# Users unable to authenticate SBS 2003



## Jbumpus (Mar 17, 2009)

Hello here is a hard one and any suggestions are welcome. I have a client running SBS 2003 the server has all the latest patches installed. Every now and again users are unable to authenticate to the domain at all. When you try to go to RWW or OWA the page does not come up reporting service unavailable, users are unable to log into their workstations being told they have the wrong username and password, administrator account cannot log into the server when sitting at the machine. The only way to resolve the problem is to hard boot the machine then everything goes back to normal. When I am able to log in the system all the events in the system log prior to the hard boot are gone. The only thing I can see is that once the event has happened the application log throws about 1000 ExchangeAL Errors with event id 8026 every second. Because of this we are only able to tell that the event has happened but are unable to find a cause. Thanks


----------



## srhoades (May 15, 2003)

Provide some more details as to what your sever is doing, what applications/databases it is hosting. It may just be overloaded.


----------



## Jbumpus (Mar 17, 2009)

The server is a file and print server and it's main functions are the normal SBS functions, Exchange etc.,PACS program named ViewPoint, and the Trend Micro worry free business security server. It also faxes reports from the fax system. The machine is a PowerEdge 2900 with dual quad core Xeon at 2.33 GHz and 4 GB of RAM.


----------



## srhoades (May 15, 2003)

How many users?


----------



## Jbumpus (Mar 17, 2009)

There are about 13 users


----------



## LinuxHacker (Jan 1, 1970)

since you are a consultant you probably cost about $100 an hour? since there are only 13 users and probably not much data, it might save them money and you the headache if you just setup the server again. say they call you 10 times for this problem. thats about 10 hours of billable time. you can setup a small business server from scratch in 6 hours.


----------



## Jbumpus (Mar 17, 2009)

Thanks for the suggestion but that is very much not an option! This isn't something that happens very often at all but when it does everything shuts down. We are trying find what causes said issue so that we can put measures in place to stop it from happening again. As for the data, due to the nature of their business they have multiple TBs of data that would take an unacceptable amount of time to restore if the reason for the restore was not business critical, such as an impromptu server rebuild.


----------



## srhoades (May 15, 2003)

Here are some suggestions as to the problem

http://www.eventid.net/display.asp?eventid=8026&eventno=3492&source=MSExchangeAL&phase=1


----------



## Jbumpus (Mar 17, 2009)

Thanks for the link but those instances don't fit what is happening with me. I am going to look at the time thing listed but since it happens out of the blue and not a reboot I don't know how far it will take me. I have also opened a ticket in our partner site with MS as well. I will keep everyone posted if I can find a cause.


----------



## StumpedTechy (Jul 7, 2004)

Why not setup a backup of the logs so you can get a better understanding as to whats going on? This way you can see exactly what happened just before the issue started occuring. This would copy the event logs into a database but you can do this a number of ways.

Set objConn = CreateObject("ADODB.Connection")
Set objRS = CreateObject("ADODB.Recordset")

objConn.Open "DSN=EventLogs;"
objRS.CursorLocation = 3
objRS.Open "SELECT * FROM EventTable" , objConn, 3, 3
strComputer = "."

Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colRetrievedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent")

For Each objEvent in colRetrievedEvents
objRS.AddNew
objRS("Category") = objEvent.Category
objRS("ComputerName") = objEvent.ComputerName
objRS("EventCode") = objEvent.EventCode
objRS("Message") = objEvent.Message
objRS("RecordNumber") = objEvent.RecordNumber
objRS("SourceName") = objEvent.SourceName
objRS("TimeWritten") = objEvent.TimeWritten
objRS("Type") = objEvent.Type
objRS("User") = objEvent.User
objRS.Update
Next

objRS.Close
objConn.Close


----------



## Rockn (Jul 29, 2001)

The event ID you posted relates to Active Directory. If this is an SBS server and you have not changed anything security wise you will have issues more than likely with the default security settings and group membership. It really sounds like Active Directory and DNS are not playing well together.By default SBS sets up about 6 different group policies and lockdowns. Try disabling all of them with the exception of the default domain policy and see where that gets you.


----------

