Users lost access to NT Exchange mailboxes after applying group policy

[shawn]

Several of our XP users who have been migrated to AD W2K3 have recently lost
access to their Exchange 5.5 mailboxes.

Background:
Our exchange 5.5 sp4 server is in trusted NT domain...mailboxes hosted on
Xchng 5.5 server. AD Users have been able to access their mailboxes fine
until I pushed out a group policy.

I removed these group policies in hope of correcting this issue...but it did
not fix the issue.

Users still in NT domain can still access there mailboxes but AD users no
longer can.

FYI: AD users can still get to other NT domain network resources, such as
printers, file servers, etc...just a problem with Exchange mailbox
(authentication?)...

Did something happen with SID history/SID filtering when I applied group
policy?

If so, can I safely disable SID filtering to allow these users to again
access their (mailbox) resources in NT domain?

Anybody have any insight into this issue?

Thanks in advance

Shawn

 

[Guest]

You haven't told

1) what was the error.
2) what GP you did change

BR,
Denis

 

[shawn]

Sorry lack of details Denis...those would have been forthcoming...but...

....After looking at GP pushed out a little more in detail...and testing...

It was the Anonymous SID/Name translation setting on the domain
controller...removing problematic policy did not remove problem...which now
makes sense on DC...had to force to Enable...which fixed problem

Evidently exchange 5.5 on NT is using the Null session to attempt to
authenticate...

Lesson learned for me about applying/removing GPs to DCs...not quite the
same as workstations/members servers...

I'm sure you (and others) would have come to same conclusion given more
details...glad I don't have to bore you with those now...;-)

Thanks...

Onward with migration...