Exchange 2010 Test CAS Connectivity User Gets Locked Out with SCOM Management Pack

ByRajith Enchiparambil

I came across this issue, which is “supposed” to be fixed in Exchange 2010 SP1+ and the latest Exchange 2010 SP1 management pack for SCOM. As soon as SCOM starts monitoring the Exchange boxes, the extest_guid account which it uses gets locked out. You can unlock the account, but it will get locked out soon….

I came across this issue, which is “supposed” to be fixed in Exchange 2010 SP1+ and the latest Exchange 2010 SP1 management pack for SCOM.

As soon as SCOM starts monitoring the Exchange boxes, the extest_guid account which it uses gets locked out. You can unlock the account, but it will get locked out soon. If SCOM is not in the picture, everything works fine.

Having had PSS looking into the issue for a while, nothing worthwhile came out. Their explanation was that the issue is fixed in 2010 SP1. But I was having the issue even with SP1 and latest management pack.

This KB article explains the exact issue and gives a resolution. Then it goes onto say “don’t do it in production”. I don’t know why MS release these kind of KBs if they don’t want it to be applied Winking smile

KB Article

The workaround for me was the one they used for Exchange 2010 RTM deployments.

Select the properties of the extest_guid account and check “Do not require Kerberos pre-authentication”.

Extest Account

I have seen in various forums that this “fix” doesn’t work for some!

Rajith Enchiparambil

Cloud Architect & Blogger with interests in Microsoft 365, Azure, AWS & PowerShell. I am active on Experts Exchange & TechNet forums and I am a technical author for SearchExchange. Follow me on Twitter, LinkedIn, or Facebook for the latest updates. For consultancy opportunities, drop me a line.

Leave a Reply

Your email address will not be published. Required fields are marked *