The Module DLL P:\exchange\bin\kerbauth.dll failed to load the data is error. OWA, EMC and Powershel

Status
Not open for further replies.
R

ruwancliford

OWA- stops processing with this URL - https://localhost/owa/auth/logon.aspx?url=https://localhost/owa/&reason=0

I see the below error on the application event log. I believe that the kerbauth.dll not loading to applicationhost.config file on the IIS is the issue. But to correct it should we have to reinstall the IIS and CAS. - SP 1 installation failed with owa. config access denied error.

The Module DLL P:\Exchange\Bin\kerbauth.dll failed to load. The data is the error.

When I run the err, log analyzer for Exchange for the above error it finds the below result.

C:\Users\administrator.SA\Desktop\Err>

C:\Users\administrator.SA\Desktop\Err>err 00000005

# for decimal 5 / hex 0x5 :
BTH_ERROR_AUTHENTICATION_FAILURE bthdef.h
INVALID_PROCESS_ATTACH_ATTEMPT bugcodes.h
CDERR_LOADSTRFAILURE cderr.h
EVENT_MSCEP_NO_PASSWORD_ANONYMOUS ceplog.mc

# SCEP password is requested using anonymous access.

# Password is not granted. Users will request password again

# by integrated windows authentication allowed by default

# SCEP configuration. Please find support information at

# http://%1/certsrv/mscep/mscephlp.htm.
MSG_BAD_REGISTRY certlog.mc

# Certificate Services could not find required registry

# information. The Certificate Services may need to be

# reinstalled.
CR_INVALID_DEVNODE cfgmgr32.h
LOG_MODULE_NM clusvmsg.h
MSG_ROOT_CERT_AUTO_UPDATE_URL_RETRIEVAL_ERROR crypt32msg.mc

# Failed auto update retrieval of third-party root

# certificate from: <%1> with error: %2
DHCP_DROP_UNAUTH dhcpssdk.h
LLC_STATUS_PARAMETER_MISSING dlcapi.h
HIDP_GETCOLDESC_PREPARSE_RESOURCES hidpddi.h
IAAPI_TOOBIG iaapi.h

# /* Value exceeds size constraint */
MD_ERROR_SUB401_APPLICATION iiscnfg.h
MD_ERROR_SUB403_SSL128_REQUIRED iiscnfg.h
IME_RS_TOOLONG ime.h

# given string is too long
KDC_ERR_S_OLD_MAST_KVNO kerberr.h

# Server's key encrypted in old master key
RSVP_Err_BAD_STYLE lpmapi.h

# /* Conflicting style */
POLICY_ERRV_IDENTITY_CHANGED lpmapi.h
POLICY_ERRV_SUBNET_DEF_FLOW_COUNT lpmapi.h
MAPI_DIAG_MAXIMUM_TIME_EXPIRED mapidefs.h
MMSYSERR_INVALHANDLE mmsystem.h
SE_CATEGID_DETAILED_TRACKING msaudite.h

# Detailed Tracking
MSIDBERROR_UNDERFLOW msiquery.h

# data less than minimum value allowed
NRC_CMDTMO nb30.h

# /* command timed out */
NDDE_INVALID_SHARE nddeapi.h
NMERR_NO_MORE_FRAMES netmon.h
SMART_INVALID_DRIVE ntdddisk.h

# Drive number not valid
DS_NAME_ERROR_DOMAIN_ONLY ntdsapi.h
SAM_PWD_CHANGE_NOT_COMPLEX ntsam.h
ODBC_ERROR_INVALID_REQUEST_TYPE odbcinst.h
OLE_ERROR_STREAM, ole.h

# (OLESTREAM) stream error */
MSG_NO_CERT_TYPES pollog.mc

# The Certificate Services Policy contains no valid

# Certificate Templates.
MFE_OIF_PRUNED routprot.h

# no downstream receivers exist on oif
SCESTATUS_BUFFER_TOO_SMALL scesvc.h
SE_ERR_ACCESSDENIED shellapi.h

# access denied
SNMP_ERRORSTATUS_GENERR snmp.h
SNMP_GENERICTRAP_EGPNEIGHLOSS snmp.h
TWCC_OPERATIONERROR twain.h

# /* DS or DSM reported error, app shouldn't */
MSG_TIMEPROV_FAILED_STOP w32timemsg.mc

# The time provider '%1' returned the following error during

# shutdown: %2
CMC_STATUS_CONFIRM_REQUIRED wincrypt.h
CMC_FAIL_UNSUPORTED_EXT wincrypt.h
ERROR_ACCESS_DENIED winerror.h

# Access is denied.
LDAP_COMPARE_FALSE winldap.h
SNMP_ERROR_GENERR winsnmp.h

# for hex 0x5 / decimal 5 :
BTH_ERROR_AUTHENTICATION_FAILURE bthdef.h
INVALID_PROCESS_ATTACH_ATTEMPT bugcodes.h
CDERR_LOADSTRFAILURE cderr.h
EVENT_MSCEP_NO_PASSWORD_ANONYMOUS ceplog.mc

# SCEP password is requested using anonymous access.

# Password is not granted. Users will request password again

# by integrated windows authentication allowed by default

# SCEP configuration. Please find support information at

# http://%1/certsrv/mscep/mscephlp.htm.
MSG_BAD_REGISTRY certlog.mc

# Certificate Services could not find required registry

# information. The Certificate Services may need to be

# reinstalled.
CR_INVALID_DEVNODE cfgmgr32.h
LOG_MODULE_NM clusvmsg.h
MSG_ROOT_CERT_AUTO_UPDATE_URL_RETRIEVAL_ERROR crypt32msg.mc

# Failed auto update retrieval of third-party root

# certificate from: <%1> with error: %2
DHCP_DROP_UNAUTH dhcpssdk.h
LLC_STATUS_PARAMETER_MISSING dlcapi.h
HIDP_GETCOLDESC_PREPARSE_RESOURCES hidpddi.h
IAAPI_TOOBIG iaapi.h

# /* Value exceeds size constraint */
MD_ERROR_SUB401_APPLICATION iiscnfg.h
MD_ERROR_SUB403_SSL128_REQUIRED iiscnfg.h
IME_RS_TOOLONG ime.h

# given string is too long
KDC_ERR_S_OLD_MAST_KVNO kerberr.h

# Server's key encrypted in old master key
RSVP_Err_BAD_STYLE lpmapi.h

# /* Conflicting style */
POLICY_ERRV_IDENTITY_CHANGED lpmapi.h
POLICY_ERRV_SUBNET_DEF_FLOW_COUNT lpmapi.h
MAPI_DIAG_MAXIMUM_TIME_EXPIRED mapidefs.h
MMSYSERR_INVALHANDLE mmsystem.h
SE_CATEGID_DETAILED_TRACKING msaudite.h

# Detailed Tracking
MSIDBERROR_UNDERFLOW msiquery.h

# data less than minimum value allowed
NRC_CMDTMO nb30.h

# /* command timed out */
NDDE_INVALID_SHARE nddeapi.h
NMERR_NO_MORE_FRAMES netmon.h
SMART_INVALID_DRIVE ntdddisk.h

# Drive number not valid
DS_NAME_ERROR_DOMAIN_ONLY ntdsapi.h
SAM_PWD_CHANGE_NOT_COMPLEX ntsam.h
ODBC_ERROR_INVALID_REQUEST_TYPE odbcinst.h
OLE_ERROR_STREAM, ole.h

# (OLESTREAM) stream error */
MSG_NO_CERT_TYPES pollog.mc

# The Certificate Services Policy contains no valid

# Certificate Templates.
MFE_OIF_PRUNED routprot.h

# no downstream receivers exist on oif
SCESTATUS_BUFFER_TOO_SMALL scesvc.h
SE_ERR_ACCESSDENIED shellapi.h

# access denied
SNMP_ERRORSTATUS_GENERR snmp.h
SNMP_GENERICTRAP_EGPNEIGHLOSS snmp.h
TWCC_OPERATIONERROR twain.h

# /* DS or DSM reported error, app shouldn't */
MSG_TIMEPROV_FAILED_STOP w32timemsg.mc

# The time provider '%1' returned the following error during

# shutdown: %2
CMC_STATUS_CONFIRM_REQUIRED wincrypt.h
CMC_FAIL_UNSUPORTED_EXT wincrypt.h
ERROR_ACCESS_DENIED winerror.h

# Access is denied.
LDAP_COMPARE_FALSE winldap.h
SNMP_ERROR_GENERR winsnmp.h

# 88 matches found for " 00000005"
 
G

Gulab Mallah

First of all no need to reinstall IIS and CAS, always keep in mind if you reinstall IIS than you have to reinstall entire exchange server.

Follow the below instruction and post the update.
1) Check to seeif OWA is working. If it is not, go to IIS Manager and check the Modules:

Note: If The KerbAuth.dll module had been loaded at the Default Web Site level this can cause OWA as well as the Exchange Management tools (EMC/EMS) not to work.

-KERBAUTH should only be registered in IIS under modules on the PowerShell Site (not at the Default Site, and not at the Server level)
-KERBAUTH should only be registered as NATIVE, not as Managed at the PowerShell Site in IIS
-KERBAUTH should only be registered directly at the PowerShell Site in IIS, not Inherited.

If the Kerbauth.dll is registered as a " Managed" module not a " Native" Module, do the following:
&bull; Remove Kerbauth from the Powershell web site as a Managed Module
&bull; Verify if Kerbauth.dll is in the C:/Program Files/Microsoft/Exchange/V14/BIN directory.
&bull; In IIS go to the server level and register Kerbauth.dll using the name " Kerbauth" and the path to C:/Program Files/Microsoft/Exchange/V14/BIN/KERBAUTH.DLL
&bull; Go back to the Server level in IIS and Remove Kerbauth.
Note: We are simply removing it from the server level, and since it is registered now, it should be available at lower levels.
&bull; Under IIS Powershell in MODULES select Manage Native Modules, and check by Kerbauth which now should appear.
&bull; Ran IISRESET from a Command Prompt
&bull; Try opening EMC and EMS again.

2) Check to see if the Default Web Site has HTTP Redirect setting enabled, by selecting Default Web Site on IIS, and expanding &ldquo;HTTP Redirect&rdquo;.
If it is enabled, try the workaround of selecting the option under &ldquo;Redirect Behavior&rdquo;:

&ldquo;Only redirect requests to content in this directory (not subdirectories)

Note: By default the HTTP Redirect is disabled.

Cheers,
-Gulab
 
R

ruwancliford

Gulab,
The kerbauth.dll already there on under the powershell modules as a native and local module. its not there anywhere on IIS. do you want me re-register it at the server level and remove it-

On IIS default web site the page it comes up as

HTTP Error 503. The service is unavailable. and I see that the application pool for the default web site is currently stopped and there are 3 applications running under it.

1. /RPC

2. RPC with Cert

3. root application from wwwroot.

Cheers

Ruwan.
 
R

ruwancliford

Further, When I try to browse the powershell directory with IE. I get the below error on the page..
HTTP Error 401.0 - Access Denied You do not have permission to view this directory or page.

<fieldset><legend>Detailed Error Information</legend>
Module kerbauth Notification AuthenticateRequest Handler StaticFile Error Code 0x00000000
Requested URL http://localhost:80/PowerShell Physical Path P:\Exchange\ClientAccess\PowerShell Logon Method Not yet determined Logon User Not yet determined
</fieldset>

<fieldset><legend>Most likely causes:</legend> The authenticated user does not have access to a resource needed to process the request. </fieldset>

<fieldset><legend>Things you can try:</legend> Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here. </fieldset>

<fieldset><legend>Links and More Information</legend>This is the generic Access Denied error returned by IIS. Typically, there is a substatus code associated with this error that describes why the server denied the request. Check the IIS Log file to determine whether a substatus code is associated with this failure.

View more information &raquo;

Microsoft Knowledge Base Articles:
</fieldset>
 
G

Gulab Mallah

Post the permissions you have on the account you are using to login to the server.

-Gulab
 
R

ruwancliford

Im logged in as the domain administrator to the Exchange server. which has the local administrator rights and exchange enterprise admini rights on the server. Does it like a problem with WINRM user rights ?.
 
R

ruwancliford

Further on the Poweshell when try to connect get the below error-

VERBOSE: Connecting to Exchange1
[server.domain.local] Connecting to remote server failed with the following error message : The WinRM client cannot pro
cess the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer (server.domain.local:80) returned an 'access denied' error. Change the configuration to allow Kerberos authentication mechanis
m to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the loca
l computer name as the remote destination. Also verify that the client computer and the destination computer are joined
to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authentication and
provide user name and password. Possible authentication mechanisms reported by server: For more information, see the a
bout_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed
 
G

Gen Lin

Hi,

1. Open ADUC and check if your Administrator account is in Users UO. If no, please move it to Users OU.

2. Create a new account and add it to exchange administrator group. Then test to see if the issue happen on this new account.



 
Status
Not open for further replies.
Top