Can't access certain websites

[PCBrandon]

Hi all,

OK, here is a little background information: We have a High School with a server, 'mailserve' and an Elementary with a server, 'elemsrv'. They are on two different campuses.

mailserve:
Windows 2000 Server
Domain Controller (MCKEELACADEMY)
Exchange 2000
ISA

elemsrv:
Windows 2003 Server
Domain Controller (MCKEEL-ES)
ISA

We host the email accounts for elemsrv on mailserve because it's only about twelve of them. They would access their email via OWA, hosted on mailserve. Previously to about four days ago, they could access their email from everywhere, inside elemsrv, inside mailserve, at home, etc. but now, they cannot access it from inside elemsrv.

When they try to access OWA, they sign on as usual but when they try to login to exchange it prompts them with another NT authentication box asking for their password again. Say I was trying to log onto John Smith's account: smithj. I would go to the website and enter smithj as the username and enter the appropriate password. After a few seconds the same NT authentication box would pop up, only with smithj replaced by "mckeelacademy.com\smithj". I would enter in the same password as before and it just keeps prompting me again and again. If you cancel out or keep clicking on OK it'll slowly and randomly build the page, but never actually allow access to emails.

We checked the exchange directories on mailserve to make sure they had access, but as far as we know nothing was changed at all. It doesn't even make sense seeing how they could get to their email from ANYWHERE except from inside elemsrv. It makes me think elemsrv is denying access to mailserve, but they can reach other websites hosted on mailserve as well.

We've been going crazy for the past few days, I think if we don't get this thing sorted out quickly we'll end up installing Exchange on elemsrv and getting a domain for external email. Ideally it should be this way, because we are adding another elementary school this summer (which adds about 50 more accounts) and mailserve is nearly maxed out already.

Any thoughts? Thanks!

[DynamicTech]

Quote:

we'll end up installing Exchange on elemsrv and getting a domain for external email. Ideally it should be this way, because we are adding another elementary school this summer (which adds about 50 more accounts) and mailserve is nearly maxed out already.

This is the way I look at it:
I would think forward. If you know mailserve will not handle the 50 or so additional accounts, I would go ahead and make change now, if feasible.
Why continue to drive yourselves crazy solving a problem when your efforts will be short lived?
You will be killing two birds with one stone.
But, it sounds like the mailserve is trying to log your elemsrv users onto its domain and cannot authenticate the users. Have you made any changes to either server in last few days?

[PCBrandon]

Well, we've made a billion changes trying to fix this problem. However, previous to when the problem started to occur nothing (that we know of) was changed. It just doesn't make sense that they would be allowed access from anywhere in the world except from inside elemsrv.

[DynamicTech]

Do users have any special login script or routine they have to go through when accessing mailserve from elemsrv? There is a very logical explanation, the trick is finding it. I would bet the answer lies somewhere between the domains/servers. Are there any deviations in group memberships and/or rights and privileges? Is the same authentication protocol being used on each domain?
You might try looking here.

[PCBrandon]

I'm not aware of any special login scripts or anything they have to do out of the ordinary to get access to our servers. They can log in to the staff only section on the website, but once they try to get to exchange OWA it denies them access.

I'll have a look at that article, thanks.

[PCBrandon]

I went to www.pcpitstop.com from elemsrv and did a trace route to mailserve. I got the following, it doesn't look good to me, what can I do to fix it?

PHP Code:

Hop# | Avg ms | Loss % | Graph | Address 
1        *       100             0.0.0.0 
2        14                      65.32.14.116 (gig0-2.tampflp43-ubr1.tampabay.rr.com) 
3        *       100             0.0.0.0 
4        *       100             0.0.0.0 
5        *       100             0.0.0.0 
6        *       100             Unable to reach 24.227.48.170 (www2.mckeelacademy.com)