Outlook clients not authenticating, but OWA and ActiveSync work fine

We had an issue where a clients’ Outlook connectivity stopped working and they were continuously prompted for credentials.  Mysteriously OWA and ActiveSync were fine.  In the Security logs on the Exchange server we saw a lot of the following: Source: Microsoft Windows security auditing. Event ID: 4625 Failure Information: Failure Reason: An Error occured during Logon. Status: 0x80090302 Sub Status: 0xC0000418 We discovered that NTLM had been disabled on the domain controller.  To resolve, check the domain policy, domain controller policy or local policy on the DC and go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies ->Security Options and check the following two settings: Network security: Restrict NTLM: Incoming NTLM traffic Network security: Restrict NTLM: NTLM authentication in this domain After a gpupdate on the DC, Outlook clients were then able to successfully connect to...

CCAPI: Internal Error (Software Error)

We changed a customer from PRI to SIP trunk and after the change, the Exchange UM stopped working for calls coming in from the outside.  We found the following error in the logs: %VOICE_IEC-3-GW: CCAPI: Internal Error (Software Error): IEC=1.1.180.1.13.112 on callID 78 Some posts mentioned upgrading the firmware (which we did with no effect).  The dial-peer pointed to Exchange had some volume adjustments on it.  Once we removed the adjustments, the error went away and calls went through. dial-peer voice 100 voip description Dial-peer for Exchange VM destination-pattern 60. session protocol sipv2 session target ipv4:10.5.99.11:5065 session transport tcp dtmf-relay rtp-nte audio incoming level-adjustment -5 audio outgoing level-adjustment -15 codec g711ulaw no vad Other things to check would be codec changes or TCP/UDP changes as either would cause transcoding. Update:  I ran into a similar error again.  This time deleting the dial-peer and re-adding it, along with restarting the SIP services, fixed the...

Exchange Transport rule based on the recipient — which is a group

For Exchange Server, a transport rule can apply actions to messages based on the recipient address.  If you however attempt to use a Distribution List (group) the rule will not save, giving you the following error message:   SentTo predicate does not allow distribution groups. ‘My Group’.     The workaround to this is to instead chose “The Message -> To box contains this person” and then select your group and it should now let you save.  ...

Escape Sequence for a SM-X switch module in a 4000 series ISR

On the pre 4000 series ISRs you would use the regular Cisco escape sequence to exit a service module — CTRL-SHIFT-6 followed by X.  In the 44xx and 43xx series routers the switch modules do not respond to the regular escape sequence from the console.  Instead, to escape back to the router console use — CTRL-A followed by...

Restart a single context on an ASA with virtual instances

The Cisco ASA firewall can run as virtual host for multiple virtual ASA’s known as contexts.  We recently ran into an issue where a memory leak made one context inoperable.  Rather than reload the entire ASA and take out the other contexts we wanted to only restart the context that was having problems.  Unfortunately there is no way to reboot an individual context as the reload command does not exist inside a context.  The solution is to delete the context and recreate it.  This may sound daunting, but it takes a few seconds and your config is restored.  First login to the ASA and change to the context that’s having problems and save the config.  In our case the context named “transparent” was the one that stopped working.  (You may not want to save the config if a configuration issue broke the context.  If so this step is optional.) login as: admin admin@10.10.10.1’s password: Type help or ‘?’ for a list of available commands. ASA5525/admin> ASA5525/admin> en Password: ************ ASA5525/admin# changeto context transparent ASA5525/transparent# wr mem Then switch to the system context (the hypervisor layer) and show the context information.  In our case we have three contexts: admin, customer and transparent. ASA5525/transparent# changeto system ASA5525# show run context ! admin-context admin context admin   allocate-interface GigabitEthernet0/0   allocate-interface GigabitEthernet0/1   allocate-interface GigabitEthernet0/1.2   allocate-interface Management0/0   config-url disk0:/admin.cfg ! context customer   allocate-interface GigabitEthernet0/0   allocate-interface GigabitEthernet0/1.499   config-url disk0:/customer.cfg ! context transparent   allocate-interface GigabitEthernet0/3 outside   allocate-interface GigabitEthernet0/4 inside   config-url disk0:/transparent.cfg ! Copy the config for the context causing you problems.  Then remove the context. ASA5525# conf t ASA5525(config)#...