So I thought I was clear last night. I wasn't. This morning the server wouldn't let anyone log on, and no one could access the website, no one could access OWA. OWA reported "440 Login Timeout". website prompted for user/pass.
There are lots of people with the problem 440 login timeout, but none of the posted solutions worked for me. Eventually, after looking at the Event viewer security log, after I had enabled logon/logoff success/failure auditing, I came to this
kb article. Error 5 was the case I was looking at. My server is a SBS2003, so I figured the second part shouldn't matter, but I checked it anyway. The
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail was set to 2. I changed it to 0, and rebooted. Like magic, all problems went away.
I did a search on CrashOnAuditFail, and it turns out that if it has a value of 2, only administrators are allowed to log on. Exactly what I was seeing. I have no idea how it got set to 2... Here is the
link that describes the CrashOnAuditFail settings