Article ID: 909094
Article Last Modified on 10/25/2007
APPLIES TO
- Microsoft Exchange Server 2003 Enterprise Edition
- Microsoft Exchange Server 2003 Standard Edition
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
SYMPTOMS
You configure Kerberos authentication between the front-end and back-end servers that are running Microsoft Exchange Server 2003. In this configuration, the following event is logged in the Application log on the front-end server:
Event Type: Warning
Event Source: EXPROX
Event Category: None
Event ID: 1000
Date: Date
Time: Time
User: N/A
Computer: Front-end_Server_Name
Description: Microsoft Exchange Server has detected that NTLM-based authentication is presently being used between this server and server 'Back-end_Server_Name'. NTLM is still a secure authentication mechanism and protects users' credentials. However, this indicates that there may be a configuration issue preventing the use of Kerberos authentication. If this condition persists, please verify that both this server and server 'Back-end_Server_Name' are properly configured to use Kerberos authentication. After applying any changes it may be necessary to restart Internet Information Services on both the front-end and back-end servers. As a result the authentication protocol fails back to NTLM.
This event indicates that NTLM authentication is being used instead of Kerberos authentication between the front-end and the back-end servers.
For more information about Event ID 1000, visit the Microsoft Events and Errors Message Center (EEMC) at the following Microsoft Web site:
CAUSE
This problem occurs when you use a disjointed DNS namespace. For example, in a domain that is named "country.domain.com," you use a fully-qualified domain name (FQDN) for the front-end server that resembles the following name:
Feserver.Region1.country.domain.com
In this case, a request is made for a Kerberos token in the domain "Region1.country.domain.com." However, this domain does not exist.
RESOLUTION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
After you install this hotfix, add the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\DAV
Value name: DisableRealmHint
Data type: REG_DWORD
Value data: 1
Note 0 and 1 are the only valid values. 0 is off, 1 is on.
Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.
To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:
Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:
Prerequisites
You must install Microsoft Exchange Server 2003 Service Pack 2 (SP2) before you apply the hotfix.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
836993 How to obtain the latest service packs for Exchange Server 2003
Restart requirement
You do not have to restart the computer after you apply the hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
File information
The global version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
| File name | File version | File size | Date | Time | Platform |
|---|---|---|---|---|---|
| Exprox.dll | 6.5.7651.19 | 415,232 | 22-Apr-2006 | 05:01 | x86 |
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
For more information about the terminology that Microsoft uses for software that is corrected after it is released, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
For more information about the naming schema for Exchange software updates, click the following article number to view the article in the Microsoft Knowledge Base:
817903 New naming schema for Exchange Server software update packages
Additional query words: XADM
Keywords: kbhotfixserver kbqfe kbfix kbbug kbpubtypekc KB909094
