362c07f0a2db
ObjectCategory                  : PNL.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                     : 01/10/2015 13:34:37
WhenCreated                     : 14/06/2013 09:26:49
WhenChangedUTC                  : 01/10/2015 12:34:37
WhenCreatedUTC                  : 14/06/2013 08:26:49
OrganizationId                  :
OriginatingServer               : PNLDC01.PNL.local
IsValid                         : True

[/box]

Well that explains the error! To fix that;

[box]

[PS] C:\Windows\system32>get-outlookanywhere | set-outlookanywhere -iisauthentication ntlm, basic

[/box]

Now let’s check again.

[box]

[PS] C:\Windows\system32>Get-OutlookAnywhere


RunspaceId                      : a268959b-a2c9-435a-883e-97acef3ec828
ServerName                      : PNLMAIL03
SSLOffloading                   : False
ExternalHostname                : webmail.petenetlive.co.uk
ClientAuthenticationMethod      : Ntlm
IISAuthenticationMethods        : {Basic, Ntlm} << BOOM :)
XropUrl                         :
MetabasePath                    : IIS://PNLMAIL03.PNL.local/W3SVC/1/ROOT/Rpc
Path                            : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : PNLMAIL03
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
Name                            : PNLMAIL03
DistinguishedName               : CN=PNLMAIL03,CN=HTTP,CN=Protocols,CN=PNLMAIL03,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=PeteNetLive,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=PNL,DC=local
Identity                        : PNLMAIL03\PNLMAIL03
Guid                            : 3403795b-af71-4687-ba81-da4c876ed7bc
ObjectCategory                  : PNL.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                     : 02/10/2015 13:13:55
WhenCreated                     : 14/06/2013 09:27:03
WhenChangedUTC                  : 02/10/2015 12:13:55
WhenCreatedUTC                  : 14/06/2013 08:27:03
OrganizationId                  :
OriginatingServer               : PNLDC01.PNL.local
IsValid                         : True

RunspaceId                      : a268959b-a2c9-435a-883e-97acef3ec828
ServerName                      : PNLMAIL02
SSLOffloading                   : False
ExternalHostname                : webmail.petenetlive.co.uk
ClientAuthenticationMethod      : Ntlm
IISAuthenticationMethods        : {Basic, Ntlm}
XropUrl                         :
MetabasePath                    : IIS://PNLMAIL02.PNL.local/W3SVC/1/ROOT/Rpc
Path                            : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : PNLMAIL02
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
Name                            : PNLMAIL02
DistinguishedName               : CN=PNLMAIL02,CN=HTTP,CN=Protocols,CN=PNLMAIL02,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=PeteNetLive,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=PNL,DC=local
Identity                        : PNLMAIL02\PNLMAIL02
Guid                            : 40ea303b-9c68-47ab-84fd-362c07f0a2db
ObjectCategory                  : PNL.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                     : 02/10/2015 13:13:58
WhenCreated                     : 14/06/2013 09:26:49
WhenChangedUTC                  : 02/10/2015 12:13:58
WhenCreatedUTC                  : 14/06/2013 08:26:49
OrganizationId                  :
OriginatingServer               : PNLDC01.PNL.local
IsValid                         : True

[/box]

 

Related Articles, References, Credits, or External Links

NA

Event ID 7023

KB ID 0000353 0

Problem

Event ID 7023

Source: Service Control Manager

Description: The Internet Authentication Service service terminated with the following error: Only one usage of each socket address (protocol/network address/port) is normally permitted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Cause: In my case the server (SBS2003) had recently been patched and updated. It was one of those updates that had stopped the IAS service from running, this was originally seen with MS KB 956189. But the update mentioned in that article (MS KB 953230) was not visible on the list of installed updates. However the fix is the same.

<palign=”left”>The Internet Authentication service was not running, and manually starting it, caused it to stall straight away.

1. On the affected server > Start > run regedit {Enter}.

2. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters

3. Locate the ReservedPorts entry and double click it.

4. For IAS to run you need to have the following port ranges 1812-1813 and 1645-1646 (I was missing the second range) > OK.

Note: DO NOT remove or change any existing entries!

5. You MUST reboot the server for this to take effect.

Related Articles, References, Credits, or External Links

NA

Event ID 7023

KB ID 0000353 

Problem

Event ID 7023

Source: Service Control Manager

Description: The Internet Authentication Service service terminated with the following error:
Only one usage of each socket address (protocol/network address/port) is normally permitted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

In my case the server (SBS2003) had recently been patched and updated. It was one of those updates that had stopped the IAS service from running, this was originally seen with MS KB 956189. But the update mentioned in that article (MS KB 953230) was not visible on the list of installed updates. However the fix is the same.

The Internet Authentication service was not running, and manually starting it, caused it to stall straight away.

Solution

1. On the affected server > Start > run regedit {Enter}.

2. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters

3. Locate the ReservedPorts entry and double click it.

4. For IAS to run you need to have the following port ranges 1812-1813 and 1645-1646 (I was missing the second range) > OK.

Note: DO NOT remove or change any existing entries!

5. You MUST reboot the server for this to take effect.

 

Related Articles, References, Credits, or External Links

NA

Deploy ODBC Settings via Group Policy

KB ID 0000805 

Problem

I’ve briefly mentioned this before when I wrote about Group Policy Preferences so when I had to do this on-site this week, I jumped straight into the group policy management console, and found that because my ODBC connection was using SQL authentication (with the SQL sa account), this would NOT WORK, (it only works with Windows authentication and even then it needs a tweak). If you are using SQL authentication jump down to the bottom of the article.

Solution

NOTE: Below I’m dealing with user DSN ODBC connections, so I’m looking at User Policies, if you want to send out Machine DSN ODBC connections then you need to be looking at Computer Policies.

Deploy ODBC Settings via Group Policy Preferences (Windows Authentication)

The GPP is pretty easy to locate you will find it in;

[box]

User Configuration > Preferences > Control Panel Settings > Data Sources

OR

Computer Configuration > Preferences > Control Panel Settings > Data Sources

[/box]

However you will find there is a bug in the system which means it does not deploy.

ODBC Settings fail to Deploy via GPO

1. Locate the ODBC connection that you are trying to deploy > right click > Copy.

2. Right click your desktop and ‘paste’ > You will get an XML file > Open it with notepad > Delete the username and the cpassword information > Save the file.

3. Then delete the original ODBC file from your group policy.

4. Drag the XML file into the policy, in its place > Select ‘Yes’ to import it.

WARNING: Do not open its settings/properties from this point forward, or it will break again.

Getting ODBC Settings from a Clients Registry

1. You may wish to locate and extract the ODBC settings from a working client, you can locate the settings in a working client machines registry and simply export them so you can import them on a target machine, or deploy them via GPP or logon script.

[box]

User DSN's
Computer>HKEY_CURRENT_USER>Software>ODBC>ODBC.INI
Machine DSN's 
Computer>HKEY_LOCAL_MACHINE>Software>ODBC>ODBC.INI

[/box]

2. Simply right click the key that corresponds to the ‘name’ of the ODBC connector that you wish to export, > right click > Export > Save.

Deploy ODBC Settings via Group Policy Preferences (SQL Authentication)

In this example I’ve merged the ODBC connection details into the registry, you could just as easily set them up manually, as long as they exist, either on the machine you are creating the policy on, or another machine you have ‘remote registry’ rights to.

1. Create or edit a group policy and navigate to;

[box]User Configuration > Preferences > Windows Settings > Registry > Collection
[/box]

Select New > Registry Wizard.

2. Select where you want to collect the registry information from > Next.

3. Navigate to;

[box]

User DSN's
Computer>HKEY_CURRENT_USER>Software>ODBC>ODBC.INI
Machine DSN's 
Computer>HKEY_LOCAL_MACHINE>Software>ODBC>ODBC.INI

[/box]

Select the OBDC name that corresponds to the one you want to collect, then select all the settings within that key > Finish.

4. The finished GPP should look like this > Close the policy editor.

 

Related Articles, References, Credits, or External Links

NA